Category Archives: Blog

Posted on Author Atlantic Computer Services Categories Blog

Latest Apple Update Fixes Web Security Flaw On Most Devices

Recently, two different security researchers (Clement Lecigne of Google’s Threat Analysis Group, and Alison Huffman from Microsoft’s Browser Vulnerability Research Group) discovered a pair of serious security vulnerability impacting Apple devices.

The bugs, tracked as CVE-2021-1844 and CVE-2021-21166 respectively, are browser-based memory issues that could have allowed remote code execution if the victim navigated or was directed to a website embedded with malicious code.

Apple moved quickly and issued a patch for the first, and the second was actually an issue in Google Chrome for Apple users, patched with the release of Chrome 89. Apple’s iOS updates are available for the iPhone 6 and later, the iPad Air 2 and later, the iPad mini 4 and later, and the iPod touch (7th Generation). The Apple releases you want are: macOS Big Sur 11.2.3, iOS 14.4.1, and iPad OS 14.4.1, depending on the type of device you have.

iOS 14.4.1 is the version containing the bugfix, and although there’s no evidence of either bug being used in the wild, it’s just a matter of time before that happens. So if you haven’t already updated to that version of iOS, you’ll want to make doing so a priority. Note too that the update is 138MB and is quite significant. It contains a number of small enhancements, in addition to the bug fix itself.

Kudos to Apple, Google, and Microsoft for their keen eyes and rapid responses in this case. These issues, and their accompanying security patches certainly won’t be the last such issues we see this year. In this case though, the responses of all three companies were exemplary and should serve as an example to everyone.

In any case, if you have already updated as described above, there’s nothing else for you to do. If you haven’t yet, do so at your next opportunity, and you’ll have one less thing to worry about.

0
Posted on Author Atlantic Computer Services Categories Blog

Hacker Uses Zoom Invites To Steal Credentials Through Sendgrid

There’s a mix of bad news and good in the ongoing war against the hackers of the world.

For the bad news, security professionals have recently detected a sophisticated phishing campaign that makes use of SendGrid and convincing replicas of Outlook on the Web and Office 365 logins to harvest credentials.

The attack works like this: SendGrid is a trusted SMTP provider, so by sending their emails through this channel, it’s more likely that those messages will reach their intended targets and not be blocked by built in email security protocols.

The emails the group is sending are typically Zoom invitations, though invariably, once a user clicks on the link, they’re forced to jump through a few hoops and end up at a convincing login page for Outlook on the Web or Office 365. These pages are fake, of course, and any user who attempts to log in is merely handing their login credentials over to the hackers, who have collected an estimated 400,000 user names and passwords using this technique.

From there, the sky’s the limit. Armed with working user name and password combinations, the hackers behind the phishing campaign can log into a user’s account and use that as a springboard to inject malicious code onto a target’s system with pretty much any payload that the hackers desire.

The group behind all of this has been dubbed “Compact,” and it’s clear by the design of the attack that they are a technically sophisticated bunch. Having said that, there is some good news to report as well. As tech savvy as the attackers are, they made a mistake and misconfigured an exfiltration script. It has allowed security researchers to download multiple copies of the exfiltration code, revealing a tremendous number of details about the group’s inner workings.

It’s likely to provide a short term victory for security professionals around the world, as they’ll likely be able to shut down large swaths of Compact’s operation. However, the group will no doubt learn from their mistake and after going away for a time to lick their wounds, they’ll no doubt be back, and more dangerous than ever.

0
Posted on Author Atlantic Computer Services Categories Blog

New Exchange Online Feature Helps Prevent Phishing And Ransomware

Microsoft has been busy of late, making a raft of improvements to their email system that are designed to enhance user security.

Not long ago, they added a fantastically useful feature called ‘Plus Addressing’ which allows Office 365 users to make use of an unlimited number of disposable recipient email addresses and track email sources.

Now, the Redmond giant is upping the ante further, with an “External” email tag coming soon to your cloud-based email inbox.

Once the feature becomes available, Exchange admins will have a new tool in their arsenal to provide better protection from phishing, and malicious emails that rely on unsuspecting users opening attachments from senders outside the company. Any email received from an external source will be automatically tagged on the inbox view pane. Additionally, in some Outlook clients, the “mail tip” will also be included at the top of the reading pane, along with the sender’s email address.

Note that this change will not show up for absolutely everyone. It will only be visible to users who make use of Outlook on the web, the new Outlook for Mac, and Outlook Mobile (for both iOS and Android users).

When the new feature is ready to use, it will roll out to all Office 365 environments with the external tag feature set to ‘off’ by default. If you want to enable it, you’ll need to use the “Get-ExternalInOut” and “SetExternalINOutlook” PowerShell cmdlets.

If you enable the feature, then withing 24 to 48 hours your users will start seeing the tag on all emails received from outside your organization.

In addition to this change, the company is also working on adding SMTP MTA Strick Transport Security to Exchange Online to better combat man in the middle attacks. These are exceptional changes and we look forward to seeing the new tag in action. Kudos to Microsoft for continuing to enhance their ubiquitous email service.

0
Posted on Author Atlantic Computer Services Categories Blog

Browser Wars Heat Up With Microsoft Edge Boosting Speeds

If you thought the browser wars were over, think again. Microsoft has made some startling improvements to its Edge browser recently that gave it an impressive 41 percent speed boost. That suddenly puts it in the running for the fastest, if not the best and most robust browser in the game. The speed boost is but the latest in a string of innovations that has consistently improved the Redmond giant’s latest browser offering.

Earlier this year, Edge was given support for sleeping tabs, which increase overall system performance by minimizing the CPU usage of tabs you’re not currently browsing.

Late last year, we got our first look at Edge’s “Vertical Tab” arrangement allowing you to move your open tabs from the top to a configuration where they run down the left side of your browser window so that you can customize and configure the browser depending on how you use it. You can even switch between the two tab layouts at the touch of a button.

Later this month, yet another improvement will be rolling out. It will allow you to drag links from any open tab in the standard layout, to the vertical layout, and vice versa.

Then there’s the increase in speed itself, which has been dubbed ‘Startup Boost’. It automatically maximizes your device performance by reducing the amount of time it takes to open the browser after a reboot, or after closing then reopening the browser.

We’re not sure why anyone would, but if you find yourself not liking the impressive boost in speed, you can even turn it off by accessing the settings menu and turning the new feature off.

Apple and Google will no doubt work double time to match Microsoft’s latest moves, but in the short run, it gives the Edge browser a compelling advantage. Kudos to Microsoft for pushing browser performance to new heights!

0
Posted on Author Atlantic Computer Services Categories Blog

A United States Bank Hit By Ransomware And Data Breach

A few months ago, it became widely known that there was a critical security vulnerability in Accellion FTA servers. Naturally, hackers wasted no time exploiting the vulnerability, and since then, we’ve seen a few instances of high-profile data breaches traced back to that very vulnerability. Flagstar bank is the latest such victim. Recently, the company disclosed that their network had been breached and that a range of customer data had been exposed.

The company’s formal statement on the matter reads in part as follows:

Accellion, a vendor that Flagstar uses for its file sharing platform, informed Flagstar on January 22, 2021, that the platform had a vulnerability that was exploited by an unauthorized party. After Accellion informed us of the incident, Flagstar permanently discontinued use of this file sharing platform.

Unfortunately, we have learned that the unauthorized party was able to access some of Flagstar’s information on the Accellion platform and that we are one of numerous Accellion clients who were impacted.”

The hackers behind the attack sent a ransom note to Flagstar, demanding payment in Bitcoin, or the group would publish the data they had stolen. They also provided a screen shot displaying a small portion of the stolen data, and from this we can glean that the following information was exfiltrated:

  • Bank employee information, including hire date and salary information
  • Customer names
  • Customer social security numbers
  • Customer addresses and phone numbers
  • Customer tax records

And the like.

Although the original zero-day Accellion security flaw has now been patched, since then, new vulnerabilities have been discovered and are being actively exploited. So unfortunately, Flagstar bank is almost certainly not going to be the last company to suffer a breach like this.

In any case, Flagstar has already begun the process of reaching out to their impacted customers. If you do business with the bank and were impacted, you’ve probably already received some form of communication. If not, call their support line or visit them on the web to find out if or whether you’ve been impacted.

0
1 108 109 110 111 112 236