Skip to Content

Blog

Cloudstar to Sponsor & Exhibit at 2021 National Settlement Services Summit

Cloudstar is pleased to sponsor the 2021 The National Settlement Services Summit (NS3).  This years conference will be held between August 31st – September 2nd, 2021 in beautiful Naples, Florida.

NS3 is the premier annual destination for all professionals involved in the real estate transaction to come together for unrivaled networking and education including:

  • Executives
  • Title agents
  • Underwriters
  • Attorneys
  • Settlement services providers
  • Real estate agents
  • Mortgage lenders
  • Compliance officers
  • Technology solution providers
  • Regulators
  • Sales and marketing managers
  • Operations officers

What is NS3?

NS3 brings together more than 700 professionals from across the country for an educational experience unlike any other. For three days a roster of expert speakers and noted industry veterans share their experience with their partners across the real estate transaction.

Attendees return year after year to earn CE/CLE credits, learn about the latest strategies to advance their businesses and to stay current on regulatory developments. NS3 2021 will continue to offer numerous networking events all included in the price of registration!

Cloudstar looks forward to meeting with many of our customers, colleagues, and industry friends; we wish everyone safe travels!

National Settlement Services Summit

0 Continue Reading →

Cloudstar To Sponsor 2021 Texas Land Title Association Conference

Cloudstar, a proud member of the TLTA,  is pleased to announce that we will be sponsoring and exhibiting at the 2021 Texas Land Title Association Annual Conference and Business Meeting.  The conference will be held this year at the Kalahari Resort at Round Rock from August 9-11, 2021 with the following agenda:

SUNDAY, AUGUST 8

Early Conference Registration
TAPS/KEGS Dinners (by invitation only)

Monday, August 9

Bert Massey Classic Golf Tournament and TLTAPAC Fundraiser (Offsite – Forest Creek Golf Club)
Sponsor Exhibits Open
Opening General and Educational Sessions
Opening Night Reception

Tuesday, August 10

Sponsor Exhibits Open
Terry Grantham Memorial TLTAPAC Breakfast and Annual Meeting
General Session and Business Meeting
Educational Sessions
Agent and Underwriter Meetings
President’s Evening and Live TLTAPAC Auction

Wednesday, August 11

Closing Session and Breakfast Benefiting TLTAPAC

 

If you would like to schedule time to meet with our team, please call us at 800-340-5780, or contact us by clicking HERE.

We look forward to meeting with our many Texas based customers, industry colleagues, and friends and wish everyone safe travels!

2021 TLTA Annual Conference

0 Continue Reading →

Cloudstar Providing Free Migrations Away From Microsoft Azure

Cloudstar is pleased to announce free cloud migrations for companies currently using Microsoft Azure Cloud services.  The migration service is in response to feedback wherein Microsoft Azure customers have been growing increasingly dissatisfied with various aspects of the Microsoft Cloud specifically in the areas of unpredictable billing caused by automated resources on demand, and questionable performance during peak work hours due to Azure being a “public cloud”.

Under the new program, Cloudstar is willing to move current Microsoft Azure customers into a dedicated private cloud environment with unlimited resources and billed at a flat rate per user.  This model addresses two of the loudest concerns while ensuring customers are hosted in an environment with a smaller cyber-attack footprint.

The same program is also available for users of the popular Office 365 system, Microsoft’s hosted email platform.  Microsoft O365 as it’s sometimes called has grow in popularity due to its low cost pricing and ease of use, but hackers have also taken notice making it one of the most heavily targeted systems for hacking, email phishing, and business email compromise.

If you’re interested in your own private servers, with flat rate pricing, please contact Cloudstar at 800-340-5780 or contact us online by clicking HERE

0 Continue Reading →

Cloudstar Launches Mortgage & Fintech Consulting Department

FOR IMMEDIATE RELEASE

February 8th 2021 – Jacksonville FL.  Cloudstar is pleased to announce the launch of a new mortgage and fintech consulting department.  The department is bridging the gap between mortgage operations and technology delivering both management consulting and technology services to all aspects of the mortgage industry.

Services include process optimization, LOS support and selection, business intelligence, operational consulting, cyber-security, on-site and remote training, and regulatory compliance & advisory services along with custom RESTful API development with advanced systems integrations.

“Our goal is to service the entire Industry said Gregory McDonald, CEO of Cloudstar, which includes working with Wholesale & Retail lenders, in addition to brokers, to deliver solutions for Loan Origination, Distressed Asset Management, Default Tracking and REO Properties. And because of our already large industry presence in banking and land title, we are uniquely positioned to provide additional insight and value.”

About Cloudstar

Cloudstar is an emerging leader in financial services technology, with a focus on mortgage origination, title insurance, real estate, consumer banking, law, risk & compliance, consulting and outsourcing solutions. Through the breadth of our solutions portfolio, and our subsidiary companies MortgagePhish, Cloud Bunny & Teletonix Communications, Cloudstar delivers a wide variety of solutions to thousands of customers located throughout the United States and emerging global markets.

Core services include colocation, public & private cloud, containerization, virtualization, cyber security, SIEM, IT resiliency, telecommunications, application integration, industry specific business development and workflow consulting.

Cloudstar continually strives to make customer service our number one focus being mindful that our success depends on the success of our customers. We take information security very seriously, never losing sight of our obligations to protect and secure the confidential assets of our clients and their customers.

###

Note: If you would like to learn more, please visit our mortgage & fintech consulting page which can be viewed HERE

0 Continue Reading →

Phishing: These are the most common techniques used to attack your PC

Microsoft Office macros, PowerShell and more are still proving to be popular with cyber criminals distributing attacks via phishing emails, warn researchers after analyzing billions of attacks.

Creating malicious Office macros is still the most common attack technique deployed by cyber criminals looking to compromise PCs after they’ve tricked victims into opening phishing emails.

Phishing emails are the first stage in the attack for the majority of cyber intrusions, with cyber criminals using psychological tricks to convince potential victims to open and interact with malicious messages.

These can include creating emails that claim to come from well-known brands, fake invoices, or even messages that claim to come from your boss.

There are number of methods that cyber criminals can exploit in order to use phishing emails to gain the access they require and, according to researchers at cybersecurity company Proofpoint, Office macros are the most common means of achieving this.

Macros are a function of Microsoft Office that allow users to enable automated commands to help run tasks. However, the feature is also abused by cyber criminals. As macros are often enabled by default to run commands, these can be used to execute malicious code – and thus provide cyber criminals with a sneaky way to gain control of a PC.

Many of these campaigns will use social engineering to encourage the victim to enable macros by claiming the functionality is needed in order to view a Microsoft Word or Microsoft Excel attachment. It’s proving a successful method of attack for cyber criminals, with Office macros accounting for almost one in 10 attacks by volume.

But Office macros are far from the only attack technique that cyber criminals are commonly adopting in order to make hacking campaigns as successful as possible.

Sandbox evasion is the second most common attack technique used by criminals distributing phishing emails.

This is when the developers of malware build-in threat detection that stops the malware from running – effectively hiding it – if there’s a suspicion that the malware is running on a virtual machine or sinkhole set up by security researchers. The aim is to stop analysts from being able to examine the attack – and, therefore, being able to protect other systems against it.

PowerShell is also still regularly abused by attackers as a means of gaining access to networks after getting an initial foothold following a phishing email. Unlike attacks involving macros, these often rely on sending the victim to click a link with code to execute PowerShell. The attacks are often difficult to detect because they’re using a legitimate Windows function, which is why PowerShell remains popular with attackers.

Other common attack techniques used to make phishing emails more successful include redirecting users to websites laced with malicious HTML code that will drop malware onto the victim’s PC when they visit, while attackers are also known to simply hijack email threads, exploiting how victims will trust a known contact and abusing that trust for malicious purposes, such as sending malware or requesting login credentials.

The data on the most common attack techniques has been drawn from campaigns targeting Proofpoint customers and the analysis of billions of emails.

Train users to spot and report malicious email. Regular training and simulated attacks can stop many attacks and help identify people who are especially vulnerable.

Stop phishing today: Learn more at www.MortgagePhish.com – a Cloudstar company.

0 Continue Reading →

Cloudstar Adds Additional Encrypted Storage Capacity

Cloudstar is pleased to announce additional dedicated EMC, All Flash, Unity Private Cloud Storage. This capacity increase will provide additional self-encrypting storage for our financial services and health care clients who are in need of meeting certain applicable regulatory compliance requirements such as HIPAA.

The demand has never been higher. With data security concerns at an all-time high, it is no surprise companies continue to place a premium on ensuring sensitive data is protected from unauthorized access. Whether it is due to internal policies or external compliance, securing data continues to be a high priority for organizations of all sizes. The additional EMC storage systems acquired by Cloudstar address these concerns through controller-based Data at Rest Encryption ([email protected]), which encrypts stored data as it is written to disk. This provides yet another layer to protect against unauthorized access by rendering the drive unreadable without the encryption key. In addition to peace of mind, [email protected] offers additional benefits including regulatory compliance, secure decommissioning, and the possibility to eliminate the need for
physical drive shredding.

Customers have the option of purchasing storage allocations on dedicated EMC Unity hardware, or shared hardware available in a wide variety of configurations, and drive array options.

Contact your Cloudstar sales representative for more information.

0 Continue Reading →

The State of Phishing in 2021

In 2020 phishing exploded as the world faced a 100-year pandemic and many people moved to remote working and learning, which changed the phishing threat landscape forever. Our recent report, The State of Phishing, SlashNext Threat Labs, reports on the latest statistics and trends in phishing. In the last 12 months, cybercriminals launched thousands of new phishing pages every hour to harvest personal information, steal corporate data, and commit credit card fraud with no sign of slowing down. Phishing increased 42% in 2020, over 2019. By mid-2020, SlashNext Threat Labs saw the number of daily phishing threats top 25,000 a day, a 30% increase over 2019 figures. By fall, the number had grown to 35,000/day and grew to 50,000/day by December and continues to rise in 2021.

 

The change in the phishing threat landscape is attributed to the increased use by cybercriminals of automation and AI. The low cost of computing and the availability of behavioral information from the public and the dark web make targeting effective by simulating trusted sources and launching attacks through new communication channels. These sophisticated tools offer cost-efficient and easy ways to run short-lived but highly effective phishing campaigns. By leveraging legitimate infrastructure, cyber criminals increase the likelihood of compromising a target and increase their success.

One example of the latest spear-phishing attacks on legitimate infrastructure found by SlashNext Threat Labs in late January 2021 was a 2FA attack. The spoofed Chase Bank 2FA authentication page was hosted on legitimate infrastructure on Doster.com, a web hosting offering for small businesses with additional business services.

We are now seeing more phishing attempts that can bypass two-factor authentication (2FA) or multi-factor authentication. Many with Two Factor Authentication (2FA) believe they’re protected because the birth of 2FA grew from knowing that current security defense solutions were no longer working. Rogue browser extensions can deliver these types of attacks by using Man-in-the-Middle tactics. These browser extensions offer cybercriminals the perfect workaround for organizations that rely heavily on 2FA. By design, once a browser extension is installed, it can access the browser’s complete canvas. Once logged in, the session is hijacked to capture whatever is on the computer screen. These extensions have the full power to do whatever the user is doing and seeing whatever is happening within that browser window.

 

 

0 Continue Reading →

Attackers Exploit Critical Adobe Flaw to Target Windows Users

 

A critical vulnerability in Adobe Reader has been exploited in “limited attacks.”

Adobe is warning of a critical vulnerability that has been exploited in the wild to target Adobe Reader users on Windows.

The vulnerability (CVE-2021-21017) has been exploited in “limited attacks,” according to Adobe’s Tuesday advisory, part of its regularly scheduled February updates. The flaw in question is a critical-severity heap-based buffer overflow flaw.

This type of buffer-overflow error occurs when the region of a process’ memory used to store dynamic variables (the heap) can be overwhelmed. If a buffer-overflow occurs, it typically causes the affected program to behave incorrectly. With this flaw in particular, it can be exploited to execute arbitrary code on affected systems.

“Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS,” said Adobe on Tuesday. “These updates address multiple critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user.”

Adobe Flaw: Security Updates

Acrobat is Adobe’s popular family of application software and web services used to view, create and manage files. CVE-2021-21017, which was anonymously reported, affects the following Adobe Acrobat Reader versions:

  • Acrobat Reader DC versions 2020.013.20074 and earlier for Windows and macOS
  • Acrobat Reader 2020 versions 2020.001.30018 and earlier for Windows and macOS
  • Acrobat Reader 2017 versions 2017.011.30188 and earlier for Windows and macOS

The flaw has been patched in the following versions:

  • Acrobat Reader DC version 2021.001.20135
  • Acrobat Reader 2020 version 2020.001.30020
  • Acrobat Reader 2017 version 2017.011.30190

These patches are a priority level 1, which according to Adobe means they resolve “vulnerabilities being targeted, or which have a higher risk of being targeted, by exploit(s) in the wild for a given product version and platform.”

“Adobe recommends administrators install the update as soon as possible. (for example, within 72 hours),” according to its update.

Other Adobe Acrobat and Reader Critical Flaws

Including this exploited flaw, Adobe patched flaws tied to 23 CVEs overall in Acrobat and Reader – including 17 critical-severity CVEs.

Most of these critical flaws could allow for arbitrary code execution, including a path traversal glitch (CVE-2021-21037), integer overflow error (CVE-2021-21036) and out-of-bounds write issues (CVE-2021-21044, CVE-2021-21038). Also patched were buffer overflow flaws (CVE-2021-21058, CVE-2021-21059, CVE-2021-21062, CVE-2021-21063) and use-after-free errors (CVE-2021-21041, CVE-2021-21040, CVE-2021-21039, CVE-2021-21035, CVE-2021-21033, CVE-2021-21028 and CVE-2021-21021).

A critical improper access control flaw (CVE-2021-21045) was also patched that allowed for privilege execution.

Critical Magento Security Updates

In addition to Acrobat and Reader security updates, Adobe also issued patches for critical vulnerabilities in Magento, its e-commerce platform.

Seven critical flaws were patched as part of this security update. All these flaws, if exploited, could lead to arbitrary code execution. These flaws include three security bypass issues (CVE-2021-21015, CVE-2021-21016 and CVE-2021-21025), a command injection flaw (CVE-2021-21018), an XML injection vulnerability (CVE-2021-21019), a file upload allow list bypass (CVE-2021-21014) and a cross-site scripting flaw (CVE-2021-21030).

Affected are Magento Commerce and Magento open source, 2.4.1 and earlier versions (with a fix in 2.4.2); 2.4.0-p1 and earlier versions (with a fix in 2.4.1-p1) and 2.3.6 and earlier versions (with a fix in 2.3.6-p1).

The update is a priority level 2, which according to Adobe “resolves vulnerabilities in a product that has historically been at elevated risk.”

Magento would be categorized as an “elevated risk” because it is commonly targeted by attackers like the Magecart threat group to target e-commerce stores for cyberattacks like web skimming. However, there are currently no known exploits for these flaws, said Adobe.

Other Security Flaws in Adobe Products

Adobe on Tuesday also patched critical-severity flaws in Adobe Photoshop (CVE-2021-21049, CVE-2021-21050, CVE-2021-21048, CVE-2021-21051 and CVE-2021-21047), Adobe Animate (CVE-2021-21052) and Adobe Illustrator (CVE-2021-21053, CVE-2021-21054).

However these patches came with a priority level 3 ranking, which means that they resolve vulnerabilities in a product that “has historically not been a target for attackers.”

For these flaws, “Adobe recommends administrators install the update at their discretion,” according to the security update.

Adobe’s February fixes come on the heels of a busy January security update, when the company patched seven critical vulnerabilities. The impact of the most serious of these flaws ranged from arbitrary code execution to sensitive information disclosure.

0 Continue Reading →

Cloudstar Adds Support for WireGuard VPN

Cloudstar is pleased to announce support for WireGuard® VPN.

Often times, our competitors will force non-Citrix users to install bulky and expensive business-grade firewalls just to logon, print and scan when working from home.

Not only can this be cost prohibitive, but it provides another set of problems – one more device to manage, update and support…..and yes, one more target for hackers.

Cloudstar solves this problem with WireGuard® .

WireGuard® is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPsec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances. Initially released for the Linux kernel, it is now cross-platform (Windows, macOS, BSD, iOS, Android) and widely deployable.

Additionally, WireGuard does NOT use passwords, but rather a single SSH key- as such, the entire solution is not only extremely secure, but 100% hands off making for an extremely easy and transparent user experience.

Call us today to learn more.

wireguard-vpn

 

0 Continue Reading →

Cloudstar is Pleased to Sponsor the 2021 Voice of The Title Agent Special Report

For over a decade, the October Research annual Voice of the Title Agent survey has given a voice to big and small title agents across the country. This year, Cloudstar is pleased to announce sponsorship of this very important industry study and report. If you’re interested in taking part in the survey, you may to so by clicking HERE.

As an active member and leader in the land title community, Cloudstar is also sponsoring the 2021 Cyber-Security Special report in addition to the new 2021 Business Continuity Special Report.

We would like to thank our customers for their continued support of October Research and highly encourage them to participate in the above survey.

Voice of the Title Agent

0 Continue Reading →