Category Archives: Blog

Posted on Author Atlantic Computer Services Categories Blog

Be Aware That ChromeLoader Malware Is Picking Up Steam

A browser hijacker called “ChromeLoader” has had a large uptick in detections this month, which is raising eyebrows among security professionals.

ChromeLoader can modify a victim’s web browser settings to show search results that promote unwanted (and usually spammy) software, annoying pop-up ads, fake giveaways, adult games, dating sites, surveys, and the like.

As malware goes, there are far worse strains out there.  Rather than infect you with malicious code that locks all your files or installs other destructive forms of malware, this one will see you flooded with scammy or spammy offers. It will  frustrate you by forcing you to click through a sea of ads you’d rather not see, all in a bid to make a bit of coin for the malware’s owners.

It is noteworthy mostly because of its persistence and its aggressive use of Powershell, which it abuses like few other malware strains do.  Even worse, the owners of the malicious code have recently released a variant that specifically targets macOS users, so if you thought you were safe because you were using a Mac, think again.

While we wish that all malware strains were as relatively harmless as this one, that doesn’t mean it isn’t a threat or that you shouldn’t take it seriously.  While it’s not as destructive as most of the malware strains that make the headlines, it’s still a genuine concern that can cause you innumerable headaches.

If you start to see an unusual number of popup ads or if your computer has a scary preference for porn and gaming sites, odds are good that you’ve been infected. It may appear like your computer has a life of its own. If you see those things, the problem won’t go away on its own and you should get your machine to a tech as soon as possible.

0
Posted on Author Atlantic Computer Services Categories Blog

Are your data security measures strong enough?

Are your data security measures strong enough?

Let me start this blog by asking you a question. How did your business respond to the security threats brought on by the COVID-19 pandemic? The reason we are discussing this is because a recent survey conducted by Password Keeper and Ponemon Institute revealed that during the 2020 Coronavirus pandemic, the effectiveness of organizations’ IT posture in terms of cybersecurity dipped by almost 30%.

One of the main reasons for the compromise in IT security was the hurried transition of so many businesses to the remote work model. Working from home often meant the staff were using their personal computers to access work data, sometimes, even on shared WiFi networks without the latest software updates, security patches and firewalls–all invitations to cybercriminals. But, the research also pointed out that almost 50% of the respondents were also concerned about the physical safety of their data. When employees work from home, business data is stored on their personal devices. This includes personal laptops, desktops, thumb drives, external hard disks and sometimes, even smartphones and tablets. Ensuring the data stored in such a manner is not lost, stolen or inadvertently made public is a huge challenge. The cloud can help resolve this challenge to some extent. By migrating your data to the cloud you get a range of benefits such as

  • It is easily accessible-from anywhere, anytime using an internet enabled tablet, computer or even a smartphone
  • The cloud service provider offers multiple layers of security to keep your data safe from prying eyes
  • There is no chance of losing data due to misplaced thumb drives or computer hard disk crashes

An MSP offering cloud services will be able to assist you in making the transition from physical data storage to the cloud smoothly. They can also address cybersecurity concerns and offer solutions. However, migrating to the cloud alone is not the solution to all data security issues. You will still need to train your staff on how to identify and avoid malware attacks, phishing scams and to practice basic password hygiene and data security best practices.

0
Posted on Author Atlantic Computer Services Categories Blog

 New Phishing Attacks Use HTML Email Attachments

HTML attachments as an attack vector may seem a little old school. However, according to statistics compiled by Kaspersky Lab indicates that in 2022, that form of attack is not just simply still being employed, but hackers are making surprisingly regular use of it.  The security company detected more than two million emails of this kind targeting Kaspersky customers in the first four months of the year (2022).

The specific breakdown of monthly instances looks like this:

  • January 2022: 299,859 instances
  • February 2022: 451,020 instances
  • March 2022: 851,328 instances
  • And April 2022: 386,908 instances

The researchers aren’t clear on exactly what caused the huge spike in March but they note that it returned to expected levels the month following.

Using HTML attachments as an attack vector saw a big spike in 2019 and then it seemed to fall out of favor. The number of instances dropped markedly and prompted some security researchers to conclude that, based on current trajectories, the attack vector was on the way out.

The last four months seem to have disproved that notion and HTML attachments are back in fashion in the underbelly of the web.

It’s important to remember that merely opening these files is in many cases enough to have JavaScript run on your system. That could lead to the target system being hijacked using a malware-assembly-on-disk scheme that could allow it to bypass antivirus software entirely.

This isn’t something that gets mentioned very often in employee email safety training, but it should be.

As ever, the best defense against any type of phishing attack is to treat any incoming email message from a sender you don’t know with a healthy dose of skepticism. If that email contains an attachment, those attachments should be treated even more skeptically.

0
Posted on Author Atlantic Computer Services Categories Blog

Upgrade This WordPress Plugin To Avoid Being Hacked

Do you own and manage a WordPress site either personally or as part of your business?  Do you also use the Tatsu plugin which offers a powerful suite of in-browser editing features and has been installed by more than 100,000 users worldwide?

If so, be aware that there is a serious security flaw in the plugin, and you should update right away to minimize your risk.

The vulnerability in this case is being tracked as CVE-2021-25094 and allows a remote attacker to execute arbitrary code.  The developers behind the plugin made a patch available that protects against the exploit, and that patch has been available since April (2022). Shockingly though, only about half of Tatsu’s users have updated their plugin, leaving more than fifty thousand websites around the world still vulnerable.

Finding out if you’re included in that number is easy.  Simply check the version of Tatsu you’re running.  If you’re running anything from before version 3.3.12, you are at risk and should update as soon as possible.

Independent security researcher Vincent Michel is credited with discovering the flaw, and he made his discovery public on March 28th 2022, releasing proof of concept exploit code along with his disclosure.

The plugin vendor was highly responsive and released a patch less than two weeks later on April 7th 2022. They urged all users to apply the update right away.

Unfortunately, that plea fell on as many deaf ears as responsive ones, which is how we got where we are today.

Wordfence has been tracking the number of times that hackers have made use of this exploit and has observed a large, widespread campaign in progress.  The company reports that more than a million attacks have come from just three IP addresses (148.251.183; 254, 176.9.117.218; and 217.160.145.62).

Site administrators are urged to add these IP addresses to their blocklist in addition to updating.  It is very good advice.

0
Posted on Author Atlantic Computer Services Categories Blog

Update VMWare Apps Now For Critical Security Vulnerabilities

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory that serves as a stark warning.

If you’re using VMware products that are impacted by recently disclosed critical security flaws, either patch them immediately or remove them from your network.

CISA issued the dire warning because the last time critical security flaws were discovered in VMware products, hackers began exploiting them within 48 hours after they were disclosed.

In this case, the two recently disclosed issues are being tracked as CVE-2022-22972 and CVE-2022-22973, with severity scores of 9.8 and 10, respectively.

The flaws impact the following:

  • VMware Workspace ONE Access (Access)
  • VMware Identity Manager (vIDM)
  • VMware vRealize Automation (vRA)
  • VMware Cloud Foundation
  • and vRealize Suite Lifecycle Manager

Patches that protect against exploitation of these flaws are already available and VMware is likewise advising customers using the impacted products to apply them as soon as possible, describing the ramifications of delaying as “serious.”

This isn’t the first time VMware’s products have been in the spotlight.  Just last month, there were two other flaws (tracked as CVE-2022-22954 and CVE-2022-22960), which impacted the same products.

Although VMware moved quickly in that instance, releasing a patch very quickly, hackers were able to reverse engineer those patches and exploit the flaws anyway.

Worst of all, the security firm Rapid7 has already seen evidence of the exploitation of these flaws in the wild. So every day you don’t patch, you’ve essentially got a target on your back.

CISA has issued the same warning to federal agencies, saying:

“CISA expects threat actors to quickly develop a capability to exploit these newly released vulnerabilities in the same impacted VMware products. Exploiting the above vulnerabilities permits attackers to trigger a server-side template injection that may result in remote code execution (CVE-2022-22954); escalate privileges to ‘root’ (CVE-2022-22960 and CVE-2022-22973); and obtain administrative access without the need to authenticate (CVE-2022-22972).”

Serious issues indeed.  Update as soon as possible.

0
1 26 27 28 29 30 236