Continued widespread dictionary / brute force attacks

CTC NEWS, Industry News
Over the past two weeks, we have seen a significant spike in the number of brute force attacks against SSL VPN endpoints and VPN web portals. Initially, the traffic was coming from several hundred IP Addresses but we were pretty quickly able to distill it down to about 47 netblocks from two geographic areas (Russian Federation and China). All of the login attempts were failing and in the initial set of login attempts the usernames were varied and included admin, administrator, vpnuser, sslvpn, backup, user, sales and others. This most recent set of attempts though were for admin and administrator and, after distilling the data down we saw a new pattern emerge. A very small number of the attempts are now coming from domestic IP Addresses and, specifically, some of…
Read More

Possible delays in support due to labor shortage

CTC NEWS
Like many small businesses, we are feeling the strain of the labor shortage. In most cases, we have been able to schedule around it but we are seeing our response times start to stretch out longer than we would prefer. As a result, we are having to triage and prioritize some support requests and want to be very transparent about how this prioritization works. We will prioritize first based on customer type (MyIT, Commercial and Residential) and then based on the request types detailed in our Policies and Procedures page here. In any case, we will continue to respond to all support requests same day and, in most cases, within four business hours of receiving the request. We will continue responding to and addressing support requests as promptly as we…
Read More

Widespread brute force / dictionary attacks overnight

Industry News, Tech news
We received notifications from literally every Internet facing firewall that we have deployed as well as a number of honeypot devices for failed login attempts from an IP Address 45.134.144.200. This IP Address is in the same network (45.134.144.0/24) that we've seen similar traffic from in the past and we have no indication of any legitimate traffic to or from that network in the past 12 months. If you manage one or more networks with Internet connectivity, it may be worth looking into this network range to see if there has been any traffic (or successful logins). For our MyIT clients, we had already blocked a few specific IP Addresses based on similar traffic in the past but are now updating all of our managed firewalls to block the entire…
Read More

July 2022 News & Updates

CTC NEWS, Industry News, Monthly Newsletters, Tech news
Accepting Applications - We are considering adding a new member to the team and are accepting applications for a Tier 2 Support Position. If you know someone that's got a passion for good customer service, a solid technical pedigree and is looking to work with some of the greatest customers on the planet, definitely send them to our online application here.Macros Now Default Enabled - Microsoft reverses course on it's decision to turn off macros by default on untrusted documents. Not a lot of details on why other than "because some people said so" but network admins, systems admins and security admins are left scratching their heads on this one.More Zero Day Vulnerabilities - Microsoft is patching multiple privilege escalation vulnerabilities across it's fleet that, combined with something like a…
Read More

Closed Monday, 4 July 2022 for Independence Day

CTC NEWS
Cyber Tech Cafe will be closed on Monday, 4 July 2022 in observance of Independence Day to enjoy time with family, friends and loved ones. We will reopen on Tuesday, 5 July 2022 at 9:00am ET. We will have on-call support available for commercial and MyIT clients via the emergency support option on the phone or by adding 'emergency' to the subject line of support email. From all of us at Cyber Tech Cafe, we wish you a happy Fourth of July and are eternally grateful to the men and women who have fought to win and preserve our freedom.
Read More

Delay processing support requests via email

CTC NEWS
We are currently experiencing an issue processing (receiving) support requests received via email. This includes any new requests as well as email replies to existing requests. We are working on the issue now and expect to have it resolved quickly but wanted to let everyone know. If you need immediate assistance, please call the office at 770.386.8900. Update @ 1017 - The issue appears to be that the legacy authentication (POP3 over TLS) has been phased out a little earlier than originally expected and our helpdesk / ticketing system was temporarily unable to process incoming support requests. Ultimately, we were able to move up our plan to upgrade and are now good to go.
Read More

June 2022 News & Updates

CTC NEWS, Industry News, Monthly Newsletters, Tech news
Multiple Zero Day Vulnerabilities - Additional details below in the Microsoft Section but there were technically three critical vulnerabilities this month, one in NFS, one in Hyper-V and one in the Microsoft Diagnostic Tool. Microsoft is (finally) retiring Internet Explorer (IE) - A side impact of this is that Intuit Quickbooks, which has long used (required) the Internet Explorer web browser, now has it's own custom browser. Windows 11 is Here - Microsoft is wasting no time getting it's new flagship desktop operating system Windows 11 rolled out to (often) unsuspecting Windows 10 users. If you find yourself the recipient of an unexpected / involuntary upgrade to Windows 11, How-To Geek has put together an excellent article on downgrading back to Windows 10.The MyIT Program is proving to be a…
Read More

Problem with incoming email / support tickets

CTC NEWS
We are currently troubleshooting an issue with incoming emails to our helpdesk / ticketing system. If you send in a support request and do not receive an autoreply within 5 minutes or a response from my team within one hour (during business hours), please call the main office number. Update - 2022.04.18 @ 0822 - We believe that we have identified the issue and are working to resolve it at this time. There appears to have been a scheduled task that processed email that had stopped working properly. We have it running now but there will likely be autoreplies sent this morning in response to emails sent to us yesterday.Update - 2022.04.18 @ 0842 - The earlier issue with incoming email to our helpdesk / ticketing system has been identified…
Read More

April 2022 News and Updates

CTC NEWS, Industry News, Monthly Newsletters, Tech news
Windows 11 is Here - Microsoft is wasting no time getting it's new flagship desktop operating system Windows 11 rolled out to (often) unsuspecting Windows 10 users. If you find yourself the recipient of an unexpected / involuntary upgrade to Windows 11, How-To Geek has put together an excellent article on downgrading back to Windows 10.Firewall as a Service - We are currently exploring an option to offer what we are calling a "Firewall as a Service" for commercial clients. This would effectively be a way to "rent" a managed firewall for a fixed monthly cost. There would be a nominal install cost as well as a monthly recurring cost to manage the firewall but no term agreement and the customer would not have to purchase the firewall. If you…
Read More