Kids Can Bypass Communication Limit Feature On iOS 13.3

If you have children that own Apple devices, be aware that the latest update for iOS 13.3 included a feature called Communications Limits.

It is designed to allow parents to set up parental controls to keep their kids from speaking to, texting with, or Facetiming with anyone who's not already in their contacts list.
It's a small but important feature addition. Hackers, scammers, bullies, or strangers can easily get phone numbers belonging to children. Even worse, they can then harass or threaten them in a variety of ways.

Unfortunately, there were problems with the implementation of the feature. For one thing, a bug in the code allowed kids to add a new number to the address book contacts list and use that as a springboard for bypassing the restrictions imposed by the software.

The bug was discovered by staffers at CNBC who were able to show that the feature worked fine on devices backed by iCloud, but not other services like Google's Gmail.
Todd Haselton of CNBC had this to say about the discovery:

"A child should not be able to add the contact to the iPhone's address book without their parent entering their PIN first if the feature is working properly."

That's a succinct description of both the problem and its solution. Right now, Apple is scrambling to generate a fix. Although the company hasn't said as much, there's a very good chance that by the next patching cycle, the company will have a fix in hand.

If you were counting on the feature, one thing you can do until the fix is ready is to make use of the Downtime feature. That allows users to restrict access to apps according to a predefined schedule. It's not perfect, but it will get the job done in the short term.

If you wish to maximize the productivity of your employees by restricting their access to unnecessary apps and programs on your network or if you wish to protect vital business information from prying eyes of unauthorized personnel, call SpartanTec, Inc. in Fayetteville now.

SpartanTec, Inc.
517 Owen Dr
Fayetteville, NC 28304
(910) 745-7776
http://manageditservicesfayetteville.com

Cities Served:
Fayetteville, Spring Lake, Hope Mills, Dunn, Aberdeen, Southern Pines, Pinehurst, Sanford, Clinto

FBI Sheds New Light On Ransomware Tactics

According to a recent FBI alert marked "TLP: AMBER," businesses should be on high alert for ransomware attacks.

The alert reads, in part, as follows:

"Since January 2019, LockerGoga ransomware has targeted large corporations and organizations in the United States, United Kingdom, France, Norway, and the Netherlands. The MegaCortex ransomware, first identified in May 2019, exhibits Indicators of Compromise (IOCs), command and control (C2) infrastructure, and targeting similar to LockerGoga.

The actors behind LockerGoga and MegaCortex will gain a foothold on a corporate network using exploits, phishing attacks, SQL injections and stolen login credentials."

The alert also states that the attackers behind these two ransomware strains often wield Cobalt Strike tools, including Cobalt beacons to gain remote access.

Once the attackers gain a toehold inside a target network, they'll carefully explore and map the target network, seeking out the most sensitive information including proprietary company data, payment card information and other customer details and the like.

The goal here is to identify the highest value information that can be exfiltrated to the command and control server for sale on the black market. Finally, when all of the most valuable information has been siphoned from the network, the hackers will trigger the ransomware itself, which they'll use to gain an additional payment, extorting the affected organization.

The FBI also reports that hacking operations carried out by nation-states often deploy ransomware to make it appear that the attack is the work of traditional cybercriminals, throwing forensic investigators off of their trail.

The process of network mapping and exfiltrating valuable data can take weeks or even months, depending on the size of the network. So, organizations may be infected long before the visible signs of the attack become evident. Given that, it's more important than ever to have robust security system in place. You should have remote backups taken at regular intervals and a rapid response plan in place in the event of a breach.

Call SpartanTec, Inc. in Fayetteville and let our team help you find the best IT strategy to protect your company and network from ransomware attacks.

SpartanTec, Inc.
517 Owen Dr
Fayetteville, NC 28304
(910) 745-7776
http://manageditservicesfayetteville.com

Cities Served:
Fayetteville, Spring Lake, Hope Mills, Dunn, Aberdeen, Southern Pines, Pinehurst, Sanford, Clinto