In the last few months, we’ve seen many of our customers being targeted by Fedex/DHL impersonations. These attacks typically involve a hacker trying to impersonate one of these physical delivery services to infect the endpoint with an advanced persistent threat such as ransomware. The attackers will go to lengths to ensure that the email's sender and subject seem authentic and urgent, to increase the likelihood that the employee will open the message.
Archives for February 2017
This month has brought us hacks from the world over – including a breach at Yahoo, which is possibly linked to a state-sponsored hacker, an XSS Bug in Steam, and reports of a Russian hacker who has sold access details to over 60 universities and Govt agencies, all harvested using SQLi. The WordPress vulnerability that was fixed last month has now been used to deface over a million sites and counting, and a Mirai successor may be on the rise.
Yahoo is sending messages to some users alerting them to the use of forged cookies to access their data in a third breach of customer accounts in 2015-2016, CNBC reports. Some of these hacks are attributed to a “state-sponsored actor” also involved with the 2014 Yahoo breach in which 500 million accounts were compromised.
The Tech & Learning Annual Awards of Excellence have wrapped up, and we are pleased to be among the winners. Barracuda Essentials for Office 365 was recognized in the category of New Products, and three other Barracuda solutions received Awards of Excellence as Upgraded Products. You can see the winners at the Tech & Learning site here.
Tech & Learning is one of the premier magazines for education technology professionals responsible for implementing and purchasing technology products in K-12 districts and schools. 2016 marks the 34th year of the Tech & Learning Annual Awards for Excellence, which helps community leaders discover and evaluate the latest products and services in educational technology. You can learn more about Tech & Learning at their website here.
Barracuda Essentials for Office 365 – New Product
One of our hottest new solutions for businesses also fits right into the K12 community. Barracuda Essentials for Office 365 provides multi-layer security, backup, archiving, and eDiscovery for Office 365 deployments.
Barracuda Backup – Upgraded Product
The Barracuda Backup solution has received significant feature enhancements this year, including a portfolio-wide refresh designed to help organizations that face increasing data demands and limited resources. Physical, virtual, cloud, and SaaS; whatever the deployment, this single, integrated solution keeps all your data safe.
NextGen Firewall F-Series – Upgraded Product
The Barracuda NextGen Firewall (NGF) has made significant forward progress this year. The team expanded the security functionality of the NGF and added several enhancements to performance and cloud enablement. The F-Series cloud-ready firewalls improve site-to-site connectivity and enable uninterrupted access to applications hosted in the cloud.
Web Security Gateway – Upgraded Product
A favorite of K12 and other education communities, the Barracuda Web Security Gateway (WSG) protects users from web-borne malware and viruses, lost user productivity, and misused bandwidth. In the past year, we've added the new Web Categorization Service, made it easier to manage Chromebook security, and doubled SSL inspection speed and added ATD integration. The Barracuda Web Security Gateway has everything an educational organization needs to maintain a safe computing environment, on or off campus.
2016 isn't the first year that Barracuda has picked up Tech & Learning Awards of Excellence. From 2013 – 2015, Barracuda received fourteen awards for our security, storage, and productivity solutions.
If you would like more information on Barracuda solutions for K-12 environments, visit our corporate website here. We offer solutions for safe learning, paperless schools, managing data, network readiness, and email security.
One the one IT security professionals from a budgetary perspective have never had it so good. Every IT budget forecast for the coming year projects a major increase in IT security spending. One of the latest projections put together by venture capitalists estimates that cumulative spending on IT security will top $1 trillion by 2021. Inside a lot of IT organizations, however, that news needs to be tempered by the fact that IT security spending as a percentage of the overall IT budget is relatively small. That means a double-digit increase in IT security spending, for example, might not have that much of a material impact in terms of improving IT security.
This week CRN© announced its list of 2017 Channel Chiefs, with Barracuda being represented by Ezra Hookano, VP of Channels and Neal Bradbury, Senior Director of Business Development for Intronis MSP Solutions by Barracuda. According to CRN, the executives on this annual list represent top leaders in the IT channel who excel at driving growth and revenue in their organizations through channel partners.
“The channel is an integral part of our go-to-market strategy – whether it is via our MSP partners where Neal has a proven track record for helping them build recurring revenue streams while safeguarding their customers’ virtual, physical, and hybrid IT environments, or through our traditional channel and cloud-focused partners where Ezra is leveraging his more than 25 years of indirect sales experience to drive success with midmarket and enterprise customers. It is inspiring to see the strides that are being made,” said BJ, Jenkins, president and CEO, Barracuda. “Together, Neal and Ezra make an unbeatable team when it comes to strengthening our position as the go-to provider of security and data protection for the channel, and we are honored to see them both recognized once again by CRN for their industry leadership.”
On January 26, WordPress released a security update (4.7.2) to fix a set of vulnerabilities on its platform, including an SQLi and XSS vulnerability. They recommended that this version be installed immediately for security reasons. What they did not disclose was that a serious vulnerability existed in their REST API endpoint, which was introduced in the 4.7 version; however, this was fixed in version 4.7.2.
WordPress released a blog post on February 1 that revealed the endpoint vulnerability. The announcement was initially delayed because they needed to inform security companies about the vulnerability, as well as help them build rules to block these attacks. This would prevent the numerous attacks that typically follow a disclosure. Kudos to the WordPress team for taking immediate action on a serious issue.
Only 36 percent of adults surveyed would choose to become a customer of the company they work for based on what they know the company’s cybersecurity practices. That finding in a survey of over 5,000 adults in the U.S. released this week by Kaspersky Lab and Hacker One suggests that despite a regular litany of breaches not much progress has been made in terms of making the average IT environment more secure.
The real issue, of course, is that business executives are as they do in almost every case weighing risk versus cost. They all know that at some level the way the organization manages data is not especially secure. The assumption they make is essentially the same one any animal that travels in a herd does. The odds are good that given all the available targets predators will simply pick off some other member of the herd while they hopefully get to travel on.