Learning Center

ACS will provide all your IT services in Wilmington, North Carolina

Posted on Author Atlantic Computer Services Categories Blog

Some Android Devices May Have Media File Security Vulnerability

Do you have an Android device?  Is it built around a Qualcomm or MediaTek chipset?  If you answered yes to both of those questions, be aware that researchers at Check Point have recently discovered an issue which could put your device at risk.

The team discovered a flaw in the implementation of the ALAC (Apple Lossless Audio Codec) which was open-sourced back in 2011.  The flaw could allow remote code execution on your device and unfortunately, Qualcomm and MediaTek are two of the industry’s largest chip manufacturers.

The good news is that both Qualcomm and MediaTek acted quickly, and this issue has already been resolved.  The problem involved three separate flaws tracked as CVE-2021-0674 (medium severity with a 5.5 score), CVE-2021-0675 (high severity with a 7.8 score), and CVE-2021-30351 (critical severity with a 9.8 score).

While MediaTek did not release a formal statement about the matter, Qualcomm did.

It reads in part, as follows:

“Providing technologies that support robust security and privacy is a priority for Qualcomm Technologies. We commend the security researchers from Check Point Technologies for using industry-standard coordinated disclosure practices. Regarding the ALAC audio decoder issue they disclosed, Qualcomm Technologies made patches available to device makers in October 2021. We encourage end users to update their devices as security updates have become available.”

If you haven’t installed any security patches for your device since December of last year, grab the latest and install it at your earliest convenience and you’ll be all set.  Until then, be sure not to open any audio files from unknown sources which is good advice even after you’ve installed the patch.  One can never be too cautious.

Kudos to the sharp-eyed researchers at Check Point and to both Qualcomm and MediaTek for their fast action here.  That’s how it’s done.

0
Posted on Author Atlantic Computer Services Categories Blog

LinkedIn Now The Most Spoofed Website For Phishing Emails

Considered to be social media for professionals, LinkedIn is an invaluable tool for millions of people all over the world and a great way to make a wide range of professional connections.

Unfortunately, hackers and scammers are aware of this fact and tend to gravitate to it as well. They are hoping to take advantage of the unsuspecting.  Recent research from the cybersecurity company Check Point reveals that LinkedIn has become the most spoofed brand in phishing attacks. These attacks account for a staggering 52 percent of such incidents globally.

This figure would be surprising all by itself but what makes it almost shocking is the fact that in the 4th quarter of 2021, LinkedIn was only the 5th most spoofed brand. They were just 8 percent of phishing attacks seeking to impersonate the brand.

Clearly, between late last year and right now something changed, and the social media property suddenly became a hot commodity on the Dark Web.  In fact, as of now nothing else even comes close.  Shipping giant DHL is the second most impersonated brand, accounting for 14 percent of all spoofing incidents globally. So it lags far behind LinkedIn in that regard.

After DHL the number of spoofing incidents fall off markedly, with Google accounting for just 7 percent, Microsoft and FedEx tied at 6 percent, WhatsApp at 4 percent, and Amazon at just 2 percent.

Beyond that, Maersk clocks in at 1 percent and Ali Express and Apple each account for 0.8 percent which is barely enough to register on the radar.

No one can say with certainty why it’s happening. The current theory is that given LinkedIn’s nature as a hub for professionals, the platform is a natural target and is especially attractive to spear phishers who specifically target well-connected professionals to gain access.

Whatever the explanation, if you rely on LinkedIn, be aware that not all communications you receive may be what they seem. So proceed with caution.

0
Posted on Author Atlantic Computer Services Categories Blog

Update Now If You Run This WordPress Plugin

Millions of people around the world have leveraged the awesome power of WordPress to build their sites.  Whether for personal or business use, WordPress has the flexibility and functionality to create just about any type of site you can dream of.

A large part of this flexibility comes from the power of plugins, but that’s the problem.  With thousands of plugins available, there are lots of opportunities for hackers.

Recently, the authors of the Elementor WordPress plugin released an update (version 3.6.3) which addresses a critical security flaw that allowed unauthorized users to execute code remotely.  The issue put nearly half a million websites at risk, so the company moved quickly to address it.

Elementor’s user base has been quick to embrace the security patch with about a million of the plugin’s users having already updated.  Unfortunately, that still leaves about five hundred thousand users who are vulnerable.

If you have incorporated Elementor into your website’s design and functionality, check to see what version you’re running.  If you’re running anything before 3.6.3 then your site is at risk, and you should update as soon as possible.

WordPress manages their sprawling global empire with surprising efficiency, and carefully tracks security threats introduced by plugin security flaws.  Kudos to both WordPress and the development team at Elementor for finding and acknowledging the issue, then moving quickly to make sure it was resolved.

In our view this is model behavior that companies in any industry can learn from.  There was a lot of transparency here right from the start.  Everyone involved with and responsible for the software was responsive and took fast action, making the fix available quickly.

Kudos all around.  This is how it should be done!

0
Posted on Author Atlantic Computer Services Categories Blog

What the COVID-19 crisis taught us about the cloud and business continuity

What the COVID-19 crisis taught us about the cloud and business continuity

The COVID-19 pandemic has changed life as we know it, in many ways. While its impact on our day-to-day lives has been huge, the impact has been even more severe from a business perspective. The social distancing norms, staggered operating hours so as to limit crowds, the masks, shields, barriers, and what-not! From the business continuity perspective, companies have had to adapt themselves to the new normal very quickly.

During this global crisis, one technology that truly came to the rescue of business big and small was the cloud. The cloud made it possible for businesses to keep their operations running even with staff working remotely. With all critical data stored online, all that was needed was a compatible device with an internet connection and it was business as usual…well, almost.

Here are some core business challenges that were resolved due to the cloud.

  • Access to core business data and software programs that were needed for smoothd day-to-day operations
  • Data security concerns, though not entirely non-existent due to the use of personal devices, were largely taken care of, thanks to multiple layers of security offered by the cloud service providers
  • There were no “hardware hassles”…companies that were already on the cloud didn’t have to worry about the logistics of providing office computers to their employees working from home. With all the data stored online, they could use their home computers or tablets to get the work done.

Earlier what was perceived as an advantage for employees (the permission to work from home) was now mandatory for survival of the business. Even businesses that allowed employees to operate from home before the pandemic had a tough time migrating their entire setup to the work-from-home model.

0
Posted on Author Atlantic Computer Services Categories Blog

Beware Zip Attachments In Emails Could Be Qbot Malware

The owners of the Qbot botnet are changing things up.  The botnet’s normal Modus Operandi for distributing their signature Qbot malware has been to push their malicious code via phishing emails which contain Microsoft Office documents laden with poisoned macros. More recently though, the group behind the botnet has switched to phishing emails carrying password-protected ZIP files which contain malicious MSI Windows Installer packages.

It’s the first time we’ve seen this tactic from Qbot and no one is sure what drove the change. The best theory put forward so far is that the tactical shift is a response to a recent announcement by Microsoft to disable Excel 4.0 macros by default. This was done in a bid to shut down macros as a possible delivery system.  If so, it demonstrates the incredible nimbleness and responsiveness of the hacking world.

Microsoft began rolling out a new VBA autoblock feature for Microsoft Office in April 2022.

Microsoft had this to say about the matter:

“Despite the varying email methods attackers are using to deliver Qakbot, these campaigns have in common their use of malicious macros in Office documents, specifically Excel 4.0 macros.

It should be noted that while threats use Excel 4.0 macros as an attempt to evade detection, this feature is now disabled by default and thus requires users to enable it manually for such threats to execute properly.”

Qbot can best be described as a modular Windows banking trojan that spreads like a worm.  It has been active for more than a decade and the people who control the malicious code have targeted several high-profile corporate entities, seeking the biggest bang for their buck.

Over the years, several large and well-organized gangs of hackers, including MegaCortex, PwndLocker, and REvil have leveraged Qbot to breach corporate networks.  Although Microsoft’s recent moves have made it harder for the botnet to operate, it’s clear that they are adapting.

0
1 33 34 35 36 37 238