News

3CX Security Alert

3CX Security Alert – Seek Remediation

If your business uses 3CX for VoIP phone service, you should immediately check to see if you’ve been affected by their desktop application being compromised. Confirmed by 3CX yesterday, the Windows desktop application versions 18.12.407 & 18.12.416 and Mac application versions 18.11.1213, 18.12.402, 18.12.407 & 18.12.416 are affected. A digitally signed and trojanized version of the 3CX V desktop client is reportedly being used to target the company’s customers in an ongoing supply chain attack. The full scale of the attack is currently unknown. “The malicious activity includes beaconing to actor-controlled infrastructure, deployment of second-stage payloads, and, in a small number of cases, hands-on-keyboard activity,” CrowdStrike’s threat intel team said. This appears to have been a targeted attack from an advanced persistent threat, perhaps even state sponsored, that ran a complex supply chain attack and picked who would be downloading the next stages of their malware. The vast majority of systems, although they had the files dormant, were in fact never infected claims 3CX. The company said it’s engaging the services of Google-owned Mandiant to review the incident. In the interim, it’s urging its customers of self-hosted and on-premise versions of the software to update to version 18.12.422. 3CX has evolved from its roots as a PBX phone system to a complete communications platform. They operate in over 190 countries, with 600,000+ installations, and over million users. 3CX Remediation If your business has any of the affected versions installed, we recommend the following steps: Uninstall the 3CX desktop application from all PCs and MACs. Reset 3cx credentials for all users. Begin using the PWA web based application instead. Affected user accounts should have their login passwords reset. Enable Multi Factor Authentication where able. Any site where credential harvesting could have occurred from Chrome/Edge, etc should have the password reset. Invalidate any persistence tokens for sites like Microsoft 365, Google, etc. Invest in EDR (Endpoint Detection & Response) if you haven’t already. 3CX Security Alert Conclusion If you need assistance remediating this 3CX security alert, contact Pennyrile Technologies. We can assist with 3CX removal and securing your network. For additional information, you can follow the 3CX thread here.

3CX Security Alert – Seek Remediation Read More »

twitter

Security Alert: Change Your Twitter Password

Twitter has issued an alert to users prompting them to change their passwords after it was discovered some users’ passwords had been recorded in a plain text log file accessible by Twitter employees. Twitter has issued a message to most users alerting them of the issue with the following statement: We recently identified a bug that stored passwords unmasked in an internal log. We have fixed the bug, and our investigation shows no indication of breach or misuse by anyone. Out of an abundance of caution, we ask that you consider changing your password on all services where you’ve used this password. Twitter masks passwords through a process called hashing using a function known as bcrypt, which replaces the actual password with a random set of numbers and letters that are stored in Twitter’s system. Twitter Chief Technology Officer, Parag Agrawal, stated “This allows our systems to validate your account credentials without revealing your password. This is an industry standard.” Due to a bug, passwords were written to an internal log before completing the hashing process. “We found this error ourselves, removed the passwords, and are implementing plans to prevent this bug from happening again.” While Twitter’s security team determined that it was unlikely that the passwords had been leaked or misused, we highly recommend you change your password for any sites or services that utilized the same password.

Security Alert: Change Your Twitter Password Read More »

PTECH Holiday Rewards

Refer Pennyrile Technologies and Receive An Apple iPad!*

Pennyrile Technologies recognizes that an important part of any business’ success is when one client’s trust results in a referral to a new client. We appreciate your confidence in us and would like to reward you for referring your friends and colleagues to us! We’re kicking off a new referral and rewards program and here’s how it works: Refer a firm to us and you’ll receive your choice of a Pennyrile Buck, which is redeemable for 1 hour of our services, or a Visa gift card worth $50! If your referral hires Pennyrile Technologies as their IT Service Provider and signs a Managed Services contract, you’ll receive your choice of an Apple iPad* or 8 Pennyrile Bucks with our deepest appreciation. Thank you to all our clients! You are the foundation from which our business grows! Referral Program Terms & Conditions. Offer valid for first-time business referrals. The referral program is only available for active Pennyrile Technology accounts in good standing. To make referrals, you must: (1) Provide us with a valid email address and name of referral; (2) Have an active account in good standing; (3) Each Referee must sign a managed services agreement within 60 days of receiving the referral. Please allow up to four (4) weeks after referral validation for referral reward to be applied. Unused Pennyrile Bucks expire (1) year after issue date. Pennyrile Technologies reserves the right to modify, extend or cancel this Program at any time. *Apple iPad Air 2 16GB Wi-Fi

Refer Pennyrile Technologies and Receive An Apple iPad!* Read More »

World Backup Day

World Backup Day

World Backup Days is on March 31st and we want to know if you have your files backed up? Need assistance setting up a backup for your data? Give us a call. What exactly is a backup? A backup is a second copy of all your important files — for example, your family photos, home videos, documents, emails, and financial data. Rather than storing it all in one place (like your computer), you should keep another copy of everything somewhere safe like an external hard drive, DVD, or the cloud. So why should I backup? Losing your files is  more common than you’d think. Ever lost your phone, camera or tablet? What about a hard drive failure on your computer? There could also be an environmental event such as a fire. Your stuff could have been saved with a backup. One small accident or failure could destroy all the important stuff you care about. How should I backup? There are several ways to back up your data. You can back up to an external disk or drive, such as CD or DVD burners, USB sticks, and external hard drives. You can also use a third party service that backs up to the Internet or cloud. How often should I backup? You should backup anytime you have updated or added media that is important to you. If your computer is starting to die or become less reliable, make a backup immediately. For some people, backing up daily is necessary, and for others, weekly or monthly. Choose a schedule that works for you. Using third party software can automate your backups so you don’t forget!  

World Backup Day Read More »

Net Neutrality

FCC Releases Net Neutrality Rules

The Federal Communication Commission (FCC) has released the full set of Net Neutrality Rules. A copy of the document can be found (400 page PDF). A quick synopsis of the ruling is as follows:8.5 No blocking. A person engaged in the provision of broadband Internet access service, insofar as such person is so engaged, shall not block lawful content, applications, services, or non-harmful devices, subject to reasonable network management.8.7 No throttling. A person engaged in the provision of broadband Internet access service, insofar as such person is so engaged, shall not impair or degrade lawful Internet traffic on the basis of Internet content, application, or service, or use of a non-harmful device, subject to reasonable network management.8.9 No paid prioritization. (a) A person engaged in the provision of broadband Internet access service, insofar as such person is so engaged, shall not engage in paid prioritization. (b) “Paid prioritization” refers to the management of a broadband provider’s network to directly or indirectly favor some traffic over other traffic, including through use of techniques such as traffic shaping, prioritization, resource reservation, or other forms of preferential traffic management, either (a) in exchange for consideration (monetary or otherwise) from a third party, or (b) to benefit an affiliated entity. ederal Communications Commission FCC 15-24 285 (c) The Commission may waive the ban on paid prioritization only if the petitioner demonstrates that the practice would provide some significant public interest benefit and would not harm the open nature of the Internet.8.11 No unreasonable interference or unreasonable disadvantage standard for Internet conduct. Any person engaged in the provision of broadband Internet access service, insofar as such person is so engaged, shall not unreasonably interfere with or unreasonably disadvantage (i) end users’ ability to select, access, and use broadband Internet access service or the lawful Internet content, applications, services, or devices of their choice, or (ii) edge providers’ ability to make lawful content, applications, services, or devices available to end users. Reasonable network management shall not be considered a violation of this rule.

FCC Releases Net Neutrality Rules Read More »