If we could tell the hackers out there to take a break, we seriously would! We mean, come on, the holidays are at our doors and the last thing we’d want to do right now is deal with hacks and attacks. But we know this isn’t a possibility and a recent attack on Adobe in the first week of this month has proved just that.

Unknown hackers had launched “limited, targeted attacks” against high-value Windows users, exploiting a zero-day vulnerability in Adobe’s PDF Reader software. The attacks were observed in the wild against Windows users running Adobe Reader version 9.4.6, according to a warning from Adobe, and we assume an emergency patch for Adobe Reader and Acrobat 9.x for Windows has already been released because Adobe had planned to ship it “no later than the week of December 12, 2011.” Adobe has rated this issue as a “critical” one that currently haunts Adobe Reader X (10.1.1) and earlier versions for Windows and Macintosh, Adobe Reader 9.4.6 and earlier 9.x versions for UNIX, and Adobe Acrobat X (10.1.1) and earlier versions for Windows and Macintosh. And the company has warned that this vulnerability (CVE-2011-2462) could cause a crash and potentially allow an attacker to take control of the affected system.

Adobe’s newer Reader X software also has the vulnerability but there are anti-exploitation roadblocks in that version. That explains why the company is in no hurry to release Reader X updates.

But then why is Windows on its high priority list? Look at what Adobe security chief, Brad Arkin, has to say about that, “The reason for addressing this issue quickly for Adobe Reader and Acrobat 9.4.6 for Windows is simple: This is the version and platform currently being targeted. All real-world attack activity, both in this instance and historically, is limited to Adobe Reader on Windows. We have not received any reports to date of malicious PDFs being used to exploit Adobe Reader or Acrobat for Macintosh or UNIX for this CVE (or any other CVE).” Focusing this release on just Adobe Reader and Acrobat 9.x for Windows also allows Adobe to ship the update much earlier, thus mitigating threats.

Likewise, Arkin has also made a plea to Adobe users to upgrade to the latest and greatest versions. It goes on as follows:

I’d like to take this moment to encourage any remaining users still running Adobe Reader or Acrobat 9.x (or worse, older unsupported versions) to PLEASE upgrade to Adobe Reader or Acrobat X. We put a tremendous amount of work into securing Adobe Reader and Acrobat X, and, to date, there has not been a single piece of malware identified that is effective against a version X install. Help us help you by running the latest version of the software!

So are you up for the upgrade?  Get it here!

As if Small- and Medium-sized Business owners don’t have enough to worry about, an increase of “hacktivism” has been predicted for 2012 by Kroll, an Information Technology (IT) consulting company. Cybercrimes are nothing new, but cyber criminals have more ways to infiltrate a small-business owner’s private company data. Just because a company is small – meaning it has 500 employees or fewer and less than $5 million in annual revenue – that doesn’t automatically remove it from a cyber thief’s list of possible targets. Everyone is at risk, according to Kroll, especially small and medium businesses.

Innovations like the cloud and geolocation technology are two-faced Januses that open doors of convenience for businesses on one side, while simultaneously opening portals of enormous potential for thieves on the other. It doesn’t help that more and more businesses provide their employees with company laptops and/or smart phones that sometimes don’t have the kind of firewall and anti-spyware protection that they should. And if a lost or stolen laptop or smart phone isn’t password protected, the data within is at a thief’s disposal.

Besides predicting an increase in cyber-based mayhem for 2012, Kroll also predicts that two federal geolocation tracking bills that were introduced in 2011 will never become laws. The Location Privacy Protection Act, which was introduced by Sens. Al Franken (D-Minn.) and Richard Blumenthal (D-Conn.), seeks to close current federal law “loopholes” that, according to Franken, allow device manufacturers, app developers and telephone companies that offer wireless Internet service to freely share their consumer location information with third parties. The Location Privacy Protection Act pertains to non-governmental entities, but the GPS Act, which was introduced by Sen. Ron Wyden (D-Ore.) and Rep. Jason Chaffetz (R-Utah), covers both governmental and non-governmental entities, including law enforcement. Under the GPS Act, a person must give prior consent before a company could share location information, and law enforcement would have to obtain a warrant before a company could disclose such information about one of its customers.

The two aforementioned bills were introduced long before developer Trevor Eckhart posted a YouTube video detailing the dangers of the Carrier IQ app, which Sprint says it has disabled, that logs every keystroke a user makes and every URL he visits – even secure ones – and sends the information back to the carrier’s database. T-Mobile still has the Carrier IQ app on its HTC Amaze 4G, Samsung Galaxy S II, Exhibit II 4G, LG myTouch, LG myTouch Q, LG DoublePlay and the Blackberry 9900, 9810 and 9360 devices. The potential dangers of such an app exist not only for individual users, but for the carriers as well.

Despite Facebook’s privacy missteps, social engineering attacks, Kroll says, involve thieves using “clever tactics to coerce end users into disclosing sensitive information, downloading malware or both.” To prevent this type of cyberattack, as well as all the others, companies will have to become more vigilant when it comes to keeping track of their employees’ Internet activities and increase firewall and anti-spyware protection on company-issued devices.

Small- and medium-sized business owners have a lot to look forward to in 2012, but they have a lot to prepare for, too, according to IT consultant Kroll. As companies move more of their business operations to the Internet and the cloud, they give cyber criminals more opportunities to steal or corrupt important company data.

Becoming a knowledgeable and competent IT professional takes continuing education to ensure that an individual keeps up to date with upcoming trends and systems. Luis Palacios of XCEL Professional Services is just one of those individuals that works tirelessly at reaching Microsoft certification in order to advance his expertise and has attained his certification in MCTS Server Virtualization. 

Microsoft has developed an extensive certification program for Information Technology (IT) support professionals that includes step-by-step certifications that an IT professional can achieve at their own pace. Luis Palacios of XCEL Professional Services just recently achieved his Microsoft Certified Technology Specialist (MCTS) certification with Server Virtualization specialization.

Virtualization is a critical aspect of every IT department due to its capability to save money while improving business continuity. Getting certified in this field verifies that an IT specialist is highly proficient in this increasingly popular area. The TS: Windows Server Virtualization, Configuring test may be counted as credit towards the Microsoft Certified IT Professional (MCITP) certification.

According to Mr. Palacios, “This is not an easy certification to achieve. The requirements are stringent; I needed to have more than 1 1/2 years of experience in working with multiple systems. Now that I have the certification, XCEL clients can feel reassured that I know what I’m talking about when I’m suggesting server virtualization solutions to them.”

There are plenty of resources and tools that are available from Microsoft which allows IT professionals to pursue Microsoft Certification which will enable them to keep their skills relevant, applicable, and competitive. Microsoft is also recognized as a global standard which increases a certified individual’s opportunities for advancement.

XCEL’s number one focus is the client; therefore they take great pride in providing superior customer service and technical expertise — all the time. Only senior-level IT analysts are added to the organization’s staff so as to minimize extended time being taken on projects that a junior technician might need. Clients can be confident that when an XCEL Analyst is assigned to the project, they are competent and knowledgeable to handle all network issues.

###

XCEL Professional Services is a Calgary-based IT Service Provider established in 2009.  With a focus on IT Security for the SMB Market, XCEL has certified analysts on staff who care about the security and efficient operation of client networks.  XCEL currently serves over 20 small to mid-sized businesses in the Calgary area, Saskatchewan, Central Alberta, British Columbia, and North Africa.  Core services are IT Security, IT Projects (design, management, implementation, migration), and Managed IT Services (day-to-day computer and network support and maintenance).

Do you have questions about XCEL? Feel free to email us at info@xpsl.ca.