Covered Data is proud to announce that we are officially partnered with Malwarebytes, the leader in endpoint security protection. We have used the Malwarebytes software for many years and are ecstatic at the opportunity to work with the experts at Malwarebytes.com in a larger way. Our engineers and trained sales staff are at your disposable to help you design and implement the Malwarebytes multi-layer approach to security. With the new release of Malwarebytes Endpoint Protection, you can finally within one install and one management console, cover 7 critical layers to security. Contact us for a free trial.
The latest adware and malware on the market is what looks like a Chinese product called “Fireball” and has infected about 250 million browsers or 20 percent of the corporate networks around the world. Several computer security companies have classified the infection as malware, but according to a Chinese digital marketing firm it is a research tool.
The danger is that it is exposing a great deal of your privacy information along with installing other unwanted plugins to your browsers. It is all in an effort to boost advertising payments for the companies involved in releasing it. For you, it is a dangerous software and allows others to gather information about you without you knowing.
From an overall security aspect, it is really dangerous and you or your IT department should find a way to protect you from it. One very strong and prominent, but easy tool is from a company called Malwarebytes. They have been around a long time and cleared millions of infected computers of malware. We use them exclusively here at Covered Data. If you are interested in a free trial of the latest release, please let us know. We will send you a download link and the 30 day keys, with only a follow email from us about your thoughts on it.
We received the following email from our good friends and partner following yesterday’s ransomware attack that hit over 90,000 computers, servers, and point of sale systems yesterday.
We were really happy to have them reach out and reaffirm that we were covered. Are your computers covered?
Call us for free trial.
Within 12 hours, 81,000 infections were reported globally of the WanCrypt0r outbreak.
NHS reported 16 hospitals in the UK have been hit and can’t operate or admit patients because all data is encrypted and locked. Spanish telecom giant, Telefonica, was hit and responded by “desperately telling employees to shut down computers and VPN connections in order to limit the ransomware’s reach.” Banks, utilities, telecoms, healthcare and other industries are reporting similar experiences worldwide. At this time, this ransomware variant appears to be taking advantage of a known and patched Windows vulnerability.
Malwarebytes is protecting your organization against this specific ransomware variant. Our anti-ransomware technology uses a dedicated real-time detection and blocking engine that continuously monitors for ransomware behaviors, like those seen in WanaCrypt0r.
We are sure you have heard about the latest Ransomware attacks that hit a record number of computers and servers, across a wide number of industries in Europe. Rest assured, there were several in the United States as well. Also, we expect that there will be more across the country, and many that we never hear about.
Are your PCs and Servers, mobile devices, and critical platforms protected? It is critical to safety to take the necessary steps to secure your technology environment. We are advising all of our clients that the first thing they need to do is make sure your computers are running Premium version of Malwarebytes 3.0. The premium version of Mawarebytes easily defeats the recent attack that has taken over 90 thousand hospitals, hotels, point of sale systems, and more.
It does this by using the latest forensic and modern effective scan engine, software algorithms, and updated signature files on the market. malwarebytes 3.0 went live with a completely new rewrite that was release to the public 6 months ago. It uses the latest in computers security and incorporates the best of the best computer security from the ground up.
Contact us for a free trial of Malwarebytes 3.0. Hands down the best malware protection software on the market.
Zimbra Email and Organizational Collaboration Feature Built In
One of the great feature of Zimbra, in both the Professional Network Edition (paid and supported) and the Community Edition (free, community supported) is its built in spam prevention and antivirus solutions. The spam feature is very easy to configure and as an administrator you have the option to be as tight or relaxed as is fit for your customers. The use of global real time black lists is one of the best features available. The are simple to configure by logging into the admin console/configure/Global Settings/MTA. On that page you will find the several options pertaining to the use of RBLs. You will click the add button in the section and then list the particular RBL that you want to use.
Here at Covered Data we use the following that are based on Zimbra recommendations and what is listed as what they are currently using:
List of Client RBLs: zen.spamhaus.org, psbl.surriel.com, b.barracudacentral.org, bl.spamcop.net
List of Client RHSBLs: dbl.spamhaus.org, multi.uribl.com, multi.surbl.org
List of Reverse Client RHSBLs: dbl.spamhaus.org
List of Sender RHSBLs: multi.uribl.com, multi.surbl.org, rhsbl.sorbs.net
Having these listed in the spam fighting configuration in Zimbra version 8.7.7 is for us, very effective. The number of spam message reaching our inboxes is virtually zero and we are confident that it is because of this configuration.
We also have the following Protocol and DNS checks enabled:
Hostname in greeting violates FCS (reject_invalid_helo_hostname) Checked
Sender address must be fully qualified (reject_non_fqdn_sender) Checked DNS Checks: Client IP Address (reject_unknow_client_hostname) Checked.
These setting along with the standard Ham and SPAM learning features that is in effective keeps our company’s emails and those of our client clear of spam.
If you have any questions or would like a free consulation about setting up a very secure and full feature Email Server let us know using our Contact Form. You can alsways call us as well 702.430.1849
Just a quick post and sharing back to the community. We managed, deploy, and sell service using Zimbra 8.7.7. We recently went through an update from Zimbra 8.7.2 upgrading to 8.7.7. After that we installed the zimbra drive and zimbra chat features. For those you that have installed and upgraded in your past, the upgrade process is essentially doing an install. For example, you cd (change directory) into the new zimbra software directory. You then type the ./install.sh
You will be prompted to answer several questions. The new questions we were asked is and answered yes to were when we came to zimbra drive and zimbra chat. We said yes to both. We were also asked if we wanted to use the zimbra repository. Again we said yes.
Our Server Logs
Shortly after this upgrade we started to see the below in our /var/log/mail.log
Essentially what we believed happened, was that during the upgrade process something happened with the permission and the system was no longer able to write into the queue. Although, email continued to flow as normal. Our system is a relatively low use system at the moment and probably is able to handle email coming in and out and was fast enough, that mail could be delivered without having to be written.
Whereever the mistakes and or errors were created, we are no longer seeing the errors in our logs. We pay for support from the Zimbra support team which is fabulous. We also try to give back to the community when we can. If anybody has comments posted them below. Also, if you need some help or we can provide any guidance please let us know. Use our contact form.
I wanted to take a quick minute and tell you about our night on the web last night. As web security experts with a long history of protecting, building, and creating wordpress websites, we have seen a quite a bit, but last night was special. A couple of the sites that we managed and protect came under a sustained attack for a couple of hours. These attacks had our phones blowing up with alert notifications every couple of minutes for hours. We are used to it, and really don’t mind that much. That is because we have over the years, become quite good at protecting our sites, and trust in our partnerships and the system that we have in place.
The graph below show you the number of attacks from last night.
24 Hour Attack
We would love to tell you that it was the Russians, and indeed that has been the case in the past. This time however, the attacker was from an IP adddress in the United States. The main site causing all the noise last night was from a US based IP address of :
Our security systems allow us to block most of the traffic geographically. So, if you don’t have customer in the United states why expose your site to the rest of the world. That is one theory anyhow, and you have to make a decision for your company, your security policy, affects on search engines finding you, etc. In this clients situation the only country that is open is the United States. However, country blocking wasn’t enough in this past attack.
You have to realize that in today’s world, the IP address in the U.S., might be compromised and actually be a device controlled by rogue hackers from another country. It is critical that you have a rock solid firewall implementation that is dynamically based on live intrusion attempts across the world. That you also protect yourself and ensure that your website is up to date constantly, and have some ability to recover if you find your site compromised and are monitoring alerts as things are happening. Remember, the internet doesn’t sleep.
Our system can help you sleep at night and ensure your sites are always available. Contact usfor a free consultation. Heck, we will even update your site for you free of charge.