Cinco de Mayo, Spanish for "May 5th," celebrates the date the Mexican Army defeated French forces at the Battle of Puebla in 1862. While it's mainly a ceremonial commemoration in Mexico, in the US it has come to be a day where Americans celebrate Mexican culture in general. And no place celebrates it with quite as much fervor as the state of Texas, where our San Antonio office is located. We checked in with the office today and it's full of revelry, as we expected!
(more…)
If you had to enter every single password for every single online site you accessed each day, you'd be a little more than overwhelmed. So what do you do? You pick a password you can easily remember. It probably involves your birthday, your first pet's name, your lucky number, etc... And then you hit that remember password button on every site you can find.
It's Star Wars Day, a special celebration of a galaxy far, far away. And you know we take it pretty seriously at Hostway.
We work in a fast-paced environment where we always challenge ourselves to innovate and exceed our customer’s wildest expectations. But we also challenge each other to have fun every day while we're at it. It's just a part of our entrepreneurial, unique spirit.We've got a passion for the cloud, in a galaxy not too, too far away. Check out some of our awesome employees! (more…)
It’s a fact. Hackers want healthcare information. They want it even more than they want credit card information. Due to the value of electronic protected health information (ePHI), healthcare has been hammered by some of the most damaging attacks in any industry as of late. In 2016 alone, the healthcare industry averaged a data breach every single day, flooding underground marketplaces with fraudulently obtained personal information.
Earth Day is upon us. This annual celebration began back in 1970, backed by participants 20 million strong and it has grown every year since then. All these years later, more than a billion people around the world are expected to observe this movement by raising awareness for the environment, natural resources, and wildlife. A justified global phenomenon, the concepts of eco-friendliness and ‘being green’ are now quite mainstream. Today, organizations, governments, and many other groups organize around these concepts and activities to produce policies and practices that aim to take better care of our Earth.
At one time, a single private company data center could consume enough power to supply tens of thousands of homes – in a single day. IT equipment energy use has an interesting profile, as we refer to an EPA report presented before Congress on Server and Data Center Energy Efficiency:
At its most basic definition, a risk assessment is simply a standardized way to evaluate the potential risks of an activity or process. In the hosting industry, though, the need for a risk assessment usually comes up during the need to comply with security rules enacted by the health insurance portability and accountability act (HIPAA). Any business dealing with sensitive data and health care details has a legal responsibility to protect that data. Once safeguards are in place, organizations must complete a risk assessment to ensure full HIPAA, or other security measures such as payment card industry (PCI), compliance. But what is included in the risk assessment, and what makes it so important?
(more…)
In the tech industry, we’re always thinking about moving forward. But today is actually a day dedicated to backing up. March 31st is World Backup Day! Yes, there is such a day, and you can even take a pledge to confirm its importance. World Backup Day is an independent initiative by Reddit users to raise awareness about backups and data preservation. It serves as an important reminder for all of us to back up our data.
Whether you’re running your own servers, an eCommerce website or CRM system, or managing your personal finances and family photos on your laptop, the importance of backing up your data cannot be overstated. Not only is it important to back up your data, it’s important to think about HOW you back up your data.
• Make sure your data is backed up in multiple locations (onsite and offsite)
• Determine how often your data is backed up – confirm with your hosting provider that it is backed up as often as you need
• Confirm data backups are free of corruption
• Confirm data restores are working properly
Check out one of the videos in our eCommerce security series that focuses specifically on what to consider when designing your backup strategy.
At Hostway, we offer a range of managed backup solutions to fit every budget and use case – from SMB to large enterprise. Regardless of which solution you choose, a Hostway solutions engineer will work with you to build the best backup for your unique needs.
Recently, the Cisco Talos security threat research team turned up a significant new threat launched via Microsoft Word. The attack infects systems with malware by quietly using the domain name server (DNS) to make contact with Windows PowerShell command instructions from the attacker.
The attack is initiated by the delivery of a malicious Microsoft Word document. The document looks like it’s from a McAfee-branded secure email service. But upon opening, the document launches a Visual Basic for Applications macro, which then launches PowerShell commands. The system then calls out to a collection of domain records that have been specially constructed by the hacker to help execute on privileged system control.
As the attack unfolds, it is determined whether the user has privileged access using a second stage of PowerShell commands. The PowerShell commands then enter a third act where the Windows System Registry is modified to allow backdoor access. If the user does have privileged access, the Windows Management Instrumentation (WMI) database is modified, so that the backdoor is maintained throughout reboots.
At this point, the infected system queries select DNS records that are built into the script. These requests pull in TXT records from the loaded DNS query, which contain further PowerShell commands. Because the attacker controls the remotely queried DNS records, they can implement any command they desire and execute it locally with full administrative privileges.
There are a number of weaknesses here to point out. First off, domain name servers are a critical and fundamental component to any network environment. On a typical network, they’re rarely monitored, policed or blocked. Commands that transmit through DNS traffic can be fractional and difficult to detect as there are many billions of records across many different types of DNS requests. Secondly, there is a serious gateway flaw that allows document programs to launch external programs, especially those that can modify the system environment.
While the exploit only affects PCs that run Microsoft Word, and not mobile systems, the overwhelming majority of environments use just those two things. No other productivity application and platform combination comes close. Further, as a matter of convenience, companies in many environments allow users the administrative rights to fully control their own systems. This sort of infection has a wide potential base of attack, and it’s proving to be very difficult to detect in most environments.
Once a system is infected, corrective actions on the system will likely be difficult. The breadth of commands and modifications that can be launched in the final stage can prove to be quite complex and possibly irreversible. In cases where the infection has not gotten to the final stages due to a lack of user privileges, the cleanup may be more feasible. This is because the PowerShell commands at these stages are not persistent and are based on sessions, which can be terminated.
There’s a mantra in security that identifies the core components of people, processes and technology. Preventing these sorts of attacks counts on all three points.
Further, Cisco’s Talos Intelligence group suggests the following options to prevent an attack.
As Hostway customers, thousands of companies have benefitted from security and compliance capabilities that cannot be matched in the cloud and hosting industry. Hostway provides leading security solutions, executes corporate-grade continuity strategies and monitors the ever-changing threat landscape for developments that may compromise client environments.
Call (+1.866.680.7556) or chat with Hostway today for a free vulnerability scan.
You're working in the healthcare space, and you want to enjoy the benefits of cloud hosting, but you have concerns about how to do so while adhering to strict compliance standards.
(more…)
American history is rich, vibrant and steeped in tradition – just take President’s Day, which is celebrated on the third Monday of February each year, in honor of George Washington’s birthday. (more…)