Skip to Content

About: Gregory M

Recent Posts by Gregory M

Phishing: These are the most common techniques used to attack your PC

Microsoft Office macros, PowerShell and more are still proving to be popular with cyber criminals distributing attacks via phishing emails, warn researchers after analyzing billions of attacks.

Creating malicious Office macros is still the most common attack technique deployed by cyber criminals looking to compromise PCs after they’ve tricked victims into opening phishing emails.

Phishing emails are the first stage in the attack for the majority of cyber intrusions, with cyber criminals using psychological tricks to convince potential victims to open and interact with malicious messages.

These can include creating emails that claim to come from well-known brands, fake invoices, or even messages that claim to come from your boss.

There are number of methods that cyber criminals can exploit in order to use phishing emails to gain the access they require and, according to researchers at cybersecurity company Proofpoint, Office macros are the most common means of achieving this.

Macros are a function of Microsoft Office that allow users to enable automated commands to help run tasks. However, the feature is also abused by cyber criminals. As macros are often enabled by default to run commands, these can be used to execute malicious code – and thus provide cyber criminals with a sneaky way to gain control of a PC.

Many of these campaigns will use social engineering to encourage the victim to enable macros by claiming the functionality is needed in order to view a Microsoft Word or Microsoft Excel attachment. It’s proving a successful method of attack for cyber criminals, with Office macros accounting for almost one in 10 attacks by volume.

But Office macros are far from the only attack technique that cyber criminals are commonly adopting in order to make hacking campaigns as successful as possible.

Sandbox evasion is the second most common attack technique used by criminals distributing phishing emails.

This is when the developers of malware build-in threat detection that stops the malware from running – effectively hiding it – if there’s a suspicion that the malware is running on a virtual machine or sinkhole set up by security researchers. The aim is to stop analysts from being able to examine the attack – and, therefore, being able to protect other systems against it.

PowerShell is also still regularly abused by attackers as a means of gaining access to networks after getting an initial foothold following a phishing email. Unlike attacks involving macros, these often rely on sending the victim to click a link with code to execute PowerShell. The attacks are often difficult to detect because they’re using a legitimate Windows function, which is why PowerShell remains popular with attackers.

Other common attack techniques used to make phishing emails more successful include redirecting users to websites laced with malicious HTML code that will drop malware onto the victim’s PC when they visit, while attackers are also known to simply hijack email threads, exploiting how victims will trust a known contact and abusing that trust for malicious purposes, such as sending malware or requesting login credentials.

The data on the most common attack techniques has been drawn from campaigns targeting Proofpoint customers and the analysis of billions of emails.

“Train users to spot and report malicious email. Regular training and simulated attacks can stop many attacks and help identify people who are especially vulnerable.

Stop phishing today: Learn more at www.MortgagePhish.com

0 Continue Reading →

Cloudstar Adds Additional Encrypted Storage Capacity

Cloudstar is pleased to announce additional dedicated EMC, All Flash, Unity Private Cloud Storage. This capacity increase will provide additional self-encrypting storage for our financial services and health care clients who are in need of meeting certain applicable regulatory compliance requirements such as HIPAA.

The demand has never been higher. With data security concerns at an all-time high, it is no surprise companies continue to place a premium on ensuring sensitive data is protected from unauthorized access. Whether it is due to internal policies or external compliance, securing data continues to be a high priority for organizations of all sizes. The additional EMC storage systems acquired by Cloudstar address these concerns through controller-based Data at Rest Encryption ([email protected]), which encrypts stored data as it is written to disk. This provides yet another layer to protect against unauthorized access by rendering the drive unreadable without the encryption key. In addition to peace of mind, [email protected] offers additional benefits including regulatory compliance, secure decommissioning, and the possibility to eliminate the need for
physical drive shredding.

Customers have the option of purchasing storage allocations on dedicated EMC Unity hardware, or shared hardware available in a wide variety of configurations, and drive array options.

Contact your Cloudstar sales representative for more information.

0 Continue Reading →

The State of Phishing in 2021

In 2020 phishing exploded as the world faced a 100-year pandemic and many people moved to remote working and learning, which changed the phishing threat landscape forever. Our recent report, The State of Phishing, SlashNext Threat Labs, reports on the latest statistics and trends in phishing. In the last 12 months, cybercriminals launched thousands of new phishing pages every hour to harvest personal information, steal corporate data, and commit credit card fraud with no sign of slowing down. Phishing increased 42% in 2020, over 2019. By mid-2020, SlashNext Threat Labs saw the number of daily phishing threats top 25,000 a day, a 30% increase over 2019 figures. By fall, the number had grown to 35,000/day and grew to 50,000/day by December and continues to rise in 2021.

 

The change in the phishing threat landscape is attributed to the increased use by cybercriminals of automation and AI. The low cost of computing and the availability of behavioral information from the public and the dark web make targeting effective by simulating trusted sources and launching attacks through new communication channels. These sophisticated tools offer cost-efficient and easy ways to run short-lived but highly effective phishing campaigns. By leveraging legitimate infrastructure, cyber criminals increase the likelihood of compromising a target and increase their success.

One example of the latest spear-phishing attacks on legitimate infrastructure found by SlashNext Threat Labs in late January 2021 was a 2FA attack. The spoofed Chase Bank 2FA authentication page was hosted on legitimate infrastructure on Doster.com, a web hosting offering for small businesses with additional business services.

We are now seeing more phishing attempts that can bypass two-factor authentication (2FA) or multi-factor authentication. Many with Two Factor Authentication (2FA) believe they’re protected because the birth of 2FA grew from knowing that current security defense solutions were no longer working. Rogue browser extensions can deliver these types of attacks by using Man-in-the-Middle tactics. These browser extensions offer cybercriminals the perfect workaround for organizations that rely heavily on 2FA. By design, once a browser extension is installed, it can access the browser’s complete canvas. Once logged in, the session is hijacked to capture whatever is on the computer screen. These extensions have the full power to do whatever the user is doing and seeing whatever is happening within that browser window.

 

 

0 Continue Reading →

Attackers Exploit Critical Adobe Flaw to Target Windows Users

 

A critical vulnerability in Adobe Reader has been exploited in “limited attacks.”

Adobe is warning of a critical vulnerability that has been exploited in the wild to target Adobe Reader users on Windows.

The vulnerability (CVE-2021-21017) has been exploited in “limited attacks,” according to Adobe’s Tuesday advisory, part of its regularly scheduled February updates. The flaw in question is a critical-severity heap-based buffer overflow flaw.

This type of buffer-overflow error occurs when the region of a process’ memory used to store dynamic variables (the heap) can be overwhelmed. If a buffer-overflow occurs, it typically causes the affected program to behave incorrectly. With this flaw in particular, it can be exploited to execute arbitrary code on affected systems.

“Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS,” said Adobe on Tuesday. “These updates address multiple critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user.”

Adobe Flaw: Security Updates

Acrobat is Adobe’s popular family of application software and web services used to view, create and manage files. CVE-2021-21017, which was anonymously reported, affects the following Adobe Acrobat Reader versions:

  • Acrobat Reader DC versions 2020.013.20074 and earlier for Windows and macOS
  • Acrobat Reader 2020 versions 2020.001.30018 and earlier for Windows and macOS
  • Acrobat Reader 2017 versions 2017.011.30188 and earlier for Windows and macOS

The flaw has been patched in the following versions:

  • Acrobat Reader DC version 2021.001.20135
  • Acrobat Reader 2020 version 2020.001.30020
  • Acrobat Reader 2017 version 2017.011.30190

These patches are a priority level 1, which according to Adobe means they resolve “vulnerabilities being targeted, or which have a higher risk of being targeted, by exploit(s) in the wild for a given product version and platform.”

“Adobe recommends administrators install the update as soon as possible. (for example, within 72 hours),” according to its update.

Other Adobe Acrobat and Reader Critical Flaws

Including this exploited flaw, Adobe patched flaws tied to 23 CVEs overall in Acrobat and Reader – including 17 critical-severity CVEs.

Most of these critical flaws could allow for arbitrary code execution, including a path traversal glitch (CVE-2021-21037), integer overflow error (CVE-2021-21036) and out-of-bounds write issues (CVE-2021-21044, CVE-2021-21038). Also patched were buffer overflow flaws (CVE-2021-21058, CVE-2021-21059, CVE-2021-21062, CVE-2021-21063) and use-after-free errors (CVE-2021-21041, CVE-2021-21040, CVE-2021-21039, CVE-2021-21035, CVE-2021-21033, CVE-2021-21028 and CVE-2021-21021).

A critical improper access control flaw (CVE-2021-21045) was also patched that allowed for privilege execution.

Critical Magento Security Updates

In addition to Acrobat and Reader security updates, Adobe also issued patches for critical vulnerabilities in Magento, its e-commerce platform.

Seven critical flaws were patched as part of this security update. All these flaws, if exploited, could lead to arbitrary code execution. These flaws include three security bypass issues (CVE-2021-21015, CVE-2021-21016 and CVE-2021-21025), a command injection flaw (CVE-2021-21018), an XML injection vulnerability (CVE-2021-21019), a file upload allow list bypass (CVE-2021-21014) and a cross-site scripting flaw (CVE-2021-21030).

Affected are Magento Commerce and Magento open source, 2.4.1 and earlier versions (with a fix in 2.4.2); 2.4.0-p1 and earlier versions (with a fix in 2.4.1-p1) and 2.3.6 and earlier versions (with a fix in 2.3.6-p1).

The update is a priority level 2, which according to Adobe “resolves vulnerabilities in a product that has historically been at elevated risk.”

Magento would be categorized as an “elevated risk” because it is commonly targeted by attackers like the Magecart threat group to target e-commerce stores for cyberattacks like web skimming. However, there are currently no known exploits for these flaws, said Adobe.

Other Security Flaws in Adobe Products

Adobe on Tuesday also patched critical-severity flaws in Adobe Photoshop (CVE-2021-21049, CVE-2021-21050, CVE-2021-21048, CVE-2021-21051 and CVE-2021-21047), Adobe Animate (CVE-2021-21052) and Adobe Illustrator (CVE-2021-21053, CVE-2021-21054).

However these patches came with a priority level 3 ranking, which means that they resolve vulnerabilities in a product that “has historically not been a target for attackers.”

For these flaws, “Adobe recommends administrators install the update at their discretion,” according to the security update.

Adobe’s February fixes come on the heels of a busy January security update, when the company patched seven critical vulnerabilities. The impact of the most serious of these flaws ranged from arbitrary code execution to sensitive information disclosure.

0 Continue Reading →

Cloudstar Adds Support for WireGuard VPN

Cloudstar is pleased to announce support for WireGuard® VPN.

Often times, our competitors will force non-Citrix users to install bulky and expensive business-grade firewalls just to logon, print and scan when working from home.

Not only can this be cost prohibitive, but it provides another set of problems – one more device to manage, update and support…..and yes, one more target for hackers.

Cloudstar solves this problem with WireGuard® .

WireGuard® is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPsec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances. Initially released for the Linux kernel, it is now cross-platform (Windows, macOS, BSD, iOS, Android) and widely deployable.

Additionally, WireGuard does NOT use passwords, but rather a single SSH key- as such, the entire solution is not only extremely secure, but 100% hands off making for an extremely easy and transparent user experience.

Call us today to learn more.

wireguard-vpn

 

0 Continue Reading →

Cloudstar Launches Mortgage & Fintech Consulting Department

FOR IMMEDIATE RELEASE

February 8th 2021 – Jacksonville FL.  Cloudstar is pleased to announce the launch of a new mortgage and fintech consulting department.  The department is bridging the gap between mortgage operations and technology delivering both management consulting and technology services to all aspects of the mortgage industry.

Services include process optimization, LOS support and selection, business intelligence, operational consulting, cyber-security, on-site and remote training, and regulatory compliance & advisory services along with custom RESTful API development with advanced systems integrations.

“Our goal is to service the entire Industry said Gregory McDonald, CEO of Cloudstar, which includes working with Wholesale & Retail lenders, in addition to brokers, to deliver solutions for Loan Origination, Distressed Asset Management, Default Tracking and REO Properties. And because of our already large industry presence in banking and land title, we are uniquely positioned to provide additional insight and value.”

About Cloudstar

Cloudstar is an emerging leader in financial services technology, with a focus on mortgage origination, title insurance, real estate, consumer banking, law, risk & compliance, consulting and outsourcing solutions. Through the breadth of our solutions portfolio, and our subsidiary companies MortgagePhish, Cloud Bunny & Teletonix Communications, Cloudstar delivers a wide variety of solutions to thousands of customers located throughout the United States and emerging global markets.

Core services include colocation, public & private cloud, containerization, virtualization, cyber security, SIEM, IT resiliency, telecommunications, application integration, industry specific business development and workflow consulting.

Cloudstar continually strives to make customer service our number one focus being mindful that our success depends on the success of our customers. We take information security very seriously, never losing sight of our obligations to protect and secure the confidential assets of our clients and their customers.

###

Note: If you would like to learn more, please visit our mortgage & fintech consulting page which can be viewed HERE

0 Continue Reading →

Cloudstar is Pleased to Sponsor the 2021 Voice of The Title Agent Special Report

For over a decade, the October Research annual Voice of the Title Agent survey has given a voice to big and small title agents across the country. This year, Cloudstar is pleased to announce sponsorship of this very important industry study and report. If you’re interested in taking part in the survey, you may to so by clicking HERE.

As an active member and leader in the land title community, Cloudstar is also sponsoring the 2021 Cyber-Security Special report in addition to the new 2021 Business Continuity Special Report.

We would like to thank our customers for their continued support of October Research and highly encourage them to participate in the above survey.

Voice of the Title Agent

0 Continue Reading →

We’re Hiring! Director of Human Resources

Our International Cloud Computing, Telecommunications, and Technology Consulting Family of Companies is seeking a Director of Human Resources (HR). The Director of HR reports to the Chief Financial Officer and is responsible for the overall HR functions of the company. The Director of HR will help employees be successful in their roles by offering services to support each individual, as well as the company as a whole. This is an exciting leadership opportunity for someone with an extensive background in human resources! The salary range for this role is $120-140k.

Responsibilities of the Director of HR:

  • Overall Human Resource management of the staff including strategy and development, coaching of employees, and long term planning for staff
  • Talent acquisition including, but not limited to the recruitment and hiring of new employees
  • Coordinate company benefits programs (Health, Dental, Vision, Disability, Life, Supplemental, 401k)
  • Facilitate orientation for any and all new employees
  • Update company’s protocol dependent on changes in laws and regulations
  • Maintain all policies, procedures, and employee handbook
  • Oversee and direct all required training courses
  • Encourage team morale with employee appreciation programs
  • Introduce strategies for employee growth and career building
  • Handle all Human Resources tasks such as employee verification, unemployment claims, and exit interviews
  • Record and file all necessary employee records
  • Experience working with and evaluating credit and background checks
  • Work with Regulatory Compliance department to maintain internal process controls to meet compliance objectives (AICPA SOC1 / SOC2 / SOC3 – TYPE 2)

Job Requirements:

Requirements of the Director of HR:

  • Bachelor’s degree required
  • Master’s degree preferred
  • 10-15 years’ experience
  • SHRM-SCP or SHRM-CP preferred
  • Oracle NetSuite experience preferred
  • AutoTask experience helpful
  • Rev.Io experience helpful
  • PayChex experience preferred
  • Proficient in Microsoft Office Suite
  • Anticipate and navigate any personnel issues that may arise
  • Strong sense of initiative
  • Work well in a team environment
  • Superb leadership skills
  • Excellent written and verbal communication skills
  • Detail-oriented and highly organized
  • Experience in project management

Compensation Package:

  • 120-140k based on experience
  • Health, Dental, Vision Insurance
  • HSA
  • 401k with employer match
  • Life insurance (employer paid)
  • 10 days PTO
  • Employee American Express Card
  • Work from home
  • Relaxed team environment

Now Hiring HR Cloudstar

1 Continue Reading →

Cloudstar Adds Support for FreeBSD

Cloudstar is pleased to announce support for the ultra secure unix like FreeBSD operating system- when hosted in either our private cloud, public cloud, or within our customer’s infrastructure.

FreeBSD is a free and open-source Unix-like operating system descended from the Berkeley Software Distribution (BSD), which was based on Research Unix. The first version of FreeBSD was released in 1993. In 2005, FreeBSD was the most popular open-source BSD operating system, accounting for more than three-quarters of all installed simply, permissively licensed BSD systems.

FreeBSD has similarities with Linux, with two major differences in scope and licensing: FreeBSD maintains a complete system, i.e. the project delivers a kernel, device drivers, userland utilities, and documentation, as opposed to Linux only delivering a kernel and drivers, and relying on third-parties for system software; and FreeBSD source code is generally released under a permissive BSD license, as opposed to the copyleft GPL used by Linux.

The FreeBSD project includes a security team overseeing all software shipped in the base distribution. A wide range of additional third-party applications may be installed using the pkg package management system or FreeBSD Ports, or by compiling source code.

Much of FreeBSD’s codebase has become an integral part of other operating systems such as Darwin (the basis for macOS, iOS, iPadOS, watchOS, and tvOS), TrueNAS (an open-source NAS/SAN operating system), and the system software for the PlayStation 3 and PlayStation 4 game consoles.

FreeBSD

 

0 Continue Reading →

Now Hiring – SVP of Technology Sales

Here we grow again! Cloudstar has an opening for an SVP of Sales. Our successful candidate must have experience selling software and cloud services into the legal, banking and settlement services space.

Requirements:

  • Overall sales and business experience over 10+ years.
  • Experience in selling software and cloud services is essential.
  • Education – Bachelor’s degree at the minimum, MBA is preferred.
  • Responsible for bringing in new projects from financial services companies.
  • Key responsibility is to grow the existing accounts and hunt for new logos
  • Individual contributor role with a passion for problem solving and earning money
  • Strong rolodex of connects in the legal, land title, mortgage services or financial services industries.
  • Strong knowledge of the technical needs, demands and challenges facing today’s remote workforce.
  • Must be able to strategize the account, plan for revenue growth and work on building an effective pipeline
  • Must be able to travel as required and walk the corridors

Our successful candidate must have a demonstrated history of closing mid-size and large transactions across the financial sector.

This position can be remote.

 

COMPENSATION

$ 175,000 – $225,000 / yr. + commissions
401K w/ 3% Employer Match
Health, Dental & Vision Insurance
Supplemental Insurance
Life Insurance
10 days PTO
Company American Express Card

 

Opportunity to up-sell and cross sell products and services with other Cloudstar companies such as Teletonix Communications, MortgagePhish and CloudBunny.

Please email your resume to [email protected]

0 Continue Reading →

 

Recent Comments by Gregory M

    No comments by Gregory M