Category Archives: Blog

Posted on Author Atlantic Computer Services Categories Blog

Update Addresses Zero Day Exploit For Some Apple Devices

If you’re not familiar with the term, a Zero Day exploit is a security flaw that the software vendor is not aware of and hasn’t yet patched.

In many (but not all) cases, Zero Day Vulnerabilities will also have publicly available proof-of-concept exploits before a patch becomes available.  Quite often, these flaws are being actively exploited in the wild.

Apple has recently released a security update to address one of these types of flaws that impact Macs and Apple Watches.

In this case, the flaw in question is tracked as CVE-2022-22675. It is an out-of-bounds write issue that allows apps to execute arbitrary code.  That’s bad enough all by itself, but in this case, it allows an attacker to execute that code with kernel level privileges.

The flaw impacts all macOS Big Sur versions before 11.6 and tvOS devices before 15.5.

So far in 2022, Apple has released security patches addressing five different Zero Day exploits.

Here’s a quick summary of those:

  • CVE-2022-22587, which allowed attackers to track user IDs and web browsing activity in real time
  • CVE-2022-22594, which did the same thing as above
  • Then, CVE-2022-22620 was discovered and addressed, which is an exploit used to hack iPads, iPhones, and Macs. This exploit allowed remote code execution and can cause OS crashes
  • And in March 2022, two other exploits were addressed. The first, tracked as CVE-2022-22674, is a flaw impacting the Intel Graphics Driver and the second, tracked as CVE-2022-22675, impacted the AppleAVD media decoder.

These five join a long list of Zero-Day exploits the company patched in 2021 that targeted iOS, iPadOS, and macOS devices.

Kudos to the company for their fast action on the Zero-Day front, although the pace of discovery of these types of exploits is distressing to say the least.

In any case, if you own a Mac or an Apple device that uses tvOS, be sure you patch to the latest version right away to minimize your risk.

0
Posted on Author Atlantic Computer Services Categories Blog

New Phishing Attack Delivers Three Types Of Malware To Victims

Phishing campaigns get more effective the more closely they can imitate a trusted source.  Recently, security researchers at Fortinet discovered evidence of a phishing campaign that specifically targets Microsoft Windows users and installs three different types of malware on the systems it manages to infect.

Among other things, this campaign gives the hackers behind it the ability to steal usernames, passwords, banking details, and more. That is in addition to leveraging the infected system to secretly mine for cryptocurrency, which finds its way into a wallet controlled by the hackers.

To lure victims into infecting themselves, the Phishing campaign’s contact emails are all designed to appear as a payment report from a legitimate trusted source, which contains an attached Microsoft Excel document. It is conveniently included for the recipient’s review. Naturally, anyone opening the attached document dooms themselves, as it is poisoned and contains scripts designed to install malicious payloads in the background.

Phishing campaigns remain one of the most popular infection methods in the hacking world.  They tend to gravitate to those techniques that work and require relatively little in the way of effort.

Phishing fits that bill perfectly.  It’s usually a trivial matter to create an email that’s virtually identical to one you might get from a trusted source, and hackers have been poisoning Microsoft Excel files since the earliest days of the internet.

As ever, the best defense against these types of attacks is vigilance and mindfulness.  A quick phone call to the trusted source that supposedly sent you the email communication is almost always enough to verify whether it is real. Shockingly, few users take this step.

In a similar vein, clicking on embedded links in an email or downloading files should be done with a healthy dose of caution. That includes another phone call to the trusted source to be sure they did in fact send you something.

Unfortunately, that’s a lot easier to teach than it is to implement, as employees don’t have a good track record with either of those things.

0
Posted on Author Atlantic Computer Services Categories Blog

Microsoft Warns New Sysrv Botnet Variant Is Dangerous

Security researchers employed by Microsoft have recently spotted a variant of the Sysrv botnet.  They have dubbed the new variant Sysrv-K.

This new variant works in two ways.  First, it exploits a flaw in the Spring Cloud Gateway that allows remote code execution (tracked as CVE-2022-22947). Second, the botnet scans the web for WordPress plugins with older, unpatched vulnerabilities.

Of significance, this variant of the botnet can take control of web servers, which makes it dangerous indeed.

Additionally, Sysrv-K contains new features that the original Sysrv botnet lacked. These include exploits for six different Remote Code Execution vulnerabilities that target the ThinkPHP framework, Drupal CMS, the VMware products XML-RPC, XXL-Job, SaltStack, as well as MongoDB’s Mongo Express admin interface.

Microsoft’s researchers had this to say about their recent discovery:

“A new behavior observed in Sysrv-K is that it scans for WordPress configuration files and their backups to retrieve database credentials, which it uses to gain control of the web server. Sysvr-K has updated communication capabilities, including the ability to use a Telegram bot.

Like older variants, Sysrv-K scans for SSH keys, IP addresses, and host names, and then attempts to connect to other systems in the network via SSH to deploy copies of itself. This could put the rest of the network at risk of becoming part of the Sysrv-K botnet.”

Sysrv-K constitutes a significant threat if you rely on any of the code mentioned above.  Be sure your IT Security staff is aware of this new threat so they can prepare for and guard against it.

Sadly, one thing we know for sure about 2022 is that this won’t be the last serious threat we are forced to bring to your attention in a bid to shed light on the latest activities in the hacking world.  Stay vigilant out there.

0
Posted on Author Atlantic Computer Services Categories Blog

WFH is here to stay Are you ready?

WFH is here to stay. Are you ready?

The year 2020 was nothing like what we had seen before. At a certain point in time, it felt like the world would come to a standstill. With lockdowns and travel restrictions imposed across the world, businesses were pushed into a ‘new normal’. One of the things that was a part of the ‘new normal’, was working from home. This WFH set up brought along with it multiple challenges, especially to those organizations which weren’t into this model already. Accessing critical work information, carrying out meetings on Zoom, attending conferences remotely and even setting up trade show booths online, were all new concepts. While the pandemic may be temporary, one thing is certain–the remote work culture is not.

WFH existed even before the Coronavirus pandemic. There were a sizable number of companies–primarily in the IT industry that routinely hired remote workforce. Freelancers operated remotely too for the most part. However, the pandemic forced every company that can operate remotely to adopt the WFH model. While the initial switch was cumbersome, challenging and even frustrating, the benefits offered by the WFH model can’t be discounted.

Here’s how it benefited employees:

  • Helped save time and money that would otherwise be spent on commuting from home to work
  • Offered greater flexibility, as working from home let employees choose their working hours, at least in some cases
  • They needed fewer days off as things like staying home and caring for a sick child/spouse or an elderly parent didn’t mean having to take a day off work anymore
  • With lesser workplace oriented distractions, they were able to accomplish more in lesser time, which means they had more personal time and a better work-life balance

From the organizational perspective, work from home:

  • Meant more productive, focused, energetic employees with workplace distractions and long commutes eliminated
  • Resulted in lesser absenteeism as employees had flexible work schedules and could be home when their presence was needed, without having to take a day off
  • Helped them save on costs related to maintenance, utilities and employee recreation that they would be otherwise incurring
  • Can help companies save on huge rental expenses by trading larger office spaces for smaller/shared workspaces and conference rooms

So, there’s no doubt that the trend of WFH will continue well beyond this pandemic and become a norm in daily lives. It seems to be creating a win-win situation for both, the employees and the organizations they work for. However, for WFH to function smoothly, you need to have a solid IT infrastructure ensures the transition from the traditional office setup to the WFH model is smooth and the integration between the various elements involved in the new WFH environment is seamless.

Are you ready to switch to the WFH mode? It’s time to get in touch with a managed IT service provider who can help you make this move.

0
Posted on Author Atlantic Computer Services Categories Blog

You Might Need This HP Bios Security Update

HP recently released a BIOS update to address a pair of high-severity vulnerabilities that affect a wide range of PC and notebook products offered by the company.  In both cases, the vulnerabilities would allow an attacker to execute code arbitrarily and with Kernel level privileges.

The two flaws are being tracked as CVE-2021-3808 and CVE-2021-3809 respectively, and both bear a CVSS 3.1 score of 8.8 which makes them both serious issues indeed.

Worse, the two issues impact more than 200 models of HP equipment, including Zbook Studio, ZHAN Pro, EliteBook, ProBook, Elite Dragonfly, business desktop PCs like the EliteDesk and ProDesk, retail PoS computers like the Engage, workstations like the Z1 and Z2, and thin client PCs.

For a comprehensive listing of impacted products, please refer to HP’s security advisory page and scan for the product you own.

Security researcher Nicholas Starke has done a deep dive into both issues.

Starke had this to say about the matter:

“This vulnerability could allow an attacker executing with kernel-level privileges (CPL == 0) to escalate privileges to System Management Mode (SMM). Executing in SMM gives an attacker full privileges over the host to further carry out attacks.”

HP has been having a tough time of things lately.  Just two months ago, the company released a BIOS update that addressed sixteen separate flaws. Three months before that, they released a BIOS update that addressed a completely different set of flaws.

Kudos to HP for their time and attention to this matter. However, one has to wonder what has broken down in their core development process that allowed so many serious BIOS flaws to slip through undetected in the first place?

Unfortunately, there’s no word on that but if you haven’t yet applied the latest security update, you’ll definitely want to apply this one as soon as possible.

0
1 27 28 29 30 31 236