Leading Next Generation Managed Services Provider Deepens FinTech Roots in New England

Thrive, a premier provider of Next Generation Managed Services, proudly announced today that it has acquired Tier1Net of Woburn, MA, a Financial Services sector focused Managed Services Provider. Tier1Net is now the fifth company to be acquired by Thrive under private equity owner, M/C Partners, along with Corporate IT Solutions of Norwood, MA, Precision IT Group of New York, NY, BizCompass of Westbrook, ME, and InfoHedge Technologies of New York, NY.

The acquisition of Tier1Net further strengthens Thrive’s New England Financial Services expertise with a strong and a talented engineering staff and extensive vertical industry knowledge. Tier1Net’s commitment to the Financial Services aligns well with Thrive’s long history of providing world-class next generation services to optimize the performance of financial business applications.

“We’re extremely excited to be partnering with Tier1Net to expand Thrive’s Financial Services practice in New England. Their long-term, loyal customers will be well-served by the combination of Thrive’s enhanced suite of Cybersecurity, Public, Private & Hybrid Cloud Next Generation Managed Services, along with Tier1Net’s Financial Services knowledge and commitment,” stated Rob Stephenson, Chief Executive Officer of Thrive.

“The combination of Thrive and Tier1Net is truly a technology gamechanger for New England Financial Institutions,” added Marc Capobianco, Tier1Net Chief Executive Officer. “The expanded product and services capabilities that our clients will gain as a result of this transaction will benefit them all. It’s a pleasure to be joining this first-class organization that has become one of the leading MSPs in the Northeast.”

Mr. Capobianco, Founder and Chief Executive Officer of Tier1Net, will join Thrive as an Executive Vice President and managing partner leading the New England & Corporate FinTech Practice. Matt Chabot, Co-Founder and Chief Technology Officer of Tier1Net, will also become a Thrive executive in a senior technology role reporting to Mr. Capobianco and overseeing the New England Financial Services practice.

“The acquisition of Tier1Net marks another advancement of growth in Thrive’s strategic mission,” said Gillis Cashman, Thrive’s Chairman and Managing Partner at M/C Partners. “As the fifth acquisition that M/C Partners has overseen for Thrive, we are thrilled at the opportunity to continue to capitalize on their success as the leading Next Generation Managed Services Provider.”

About Thrive
Thrive is a leading application enablement provider for Enterprises in a Cloud and SaaS-based world. As one of the largest Managed Services Providers in the United States, Thrive optimizes business application performance with their Suite of Next Generation Managed Services, which include Public, Private & Hybrid Cloud management, Cybersecurity, Networking, Disaster Recovery and more. Thrive’s Next Generation Platform helps compliance-driven businesses solve complex IT problems by delivering peak application performance around the globe, 24×7. For more information, visit http://www.thrivenetworks.com

Introduction

A critical vulnerability impacting Dell’s SupportAssist software could allow a remote attacker to execute code with admin privileges on impacted devices.  SupportAssist is installed by default on all Dell laptops and PCs and may also be installed or updated when visiting Dell’s Support website.

Technical Information

To exploit the vulnerability an attacker could lure a target to a malicious web page which would then allow remote code to compromise the SupportAssist tool.  Since the SupportAssist tool has admin privileges the attacker would then have full access into the system.

Steps Taken by Tier1Net

Tier1Net has identified all impacted devices within its customer networks and is deploying the patch which was recently released by Dell.  The patch should run with no user intervention required.

Recommendation for Home Users

For home users with Dell PCs please visit this Tier1Net knowledgebase article for instructions on identifying whether SupportAssist is installed and in need of the update.

Additional Information

https://www.dell.com/support/article/us/en/19/sln316857/dsa-2019-051-dell-supportassist-client-multiple-vulnerabilities?lang=en
https://www.zdnet.com/article/dell-laptops-and-computers-vulnerable-to-remote-hijacks/

 

Tier1Net welcomes Mike Shipka to the help desk team! Mike began his career way back in high school where he volunteered in the IT Department. He comes to us with several years of hands-on help desk experience, most recently supporting hundreds of users at Southern New Hampshire University.  In his spare time, when not tinkering with computers or playing video games, he can be found volunteering at the local cable access station and photographing live events.

Introduction

Details of a critical vulnerability impacting Microsoft’s Exchange 2013 and 2016 servers were recently discovered and made public.  If successfully exploited this vulnerability would allow an attacker to gain Domain Admin permissions within a company’s Active Directory infrastructure allowing nearly unrestricted access to a compromised server.  At this time Microsoft has not released a patch for this vulnerability.  Tier1Net customer’s which have implemented Tier1Net’s Cisco Umbrella Secure DNS and/or Duo Authentication services have their exposure to this vulnerability greatly reduced.

Technical Information

In order to successfully exploit this vulnerability an attacker would first need to gain the credentials to any existing mailbox on a targeted Exchange server.  This can be accomplished via phishing attacks or credential stuffing where an attacker uses breached credentials from one service to gain access to another service.  Once an attacker has access to a mailbox on the Exchange server they can then combine three known vulnerabilities to elevate the compromised account’s permissions to that of a Domain Admin.   A Domain Admin has full access to an Exchange server and can perform such tasks as resetting password, creating mailboxes, deleting mailboxes, etc.

Steps Being Taken by Tier1Net

Due to Tier1Net’s expertise and emphasis on cybersecurity, many of its customers are already protected from this latest vulnerability.  Furthermore, Tier1Net deploys multiple security layers to both its own internal and hosted infrastructures as well as client supported networks to greatly reduce the exploit risk of any single vulnerability.  To further reduce customer exposure to this vulnerability Tier1Net will be deploying a Microsoft supported mitigation tool to all managed and hosted Exchange servers.

Additional Information

https://dirkjanm.io/abusing-exchange-one-api-call-away-from-domain-admin/
https://nakedsecurity.sophos.com/2019/01/30/privilege-escalation-vulnerability-uncovered-in-microsoft-exchange/
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8581

With the widespread adoption of Windows 10 Microsoft has changed its former strategy of releasing new Operating Systems every few years.  In its place they have moved to a new strategy named Windows-as-a-Service.  With Windows-as-a-Service Microsoft will continuously update Windows 10 with feature updates.  These feature updates will be released twice a year, usually around March and September, and are more than a typical Windows Update as they include additional Operating System functionality and enhancements.

With this new strategy Microsoft has also reduced the number of years it will support a particular version of Windows 10.  As each new version is released it has a support lifetime of only 18 months.  With the end of a particular Windows 10 version’s support Microsoft will no longer release new security patches or updates.  As such it is critical to keep all instances of Windows 10 current.

Consequently, Tier1Net will automate the deployment of Windows 10 feature updates to its customer’s devices via its patch management services.  This will ensure Operating Systems stay current and continue to receive monthly security patches from Microsoft.  As these updates are significant its possible that end users may notice several changes with each new release.  Also, end users may notice that their PC takes several minutes to log on once a feature update has been installed.  The updated PC will post a notification to the user and it is critical that the PC be allowed to complete the update without interruption.

For more information on Microsoft Windows-as-a-Service see https://docs.microsoft.com/en-us/windows/deployment/update/waas-overview

Background

Tier1Net has been notified by its preferred Certificate Authority, Thawte, that all SSL certificates must be reissued and validated by its new parent company, Digicert.

Impact

Impacted SSL certificates are still secure and are not vulnerable to any exploits.  If the SSL certificate were not reissued it would simply post a certificate error when loaded within Google’s Chrome web browser.

Next Steps

In the coming weeks Tier1Net will be reissuing the appropriate SSL certificates on your behalf.  Prior to reissuing the SSL certificate a Tier1Net engineer will notify of you that a Digicert representative may contact you to validate the reissued SSL certificate.

For more information on this issue please click here.

Should you have any questions or concerns please open a ticket with Tier1Net by emailing help@tier1net.net and reference Master Ticket # 81113.

Thank You,
Tier1Net Support
781-935-8050
www.tier1net.com

 

 

 

 

 

 

Tier1Net would like to share the latest available information on the Spectre and Meltdown vulnerabilities.  First and foremost, it is important to note that there are still no known exploits actively targeting the vulnerabilities.

 

Firewall Layer

Tier1Net’s preferred firewall vendor, Sonicwall, has confirmed it has deployed antivirus and intrusion prevent signatures which will protect against attempted Spectre and Meltdown attacks.  These antivirus and IPS updates have already deployed to Tier1Net’s cloud and customer networks.

 

Patch Status

Tier1Net is actively tracking the status of patches as they are released.  Once released Tier1Net will evaluate patches for stability before releasing them for install.  A Tier1Net representative will contact you if it is determined that the installation of a particular patch requires manual intervention or a maintenance window.  Tier1Net recommends that its customers take immediate action to update their iPhone and Android devices using the Knowledgebase articles documented below.

To review the status of patches being released please see the following vendor list.

Microsoft

Microsoft has already released patches for the latest version of Windows 10 as well as patches for its web browsers, Internet Explorer and Edge.  With regards to older versions of Windows Microsoft will be releasing those patches this week.  PCs and servers within Tier1Net managed networks will automatically receive the patches via Tier1Net’s Windows Update service.

PCs not managed by Tier1Net (for example, personal use and home PCs) will automatically receive patches as long as they have been enabled to receive updates via Microsoft’s Windows Update service.  Please see the following for further information on enabling Microsoft’s Windows Update service: https://support.microsoft.com/en-us/help/12373/windows-update-faq

Apple

Apple has released iPhone iOS version 11.2.2 which includes code mitigating the Meltdown and Spectre vulnerabilities.  Tier1Net recommends installing the updates as soon as possible.  Please see the following KB detailing the steps required to update an iPhone’s iOS:  https://tier1net.itglue.com/DOC-1500653-1490177

Google

Google patched Android against Meltdown and Spectre in a January security update.  The specific availability of this update is based on the Android device manufacturer’s approval of the update.  Tier1Net recommends checking for and installing the most recent updates available as soon as possible.  Please see the following KB detailing the steps required to update an Android device:   https://tier1net.itglue.com/DOC-1500653-1490202

Google is also releasing an update for its Chrome web browser in the coming days which will obstruct attempts to exploit the Meltdown and Spectre flaws.  Chrome will automatically install the latest available version when the browser is launched.

Mozilla

Mozilla has released an update for Firefox to mitigate against Meltdown and Spectre.  The update will be installed automatically when the browser is launched.

VMware

VMware has released patches for its ESX hypervisor to address the Spectre and Meltdown vulnerabilities.  The ESX hypervisor typically operates on server hardware and is responsible for running virtual instances of Windows servers.  Tier1Net is in the process of evaluating these patches and will deploy them to its cloud and customer networks once patch stability has been fully confirmed.

 

Performance Concerns

There have also been reports of patches negatively impacting a device’s CPU performance once installed.  The initial reports of the performance impacts may have been overstated with conflicting reports on observed performance impact.  Microsoft has warned users of older PCs of a possible performance impact once patches are installed.  Regarding servers, any impact to performance is load dependent and may be further reduced by a new discovery made by Google researchers.

 

 

 

 

 

 

Introduction

Details on two security vulnerabilities impacting nearly all modern Operating Systems and Hardware were made public yesterday.  At this time new details are still emerging with many questions still unanswered.  Tier1Net has been evaluating information as it has been released and would like to share its findings with you.

Technical Information

The vulnerabilities have been named Meltdown and Spectre with Meltdown being the more serious of the two.  Based on current public information Meltdown impacts all devices running Intel CPUs while Spectre impacts nearly all CPUs made in the last 20 years including Intel and AMD.  A successful exploit of either would allow a bad actor or malicious program to read data as it passes from an Operating System to the CPU and back again.  This includes passwords and other sensitive data.  Spectre is less serious as it is much more difficult to exploit than Meltdown.  For further technical information please visit https://meltdownattack.com

Steps Being Taken by Tier1Net

As with all major security vulnerabilities there are a lot of news headlines sensationalizing the impact.  At this time there are no known exploits in the wild.  Furthermore, Tier1Net deploys multiple security layers to both its own internal and hosted infrastructures as well as client supported networks to greatly reduce the exploit risk of any single vulnerability.

With that in mind, Tier1Net is still taking all appropriate steps to address these vulnerabilities as quickly as possible.  Microsoft has released several patches via its updating service to mitigate the risk within its Windows Operating Systems while other patches from other vendors are still in development.  In the coming days and weeks Tier1Net will be testing and deploying patches as they become available with the goal of balancing security, vulnerability and stability.

Additional Information:

https://nakedsecurity.sophos.com/2018/01/03/fckwit-aka-kaiser-aka-kpti-intel-cpu-flaw-needs-low-level-os-patches/

https://www.pcworld.com/article/3245606/security/intel-x86-cpu-kernel-bug-faq-how-it-affects-pc-mac.html

https://www.theverge.com/2018/1/4/16848976/how-to-protect-windows-pc-meltdown-security-flaw

A vulnerability in the WiFi WPA2 security protocol which was discovered several months ago was made public earlier today.  The vulnerability named KRACK impacts the underlying WiFi WPA2 security protocol itself so all devices that interact with a WiFi network are potentially vulnerable.  This includes mobile phones, laptops and IoT devices (e.g., Alexa, Nest, etc).  To exploit the vulnerability a 3rd party would need to be within range of the wireless network to which a device is connected.  If exploited the vulnerability would allow a 3rd party to intercept and read traffic originating from a device and potentially inject malicious code into that traffic.  However, the 3rd party would NOT be able to read or inject code into any traffic that was sent over an encrypted session such as a HTTPS secured website or a VPN connection.  Furthermore, though the vulnerability has been made public, the code in which to exploit it has not been made public so there is little risk of widespread attacks.

Vendors were alerted of this vulnerability when it was first discovered in August and some have already released patches.  Apple and Microsoft devices are much less likely to be exploited due to the way in which they implement the WPA2 protocol.  Both have also issued statements that they have already patched the issue within their respective Operating Systems.  Google has acknowledged its aware of the issue but will not have a patch for its Android OS for several weeks.  Tier1Net is currently working with its WiFi vendor partners to obtain and deploy patches to Wireless Access Points as they become available.

In the meantime, Tier1Net recommends avoiding public WiFi hotspots unless your respective device is running the latest version of its Operating System with all appropriate security patches installed.  For a full list of vendors and their patch release dates please see: http://www.kb.cert.org/vuls/id/228519

For more information or assistance please contact Tier1Net Support at 781-935-8050 or at HELP@TIER1NET.NET.

A new Ransomware attack named GoldenEye is rapidly spreading throughout Europe and Asia shutting down businesses and government networks alike.

Details are still emerging but experts believe the GoldenEye Ransomware attack is exploiting the same Windows vulnerabilities that were targeted by the WannaCry ransomware attack.  Microsoft released a patch to this vulnerability in March which was distributed to all potentially vulnerable PCs and servers via Tier1Net’s Windows Update services.

Nonetheless, it is possible this new Ransomware variant can exploit heretofore unknown exploits within Windows so Tier1Net recommends alerting all employees to be extra vigilant of all emails which request the recipient to click a link within the body of the email.  The GoldenEye attack has been using common phishing techniques so employees should be warned to suspect even emails coming from supposed trusted sources.

For more information or assistance please contact Tier1Net Support at 781-935-8050 or at help@tier1net.net.