Category Archives: Blog

Posted on Author Atlantic Computer Services Categories Blog

Update Apple Devices Soon For Important Security Patch

Apple released a very important security update today. The update fixes a pair of zero-day vulnerabilities that have been spotted in use in the wild to attack both Macs and iPhones. One of the two has been used to install the Pegasus spyware onto iPhones.

These two vulnerabilities are being tracked as CVE-2021-30860 and CVE-2021-30858 respectively. Both vulnerabilities allow attackers to create malicious documents which can be used to execute commands when opened on vulnerable devices.

CVE-2021-30860 is an integer overflow bug in CoreGrapics. It was discovered by CitizenLabs and it allows attackers to craft poisoned PDF documents that execute commands when opened on devices running either iOS or macOS.

CVE-2021-30858 is a WebKit vulnerability that allows attackers to create a malicious web page that executes commands on vulnerable devices running either iOS or macOS. That is any time vulnerable devices visit the poisoned page.

Apple stresses that both of these have been seen in use in the wilds which makes the application of Apple’s latest security patch a high priority.

Apple has struggled against zero-day vulnerabilities in 2021. So far the company has scrambled to address more than a dozen such vulnerabilities on macOS and iOS. That is compared to eleven found that targeted Windows and Android devices.

Consider the nature of these security flaws and the fact that they’re currently being exploited by hackers around the world. So downloading and applying this security patch is something that should be given top priority by anyone with Apple devices connected to your corporate network.

Kudos to the company for their rapid response. We hope however that the volume of zero-day exploits will begin to taper off in the near future. At this point it is unclear whether this is a sign of things to come and something that represents a larger and more disturbing trend or if it’s just a run of bad luck for the tech giant.

0
Posted on Author Atlantic Computer Services Categories Blog

This Malware Can Turn Off Windows Defender

Some malware strains are built with robust protections in order to avoid detection. Zloader goes a step further and actually disables Microsoft Defender AV (formerly known as Windows Defender). That’s significant because according to stats provided by Microsoft Defender AV is preinstalled on more than a billion PCs running Windows 10.

The hackers behind the campaign have changed their delivery vector. Former campaigns conducted by the group that controls Zloader relied on spam and phishing emails. The most recent campaign with the variant that disables Microsoft Defender AV is delivered via TeamViewer Google ads that redirect potential victims to fake download sites.

Antonio Pirozzi and Antonio Cocomazzi are researchers from SentinelLabs.

They had this to say about the most recent campaign:

“The attack chain analyzed in this research shows how the complexity of the attack has grown in order to reach a higher level of stealthiness.

The first stage dropper has been changed from the classic malicious document to a stealthy, signed MSI payload. It uses backdoored binaries and a series of LOLBAS to impair defenses and proxy the execution of their payloads.”

If you’re not familiar with the name Zloader you should know that this malware strain also goes by the names DELoader and Terdot. It was originally built as a banking Trojan way back in 2015 and has been kept up to date. As with many other strains it is based on the Zeus v2 Trojan whose source code was leaked online more than a decade ago.

Zloader has been used in attacks on financial institutions all over the world but a significant number of their attacks have been focused on the US, Australia and Brazil.

Originally it was used to pilfer a wide range of financial data for resale. More recently it has been modified to deliver ransomware payloads such as Egregor and Ryuk. This adds a new and devastating dimension to the attack.

If your business is in any way connected to the financial industry keep a watchful eye on Zloader. It represents a significant risk.

0
Posted on Author Atlantic Computer Services Categories Blog

Ransomware Attackers Look For Unpatched Systems To Exploit

Not long ago Microsoft patched a critical MSHTML remote code execution security flaw being tracked as CVE-2021-40444.

Beginning on August 18th of this year (2021) the company spotted hackers exploiting this flaw in the wild. So far there have been fewer than ten attacks made that exploit this flaw but it’s inevitable that the number will increase.

So far all of the attacks that have been tracked exploiting this flaw have relied on maliciously crafted Word documents and all have resulted in the installation of Cobalt Strike Beacon loaders.

Beacons deployed on at least one of the networks that were attacks communicated with infrastructure connected with a number of cyber crime campaigns. Those include the ones that utilize human-operated ransomware.

At least two of the other attacks tracked to date have delivered Trickbot and BazaLoader payloads. Microsoft observed a huge spike in exploitation attempts from multiple threat actors including some affiliated with ransomware-as-a-service operations.

Microsoft is continuing to monitor the situation but the bottom line is simply this: This flaw has been patched. Researchers connected with Bleeping Computer have independently verified that the exploit no longer works after applying the September 2021 security patch.

Hackers around the world are actively scanning for unpatched systems in order to exploit the vulnerability. If your system is vulnerable then your risk in this instance is extreme. The best course of action is to patch your way out of danger at your earliest opportunity.

If for any reason you are unable to apply the patch be aware that Microsoft has published a viable workaround that includes disabling ActiveX controls via Group Policy and preview in Windows Explorer.

Kudos to Microsoft for addressing the issue and for coming up with a workaround for those who are unable to patch their way to safety.

0
Posted on Author Atlantic Computer Services Categories Blog

Popular HP Gaming Laptops And Desktops Have Security Vulnerability

Do you own an HP Omen, Envy, or Pavilion gaming laptop or desktop? You’re certainly not alone if you do. It’s a wildly popular and incredibly versatile model that has sold millions of units worldwide. Unfortunately there’s a problem. A serious security flaw in a driver used by the Omen gaming software. It comes pre-loaded on all HP Omen laptops and desktops and can be abused by hackers to take control of a target system.

This flaw is being tracked as CVE-2021-3437. It was caused by HP’s decision to use vulnerable code that was copied in part from an open source driver.

The Omen gaming hub can be used by any PC to boost one’s gaming experience via overclocking and creating highly optimized gaming profiles that adjust system settings depending on what game you’re playing.

The software can be downloaded on any PC but as mentioned it comes pre-installed on several of HP’s most popular models. In light of the above the flaw in the HP Gaming Hub software can potentially put millions of users at risk.

If there’s a silver lining it lies in the fact that HP acted quickly and has already patched the issue. In fact a fix has been available since July of this year (2021). If you use the Gaming Hub application be sure to check the version you’ve got installed.

If you’re using HP Omen Gaming Hub 11.6.3.0 or earlier you’ll want to update right away. If you’re using HP Omen Gaming Hub SDK package prior to 1.0.44 you’ll likewise want to grab the latest version.

So far, there have been no reports of this bug being exploited in the wild. It’s still a potentially serious issue though. So if you are currently using a vulnerable version of the software upgrade right away just to be safe.

0
Posted on Author Atlantic Computer Services Categories Blog

Microsoft Accounts Will Allow Passwordless Methods For Users

Microsoft will be rolling out a new passwordless login scheme in the weeks ahead and that should make just about everyone happy.

Passwords and having to remember endless multitudes of them are one of the most annoying aspects of using the web today. Anything that can be done to reduce the number of passwords you have to contend with has to be counted as a good thing.

The Redmond giant began allowing its commercial customers to use the new paradigm back in March of 2020. This was after the company reported that more than a million users were logging into Azure Active Directory without using their passwords.

Liat Ben-Zur, Microsoft’s Corporate Vice President, had this to say about the new feature:

“Now you can remove the password from your Microsoft account and sign in using passwordless methods like Windows Hello, the Microsoft Authenticator mobile app or a verification code sent to your phone or email.

This feature will help to protect your Microsoft account from identity attacks like phishing while providing even easier access to the best apps and services like Microsoft 365, Microsoft Teams, Outlook, OneDrive, Family Safety, Microsoft Edge and more.”

Weak passwords are often what hackers leverage to gain access to corporate networks around the world. Unfortunately recent surveys have indicated that fully fifteen percent of people use their pets’ names as passwords and other obvious data points like dates of birth, anniversaries and the like.

All that to say that eliminating passwords is about more than simple convenience. It stands to make corporate networks around the world more secure.

If you want to start using the new passwordless login feature right now the first thing you’ll need to do is to install the Authenticator app and link it to your personal Microsoft account.

Once that’s done go to your Microsoft account page and sign in and turn on the ‘Passwordless Account’ under Advanced Security Options. It’s fantastic and you’re almost certain to love it.

0
1 74 75 76 77 78 236