Ben Drawbaugh

I’m very proud and excited to announce that I’ve started a new Managed IT Services company named IT Accelerant. I’ve worked in IT since 2000, in 2018 I started working for an MSP in Annapolis Maryland and learned to love the business of helping other businesses succeed with technology. I’ve been in the Managed IT Services space ever since and love it.

IT Accelerant will focus on serving small to mid-sized business (5-100 people) in Colorado. We’ve just launched a new website that explains our focus and the types of businesses we support. We look forward to serving other business in our area!

At this point, it’s beyond ridiculous. The device that is supposed to provide security is the one requiring constant updates due to vulnerabilities that are exposed to the internet. Every software vendor has bugs, many of them are security related. It happens. Which is why it is essential that your systems can be quickly and easily updated. Other firewall vendors have provided such automatic updates for over a decade, it’s time we stop using technology that is so difficult to keep updated. Rant over, go update your firewalls now and while you are at it, upgrade to modern solutions that don’t require a VPN at all (like SaaS).

I’ve always found a good hack fascinating (remember reading 2600?) but while it can be scary, understanding how a good hack works can help you avoid being a victim. This interesting hack against Office 365 accounts uses a few new tricks. One is to embed malicious links in attachments (the attachment itself is safe and the email security tool only scans the embedded URLs), the next is to use the attachment to launch a man-in-the-middle attack to capture a session token when a user goes to the legit Microsoft site to be authenticated. See in the case of MFA, the username and password by themselves aren’t useful without the additional factor, but once you have a token they can access the account until it expires (default 90 days). Anyways, evidently these tactics and more have been in use for years. It’s worth your time to read the whole thing at Bleeping Computer.

TLDR: don’t open attachments or click on links you aren’t expecting, better to call your contact and ask them if they actually meant to send it to you.