Details

Published: 21 January 2021

Adobe Flash Player's death knell has tolled for four long years. In 2017, Adobe announced its End of Life (EOL) plans to terminate the multimedia software after 2020. January 12, 2021, has come and gone, taking Flash with it. However, its ghost still lingers and can cause problems if not uninstalled immediately.

The Flash Player has become notorious for its easily hackable architecture that has allowed ne'er-do-wells to inject malware into Flash user's computers. It has been so infamous that Apple's late co-founder, Steve Jobs, drafted a letter in 2010 criticizing its poor performance, the massive power draw on devices, and inadequate security. With Adobe stopping support, it is only that more likely for hackers to exploit the media player. Adobe urges that users uninstall the software immediately to evade such attempts.

Luckily, this long-anticipated end has been planned for and will likely not heavily impact web browser usage as sites switched to new, more reliable software or even create their own "flash players," as New Grounds did. Newgrounds, a web-based video game and video animation site, has built all of its content almost entirely on Flash Player for the past 20 years. Anticipating the EOL of Flash spurred them to create their own "Newgrounds Player" to continue to support their over 80,000 games and 150,000 animations.

Details

Published: 16 December 2020

According to an article on the Verge, the Russian government hacker group, Cozy Bear, have reportedly breached US government agencies. The hackers compromised SolarWinds' Orion monitoring and management software. Nims & Associates has not recommended or deployed SolarWind's Orion monitoring and management software. We use other SolarWinds products and are closely monitoring the situation for information that might indicate if those products are also affected

The hacker group Cozy Bear, also known as APT29, has hacked the Treasury, the Commerce Department's National Telecommunications and Information Administration (NTIA), and other government agencies. They were able to trick NTIA's Microsoft Office software's authentication controls and monitor staff emails for months. Federal law enforcement agencies, including the FBI, are investigating the breach.

SolarWinds have released an additional statement -

" We have just been made aware our systems experienced a highly sophisticated, manual supply chain attack on SolarWinds® Orion® Platform software builds for versions 2019.4 through 2020.2.1. We have been advised this attack was likely conducted by an outside nation state and intended to be a narrow, extremely targeted, and manually executed incident, as opposed to a broad, system-wide attack.

At this time, we are not aware of an impact to our SolarWinds MSP products including RMM and N-central.

If you own a SolarWinds Orion product, we recommend you visitwww.solarwinds.com/securityadvisory for more detailed information. If you have any immediate questions, please contact Customer Support at 1-866-530-8040 This email address is being protected from spambots. You need JavaScript enabled to view it..

Security and trust in our software are the foundation of our commitment to our customers. Thank you for your continued patience and partnership as we continue to work through this issue."

For more information, find the original Verge article Here.

Details

Published: 08 January 2021

In a recent article Gartner presented several questions business leaders should chew on as the COVID-19 vaccines goes into distribution. One of the questions drives at what impact will the vaccine have on a return to the workplace. As the vaccine rolls out over the next several months the decision to return to the workplace as it was pre-pandemic is not just a matter of workplace safety any longer.The evaluation of employee productivity during the pandemic will also be taken into consideration.

According to a recent Gartner poll, most employees have been just as productive or even more productive working remotely. In another survey of 1,200 CIOs conducted by U.S. based Enterprise Technology Research (ETR), 48.6% reported productivity had improved since remote work started. Through the successful expansion and adoption of cloud technologies, the distributed/hybrid workforce models are now an integral part of the organizational structure. As a result, businesses are reducing their physical footprint and shifting recruitment efforts by sourcing talent from a wider regional swath with the expectation that a large portion of the workforce will remain operating remotely. In the same ETR survey of IT decision makers, the data suggests that permanent work from home will double in 2021 as productivity has increased during the pandemic. To be more precise, permanent remote work is expected to double to 34.4% in 2021 compared to the pre-pandemic level of 16.4%. The measure for productivity during the pandemic indicates that remote work has worked out well and is here to stay.

Details

Published: 09 December 2020

By default, all users can create Microsoft 365 groups. This is the recommended approach to allow users to collaborate without needing assistance from IT. However, some companies require more strict permissions around who can create groups. You can restrict Microsoft 365 Group creation to members of a particular security group. Limiting this permission affects all services that rely on groups for access, including:

• Outlook
• SharepointYammer
• Microsoft Teams
• Microsoft Stream
• Planner PowerBI
• Project for the web / Roadmap

To configure this, you must first have access to Windows Powershell. In this article, we will walk you through the needed steps. 

Note:
the following steps do not prevent members of roles like the Office 365 Global admins from creating groups. Other roles can also create Groups via limited means, seen below.

• Exchange Administrator: Exchange Admin center, Azure AD
• Partner Tier 1 Support: Microsoft 365 Admin center, Exchange Admin center, Azure AD
• Partner Tier 2 Support: Microsoft 365 Admin center, Exchange Admin center, Azure AD
• Directory Writers: Azure AD
• SharePoint Administrator: SharePoint Admin center, Azure AD
• Teams Service Administrator: Teams Admin center, Azure AD
• User Management Administrator: Microsoft 365 Admin center, Yammer, Azure AD

To manage who can create groups, the following people need AD Premium licenses or Azure AD Basic EDU licenses assigned to them:

• The admin who configures these group creation settings
• The members of the security group who are allowed to create groups

The following people don't need Azure AD Premium or Azure AD Basic EDU licenses assigned to them:

• People who are members of Microsoft 365 groups and who don't have the ability to create other groups. 


The steps we will cover in this article are:

Step 1: Create a security group for users who are permitted to create Microsoft 365 groups

Step 2: Run PowerShell commands
Step 3: Verify that it works

Step 1: Create a security group for users who need to create Microsoft 365 groups.

Only one security group can control who has the permissions to create groups. But, you can create nested groups within this parent group. IMPORTANT. Be sure to use a security group to restrict who can create groups. Using a Microsoft 365 group is not supported.

1. In the admin center, go to the Groups page.
2. Click on Add a Group.
3. Choose Security as a group type. Remember the name of the group! You'll need it later.
4. Finish setting up the security group, adding people or other security groups who you want to create groups in your org.

Step 2: Run PowerShell commands.

Open the preview version of Azure Active Directory PowerShell for Graph (AzureAD), module name AzureADPreview. To change the group-level guest access setting:

• If you haven't installed any version of the Azure AD PowerShell module before, see Installing the Azure AD Module and follow the instructions to install the public preview release.
• If you have the 2.0 general availability version of the Azure AD PowerShell module (AzureAD) installed, you must uninstall it by running Uninstall-Module AzureAD in your PowerShell session, and then install the preview version by running Install-Module AzureADPreview.
• If you have already installed the preview version, run Install-Module AzureADPreview to make sure it's the latest version of this module.

Copy the script below into a text editor, replace <SecurityGroupName> with the name of the security group that you created in step 1. For example:

$GroupName = "Group Creators"

Save the file as GroupCreators.ps.1 In the PowerShell window, navigate to the location where you saved the file (type “CD”). Run the script by typing

.\GroupCreators.ps1

and sign in with your administrator account when prompted.

$GroupName = "<SecurityGroupName>"
$AllowGroupCreation = $False

Connect-AzureAD

$settingsObjectID = (Get-AzureADDirectorySetting | Where-object -Property Displayname -Value "Group.Unified" -EQ).id if(!$settingsObjectID)
{

$template = Get-AzureADDirectorySettingTemplate | Where-object {$_.displayname -eq "group.unified"} $settingsCopy = $template.CreateDirectorySetting() New-AzureADDirectorySetting -DirectorySetting $settingsCopy $settingsObjectID = (Get-AzureADDirectorySetting | Where-object -Property Displayname -Value "Group.Unified" -EQ).id

}

$settingsCopy = Get-AzureADDirectorySetting -Id $settingsObjectID $settingsCopy["EnableGroupCreation"] = $AllowGroupCreation

if($GroupName) { $settingsCopy["GroupCreationAllowedGroupId"] = (Get-AzureADGroup -SearchString $GroupName).objectid } else { $settingsCopy["GroupCreationAllowedGroupId"] = $GroupName } Set-AzureADDirectorySetting -Id $settingsObjectID -DirectorySetting $settingsCopy

(Get-AzureADDirectorySetting -Id $settingsObjectID).Values

The last line of the script will display the updated settings:

If in the future you want to change which security group is used, you can rerun the script with the name of the new security group.

If you want to turn off the group creation restriction, set $GroupName to “” and $AllowGroupCreation to “True” and rerun the script.

Step 3: Verify that it works.

Changes can take thirty minutes or more to take effect. You can verify the new settings by doing the following:

1. Sign in to Microsoft 365 with a user account of someone who should NOT have the ability to create groups. That is, they are not a member of the security group you created or an administrator.
2. Select the Planner tile.
3. In Planner, select New Plan in the left navigation to create a plan.
4. You should get a message that plan and group creation is disabled.

Try the same procedure again with a member of the security group.

And then you have successfully set up a system that only allows specified members from creating Microsoft 365.

For more information, see the official Microsoft documentation on this feature here.

Details

Published: 21 December 2020

Have you been hit with the predatory monthly fee from internet service providers that charges you for a modem or router you already own? If you have, good news! As of Sunday, December 20th, that fee will be illegal.

While a law was passed last year that "fixed" this dubious charge, it has just now been put into effect six months after the technical deadline. Purchasing your own modem is a smart move compared to renting one. They'll generally pay for themselves before your one year anniversary with it. They'll also generally provide better Wi-Fi coverage, and speeds, the ones IPSs provide are cheap as cheap can be.

For the official wording of this law passed by Congress, H. R. 5035, you can read it on gongress.gov here.

Details

Published: 08 December 2020

Amidst the global pandemic, cyberattackers are employing fear of COVID in social engineering tactics to strike you at home or in your business. With more people working at home and unfamiliar with the new business norms, these social engineering tactics are even more prevalent. These attacks use multiple methods; one of the most common is creating a sense of urgency.

Cyberattackers will instill crisis, intimidation, or fear to rush their victim to make them want to act rashly. So, beware of any phone calls, text messages, or emails that create an emergency. These attackers are very good at pretending to be legitimate organizations like the World Health Organization or the CDC. If you get any messages like these, be careful to scrutinize what they're saying. If the message seems valid, but you still have your suspicions, ask for credentials and authentication that they are whom they say they are. If they try to talk around your questions, remember that an organization's true agents don't shy away from proving who they are.

These bad-guys can get to you through other means, such as too-good-to-be-true messages (like miracle cures) or selling products thought to be scarce at exorbitant prices that are in reality only a few dollars. For miracle cures, The CDC and WHO will always have the most up-to-date information on COVID and its vaccines. You can also use free web services like Google Shopping to compare product prices across the web or CamelCamelCamel to not only compare prices on Amazon but look at price histories too!

Lastly, be sure to dig into the stories and statements you hear online, especially on social media. There are many people who are, intentionally or not, spreading misinformation or skewed facts. The people who are doing it willfully can easily use that to promote an agenda, trick the audience into a vulnerable situation, or simply create chaos. If you see something online that's preying on your emotions, take a breath, pause, and (if it's really that important) go to the source.

And that should be the main takeaway to reduce your risk of being preyed on by socially engineering cyberattacks; Take a moment, breath, and use your commonsense. The cyberattackers want you to be panicked and rushed. Don't play into their scheme, breath.

For more information, check out SANS Security Awareness' youtube videos, like this one, or contact a Nims & Associates IT specialist today.