Learning Center

ACS will provide all your IT services in Wilmington, North Carolina

Posted on Author Atlantic Computer Services Categories Blog

Update Zyxel Products To Fix Possible Security Vulnerability

Do you use a Zyxel firewall?  If so, there’s good news.  The company has fixed an issue you may not have even been aware that you had.

The company pushed out the fix in a silent update a little over two weeks ago, but when they implemented the push, they didn’t provide many details about it.  More of those details are emerging now.

Security researchers at Rapid7 discovered a critical security flaw, now being tracked as CVE-2022030525, which is listed as being a severity 9.8 (critical) issue.

The flaw is described as an unauthenticated remote command injection issue, via the HTTP interface.  It impacts all Zyxel firewalls that support Zero Touch Provisioning running firmware versions ZLD5.00 to ZLD5.21 Patch 1.

The following models are specifically impacted:

  • USG FLEX 50, 50W, 100W, 200, 500, 700 using firmware 5.21 and below
  • USG20-VPN and USG20W-VPN using firmware 5.21 and below
  • And ATP 100, 200, 500, 700, 800 using firmware 5.21 and below

According to the company, these products are most commonly found in smaller branch offices and corporate headquarters for SSL inspection, VPN, web filtering, email security, and intrusion protection.

Per the Rapid7 report given to Zyxel on April 13, 2022:

“Commands are executed as the “nobody” user. This vulnerability is exploited through the /ztp/cgi-bin/handler URI and is the result of passing unsanitized attacker input into the os.system method in lib_wan_settings.py.

The vulnerable functionality is invoked in association with the setWanPortSt command. An attacker can inject arbitrary commands into the mtu or the data parameter.”

For their part, Zyxel moved very quickly on the issue.  They initially promised to release a fix by June 2022, but quietly pushed out the patch on April 28th, 2022 without supplying a security advisory or other technical details.

We’re not sure why that decision was made, but we’re very pleased to gain access to those details now. Kudos to Zyxel for their rapid response!

0
Posted on Author Atlantic Computer Services Categories Blog

Say Goodbye To The Apple iPod

It is the end of an era.  Apple recently announced that they were discontinuing the legendary iPod, which is now in its 7th generation of production.

When first released more than fifteen years ago, the iPod was an instant smash hit that almost singlehandedly created the digital music industry, moving it from the shadowy frontier of P2P file sharing services to mainstream respectability.

That’s not bad for a device that costs just under two hundred bucks.

If you don’t yet have an iPod but you feel like you want one, the time to act is now before they’re gone.  Although the company has stopped manufacturing new iPods, you can still buy one while supplies last. In case you weren’t aware, the latest version of the iPod is more than just a simple music player – it’s also a surprisingly good digital camera and can even be used as a handheld gaming device.

The 7th generation iPod was released in May of 2019. It sports a fairly powerful A10 Fusion chip paired with a four-inch Retina display and boasts up to 256 GP of storage space.

Apple seldom provides details about why they’ve decided to cancel a given product and they’ve kept with that tradition here, but the reasons are easy enough to guess.  Apple was hit particularly hard by the supply chain issues the pandemic caused and given the increase in the capabilities of today’s smartphones, the iPod was increasingly relegated to niche product status.

Even so, it’s a good product and surprisingly versatile.  About the only thing you can’t do on it is make phone calls. If that sounds like something you’d be interested in owning, you still have a small window of opportunity to pick one up before they’re gone for good.

Farewell, iPod.  You were ahead of your time, and you will be missed.

0
Posted on Author Atlantic Computer Services Categories Blog

Windows 11 May Release New Feature For Copying Information

If you’re a member of the Windows Insiders group, then you are likely already aware of this. If not, here’s something else to look forward to when Windows 11 is formally released.  Microsoft has been experimenting with a new “Suggested Actions” feature when you copy data onto your clipboard.

It all begins with Windows 11 build 22621 in the Beta channel and Build 25115 in the Dev channel. There you’ll see the new feature in action any time you copy something to your clipboard.  A bar will appear with one or more options, contextualized to the information you just copied.

For example, if you just copied a date in a sentence regarding a conference, you might get a bar that allows you to create an event for that data with a single click.  If you copy a phone number, the bar would populate with a button allowing you to place a call to that number with one click or tap and so on.

Currently, the feature is quite limited in its scope, and you only see a “Suggested Action” bar when copying certain types of data. If the feature catches on, it would be easy for Microsoft to expand the idea and potentially to expand it greatly.

At present, Microsoft is actively shopping for feedback about the new feature in the Feedback Hub under Desktop Environment > Suggested action on copy.  If enough people respond favorably to the new feature, it’s almost certain that Microsoft will keep it. If enough people write in with suggestions on what other types of data they’d like to see incorporated into the new system, those will most likely be added.

It’s a small thing but this is one way that the user base can help mold the shape and direction of Windows 11 and we’re very pleased to see it.  Kudos to Microsoft.

0
Posted on Author Atlantic Computer Services Categories Blog

New Method Hides Malware In Windows Event Logs

At least one group of hackers has learned a new trick you need to be aware of.  Security researchers at Kapersky Lab have discovered a malicious campaign-in-progress that is using event logs to store malware. That is a technique that has not been seen or documented until now.

This new methodology is designed for maximum stealth, allowing the threat actor to plant fileless malware in the target device’s file system.

The dropper used in this case makes a copy of the legitimate OS error handling file called “WerFault.exe.”  This is placed in C:WindowsTasks, and then it drops an encrypted binary resource to the wer.dll in the same location, which is used for Windows Error Reporting.

DLL hijacking is something that has been seen before.  It is a move that allows hackers to exploit a legitimate program that isn’t designed with many checks, which allows malicious code to be loaded into memory.

Denis Legezo is the lead security researcher at Kaspersky. Legezo notes that the loader itself is harmless, but the hackers have hidden shellcodes inside the Windows event logs, and that’s what allows it all to function.

Legezo’s team traced the attack back to its origins in September of 2021 when the victim was tricked into downloading a RAR file from the file sharing service File.io.

It’s a scary piece of work. Based on an analysis of the code, it seems clear that the threat actor behind this new technique is highly advanced.

The fear is that the details surrounding this new method will be widely shared on the Dark Web. This would allow other, less technically proficient threat actors to copy it. Given how difficult to detect the method is, it’s likely to become incredibly popular very quickly.

All that to say, if you’re an IT Security Professional, your life is probably about to get a whole lot harder unfortunately.

0
Posted on Author Atlantic Computer Services Categories Blog

Beware Of New Backdoor Malware Targeting Linux Users

The name Kevin Beaumont may not be familiar to you, but if you’re a Linux or Solaris user, he may have just saved you a whole lot of grief.

Recently, Mr. Beaumont discovered a stealthy backdoor malware that has been quietly infecting Linux and Solaris SPARC systems for more than five years.  BPFdoor only parses ICMP, UDP and TCP packets checking them for a specific data value and in the case of UDP and TCP packets, also checking for a password.

It can sit quietly on an infected system for an extended period. However,  once triggered, it allows the hacker who placed it there complete access to a compromised device.  Beaumont found BPDdoor activity on networks all over the world.  It was most notably found in South Korea, Hong Kong, India, Vietnam, Myanmar, Turkey and of course, the United States.

He also discovered eleven different speed test servers infected with BPFdoor. Although he was at a loss to explain how those systems may have been compromised since they run on closed-source software.

A different researcher named Craig Rowland issued a comprehensive technical report on BPFdoor and outlined some of its very clever anti-evasion tactics.

The tactics include the fact that it:

  • Resides in system memory and deploys anti-forensics action (wipes the process environment, albeit unsuccessfully as it leaves it empty)
  • Loads a Berkeley Packet Filter (BPF) sniffer allowing it to work in front of any locally running firewalls to see packets
  • Modifies ‘iptables’ rules when receiving a relevant packet to allow attacker communication through the local firewall
  • Masquerades the binary under a name like a common Linux system daemon
  • Renames and runs itself as /dev/shm/kdmtmpflush
  • Changes the date of the binary (time stamping) to October 30, 2008, before deleting it

Thanks to the research of these two individuals, an incredibly stealthy malware strain that specifically targets Linux and Solaris systems has now been exposed to sunlight.  Although the malware is well-designed and contains several clever anti-evasion tactics, now that the word is out, IT Security professionals know what to look for and can begin the process of purging it from infected systems.  Kudos to both.

0
1 28 29 30 31 32 238