Learning Center

ACS will provide all your IT services in Wilmington, North Carolina

Posted on Author Atlantic Computer Services Categories Blog

Update Your All In One SEO Plugin For Security Patch

Do you own and operate a WordPress website?  Do you also use the “All in One” SEO plugin?

If you answered yes to both of those questions, then be aware that you’ll want to update that plugin as soon as possible.

Recently security researcher Marc Montpas from Automattic Security discovered and reported a pair of critical security flaws.

These flaws put any website using the non-upgraded version of that plugin at risk. The security flaws are being tracked as CVE-2021-25036 and CVE-2021-25037 respectively. The first is an Authenticated Privilege Escalation bug and the second an Authenticated SQL Injection bug.

The bad news is that there are currently more than 800,000 websites running the outdated and vulnerable version of the plugin.  The good news is that the development team behind the All-in-One plugin responded very quickly and delivered an update to their product on December 7th of this year (2021) which addresses both issues.

The reason these flaws are so dangerous lies in the fact that all an attacker needs to be able to successfully execute an attack that leverages them is an authenticated account. That is generally a relatively easy thing to get.  It doesn’t have to have a lot of rights or privileges so a low-level permission group like “Subscriber” is sufficient.

Using that as a starting point it would be easy for an attacker to escalate his or her own privileges and cause all sorts of damage to the site itself or exfiltrate data from it.  Not good.

In any case there’s a simple solution ready and waiting.  Just check to see what version of the All-in-One plugin you’re using. If you don’t already have it download and install the 4.1.5.3 patch.  Stay safe out there.  There may yet be a few additional surprises in store for us in what remains of the year.

0
Posted on Author Atlantic Computer Services Categories Blog

Reasons The Log4j Java Library Security Issue Is Concerning

Haven’t heard of Log4j before right now? If not, you’re certainly not alone but unfortunately it’s something you’re likely to hear more about in the weeks ahead. It may wind up being the cause of a few headaches for you.

“Log4j” is a Java library.  Its function is to log error messages in applications.  Consider it akin to an overworked clerk in the back office somewhere.

As is often the case with overworked clerks in back offices, it turns out that they’re important. If one of them starts having issues it can have gigantic ripple effects. That’s basically what’s happening here.  This library is open source and is one of the bedrock components of the Java-logging framework.

Recently researchers found a remote code execution flaw in Log4j that is already being exploited in the wild.

The issue is being tracked as CVE-2021-44228 and has a severity score of 10/10 so this issue is as serious as they get.  In fact, it’s such a major problem that the UK’s National Cyber Security Centre has already issued a bulletin about it.

This is a pervasive issue that impacts pretty much every device that’s exposed to or connected to the internet and that’s running Apache Log4j versions 2.0 to 2.141. Even worse is that there’s at least one group of hackers already abusing the flaw.  The Mirai botnet targets mostly IoT devices and has been modified with a module that specifically exploits this flaw.

Fortunately, both Cisco and VMware have released patches that address the issue for their products that were affected by the issue. As a whole the industry is moving very slowly when it comes to responding to this threat.

That’s dangerous because the global economy absolutely depends on the internet these days. Anything that has a large-scale impact on the web will have enormous ripple effects that will be felt for months if not years.

0
Posted on Author Atlantic Computer Services Categories Blog

Business continuity planning: A must-have, not a luxury

Business continuity planning: A must-have, not a luxury

Business continuity planning is not an alien concept anymore. In recent times we have witnessed a lot of events that only serve to further intensify the need for business continuity planning. Examples include natural calamities like hurricanes, floods, wildfires, events like terror attacks or even pandemics like the recent Covid-19 outbreak.

While a business continuity plan cannot completely safeguard your business from all these events, it can certainly minimize the damage inflicted on your business. Top business consultants urge their clients to develop a business continuity plan as they consider it a part of the best practices for running a business. A business continuity plan can make the difference between survival and shutdown of a business during a crisis situation.

What is business continuity planning?
Business continuity planning is the process of creating a blueprint that helps your business respond and recover effectively from an unforeseen mishap. As discussed before, the unforeseen event could range from natural disasters to pandemics, or even accidents that affect just your place of business like a fire or even a cybercrime attack directed at your business in particular–basically, any event that can paralyze your business. A business continuity plan serves as a step-by-step guide that you can follow during an emergency to keep your business running smoothly.

True, a business continuity plan is not a sure shot method to survive a crisis, it won’t instantly eliminate the impact of the disaster, but it gives you the best chances of survival. If you are not sure of what a good business continuity plan entails , you can reach out to a reputable MSP to help you with the preparation and implementation of one.

0
Posted on Author Atlantic Computer Services Categories Blog

Some Lenovo Laptops Have Admin Level Security Vulnerability

Do you own a Lenovo Yoga or ThinkPad laptop?  If so be advised that a pair of critical security flaws have recently been found that could allow an attacker Admin level access to your machine.

The flaws are centered in the IMControllerService and are being tracked as CVE-2021-3922 and CVE-2021-3969.  They impact all Lenovo System Interface Foundations versions below 1.1.20.3.

According to the Windows description of the service:

“The Lenovo System Interface Foundation Service provides interfaces for key features such as: system power management, system optimization, driver and application updates, and system settings to Lenovo applications including Lenovo Companion, Lenovo Settings and Lenovo ID.”

Unfortunately, that means that simply disabling the service is not an option.  Since it is so tightly woven into the fabric of these machines disabling it will essentially render your laptop nonfunctional. At the very least it may stop several key features of your machine from working properly.

Researchers from NCC Group who discovered the vulnerabilities explain them this way:

“The first vulnerability is a race condition between an attacker and the parent process connecting to the child process’ named pipe.

An attacker using high-performance filesystem synchronization routines can reliably win the race with the parent process to connect to the named pipe.”

They went on to explain that the second flaw was centered around a “time of check to time of use” vulnerability. That allows an attacker to interrupt the loading process of a validated ImControllerService plugin and replace it with a DLL of the attacker’s choosing.

The good news is that Lenovo moved quickly and as of December 14th, 2021 the issue has been resolved.  If you have one of the laptops mentioned above or some other model that makes use of the ImControllerService be sure to download the latest updates from Lenovo in to plug the hole in your machine’s security. Kudos to Lenovo for their swift response!

0
Posted on Author Atlantic Computer Services Categories Blog

This Android Banking Malware Is Back

We haven’t heard much about Anubis in recent months. Anubis is the nasty Android-based banking Trojan that has made headlines on more than one occasion.

If history is any guide at all Anubis will soon be making headlines again.  It’s back and based on the findings from researchers at Lookout the hackers controlling the malware mean business.

Anubis has been around since at least 2016 when its source code appeared on a variety of Russian hacking forums. Some open-source projects don’t get much love but Anubis has received regular updates that have kept it current and made it more dangerous than ever. Although it’s been a while since the malware was used in a major campaign there are warning signs that things are about to change.

As an example, in 2019  a copy of Anubis was found embedded in an app in the Google Play Store with a not quite functional ransomware module. It was probably placed there as a test. In 2020 Anubis briefly resurfaced courtesy of a large-scale phishing campaign that targeted more than 250 shopping and banking apps.

The Lookout researchers were able to grab a copy of the malware they found circulating in the wild. Based on their findings the newly enhanced malware will be used in a large-scale campaign that will target nearly 300 apps.

Additionally, its latest improvements leave it with the following capabilities:

  • Recording screen activity and sound from the microphone
  • Implementing a SOCKS5 proxy for covert communication and package delivery
  • Capturing screenshots
  • Sending mass SMS messages from the device to specific recipients
  • Retrieving contacts stored on the device
  • Sending, reading, deleting, and blocking notifications for SMS messages received by the device
  • Scanning the device for files of interest to exfiltrate
  • Locking the device screen and displaying a persistent ransom note
  • Submitting USSD code requests to query bank balances
  • Capturing GPS data and pedometer statistics
  • Implementing a keylogger to steal credentials
  • Monitoring active apps to mimic and perform overlay attacks
  • Stopping malicious functionality and removing the malware from the device

In other words, Anubis appears to be back from the dead and the coming months will probably be interesting as if we needed that!

0
1 59 60 61 62 63 238