MSP Blog Logo

BDR

Business Growth

Cybersecurity

Help Desk

MDM

RMM

Sales & Marketing

Subscribe

Empowering Your MSP Business to Grow and Prosper—One Post at a Time

5 Ways to Improve Your MSP Service Level Agreement (SLA)

Featured Post

5 Ways to Improve Your MSP Service Level Agreements (SLAs)

SLAs are the foundation of your MSP business. They are essential to building strong client relationships and must be clear, reasonable and well-constructed.

Read Now

VIDEO: Vulnerability in Intel Utility Allows Malware Attacks: IT Rewind Episode 64

Posted January 22, 2016by Ben Barker

 

VIDEO-_Vulnerability_in_Intel_Utility_Allows_Malware_Attacks-_IT_Rewind_Episode_64.jpg

A serious flaw in the Intel Driver Update Utility allows for man-in-the-middle attackers to install malware on user devices. Meanwhile, a Linux kernel vulnerability has been patched. To hear more, just click play!

IT Rewind Featured Stories:

Did our short segment leave you wanting more? Check out the original articles of stories we covered!

Serious Flaw Patched in Intel Driver Update Utility

InfoWorld, @infoworld, Lucian Constantin, @lconstantin

Serious Linux Kernel Vulnerability Patched

Threatpost, @threatpost, Mike Mimoso, @Mike_Mimoso


Continuum's Must-Read Blog Post This Week

Kaseya Fake Invoice Malware Attack Underlines Need for Stricter Email Security

Kaseya-Fake-Invoice-Malware-Attack-Underlines-Need-for-Stricter-Email-Security-1.png

This weekend, news broke that malicious emails requesting payment for licenses were sent in remote management company, Kaseya's, name. This latest security headline is just one of many instances of malware launched through an email phishing scheme. The hackers, who haven't yet been identified, reportedly sent an email with a fake invoice attachment, which once opened, compromises the recipient's device with malware capable of stealing sensitive company data. If you've not yet heard of this latest hack sending tidal waves through the channel, let it serve as a warning. All employees and clients must screen any emails requesting payment for services, even those from a trusted name or company they do business with... Keep reading » 

 

What Else Is New in the IT Channel?

Now that you've seen our top picks for this week, here are some more stories that made the headlines. Have a suggestion for a story that we should cover next week? Let us know by commenting below or tweeting @FollowContinuum or @BenDBarker!

Seeking balance:

         Feds Seek Balance between Privacy and Data Collection
         CIO@CIOonline, Kenneth Corbin, @kecorb

Data center outages:

       Data Center Outages Increasingly Caused by DDoS
       Network World, @NetworkWorld, Patrick Nelson, @Patnet

Waning confidence:

         Companies' Confidence in Their Security Stance Wanes: Cisco Report
         eWeek, @eWEEKNews, Sean Michael Kerner


Transcription

Hey everyone welcome back for another edition of IT Rewind. Today is our 64th episode, the same number as former Green Bay Packer, Jerry Kramer. On today’s episode we take a look at an Intel flaw that allowed for possible man in the middle attacks. You’ll hear about this story and more right now on IT Rewind!

An Intel software utility called the “Intel Driver Update Utility” was found to contain a serious flaw that could allow for man in the middle attackers to install malicious malware on user devices. The vulnerability stems from a failure to encrypt HTTP connections that are used to check for driver updates. The tool was designed to provide an easy way to find the latest drivers for chipsets, graphics cards, wireless cards, desktop boards, NUC mini PC’s or the Intel Compute Stick. Since the discovery of the flaw in November, the issue has been fixed and a new version of the tool was released on Tuesday. Those who use the Intel Driver Update Utility are advised to download the latest version immediately.

Another serious vulnerability has been patched, this time involving Linux. The patch is for a critical Linux kernel flaw that affects versions 3.8 and higher and extends to two-thirds of Android devices. The vulnerability exists in the keyring facility, which encrypts and stores login info, encryption keys and certificates. The vulnerability was discovered by a startup called Perception Point. Yevgeny Pats, CEP of Perception Point said, quote – “It’s pretty bad because a user with legitimate or lower privileges can gain root access and compromise the whole machine. With no auto update for the kernel, these versions could be vulnerable for a long time. Every Linux server needs to be patched as soon as the patch is out.” End quote.

Before we go we’d like to give a shout out to Kaeli O’Connell who was featured in this week’s Employee Spotlight. Kaeli is an Interactive Web Marketing Associate here are Continuum and was nominated for her ability to rapidly grow within her team. Do you have a recommendation for next week’s Employee Spotlight? If you know of an employee that has been going above and beyond lately, leave a comment below, or tweet @FollowContinuum using the #EmployeeSpotlight.

That’s all the time that we have for this week’s episode of IT Rewind, As always, read the full stories that we covered today and other tech stories by clicking on the links below.

Of course, you can always find us on Twitter, Instagram and Vine at FollowContinuum. We’re also on Facebook, LinkedIn, Spiceworks, YouTube and Periscope.

Take it easy.

 

Don't let your clients or employes fall victim to a malware attack!

  5-Ways-to-Stay-Secure-Online-Tech-Quick-Tips-to-Share-with-Clients   

Ben is a graduate of Emerson College and a huge Boston sports fan.

RMM 101: Must-haves for Your IT Management Solution
MSP Guide to Managed Services SLAs  [white paper]
comments powered by Disqus