Category Archives: Blog

Posted on Author Atlantic Computer Services Categories Blog

Another Point Of Sale Data Breach Hits Retailers

Another week, another data breach. This time, the target of the breach was North Country Business Products (NCBP), a company that makes point of sale (POS) terminals for businesses.

Although NCBP was the target, they weren’t the ultimate victims of the breach. Hackers infiltrated NCBP’s network and installed malware onto the company’s POS terminals.

These were then sold to businesses around the country. In all, according to the latest information published by NCBP about the incident, a total of 139 business locations received these poisoned POS terminals. This allowed hackers to gain control of any payment information processed through those terminals.

In all, NCBP POS systems are installed in more than 6500 locations nationwide, meaning the scope and scale of this breach was approximately 2 percent of the company’s installed terminal base.

So far, North Country’s handling of the incident has been admirable. The breach occurred on January 3rd, 2019. The company discovered it on January 30th, but noted that the attackers ceased all activity on January 24th when they began detecting investigators probing for their presence.

NCBP has informed law enforcement, enlisted the aid of a third-party forensic investigator, and have published a list of all infected POS terminals on their website. All of the invested terminals are bars, coffee shops, or restaurants, with an even mix of standalone businesses and franchises.

The investigation into the matter is still ongoing. As yet, NCBP and the agencies assisting them have not determined exactly what the impact is or has been for each of the affected businesses.

All that to say, if you own an NCBP POS device, be sure to head to the company’s website to find out if your business is on the list of impacted customers. If so, you may have already been contacted by the company.

0
Posted on Author Atlantic Computer Services Categories Blog

Safari On Mac Now Vulnerable To Browser History Theft

There’s a new macOS security flaw you and your staff need to be aware of.  It was discovered by Jeff Johnson, the developer of the Underpass app for both Mac and iOS, and the StopTheMaddness Safari browser extension.

Fortunately, the new flaw is not one that can be exploited remotely.  Users would have to be tricked into installing a malicious app via social engineering or other tricks.

On the other hand, the flaw is critical and impacts all known macOS Mojave versions.

Mr. Johnson had this to say about the matter:

“On Mojave, certain folders have restricted access that is forbidden by default.  For example, ~/Library/Safari.  In the Terminal app, you can’t even list the contents of the folder.  However, I’ve discovered a way to bypass these protections in Mojave and allow apps to look inside ~/Library/Safari without acquiring any permission from the system or from the user.  There are no permission dialogs.  It Just Works.  In this way, a malware app could secretly violate a user’s privacy by examining their web browser history.”

Johnson reached out to Apple privately and shared the full details of the flaw, but refused to provide more details than the above to the general public, saying that since the issue has yet to be patched, he does not want to put macOS users at risk.

Although Apple has formally acknowledged his report, the company has to this point provided no information on some things. This includes what level of importance they’re giving a fix for the issue, and what their time frame might be in terms of issuing a fix.

It’s a serious issue, no doubt, but there’s a lack of public details about it. The fact that it can’t be executed remotely suggests it’s not as big a threat as it could be.  Even so, be mindful of it until Apple issues a fix.

0
Posted on Author Atlantic Computer Services Categories Blog

Right Clicking In Gmail Will Unveil Its New Features

When is a right click more than just a right click?  When Google reveals its latest changes to Gmail, of course!

The tech giant has recently announced that they’re going to be overhauling Gmail’s right click menu options. This will enhance its value by adding more and better functionality, with an eye toward improving the overall user experience.

The current right click menu offers the following functionality:

  • Move to Tab
  • Archive
  • Mark as Read
  • Delete

The coming changes will expand to include:

  • Search options
  • Reply and Forward functionality
  • Snooze
  • Mark as Unread
  • Movement Options
  • Labeling
  • The option to open an email in a new tab

You won’t have to take any action to gain the benefits of these new features.  The pending update will make them available to all Gmail users automatically.

In terms of a time frame, Rapid Release domains will begin receiving the update on February 11th 2019 although it can take up to fifteen days for the new features to become visible. The roll-out to the general public is slated for February 22nd, although it could be up to three days before the new menu options become visible to all users.

These are fantastic additions and we can hardly wait to start using them.  Odds are excellent that Google’s recent changes will have ripple effects that extend far beyond Gmail, too.  The reality is that menu functions tend to get taken for granted.  At this point, they’re so well established and entrenched that most people don’t even consider the possibility of tweaking them to improve overall functionality.

That’s unfortunate, but given the coming changes, the hope is that it will prompt other email providers and software vendors in general to go back to the drawing board and reassess their time-honored menu options to see what other improvements can be realized.

0
Posted on Author Atlantic Computer Services Categories Blog

Email Provider VFEmail Had All Data Destroyed By Attacker

Do you use VFEmail?  If so, we’ve got bad news for you.

Hackers have successfully attacked the system and wiped all data from all of its servers in the US.

All data on those servers has been lost.  That means every email you had in your inbox and everything you had archived is gone.

According to a company spokesman, “At this time, the attacker has formatted all the disks on every server.  Every VM is lost.  Every file server is lost.  Every backup server is lost.”

The hackers made no attempt to lock files and ransom them.  They simply went in and destroyed, opting for maximum damage, and they succeeded. Although attempts are being made to restore the data, the outlook isn’t good.  Odds are overwhelmingly against anyone ever getting so much as a single email back.  Even if some data is ultimately recovered, users should not expect to get more than a fraction of their data back.

At this point, the company’s website is up and running again, but all of its secondary domains are down. These include:

  • Toothandmail.com
  • Powdermail.com
  • Openmail.cc
  • Offensivelytolerant.com
  • Metadatamitigator.com
  • Manlymail.net
  • Clovermail.net
  • Mail-on.us
  • Chewiemail.com

When you log onto your VFEmail account, you’ll be greeted with an empty inbox.

This isn’t the first time that VFEmail has come into the crosshairs of a hacking group.  In late 2015 a group called the Armada Collective targeted VFE and others with a massive DDoS attack, demanding ransom payments to halt the attack.  Unfortunately, this time, the hackers weren’t interested in taking prisoners or making money.

Sadly, this isn’t the first time a company has been brought to almost complete destruction.  In 2014, a company called Code Spaces was forced to close its doors when hackers breached their system and did the same thing.

If it can happen to Code Spaces and VFEmail, it can happen to your company too.  Beware.

0
1 234 235 236