@scottalanmiller said in What Are You Doing Right Now:
First of our close, local circle of friends got COVID a few days ago. She's doing fine. But we found out that she lost her sense of taste halfway through a beer that she was drinking! How weird.
Ugh, horrible timing!
@scottalanmiller said in Wasabi cloud storage service knocked offline for hosting malware:
Damn, it's GoDaddy!
That was my first thought when the story came out.
@siringo said in What Are You Doing Right Now:
2 x hp dl380 gen 9's. Not had a single problem since being put into service in 2017.
Yesterday both crashed with power, iLO and firmware errors. Neither reboots into windows.
Out of warranty since 9 November 2020.
Not sure what to do???????
What do the hardware diags say?
Beginning November 5th, 2020, you will see a clear distinction between automatic and manual updates in Windows Update, completing the transformation of driver servicing that we began earlier this year.
@JaredBusch said in Sangoma Ransomware:
@Crosstalk-Solutions said in Sangoma Ransomware:
In video:
I want to get ahead of speculation....
Because you want your speculation to be the one everyone believes..
This video is a load of crap.
@Dashrender said in Search from Start menu is blank/black:
Anyone else see this type of behavior after upgrading to 20H2?
Nope. Are you completely up to date?
@gjacobse said in M.2: Initialize Drive:
it came up to the Bitlocker recovery
You will need to enter the bitlocker recovery key to get any data off of it if BitLocker is enabled. If it's an AAD device, hopefully it's set up so the recovery key is available in there.
@JaredBusch said in FreePBX vs 3CX 2021 Edition:
@Obsolesce said in FreePBX vs 3CX 2021 Edition:
@VoIP_n00b said in FreePBX vs 3CX 2021 Edition:
As 2020 comes to a close, and we start 2021 what are you using for new PBX deployments?
Definitely nothing from Sangoma!
Yes, let’s skip the only open source choice on the market.
True, they only kept the breach quiet for months, and ONLY said something because the deadline was passed and files were leaked, and everyone was piling up on them for a response... It could be worse!
But, the company has one of their products open source so it's all good!
@VoIP_n00b said in FreePBX vs 3CX 2021 Edition:
As 2020 comes to a close, and we start 2021 what are you using for new PBX deployments?
Definitely nothing from Sangoma!
@ls_tech said in I bypassed my jobs security restrictions...:
I'm curious if a administrator finds my logs of the different accesses I've been through. Am I risking termination or is a curious mind good for their security
I would think it depends on the company policy. What's the employee handbook say?
As for mentioning potential security holes in your company's IT systems and infrastructure, I'd certainly want to know if I were in a position to care.
@JaredBusch said in Sangoma Ransomware:
@Obsolesce said in Sangoma Ransomware:
@JaredBusch said in Sangoma Ransomware:
@Obsolesce said in Sangoma Ransomware:
Also the possibility of compromised cryptography keys, such as those used for SSL connections, that people seem to be concerned about.
Not for SSL. for digitally signing the modules. commercial and non-commercial.
Ah, okay. That makes more sense.
Oh also the SSH keys for remoting in to systems. I would say no issue there, but of course stupid people are stupid and I am sure a lot of people have them enabled needlessly.
Okay yeah, I seen SSL mentioned in the one first post, and SSH further down. But not being familiar with the products I didn't know anything beyond that. Perhaps the SSL one was a typo.
@JaredBusch said in Sangoma Ransomware:
@Obsolesce said in Sangoma Ransomware:
Also the possibility of compromised cryptography keys, such as those used for SSL connections, that people seem to be concerned about.
Not for SSL. for digitally signing the modules. commercial and non-commercial.
Ah, okay. That makes more sense.
@scottalanmiller said in Sangoma Ransomware:
@JaredBusch said in Sangoma Ransomware:
The concern is not the open source. The concern is closed source.
Very true. Definitely any closed source from them is very suspect now as there's two risks...
- Attacks now know of security holes that weren't public simply by getting "read access" to the code.
- Compromised are injected because there's no community or repo protection against changes.
Also the possibility of compromised cryptography keys, such as those used for SSL connections, that people seem to be concerned about.
I don't use them, so not sure about the true nature of that threat though.
@scottalanmiller said in Sangoma Ransomware:
FreePBX code impacted. <- No cause for concern but this is the key "panic" that people are promoting to try to make this into a big deal. I don't know anyone that is a Sangoma customer or why much of anyone would be, the kind of stuff that they make isn't stuff for modern businesses. What they make of importance and value is FreePBX, but we have no cause for concern there given what we know.
Yeah this is unlikely, I agree with you.
Had the attackers managed to get credentials to log in to their GIT system and make changes, I'm sure someone would have noticed directly, or due to alerts. They are a software company, so I'm also sure they have approvals, etc. and all that set up, and it's also unlikely the attackers managed to get all credentials needed to bypass and cover up any source code alterations. Then at the same time, manage to bypass 2FA/MFA or even manage to disable it via some admin credentials. Then also, since it's open source, go unnoticed to the large public community skimming the source code for changes. I doubt they have AD, which makes a compromised AD joined device your golden ticket into the entire domain as domain admin. And it is also likely this was solely a ransomware attack.
@scottalanmiller said in Sangoma Ransomware:
Perhaps Google was infiltrated months ago and just didn't realize it. Maybe you were. Maybe it isn't even you posting by a hacker pretending to be you. It's just not a logical way to approach it, because once you make that leap it means you have to make it for everyone company, everywhere.
I meant it in this context:
We know for a fact they were hacked, without any doubt.
Meaning, they only know they were hacked because it was the ransomware that made it obvious. Now they need to do a full in-depth investigation, and may learn that it's just the tip of the iceberg.
I was not talking about about it in the way you are saying.
@scottalanmiller said in Sangoma Ransomware:
Sure, but none of that matters to the customers (unless it's customer data being exposed.)
It certainly looks like at least some customer data was exposed, without any doubt.
@scottalanmiller said in Sangoma Ransomware:
the ability to get modified code to customers. That's not to say it isn't possible, just that it's a leap that we can't assume. If we can assume it, then we could assume it with anyone and simply say that "since they can't prove something hasn't happened, that might imply that it did." There's no end to that logic.
I never said anything about modified code, not sure what this is referring to.
