Are You Having A Technology Emergency?

True North Networks Blog

True North Networks has been serving the Swanzey area since 2002, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Shopping Online Securely


The holiday season is nearing for many of us and soon millions of people will be looking to buy the perfect gifts. Many of us will shop online in search of great deals and to avoid noisy crowds. Unfortunately, cyber criminals will be active as well, creating fake shopping websites and using other tactics to scam people. In this newsletter, we explain how you can shop online safely and avoid becoming a victim.

Fake Online Stores

Cyber criminals create fake online stores that mimic the look of real sites or that use the names of well-known stores or brands. When you search for the best online deals, you may find yourself at one of these fake sites. By purchasing from such websites, you can end up with counterfeit or stolen items, and in some cases, your purchases might never be delivered. Take the following steps to protect yourself from fake online stores:

  • When possible, purchase from the online stores you already know, trust, and have done business with previously. Bookmark online stores you have visited before and trust.
  • Look out for prices that are significantly better than those you see at the established online stores. If the deal sounds too good to be true, it may be fake.
  • Be suspicious if the website resembles the one you’ve used in the past, but the website domain name or the name of the store is slightly different. For example, you may be used to shopping at Amazon, whose website address is, but end up shopping at a fake website that has a similar website address, where the letter o is replaced with the number 0.
  • Type the name of the online store or its web address into a search engine to see what others have said about it. Look for terms like “fraud,” “scam,” “never again,” and “fake.”
  • Use a unique password for each of your online accounts. Can’t remember all your passwords? Consider storing them all in a password manager.

Scammers on Legitimate Websites

Keep your guard up even when shopping at trusted websites. Large online stores often offer products sold by different individuals or companies that might have fraudulent intentions. Such online destinations are like real-world markets, where some sellers are more trustworthy than others. Check each seller’s reputation before placing the order. Be wary of sellers who are new to the online store or who sell items at unusually low prices. Review the online store’s policy on purchases from such third parties. When in doubt, purchase items sold directly by the online store, not by the third-party sellers that participate in its online marketplace.

Online Payments for Purchases

Regularly review your credit card statements to identify suspicious charges. If possible, enable the option to notify you by email, text, or app every time a charge is made to your credit card. If you find any suspicious activity, call your credit card company right away and report it. Avoid using debit cards whenever possible. Debit cards take money directly from your bank account; if fraud has been committed, you’ll have a much harder time getting your money back. Another option is using well-known payment services such as PayPal for online purchases, which do not require you to disclose your credit card number to the vendor. Finally, consider using a gift card for online purchases.

Just because an online store has a well-designed, professional look does not mean it’s legitimate. If the website makes you uncomfortable, don’t use it. Instead, head to a well-known site you can trust or have safely used in the past. You may not find that incredible deal, but you are much more likely to end up with a legitimate product and avoid getting scammed.


Continue reading

Ransomware Attacks Targeting MSPs Increase


Reports of ransomware attacks against MSPs are beginning to increase. Everis, one of Spain’s largest MSPs was hit by a recent ransomware attack, according to Bleeping Computer. While the attack has not yet been confirmed by Everis, reports say the ransom remand was $835,923.

Additionally, In a report published recently by threat intelligence firm Armor, the frequency of attacks against MSPs has increased. According to their research, hackers are targeting MSPs and hoping to use their access and deploy ransomware further on to the MSP’s customers.

Majority of MSPs Agree They’re Targeted by Attacks

Recently, we released our annual State of the Channel Ransomware Report featuring a wealth of statistics from our research with managed service providers around the world. In our 2019 report, we pulled data from over 1,400 Datto Partners to understand how they and their clients are impacted by ransomware on a daily basis. This information provides some insight into the trends with year-over-year data, frequency, targets, impact, and recommendations for improving the chances of recovery and continuity in the face of the growing cybersecurity threat.

According to our research, 4 in 5 MSPs agree that their business is increasingly becoming a target in ransomware attacks.


Continue reading

Amazon's Ring Video Doorbell Lets Attackers Steal Your Wi-Fi Password


Security researchers at Bitdefender have discovered a high-severity security vulnerability in Amazon's Ring Video Doorbell Pro devices that could allow nearby attackers to steal your WiFi password and launch a variety of cyberattacks using MitM against other devices connected to the same network. In case you don't own one of these, Amazon's Ring Video Doorbell is a smart wireless home security doorbell camera that lets you see, hear and speak to anyone on your property from anywhere in the World. The smart doorbell needs to be connected to your WiFi network, allowing you to remotely access the device from a smartphone app to perform all tasks wirelessly.

While setting up the device for the very first time and share your WiFi password with it, you need to enable the configuration mode from the doorbell. Entering into the configuration mode turns on a built-in, unprotected wireless access point, allowing the RING smartphone app installed on your device to automatically connect to the doorbell. However, researchers told The Hacker News that besides using an access point with no password, the initial communication between the Ring app and the doorbell, i.e., when you share your home's WiFi password with the doorbell, is performed insecurely through plain HTTP.

Thus, a nearby attacker can simply connect to the same unprotected wireless access point, while the setup in the process, and steal your WiFi password using a man-in-the-middle attack. Since this attack can only be performed during the "one-time initial configuration" of the device, you might be wondering how an attacker can leverage this loophole after the device has already been configured.

Researchers suggested that by continuously sending de-authentication messages to the device, an attacker can trick the user into believing that the device is malfunctioning, forcing him to re-configure it.

"Attackers can trigger the reconfiguration of the Ring Video Doorbell Pro. One way to do this is to continuously send deauthentication packets, so that the device is dropped from the wireless network. At this point, the App loses connectivity and tells the user to reconfigure the device," the researchers told The Hacker News.


"The live view button becomes greyed out and, when clicked, the app will suggest restarting the router or pressing the setup button twice on the doorbell. Pressing the button twice will trigger the device to try to reconnect to the network – an action that will fail. The last resort is to try and reconfigure the device," Bitdefender said in a blog post.

Once the owner enters into the configuration mode to re-share WiFi credentials, the attacker sniffing the traffic would capture the password in plaintext, as shown in the screenshot. Once in possession of a user's WiFi password, an attacker can launch various network-based attacks, including:

  • Interact with all devices within the household network;
  • Intercept network traffic and run man-in-the-middle attacks
  • Access all local storage (NAS, for example) and subsequently access private photos, videos and other types of information,
  • Exploit all vulnerabilities existing in the devices connected to the local network and get full access to each device; that may lead to reading emails and private conversations,
  • Get access to security cameras and steal video recordings.

Bitdefender discovered this vulnerability in Ring Video Doorbell Pro devices in June this year and responsibly reported it to Amazon, but got no update from the company.

When requested for an update in late July, the vendor closed the vulnerability report in August and marked it as a duplicate without saying whether a third party already reported this issue. However, after some communication with the vendor, an automatic fix for the vulnerability was partially issued on 5th September. "However, to be on the safe side Ring Video Doorbell Pro users should make sure they have the latest update installed. If so, they're safe." similar security vulnerability was discovered and patched in the Ring Video Doorbell devices in early 2016 that was also exposing the owner's WiFi network password to attackers.



Continue reading

8 Reasons To Support Use of Multi-Factor Authentication


It’s no surprise that IT company’s plates are already heaped with a mountain of priorities. In addition to keeping the network up and running and fulfilling the many competing requests from departments across the organization, they now need to think strategically about supporting business growth while also keeping security top of mind.

Admins have installed antivirus software, raised the firewall, deployed encryption technology, and periodically run vulnerability tests. But the sobering reality is that if multi-factor authentication (MFA) is not in place, these other security measures can be bypassed. A best practice for IT managers is to categorize their systems to identify the ones that contain access to business-critical data, and then add MFA on top of those. MFA has low complexity, making it an easy addition and can be rolled out quickly without busting the budget

8 reasons to support use of multi-factor authentication

  1. Identity theft is an easy, low-risk, high-reward type of crime and a threat to all businesses. It is the fastest-growing type of crime and is now more profitable than drug-related crimes.
  2. Weak or stolen user credentials are hackers' weapon of choice, used in 95 percent of all Web application attacks.
  3. From 2013 to 2014, the number of successful breaches went up by 27.5 percent. The malicious actors are winning the war.
  4. Headlines tend to belong to the household-name companies, but they are not the only companies being targeted. Of all targeted attacks, 31 percent are aimed at businesses with fewer than 250 employees.
  5. Anti-virus systems and advanced firewalls are necessary security elements, as are vulnerability tests. Without user authentication, though, the front door is wide open to intruders.
  6. Password theft is constantly evolving as hackers employ methods like keylogging, phishing, and pharming.
  7. Cyber criminals do more than merely steal data. Often they destroy data, change programs or services, or use servers to transmit propaganda, spam, or malicious code.
  8. Employees are already accustomed to authenticating themselves in their personal lives, as providers of online services like home banking, gaming, social media, and email have all adopted mobile-based tools to effectively authenticate their users when accessing their systems.


Continue reading

NordVPN Confirms It Was Hacked


NordVPN, a virtual private network provider that promises to “protect your privacy online,” has confirmed it was hacked.

The admission comes following rumors that the company had been breached. It first emerged that NordVPN had an expired internal private key exposed, potentially allowing anyone to spin out their own servers imitating NordVPN.

VPN providers are increasingly popular as they ostensibly provide privacy from your internet provider and visiting sites about your internet browsing traffic. That’s why journalists and activists often use these services, particularly when they’re working in hostile states. These providers channel all of your internet traffic through one encrypted pipe, making it more difficult for anyone on the internet to see which sites you are visiting or which apps you are using. But often that means displacing your browsing history from your internet provider to your VPN provider. That’s left many providers open to scrutiny, as often it’s not clear if each provider is logging every site a user visits.

For its part, NordVPN has claimed a “zero logs” policy. “We don’t track, collect, or share your private data,” the company says.

But the breach is likely to cause alarm that hackers may have been in a position to access some user data.

NordVPN told TechCrunch that one of its data centers was accessed in March 2018. “One of the data centers in Finland we are renting our servers from was accessed with no authorization,” said NordVPN spokesperson Laura Tyrell.

The attacker gained access to the server — which had been active for about a month — by exploiting an insecure remote management system left by the data center provider; NordVPN said it was unaware that such a system existed.

NordVPN did not name the data center provider.

“The server itself did not contain any user activity logs; none of our applications send user-created credentials for authentication, so usernames and passwords couldn’t have been intercepted either,” said the spokesperson. “On the same note, the only possible way to abuse the website traffic was by performing a personalized and complicated man-in-the-middle attack to intercept a single connection that tried to access NordVPN.”

According to the spokesperson, the expired private key could not have been used to decrypt the VPN traffic on any other server.

NordVPN said it found out about the breach a “few months ago,” but the spokesperson said the breach was not disclosed until today because the company wanted to be “100% sure that each component within our infrastructure is secure.”

A senior security researcher we spoke to who reviewed the statement and other evidence of the breach, but asked not to be named as they work for a company that requires authorization to speak to the press, called these findings “troubling.”

“While this is unconfirmed and we await further forensic evidence, this is an indication of a full remote compromise of this provider’s systems,” the security researcher said. “That should be deeply concerning to anyone who uses or promotes these particular services.”

NordVPN said “no other server on our network has been affected.”

But the security researcher warned that NordVPN was ignoring the larger issue of the attacker’s possible access across the network. “Your car was just stolen and taken on a joy ride and you’re quibbling about which buttons were pushed on the radio?” the researcher said.

The company confirmed it had installed intrusion detection systems, a popular technology that companies use to detect early breaches, but “no-one could know about an undisclosed remote management system left by the [data center] provider,” said the spokesperson.

NordVPN said it disputes this. “We treat VPN servers as untrusted in the rest of our infrastructure. It is not possible to get access to other VPN servers, users database or any other server from a compromised VPN server,” said the spokesperson.

“They spent millions on ads, but apparently nothing on effective defensive security,” the researcher said.

NordVPN was recently recommended by TechRadar and PCMag. CNET described it as its “favorite” VPN provider.

It’s also believed several other VPN providers may have been breached around the same time. Similar records posted online — and seen by TechCrunch — suggest that TorGuard and VikingVPN may have also been compromised.

A spokesperson for TorGuard told TechCrunch that a “single server” was compromised in 2017 but denied that any VPN traffic was accessed. TorGuard also put out an extensive statement following a May blog post, which first revealed the breach.

Updated with comment from TorGuard, and again with additional comment from NordVPN.


Continue reading