Category Archives: Blog

Posted on Author Atlantic Computer Services Categories Blog

Nvidia Drivers Should Be Updated For Security Issues

If you use a Nvidia graphics card, be aware that the company has recently released their first security patch of 2019, bearing the ID # 4772.  It’s an important one in that it addresses eight security flaws that leave un-patched systems vulnerable to attack.

It should be noted that none of the flaws addressed in this patch are rated as critical, but all are rated as high.

The issues addressed in the patch run the gamut of protecting your system. This ranges from denial of service attacks, to remote code execution, and in six of the eight cases, an escalation of privileges.

This patch is applicable across a range of Nvidia’s most popular products, including their GeForce, Quadro, NVS and Tesla graphics cards. So if you use Nvidia graphics cards, then odds are good that this patch will be of benefit to you.

This brings us to the topic of how to apply the latest patch.  If your system is Windows based, then applying the latest patch via the Windows control panel should be the only action needed.  If you’re a Linux user, then the specific steps you’ll need to follow will vary from one build to the next. It and may involve a bit of manual work, navigating to the Nvidia control panel after the driver has been updated.

Also note that if you have Nvidia products on your system, you can download and install an app called the GeForce Experience, which will alert you when a new patch is available and guide you through its installation.

In any case, this patch is important enough to warrant a special mention, as the issues it protects against are fairly high profile.  Make sure your IT staff is aware so they can put this one high on the list of priorities.

0
Posted on Author Atlantic Computer Services Categories Blog

Microsoft Account Email Phishing Attempt Looks Legitimate

Researchers have discovered a pair of nasty phishing campaigns that are making use of Microsoft’s Azure Blob Storage in a bid to steal the recipient’s Microsoft and Outlook account credentials.

Both campaigns are noteworthy in that they utilize well-constructed landing pages that have SSL certificates and a windows.net domain, which combine to make them look totally legitimate.

Given that most users don’t pay close attention to the exact address they’re navigating when they click on a link embedded in an email, these things are more than enough to fool many users. The first campaign relies on some basic social engineering to prompt the user to do something.

The subject lines vary a bit, but fundamentally they are called to action like:

“Action Required: (user’s email address) information is outdated – Re-validate now!”

The body of the email reinforces this point and helpfully contains a link to help you on your way to re-validating your account.  Clicking on the link doesn’t raise suspicion because the landing page is a carbon copy of the Outlook Web App that’s complete with a box that allows you to “validate” your password. Of course, what you’re actually doing is giving your email password to the hackers, who then have unfettered access to your inbox and contact list.

The second campaign is the weaker of the two, although it’s set up much the same way.  The subject line indicates that you need to take action to re-validate your Facebook Workplace service account, but when you click the link, you’re actually taken to a clone of Microsoft’s landing page. This was no doubt a mix-up on the part of the hackers and will be addressed in short order.

In any case, it pays to make sure your employees are aware of both of these, so they don’t inadvertently wind up handing over the keys to their digital kingdom.

0
Posted on Author Atlantic Computer Services Categories Blog

Iconic Software Adobe Shockwave Unavailable After April

It’s the end of an era.  Way back in 1995, a company called Macromedia released the iconic Shockwave player, which quickly became a mainstay on Windows-based machines.

A decade later, Adobe purchased Macromedia, taking ownership of the Shockwave player and the company’s other  products (like Flash), both of which continued under the Adobe brand.

Time has not been kind to the technology.  Not only has the company struggled to keep them secure, but the web itself has moved on.  While Flash and Shockwave were once instrumental to cutting edge web development, today’s developers have migrated to WebGL and HTML5, leaving these products with a withering market share.

Although there’s not much current demand for the products, there are a surprising number of legacy websites that still rely on the aging tech.  That’s why Adobe’s recent end of life announcement for Shockwave is sending ripples of panic through the internet.

Adobe has begun sending out emails to their customers bearing the subject line “Adobe Shockwave Product Announcement” in a bid to give webmasters whose sites are built around the tech time to shift gears. The Shockwave Player will officially be retired as of April 8th, 2019, about a year before another iconic Adobe product called Flash Player is slated to retire.

According to the official announcement, business owners with existing Shockwave Enterprise licenses will continue to receive product support until the end of their current contract.  There will be no renewals.

All that to say, the clock is ticking.  If redesigning your company’s website to migrate away from Shockwave and Flash is something you’ve had on the backburner for a while, it’s time to move it to the front of the queue.  Be sure your IT and web development staff are aware, and plan accordingly.  The end is nigh.

0
Posted on Author Atlantic Computer Services Categories Blog

Faster USB Standard Is Coming But There Are Complications

If you have a need for speed, you’ll be thrilled to know that USB 3.2 is on its way. It offers incredible transfer speeds up to 20GB per second, but there’s a catch that could throw a wrench into the works, or at least make things more complicated. At the most recent Mobile World Congress, it was announced that the new USB 3.2 specification will encompass both USB 3.0 and USB 3.1, which creates three different tiers of speed.

The three speeds include:

  • USB 3.2 Gen 1 will bear the moniker ‘SuperSpeed USB’ and will have transfer speeds of up to 5Gbps
  • USB 3.2 Gen two will be called ‘SuperSpeed USB 10Gbps, and as its name indicates, will offer transfer speeds that are twice that of the Gen 1 product
  • USB Gen 2×2 will be marketed as ‘SuperSpeed USB 20Gbps, with the promised 20Gbps transfer speeds

Of particular interest is the SuperSpeed USB 20Gbps product, marketed as 2×2.  It’s able to provide its impressive transfer rate because it utilizes “two lanes” of 10Gbps data transfer, but only when utilizing Type-C cables.  Fortunately, although Type-C cables got off to a bit of a rocky start, those issues are now a thing of the past. USB-IF is encouraging device manufacturers to copy their SuperSpeed nomenclature in an attempt to minimize end-user confusion.

Despite it being a bit more complicated than is necessary, this is very good news.  Transfer speeds have long been something of a bottleneck, and the new tech (USB 3.2 SuperSpeed Gen 2×2) is a welcome addition to the ecosystem.  Look for it to start being available later this year.

For the time being, there’s nothing to be done, except perhaps to make sure you’ve got a little extra money in the budget to spring for the new tech when it becomes available.

 

0
Posted on Author Atlantic Computer Services Categories Blog

Bots Are Attacking Retail Sites On A Large Scale

If you own a retail business, an attack known as “credential stuffing” is the latest online threat to be concerned about.  If you’re not sure what that is, read on and prepare to be dismayed. According to the 2019 State of the Internet, Retail Attacks, and TPI Traffic Report published by Akamai, there has been an surge in large scale botnet attacks against businesses, with retail outlets being the hardest hit.

In fact, according to the report, between May and December of 2018, there were approximately 28 billion credential stuffing attempts made.  One of the web’s largest retail sites suffered over 115 million bot-driven login attempts in a single day.

A spokesman for Akamai had this to say about the report:

“The insidious AIO (all-in-one) bots hackers deploy which are multi-function tools that enable quick purchases by leveraging credential stuffing and a number of evasion techniques, allowing a single AIO bot to have the ability to target more than 120 retailers at once.

A successful AIO campaign may go completely undetected by a retailer, which might see the online sales and record-setting transactions as proof its product is in demand.  They’ll have little to no indication that its inventory clearing was automated and used to fuel a secondary market or scrape information from its customers.”

In most cases, the damage caused by credential stuffing attacks is limited.  Customers whose accounts are compromised may find that they lose points or perks, and that unauthorized charges are made on their accounts. In some cases, a credential stuffing attack could lead to an attacker gaining a foothold inside your corporate network.  Also, large and pervasive attacks could strain web resources and have (on more than one occasion) crashed a web server.

Even in cases where your business isn’t directly impacted, an attack on your customers’ accounts is still an attack on you.  Unfortunately, with so many stolen credentials available on the Dark Web, it’s a notoriously difficult problem to come to grips with.  The best thing you can do is remain vigilant and maintain excellent communications with the customers you serve.

0
1 232 233 234 235 236