Weave DOT guru

05/30/2022

Nasty new "zero day" exploit published. This article has information on what it is, how dangerous it might be, and some work arounds to stop it from executing until Microsoft patches Windows.

This work around has already been pushed to all of our client's PCs.

TL;DR -- Don't open Word docs from unknown sources until this is patched.

A new attack vector enables hackers to more easily compromise users with malicious Microsoft Office documents.

10/30/2021

Be an informed shopper this holiday season. Don't pay more than you should.

Oct 30, 2021weave Be aware when shopping for electronics this holiday season or any time that a lot of things you see for sale are actually vendor-badged versions of some generic item sold by Chinese or other manufacturers. So there could be huge price swings for basically the same thing. Multiple p...

09/09/2021

A new security vulnerability is affecting computers all around the globe and can be used to push out ransomware or other damage to your systems. This blog post from the folks at Huntress (we subscribe to their threat detection service) has a technical explanation of what it is.

https://www.huntress.com/blog/cybersecurity-advisory-hackers-are-exploiting-cve-2021-40444

But in short, do NOT click links in your emails from anyone you don't know and even then, verify that it's a legitimate email.

For example, one company received an email from "HR" to all their staff advising them of a lost puppy that was found on the property and a link to see a picture of it. Now who wouldn't want to click to see an adorable puppy?

This sort of vulnerability and the risks it presents is another good example of why layered security is so important. No tool alone can stop 100% of threats, but when stacked with other tools, the risk surface goes way down. Same idea as stacking a bunch of swiss cheese slices on top of each other and seeing if you can see through the entire stack. With one slice, of course -- it's full of holes. Put two slices together and there's less holes. And so on.

So in this case, here's an example of a good layered approach.

1) User behavior. Education. Be aware of clicking links, and do not open any office docs from unknown sources.

2) Email filtering that will find potentially dangerous links and strip them out

3) Applying patches and workarounds to mitigate possible attacks.

4) Updated anti-virus that can detect compromised files and block them

5) A strong firewall that will block incoming and outgoing connections to attacker's bot farms and stop their ability to download malware and encryption keys for ransomware

6) DNS filitering service that can block requests to download payloads and/or provide remote control of a machine to a bot farm.

7) Threat detection software that can detect any compromises (ie, if something gets through all the other layers) to alert sys admins of a problem and get them taking steps (like disconnecting the network) to stop further damage

8) Good redundant backups in case all else fails and the attackers gain access and destroy or encrypt your data, so you can get back online as quick as possible.

We provide this to our clients as part of our service offering, as do most other Managed Service Providers.

Be safe everyone!

Huntress is monitoring a new threat against Windows OS and Microsoft Office products (CVE-2021-40444). The MSHTML engine is vulnerable to arbitrary code ex*****on.

08/22/2021

We have three large churches as clients, so we understand that their most critical time of the week is Sunday mornings. Therefore on Sundays, there are three different live services on at once in our control room to make sure everything is running smooth for each of them.

06/16/2021

Be aware there are fake DMCA takedown notices going around that contain malware that often triggers ransomware. It seems they are targeting people that own their own websites. This "notice" came to one of our clients.

Always be suspicious of anything unsolicited that asks you to download something. If in doubt, run it in sandbox. Windows 10 now has a sandbox feature that can be enabled to allow you to run stuff in it safely. Or better yet, ask an expert to look at it for you!

https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview

Here's the message received...

My name is Tammy.

Your website or a website that your organization hosts is infringing on a copyright-protected images owned by myself.

Check out this official document with the links to my images you utilized at [redacted].org and my previous publication to find the proof of my copyrights.

Download it right now and check this out for yourself:

https://[redacted].googleapis.com/v0/b/storage-729af.appspot.com/o/files%2Ffile-390ghf2ih.htm

I believe that you deliberately violated my legal rights under 17 U.S.C. Sec. 101 et seq. and could possibly be liable for statutory damages as high as $150,000 as set forth in Sec. 504 (c) (2) of the Digital Millennium Copyright Act (DMCA) therein.

This letter is official notice. I seek the elimination of the infringing materials mentioned above. Please be aware as a company, the Digital Millennium Copyright Act requires you, to remove and/or disable access to the copyrighted content upon receipt of this particular notification letter. If you don't stop the utilization of the aforementioned copyrighted materials a legal action can be commenced against you.

I do have a good belief that utilization of the copyrighted materials described above as presumably infringing is not authorized by the copyright proprietor, its agent, or the laws.

I swear, under penalty of perjury, that the information in this letter is correct and that I am the copyright proprietor or am permitted to act on behalf of the owner of an exclusive right that is presumably infringed.

Best regards,
Tammy Crosby

Windows Sandbox provides a lightweight desktop environment to safely run applications in isolation. Software installed inside the Windows Sandbox environment remains "sandboxed" and runs separately from the host machine.

04/16/2021

Hello fellow dog lovers. We’ve just installed a “mutt mitt” dispenser in front of our office! These are the same high quality mitts Luray provides in area parks. Since there are no dispensers in our area we decided to put one up for everyone’s benefit.

12/12/2020

Santa is parked outside our office for the Luray "parade." (Stationary this year, with people driving by to observe).

Well, OK, in front of the Farm Bureau. But close enough!

03/28/2020

Pretty excited to solve an interesting problem for a client today. The client was bad at answering messages sent to their page, so customer's questions often went unanswered. Not good.

So the "Guru" solution was to channel those customer Facebook messages to a few client employees via a text message. Any of them could reply to the Facebook message just by responding to the text and it would be sent back to the customer. The other reps would see the response was answered and know not to handle it!

Another possible solution to this would be to set up an automated text bot to respond to messages, but this client wanted a more personal and customized response.

02/23/2020

I will be speaking at a church security conference in July in New Castle, Delaware. Focus will be on how IT and physical security practices can intersect and are complimentary to each other.

https://www.tristatesecurityconference.com/

12/21/2019

Massive fail on Wawa's part. Malware infected their systems for several months and remained undetected until this month. Credit and debit card data used by millions of people at their stores have been compromised. Creating a proper security model requires a multi-level approach. Read more at our blog post.

Dec 21, 2019weavesecurity Wawa announced in December 2019 that they had a data security breach. Unfortunately this is not really big news these days. They say they are sorry, offer free security monitoring service for a year, some people will have their cards compromised and spend countless hours tr...

11/02/2019

Trick or Treat! A critical "zero day" exploit was released for Chrome. Did you update your browser, or were you enjoying Halloween instead? Don't fret the details like that. Our customers were updated automatically!

Nov 2, 2019weavechrome, security A “Zero Day” vulnerability is when a computer weakness is publicized and known bad actors are already exploiting it to take over computers.A critical one for the Chrome Browser was published on 31 October 2019. Multiple Vulnerabilities in Google Chrome Could Allo...

09/23/2019

We are now a member of the Luray-Page County Chamber of Commerce! As you can tell Baylea is really happy about it!