WebProNews

Category: SysAdminNews

SysAdminNews

  • GoDaddy In Hot Water After Employees Help Hackers

    GoDaddy In Hot Water After Employees Help Hackers

    GoDaddy is once again in the news for all the wrong reasons after employees were tricked into helping hackers take over domains.

    This latest attack targeted a number of cryptocurrency services, and relied on “social engineering” to convince GoDaddy employees to hand over control of the target companies’ domain names. Mike Kayamori, CEO of Liquid, described the attack:

    On the 13th of November 2020, a domain hosting provider “GoDaddy” that manages one of our core domain names incorrectly transferred control of the account and domain to a malicious actor. This gave the actor the ability to change DNS records and in turn, take control of a number of internal email accounts. In due course, the malicious actor was able to partially compromise our infrastructure, and gain access to document storage.

    Kayamori said the company believes all client funds and digital wallets are secure, although personal information was compromised, including names, emails and encrypted passwords.

    Although there does not appear to be any statement on GoDaddy’s website acknowledging the breach, the company issued a statement to Engadget, confirming that a “limited number” of its employees had fallen for “social engineering” tactics resulting in unauthorized changes to customers accounts and domains.

    This is a huge embarrassment for GoDaddy, especially since the company was victim of a similar attack that impacted Escrow.com back in March.

  • Companies Estimate Five Days to Recover From Unpaid Ransomware

    Companies Estimate Five Days to Recover From Unpaid Ransomware

    Some 66% of companies believe it would take them at least five days to recover from an unpaid ransomware attack, according to a new survey.

    Ransomware has become one of the most popular and lucrative types of cyber attacks in recent years, with companies of all types and sizes falling victim. Government, non-profits and healthcare organizations have increasingly been in the crosshairs as well. In fact, the first confirmed ransomware death occurred when a hospital in Germany was hit in September.

    One of the biggest challenges many organizations face is the whether to pay or try to recover on their own from an attack. According to data firm Veritas’ 2020 Ransomware Resiliency Report, 66% of companies estimate it would take at least five days to recover from an attack if they chose not to pay the ransom.

    As ransomware attackers continue to deploy more effective and potentially devastating means of holding companies’ data and workloads ransom, the time for enterprises to act is now. They need to immediately assess their resiliency approach and make their backup and disaster recovery processes more robust, no matter where their data and applications are hosted, so they can more confidently pursue their hybrid multicloud strategy.

    The full report is worth a read, and illustrates the need for companies to continue to improve their ransomware resiliency.

  • Sweden’s Largest Insurer Leaked Private Data to Tech Firms

    Sweden’s Largest Insurer Leaked Private Data to Tech Firms

    Sweden’s largest insurer, Folksam, has admitted to accidentally leaking the private data of one million of its customers to tech firms.

    According to U.S. News & World Report, Folksam insures every second home in Sweden, giving the company access to vast troves of personal and private data on its customers. Unfortunately, the company accidentally shared that data with Facebook, Google, LinkedIn and Microsoft.

    Unlike the US, the EU has strict data privacy laws in the form of the GDPR. As a result, data breaches such as this one can result in hefty fines and penalties if not handled correctly. Folksam has assured customers that it does not appear any of the data was used improperly by third-parties, and vowed to do better.

    “We take what has happened seriously. We have immediately stopped sharing this personal information and requested that it be deleted,” said Jens Wikstrom, Folksam’s head of marketing.

    This data breach is just the latest example demonstrating the risks that come with the current state of the tech industry, and specifically cross-industry interdependencies that have become commonplace.

  • Windows 10 Upgrade May Cause Lost Certificates

    Windows 10 Upgrade May Cause Lost Certificates

    Microsoft has acknowledged that a Windows 10 upgrade is losing security certificates under certain circumstances.

    The issue was first reported by Borncity, when users started noticing problems after updating to the latest Windows 10 upgrade. According to the blog, “after installing cumulative October 2020 updates, various Windows 10 versions forget their certificates when upgrading to a higher Build.”

    Microsoft has now acknowledged the issue exists when upgrading from Windows 10 version 1809 to a newer version.

    System and user certificates might be lost when updating a device from Windows 10, version 1809 or later to a later version of Windows 10. Devices will only be impacted if they have already installed any Latest cumulative update (LCU) released September 16, 2020 or later and then proceed to update to a later version of Windows 10 from media or an installation source which does not have an LCU released October 13, 2020 or later integrated. This primarily happens when managed devices are updated using outdated bundles or media through an update management tool such as Windows Server Update Services (WSUS) or Microsoft Endpoint Configuration Manager. This might also happen when using outdated physical media or ISO images that do not have the latest updates integrated.

    For impacted systems, Microsoft recommends using the uninstall window to roll back to a previous version of Windows using these instructions. Impacted users will then need to wait until a fix is released before upgrading again.

  • Microsoft Ends Office 2010 and Office 2016 for Mac Support

    Microsoft Ends Office 2010 and Office 2016 for Mac Support

    Microsoft has ended support for Office 2010, as well as Office 2016 for Mac, and is instead pushing users toward Microsoft 365.

    Office 2010 is one of the most popular versions of the venerable office suite. In fact, as recently as 2017, a survey showed it was in use among 83% of organizations around the world.

    In spite of that, Microsoft has officially ended support for Office 2010, as well as the corresponding Office 2016 for Mac. Jared Spataro, Corporate Vice President for Microsoft 365, explainedthe decision:

    As we first announced back in April 2017, this decision aligns with our broader commitment to providing tools and experiences designed for a new world of work. If this year has taught us anything, it’s that we need to help our customers stay agile and connected despite constant change. And that means delivering cloud-connected and always up-to-date versions of our most valuable apps to every person and every organization on the planet. With Microsoft 365 Apps, we do that in three big ways. First, the cloud enables real-time collaboration across apps and within Microsoft Teams, the hub for teamwork. Second, AI and machine learning advance creativity and innovation in everything from PowerPoint design to Excel analysis. And finally, built-in, cloud-powered security protects your data and provides the peace of mind that comes with knowing your business will not only be productive, but also secured.

    We understand that everyone is at a different stage of their journey to the cloud, and we’re committed to supporting our customers throughout their transition to Microsoft 365 Apps. For those customers who aren’t ready for the cloud and have a specific need for on-premises or hybrid deployment, such as fully disconnected or restricted environments, we offer Office 2019, the perpetual version of Office that does not receive feature updates. But for everyone else, we’ve created a set of resources to help you transition to the Microsoft 365 Apps and innovations designed to help keep your environment up to date once you’ve made the transition.

    As more companies move to the cloud, as well as engage in remote work, Microsoft 365 is increasingly becoming a critical option for many companies. This move will no doubt accelerate its adoption.

  • US Joins International Call For Encryption Backdoors

    US Joins International Call For Encryption Backdoors

    Once again, the US is calling for weakened encryption, along with the Five Eyes, Japan and India.

    The Five Eyes is a group of nations that cooperate on intelligence, comprised of the US, UK, Australia, New Zealand and Canada. The extent of the Five Eyes’ spying was brought to the public’s attention as a result of Edward Snowden’s leaks.

    In an international statement, the Five Eyes, along with Japan and India, have once again called on companies to achieve the impossible.

    The statement beings with the following statement supporting strong encryption:

    We, the undersigned, support strong encryption, which plays a crucial role in protecting personal data, privacy, intellectual property, trade secrets and cyber security. It also serves a vital purpose in repressive states to protect journalists, human rights defenders and other vulnerable people, as stated in the 2017 resolution of the UN Human Rights Council. Encryption is an existential anchor of trust in the digital world and we do not support counter-productive and dangerous approaches that would materially weaken or limit security systems.

    The next part of the statement, however, directly contradicts the opening remark:

    Particular implementations of encryption technology, however, pose significant challenges to public safety, including to highly vulnerable members of our societies like sexually exploited children. We urge industry to address our serious concerns where encryption is applied in a way that wholly precludes any legal access to content. We call on technology companies to work with governments to take the following steps, focused on reasonable, technically feasible solutions:

    • Embed the safety of the public in system designs, thereby enabling companies to act against illegal content and activity effectively with no reduction to safety, and facilitating the investigation and prosecution of offences and safeguarding the vulnerable;
    • Enable law enforcement access to content in a readable and usable format where an authorisation is lawfully issued, is necessary and proportionate, and is subject to strong safeguards and oversight; and
    • Engage in consultation with governments and other stakeholders to facilitate legal access in a way that is substantive and genuinely influences design decisions.

    As has been pointed out repeatedly at WPN, what the international statement calls for is not theoretically, practically or scientifically possible. Encryption is based on mathematics. For encryption to be “strong,” it must be based on a sound mathematical implementation.

    The minute a backdoor is created, that strength vanishes. There is simply no way to simultaneously have strong encryption combined with a method to defeat that encryption. No matter how well intentioned such a backdoor may be, any such method would ultimately weaken encryption for everyone—including those, as the statement highlights, whose very lives depend on secure, encrypted communication.

    This is one of the reasons that, as previously reported, secure messaging app Signal has already said it would not be able to continue operating in the US should legislation be passed enforcing encryption backdoors. For perspective, Signal is used by congressional staff and the military, specifically because it is so secure.

    What is not clear is whether the officials calling for encryption backdoors understand the underlying principle and are disingenuously claiming otherwise, or whether they truly do not understand how encryption works.

  • Windows 10 May Block Drivers That Are Not Verified

    Windows 10 May Block Drivers That Are Not Verified

    Microsoft unveiled a major change as part of its Patch Tuesday yesterday, indicating some drivers may no longer work.

    Apple and Microsoft have both been increasing the security of their operating systems. A big part of that is digitally signing software to verify its authenticity. With the latest Patch Tuesday, however, Microsoft may be taking it a step further, blocking any drivers that aren’t signed.

    Microsoft outlines the issue under Known Issues:

    When installing a third-party driver, you might receive the error, “Windows can’t verify the publisher of this driver software”. You might also see the error, “No signature was present in the subject” when attempting to view the signature properties using Windows Explorer.

    Microsoft goes on to describe the specific issue, as well as what impacted users should do:

     

    This issue occurs when an improperly formatted catalog file is identified during validation by Windows. Starting with this release, Windows will require the validity of DER encoded PKCS#7 content in catalog files. Catalogs files must be signed per section 11.6 of describing DER-encoding for SET OF members in X.690.

    If this happens you should contact the driver vendor or device manufacturer (OEM) and ask them for an updated driver to correct the issue.

    While potentially annoying, this should help improve the security of Windows 10.

  • Microsoft Releases Windows 10 Update to Address Swollen Batteries

    Microsoft Releases Windows 10 Update to Address Swollen Batteries

    Microsoft has released an update to Windows 10 in an effort to help prevent some HP laptops from experiencing swollen batteries.

    Some HP Business Notebooks began experiencing a number of issues related to HP Battery Health Manager. The problems could include performance issues, reduced battery life and, in the worst cases, swollen batteries.

    Microsoft worked with HP to identify the cause of the issue and release a fix. The update changes the battery charging algorithm, which should address the issue.

    “To address a configuration settings issue, HP worked with Microsoft to deliver an HP solution that detects if select HP business notebooks have HP Battery Health Manager disabled in their BIOS, and enables it with the recommended setting of Let HP Manage My Battery Charging,” reads the HP Knowledge Base. “With this setting enabled, the notebook dynamically changes how it charges the notebook battery based on usage conditions over time, improving the overall health and life of the battery.”

    The update is a targeted fix and will only be available to impacted systems.

  • Microsoft and Datadog Announce Partnership to Secure Azure

    Microsoft and Datadog Announce Partnership to Secure Azure

    Microsoft and Datadog have announced a partnership that will see Datadog be a first-class service in Azure Portal.

    Datadog is a company that specializes in monitoring and securing cloud platforms. The company’s platform is designed to integrate with client infrastructure and provide the necessary monitoring to help companies maintain optimal performance and security.

    The new partnership will make Datadog a first-class service for Azure customers, the first partnership of its kind for Datadog.

    “Azure is the first cloud to enable a seamless configuration and management experience for customers to use partner solutions like Datadog. Together with Datadog, we are enabling customers to use this experience to monitor their Azure workloads and enable an accelerated transition to the cloud,” said Corey Sanders, Microsoft Corporate Vice President, Azure.

    “Observability is a key capability for any successful cloud migration. Through our new partnership with Microsoft Azure, customers will now have access to the Datadog platform directly in the Azure console, enabling them to migrate, optimize and secure new and migrated workloads,” said Amit Agarwal, Chief Product Officer, Datadog.

  • New Windows 10 Feature Will Detect Failing SSD

    New Windows 10 Feature Will Detect Failing SSD

    Microsoft has announced Windows 10 Insider Preview Build 20226 with feature designed to help monitor the health of SSD storage.

    SSDs have many benefits over traditional platter hard drives. They’re faster and more energy efficient, since they have no moving parts. Just as important, they’re less prone to damage. When a traditional hard drive is stopped, the head can impact the platters, scoring them and causing major damage. With no moving parts, this is less of a concern with SSDs.

    Despite their durability, SSDs do have a failure rate. Corrupt data, weak solder joints, failing chips and other factors can cause an SSD to fail. Once they begin to fail, they tend to go quickly.

    Microsoft is looking to give users a heads up when an SSD is about to fail, giving them time to backup before it’s too late. The latest preview release includes the new feature.

    “Attempting to recover data after drive failure is both frustrating and expensive,” says Brandon LeBlanc on the company blog. “This feature is designed to detect hardware abnormalities for NVMe SSDs and notify users with enough time to act. It is strongly recommended that users immediately back up their data after receiving a notification.”

  • Microsoft 365 Outage Impacting Users

    Microsoft 365 Outage Impacting Users

    Microsoft has experienced an embarrassing outage of its premier office suite, right as people are relying on it more than ever.

    Microsoft 365 is the cloud-based version of Office. As the pandemic has led to more individuals working from home and engaging in remote learning, Microsoft 365 has become a critical component. This makes the outage all the more devastating for the company’s users.

    To make matters worse, Microsoft identified an updated to the Microsoft 365 Admin Dashboard as the culprit. Unfortunately, rolling back the change has not fixed the issue.

    It appears users already logged into service are not impacted. In the meantime, Microsoft is “rerouting traffic to alternate systems to provide further relief to the affected users.”

  • Homeland Security Issues Warning On Critical Windows Server Bug

    Homeland Security Issues Warning On Critical Windows Server Bug

    The Department of Homeland Security (DHS) is warning of a Windows Server bug that can give hackers access to any machine on a network.

    Microsoft issued a patch in August that serves as a stopgap measure to prevent the vulnerability from being used. A permanent fix is expected early next year. In the meantime, the vulnerability does not require a hacker to steal authentication information. Instead, a hacker merely has to forge “an authentication token for specific Netlogon functionality,” according to Tom Tervoort, Senior Security Specialist and Ralph Moonen, Technical Director at Secura.

    Once the token is used, an attacker is “able to call a function to set the computer password of the Domain Controller to a known value. After that, the attacker can use this new password to take control over the domain controller and steal credentials of a domain admin.” This attack would allow a hacker to take over any computer on the network.

    The vulnerability has been given the highest severity rating, a CVSS score of 10.0. As a result, DHS is giving government offices until 11:59 PM, Monday, September 21 to implement the patch. Needless to say, all other organizations should implement Microsoft’s patch immediately, and be on the lookout for the permanent fix early next year.

  • Proofpoint CEO: Working From Home Changes Face Of Work

    Proofpoint CEO: Working From Home Changes Face Of Work

    “There are huge benefits to collaboration,” says Proofpoint CEO Gary Steele. “However, I do believe fundamentally that this work from home economy that we’re living in is going to change the face of work. You’re going to see a blend. Security leaders and organizations are going to need to figure out how do you defend people when they are sitting at home working from their couch just doing their job and doing it well?”

    New AI/ML Innovations Block Bogus Emails

    One of the big investments for us in this people-centric framework is to help organizations protect the data that people create. We’re giving companies more visibility and more controls to ensure that when you’re sitting in front of your couch and working from home that you’re not treating data in a way that’s going to ultimately hurt the company. For those individuals that are doing something malicious, we’re going to help companies find those malicious individuals.

    We need to block (bogus emails that are supposedly from a trusted source) so that an individual doesn’t actually receive that message (in the first place). That is an impersonation. That’s how we’re applying new innovations in the AI/ML (artificial intelligence & machine learning) space to be able to identify those very sophisticated attacks and block them so that a poor user is not trying to figure out (if it is really) the CEO that asked me to do something that they shouldn’t do.

    Proofpoint CEO Gary Steele: Working From Home Changes Face Of Work
  • WSJ: Microsoft Partners With Startups To Win Cloud War

    WSJ: Microsoft Partners With Startups To Win Cloud War

    According to the Wall Street Journal Microsoft is partnering with tech startups as part of its fierce battle to win the cloud war against Amazon, Google, and others. Microsoft just announced today a global strategic alliance with cloud security startup Abnormal Security. The deal is straight forward. The fast-growing startup moves its platform to Azure and Microsoft will offer Abnormal Security to its huge list of enterprise customers. Amazon has been employing this tactic as well per WSJ.

    In the latest deal with Abnormal Security, Azure customers can purchase Abnormal Security directly via Microsoft co-sell and through the Azure Marketplace. Microsoft says that all purchases count towards enterprise Azure commitments.

    “Microsoft for Startups is committed to helping B2B startups use the Microsoft platform to scale their business quickly and deliver innovative AI-powered solutions to enterprise customers,” said Jeffrey Ma, VP Microsoft for Startups. “Abnormal has hit the ground running, seeing success with Fortune 1000 companies in a short time, and we’re looking forward to joining forces to further accelerate their security solution to our global customers.”

    Evan Reiser, Co-founder and CEO at Abnormal Security said, “When considering the right cloud infrastructure, startups need to look at both the technology platform and the business opportunity. As a cybersecurity company, we were very intrigued with Azure’s inherent security, privacy and AI offerings and as a startup, Microsoft’s go-to-market support and access to the largest enterprises is unmatched. We decided that to be a high-growth company selling to the Fortune 1000, it made business sense to partner with Microsoft and move our business to Azure.”

    “Abnormal’s unparalleled market traction is a testament to incredible value being delivered to their customers and the ability to protect organizations from these cyberattacks that have cost them over $2b. I couldn’t be any more excited to see the accelerated growth with Microsoft co-selling the solution,” said Saam Motamedi, General Partner at Greylock Partners.

    It’s definitely a win-win for Microsoft and startups like Abnormal Security. Microsoft gets a fast growing startup exclusively on its platform and Abnormal Security gets access to Microsoft’s massive connections with enterprise companies.

  • Windows 10X Single-Screen In 2021, Dual-Screen In 2022

    Windows 10X Single-Screen In 2021, Dual-Screen In 2022

    Windows users excited about the upcoming Windows 10X will have to wait until the sprint of 2021 for a single-screen rollout, with dual-screen support debuting a year later.

    Windows 10X is the latest update to Windows that ditches legacy code, focuses on a simpler interface, modular design and is built to support multi-screen devices. As the pandemic has taken its toll, however, Microsoft diverted resources to more pressing issues, delaying the Windows 10X release.

    According to ZDNet’s Mary Jo Foley, Microsoft’s plans are beginning to take shape.

    “I’m hearing Microsoft’s latest plan calls for 10X to debut on single-screen devices designed primarily for businesses (especially firstline workers) and education in the spring of 2021,” writes Foley. “And in the spring of 2022, Microsoft is aiming to roll out 10X for additional single screen and dual-screen devices, my contacts say.”

    Another significant change is that the initial release will likely not support running Win32 apps in containers, as was originally planned. Instead, this feature will be pushed back to the 2022 release at the earliest.

  • Tech Companies Must Have A Subscription Business Model: Nutanix CEO

    Tech Companies Must Have A Subscription Business Model: Nutanix CEO

    “You have got to have a subscription business model just like Netflix, just like Adobe and just like Microsoft,” says Nutanix CEO Dheeraj Pandey. Customers subscribe and we stream innovation. We’ve been streaming a lot to our customers. We talked about Home Depot recently. They’re seeing a record demand in the pandemic and we really helped them consolidate their infrastructure.”

    Dheeraj Pandey, CEO of Nutanix, a leading enterprise cloud technology provider, discusses how a subscription business model is key for survival and growth for technology companies:

    Tech Companies Must Have A Subscription Business Model

    As a company, we started almost ten years ago in a recession. The first killer workload for hyper-convergence was virtual desktops. People said Windows is dead. We said long live Windows. We went after federal customers and did an amazing job of building a very reliable company. Just taking a step back, we’re in the business of building cloud software. A lot of this comes down to the word software and cloud. We’re really thinking hard about being amorphous, being everywhere, being in the private data centers at the edge, and in the public cloud. 

    Cloud is hard and you really need to make it simple, seamless, and secure. But most importantly, you have got to have a subscription business model just like Netflix, just like Adobe and just like Microsoft. Customers subscribe and we stream innovation. We’ve been streaming a lot to our customers. We talked about Home Depot recently. They’re seeing a record demand in the pandemic and we really helped them consolidate their infrastructure.

    Cloud Is About Consuming Smaller Things

    The best way to measure our performance is a cloud subscription currency. We started talking about it as of last quarter and we grew really well with annual contract value. If you think about it cloud is about consuming smaller things. Hardware was about seven-year entitlement and software is still five to seven years. We’re saying let’s go do three-year terms and one-year terms. You’ve got to start small. 

    The recession is also the best time to go back with bite-size of what the customer really wants to buy. Annual contract value is the way of measuring our growth. It is also going to make this whole transition. I talked about Netflix and others and this whole transition unlocks amazing operational efficiencies for the company as well.

    Tech Companies Must Have A Subscription Business Model: Nutanix CEO Dheeraj Pandey
  • AMD Takes On Intel Xeon With Threadripper Pro CPU

    AMD Takes On Intel Xeon With Threadripper Pro CPU

    The hits keep on coming for Intel as AMD rolls out its Threadripper Pro CPU, aimed at taking on the Intel Xeon.

    Intel’s Xeon processors are aimed at workstations and offer a number of advanced features not found in their consumer CPUs. In recent years, AMD has been making significant strides against Intel, as the latter has struggled to keep up with demand and move to 10nm processors.

    In particular, AMD’s Ryzen line of CPUs have won almost universal praise, and further illustrated how far Intel has fallen. Now the company has released its Ryzen Threadripper, aimed at the same workstation market as the Xeon.

    “AMD Ryzen Threadripper PRO Processors are purpose-built to set the new industry standard for professional workstation compute performance,” said Saeid Moshkelani, senior vice president and general manager, AMD Client business unit. “The extreme performance, high core counts and bandwidth of AMD Ryzen Threadripper Processors are now available with AMD PRO technology features including seamless manageability and unique built-in data protection5. Even the most demanding professional environment is addressed with the new AMD Ryzen Threadripper PRO line-up, from artists and creators developing breathtaking visual effects, to architects and engineers working with large datasets and complex visualizations, all brought to life on the most advanced professional workstation platform in the world6.”

    AMD is launching the CPU in conjunction with Lenovo, who is offering the chip in the ThinkStation P620.

    “Our customers need class-leading, innovative solutions to power through the most demanding applications,” said Rob Herman, General Manager, Workstation and Client AI Business Unit, Lenovo. “By leveraging the AMD Threadripper PRO Processors for our newest workstation, the ThinkStation P620, we can offer users the smarter solutions to create complex models, render photorealistic imagery or analyze geophysical and seismic interpretations, while offering crucial security and scalability features to ensure safe and effective operation for our professional users.”

    This is great news for IT professionals, AMD and Lenovo. For Intel, this is just the latest in a string of bad news, including the loss of one of their leading chip designers and Apple moving to its own custom silicon.

  • Apple Purchases Fleetsmith to Beef Up Device Management

    Apple Purchases Fleetsmith to Beef Up Device Management

    Apple has acquired Fleetsmith, the creator of a device management solution that helps companies manage their Apple devices.

    According to the company’s site, their solution “automates device setup, intelligence, patching, and security, for your company’s Macs, iPhones, iPads, and Apple TVs.”

    In a blog post, co-founders Kenneth Kouot and Zack Blum, as well as Jesse Endahl write:

    We’re thrilled to join Apple. Our shared values of putting the customer at the center of everything we do without sacrificing privacy and security, means we can truly meet our mission, delivering Fleetsmith to businesses and institutions of all sizes, around the world.

    The acquisition will likely be a big help to Apple as their devices continue to gain popularity in the enterprise. Fleetsmith will give them a viable first-party device management option to offer customers.

  • Microsoft Storage Spaces Bug Slips Through

    Microsoft Storage Spaces Bug Slips Through

    Microsoft has acknowledged a bug in its Storage Spaces feature that leads to file corruption, and is working on a resolution.

    Storage Spaces is a features that uses regular hard drives to provide RAID-style storage redundancy. It’s also a useful way to create a pool of storage from a number of different drives.

    Unfortunately for Microsoft, the latest Windows and Windows Server updates have a major bug impacting Storage Spaces.

    “Devices using Parity Storage Spaces might have issues using or accessing their Storage Spaces after updating to Windows 10, version 2004 (the May 2020 Update) and Windows Server, version 2004,” reads the company’s support site. “When using some configurations, partitions for Parity Storage Spaces might show as RAW in Disk Manager.”

    Unfortunately, “issues using or accessing their Storage Spaces” are just the beginning of the problem, as some users have also reported corrupted partitions and files.

    At this time Microsoft does not have a permanent solution, only a workaround. This is just the latest in a string of issues Microsoft has had with data-eating bugs making their way into major OS releases. Here’s to hoping the company can get a handle on this one quickly.

  • Ransomware Attack Shuts Down Knoxville’s Network

    Ransomware Attack Shuts Down Knoxville’s Network

    Knoxville, TN has suffered a major ransomware attack, forcing it to shut down its entire network.

    According to BleepingComputer, a notice was sent out to city employees Thursday morning informing them of the issues.

    “Please be advised that our network has been attacked with ransomware,” reads the notice.

    “Information Systems is currently following recommended protocols. This includes shutting down servers, our internet connections, and PCs. Please do not log in to the network or use computer applications at this time.”

    So far, Knox County government computers were not impacted. Police and fire department operations are intact, although neither can access the network.

    As BleepingComputer points out, no group has yet claimed responsibility, although the FBI is investigating the incident. At the same time, officials said no personal data or credit card information was accessed or stolen.

    Ransomware has become one of the biggest threats to online security, with attacks costing the US an estimated $7.5 billion in 2019. Knoxville is just the latest example of the problems these attacks can cause.

  • Honda Partially Halts Production Due to Cyberattack

    Honda Partially Halts Production Due to Cyberattack

    Honda has had to halt production at some of its facilities as a result of a cyberattack.

    Honda’s car factories in Ohio and Turkey, and its motorcycle plants in South America and India, have been forced to stop production because of what appears to be the SNAKE ransomware, reports Bloomberg.

    This particular variant seems targeted specifically at Honda. According to Bleeping Computer, “a security researcher named Milkream has found a sample of the SNAKE (EKANS) ransomware submitted to VirusTotal today that checks for the internal Honda network name of “mds.honda.com”.

    In good news for the company, its Japanese facilities were not impacted. What’s more, it does not appear there was an information breach, nor does any personal information appear to have been accessed.

    While the impact to Honda will likely be minimal, this latest attack illustrates the ongoing battle against ransomware. It’s estimated ransomware cost some $7.5 billion in 2019 alone. Needless to say, Honda and countless other companies will continue to be prime targets.