Techworld News For Managed Service Providers In SydneyPosted on: July 14, 2016
We live in a fast pace digital world where there are changes in the technological front can happen every few minutes and this is the main reason why businesses, even small mom and pop corner shops, choose to get help from managed service providers in Sydney to ensure business continuity and to keep their business information secure.
Managed service providers in Sydney should stay updated with current issues in the technological scene, especially in the security department, where innumerable cyber threats could affect not only their client’s businesses, but also their very own reputation as a dependable and established MSP in Sydney. Here are just some of the important techworld news this week.
Malware That Can Gain Backdoor Access To Macs
Managed service providers in Sydney should be on high alert for a new malicious software that cyber attackers can exploit to open up a backdoor access to Apple systems. Bitdefender Labs researchers is calling the backdoor in question as Backdoor.MAC.Eleanor which can infect Apple systems via a fabricated file converter that is readily available on various popular sites that Mac users visit. The converter downloads the malicious software onto the Mac system and once it gets installed, it makes a hidden Tor service so that a cyber attacker can gain access to the control and command centre which is known as the PHP Web Service of the Mac. Managed service providers in Sydney should be aware that the connection route is done via a Tor generated address. Once the hacker gains access to the web-based control panel, they would have the ability to control these functions:
- Command execution – they can execute commands
- File manager – they can view, rename edit, delete, download, upload, and archive files
- Shell access – they can be able to execute root commands remotely
- Script execution – they will have remote access to C, PERL, Java, Python, Ruby
- Administer and connect databases
- Packet crafter – they will be able to change firewall rule settings and open ports and other entry points for further exploitation of the systems and the business network
- Task manager or Process list – they can deactivate active applications and processes running on the Mac system, such as antivirus, for further exploitation
- Email with attachments – they can send emails with malicious files to everyone connected to the network, and even to your business contacts
Imagine what a huge nightmare that could result from system downtimes, profit loss, and not to mention embarrassment (if the attacker sends malicious files to your client base) this single malware could cost your business if you did not have a dependable managed service providers in Sydney to closely monitor and ensure your business network security.
Bitdefender recommends that businesses and their managed service providers in Sydney should avoid downloading files from websites that are not entirely familiar and reputable. Managed service providers in Sydney should set higher restrictions on email filters and double up in their monitoring efforts because this particular malicious software is hard to detect so it can be very dangerous because a cyber attacker could be able to gain full control of the compromised Mac system which can spread vulnerabilities throughout the business network.
Backdoor Root Access HP Storage Devices
Businesses and their managed service providers in Sydney which uses certain Hewlett Packard devices should keep a close watch on a vulnerability that could let cyber attackers gain administrator access to enterprise storage devices. HP implemented the backdoor with StoreVirtual and various other storage products for the purpose of providing support to their customers who may have complex concerns. The customers asking for assistance are asked for permissions before HPE staff connects to their networks and devices but cyber attackers can easily do the same since the backdoor cannot be turned off since it uses an admin password that is hard-coded onto the device. Managed services providers in Sydney would be relieved to know that the vulnerability will not let attackers gain access to the customer’s data, but the device itself is of course open to abuse by cyber attackers who can delete or change storage configurations. HPE says that only SAN iQ (V 10.5 and earlier) and LeftHand OS are affected.
Here is a list of the affected devices that Managed service providers in Sydney should monitor closely:
- P4300, P4500 (Generation 1 and 2), P4900 (Generation 2), P4800, P4000 VSA devices
- StoreVirtual 4730, 4630, 4530, 4330, 4130
- HP DL3205
- Dell PowerEdge 2950
- IBM System X3650
The patches for the affected StoreVirtual devices will be released on July 18 so managed service providers in Sydney should remain vigilant until then.