Category Archives: Blog

Posted on Author Atlantic Computer Services Categories Blog

Twilio Data Breach Happened Via Employee Smishing

Twilio is the Cloud Communications Company. They are the latest to fall victim to a data breach.

The company recently disclosed that some of its customer data was accessed by unknown attackers who gained access to the system by stealing employee login credentials via an SMS phishing attack, known as ‘Smishing,’ for short.

The company’s disclosure reads in part as follows:

“On August 4, 2022, Twilio became aware of unauthorized access to information related to a limited number of Twilio customer accounts through a sophisticated social engineering attack designed to steal employee credentials.

The attackers then used the stolen credentials to gain access to some of our internal systems, where they were able to access certain customer data.”

The smishing attack succeeded because the attackers were able to convince company employees that the SMS messages they were receiving were coming from the company’s own IT department.  The messages contained URLs containing the keywords “Twilio,” “SSO” and “Okta” which are commonly used by the company.

Unfortunately, if an employee tapped these links, they would not be taken to company resources but rather to a page that had been cloned to appear as a legitimate company sign in page.

Here, they received a message that their password had expired, and the employee was asked to enter their information as part of the process of changing it.

Naturally, this action did not change the employee’s password, but it did hand it over to the hackers waiting on the other end.

Per a Twilio spokesman, the attackers were only able to access data belonging to a limited number of customers, and the company is currently in the process of reaching out to those who were impacted.

If you have a Twilio account and are not contacted, your data and your account should be fine.  If you are contacted, Twilio will provide you with additional information at that time.

0
Posted on Author Atlantic Computer Services Categories Blog

OpenSea Warns Users Of Phishing Attacks From Data Breach

Are you a fan of NFTs?  If so, you’ve probably heard of OpenSea, which is the largest marketplace for non-fungible tokens.

If you have an account there, be aware that recently the company disclosed that their network had been breached and they issued a warning to their clients urging them to be on the lookout for possible phishing emails.

Cory Hardman is OpenSea’s head of security. According to Hardman, an employee of Customer.io, which is the company’s email delivery vendor, downloaded a file containing email addresses that belong to OpenSea users and newsletter subscribers. The precise number of email addresses the attacker made off with was not disclosed.

Mr. Hardman said:

“If you have shared your email with OpenSea in the past, you should assume you were impacted. We are working with Customer.io in their ongoing investigation, and we have reported this incident to law enforcement.”

This is not the first time OpenSea users have been targeted.  Last year, threat actors impersonating fake support staff successfully absconded with roughly two million dollars (USD) worth of NFTs. Last September (2021) the company addressed a security flaw that allowed attackers to empty an OpenSea user’s cryptocurrency wallets by luring them to click on maliciously crafted NFT artwork.

Although the industry is still in its formative stages, it has grown at a blistering pace. OpenSea is the largest marketplace in the NFT industry. They boast more than 600,000 users and total transactions that surpass $20 billion (USD) which make it a prime target for hackers.

Sadly, this will almost certainly not be the last time OpenSea and other NFT markets find themselves in the crosshairs.

If you have an account there, be on high alert.  Odds are good that the attacker will try to put your email address to malicious use.

0
Posted on Author Atlantic Computer Services Categories Blog

Microsoft Office And Google Docs Sync For Offline Use

Recently, Google announced a small but significant change to Google Docs.  Now, if you have enabled offline access for files you have stored on your Google Drive, the system will auto-sync any Microsoft PowerPoint, Excel, or Word files if you have opened them with Google Slides, Sheets, or Docs.

This is a tremendously handy change.

It allows you to switch freely between Google Docs and Microsoft Word, for example, giving you the best of both worlds and a fantastic amount of added convenience.

Since the update, there are a few lingering misconceptions about the capabilities of the new feature.

Here’s the scoop:

  • It only works if you’re using Chrome or Microsoft Edge as your desktop browser
  • You can create, open, and edit Google Docs, Sheets, and Slides offline
  • You can edit Microsoft Word files (.docx), Excel files (.xlsx), and PowerPoint files (.pptx) directly within Google Docs, Sheets, and Slides respectively with no need to convert the files you’re working on

Naturally, you must be signed into your Google account to make any offline syncing possible. Note that your Google Workspace administrator may choose to implement a policy that prevents access to Workspace data offline as a security protocol.

It’s hard to understate just how handy this feature is if you’re in the habit of moving between document editing and creation ecosystems.  Once you give it a try though, you’re probably going to wonder how you ever got along without it.

Kudos to Google for working with their tech rival and going the extra mile to create an even better user experience.  Though it’s certainly true that the company has made its share of missteps, it is improvements like these that demonstrate why Google is among the best of the best.

Give the new feature a try.  We think you’ll love it.

0
Posted on Author Atlantic Computer Services Categories Blog

Secret Twitter Accounts Are Not What You Think

Do you have a Twitter account?  Have you been patting yourself on the back while assuming that your identity was a secret, allowing you to ply the waters of Twitter in anonymity?

Unfortunately, that’s probably not the case.  Recently, Twitter disclosed the existence of a critical security vulnerability that allows someone to discern whether a specific phone number or email address is associated with an existing Twitter account.

The company’s blog post related to the matter reads in part as follows:

“In January 2022, we received a report through our bug bounty program of a vulnerability in Twitter’s systems. As a result of the vulnerability, if someone submitted an email address or phone number to Twitter’s systems, Twitter’s systems would tell the person what Twitter account the submitted email addresses or phone number was associated with, if any.”

So much for anonymity.

Apparently, the flaw in the system arose from a code update that the company performed back in June of 2021.

The flaw existed in the code for a total of seven months before Twitter engineers discovered and fixed it. During that time, someone exploited it.  Data tied to more than 5.4 million Twitter users was found for sale on the Dark Web, with the hackers charging a hefty $30,000 (USD) for access.

Twitter has announced that they’ve begun the process of reaching out to any user whose data was compromised.

If you are contacted by Twitter regarding this issue, there’s really nothing to be done.  Your information is out there. Out of an abundance of caution, it would be wise to change your password. If you use the same password on Twitter that you use elsewhere on the web, change those too.

While we’re on that topic, if you are in the habit of using the same password across multiple web properties, now would be an excellent time to develop a new password habit.

0
Posted on Author Atlantic Computer Services Categories Blog

Malware Is Targeting Small Office And Home Office Routers

Researchers at Lumen’s Black Lotus Labs recently spotted evidence of a highly sophisticated and tightly targeted campaign aimed at SOHO (small office/home office) routers across both Europe and North America.

Based on the evidence the team has collected thus far, their conclusion is that the unidentified actor must be state sponsored. This is because garden variety hackers do not typically have the tools, techniques, and procedures in place to pull off the kinds of attacks that the researchers are seeing.

It is telling that this campaign’s ramp up coincided with the pandemic-fueled shift to large numbers of employees working from home.

A recently published summary report about the campaign reads in part, as follows:

“This (the massive surge in people working from home) gave threat actors a fresh opportunity to leverage at-home devices such as SOHO routers – which are widely used but rarely monitored or patched – to collect data in transit, hijack connections, and compromise devices in adjacent networks.

The sudden shift to remote work spurred by the pandemic allowed a sophisticated adversary to seize this opportunity to subvert the traditional defense-in-depth posture of many well-established organizations.”

The report goes on to say that:

“The capabilities demonstrated in this campaign – gaining access to SOHO devices of different makes and models, collecting host and LAN information to inform targeting, sampling and hijacking network communications to gain potentially persistent access to in-land devices and intentionally stealth C2 infrastructure leveraging multi-stage siloed router to router communications – points to a highly sophisticated actor that we hypothesize has been living undetected on the edge of targeted networks for years.”

This is a genuine threat. Although your IT department is likely stretched as thin as it is, one of the best ways you can minimize your risk is to assist your employees who are working from home with patch planning to make sure their gear is up to date and as well protected as possible.

0
1 14 15 16 17 18 236