Category Archives: Blog

Posted on Author Atlantic Computer Services Categories Blog

Popular Gaming Company Has An Installation Software Server Vulnerability

You may not be familiar with the name “SteelSeries” unless you’re a gamer.

The company makes an exceptional line of gaming gear including keyboards, mice, and gaming headsets.

If you buy one of their devices you will undoubtedly use the company’s app to install and configure your new gear.

Unfortunately, the app has a bug that can be exploited by hackers to take full control of your system. You don’t even need to actually own a SteelSeries device although it is unlikely that you’d install the app if you didn’t have one.

The bug was discovered by a researcher named Lawrence Amer. He began investigating the SteelSeries installation app after hearing about a similar bug that impacted the Razer Synapse software. The theory was that since the two companies made similar products, their installation apps may suffer from similar weaknesses and limitations. That theory proved to be absolutely correct.

A spokesperson for SteelSeries had this to say about this issue:

We are aware of the issue identified and have proactively disabled the launch of the SteelSeries installer that is triggered when a new SteelSeries device is plugged in. This immediately removes the opportunity for an exploit and we are working on a software update that will address the issue permanently and be released soon.”

This is a somewhat exotic attack that won’t impact a huge number of consumers so your risk is relatively low. Low risk is still greater than no risk, however. If you’re a gamer just be aware that these issues exist and keep an eye out for the coming patch. The company hasn’t released an ETA yet so we don’t know for sure when it’s coming but we know that it is.

Kudos to Mr. Amer for his keen eye and to SteelSeries for their prompt attention to the matter.

0
Posted on Author Atlantic Computer Services Categories Blog

Windows Server 2022 Has Been Released

Some products are released with lots of fanfare. Others with very little. There was almost no fanfare behind the release of Windows Server 2022 but it is currently available to customers.

Windows Server 2022 has been in development for more than a year and comes in three different variants depending on your needs: Standard, Datacenter and Datacenter: Azure Edition.

According to a recently updated Windows Server 2022 documentation page the mainstream support for Windows Server 2022 will run from now to October 13th, 2026. Extended support will be available until October 14th, 2031.

According to the Windows Server 2022 documentation here’s a quick overview of just some of the things the new OS makes possible:

  • Apply advanced multi-layer protection against threats enabled easily with secured-core server.
  • Secure connectivity to business-critical assets with an additional layer of security during transport, including support for HTTPS and TLS 1.3 enabled by default.
  • Manage and govern Windows Server on-prem with Azure Arc
  • Get better virtual-machine management with the latest Windows Admin Center.
  • Migrate file servers from on-premises to Azure with new supported scenario in Storage Migration Service.
  • Improve container application deployment with smaller image size for faster download and simplified network policy implementation.
  • Update .NET applications with the new containerization tool in Windows Admin Center.

Interested in learning more or giving Windows Server 2022 a try? Microsoft has scheduled a virtual Windows Server Summit for September 16th of this year and are planning to provide the first in-depth public demo during the summit.

By all accounts and based on everything we’ve seen so far Windows Server 2022 is going to be absolutely fantastic. It is brimming with features that administrators have been clamoring for and filled with features designed to simplify your life. Windows Server 2022 will likely become your go to solution. Stay tuned for the virtual summit. You won’t want to miss it.

0
Posted on Author Atlantic Computer Services Categories Blog

These Small Business Cisco Routers Should Be Replaced

Do you own any of the following Cisco UPnP (Universal Plug and Play) routers?

  • RV110W
  • RV130
  • RV130W
  • Or RV215W

If you do then you will want to replace your gear as quickly as possible. The small business VPN routers listed above are nearing their end of life and end of support and the company recently announced that there will be no additional security patches coming.

That’s significant because these VPN UPnP routers are plagued by a serious zero-day bug tracked as CVE-2021-34730.

It should be noted that there are no known proof of concept exploits for this vulnerability and there are no known instances of it having been abused by hackers in the wilds. Even so it is just a matter of time before someone somewhere in the world takes advantage of it. This is especially true given that Cisco has specifically indicated that they have no intention of patching the issue.

If you’re not in a position where you can upgrade to a newer router then there is a relatively simple workaround that will eliminate your risk. Be aware that doing so will limit the equipment’s utility.

The issue abuses the VPN feature of the routers in question. Simply toggling the VPN service off (disabling it) will protect you from being attacked via this avenue, at least.

If you’re not sure how to toggle the VPN setting off, Cisco offered the following on a recent security bulletin.

“To determine whether the UPnP feature is enabled on the LAN interface of a device, open the web-based management interface and navigate to Basic Settings > UPnP. If the Disable check box is unchecked, UPnP is enabled on the device.”

The advice is helpful but it’s a pity that Cisco made the decision not to patch the security flaw. Upgrade as quickly as you’re able to.

0
Posted on Author Atlantic Computer Services Categories Blog

Recent Massive Data Breach Attacks T-Mobile Company

US telecommunications giant T-Mobile is the latest big company to suffer from a successful hacking attack. The company is still cooperating with law enforcement and investigating an attack.

Here are the details. A threat actor claimed to have made copies of databases that contained personal information belonging to more than 100 million of the company’s customers.

The attacker is currently offering copies of the database for sale on the Dark Web for six bitcoin valued at approximately $280,000 USD at the time this article was written.

The database being offered contains useful information including:

  • First and last name
  • Dates of birth
  • Driver’s license numbers
  • And social security numbers belonging to more than 30 million people.

The remaining records also contain personal information but the information is somewhat less comprehensive than the 30 million records mentioned above.

According to the attacker he was able to make off with their entire IMEI history database dating back to 2004. In all the attacker claims to have made off with more than 106 GB worth of data and is actively seeking buyers.

According to the hacker the attack against T-Mobile was launched as an act of revenge against the US for the apprehension of another hacker named John Erin Binns in Germany in 2019. How much of this claim is true is unknown at this time.

If you’re a T-Mobile subscriber there is nothing for you to do at present except to be mindful that large amounts of data may have been stolen. Keep a watchful eye on your accounts in the event that your customer record was compromised.

We can expect the company to make an additional announcement as their investigation reaches its conclusion. For the moment just be mindful of it and be aware that no company is too big or too small to be a target of relentless hackers. Your company could be next.

0
Posted on Author Atlantic Computer Services Categories Blog

Windows 11 Makes It Harder To Switch From Edge Browser

Analysts who have been following the development of Windows 11 generally have good things to say about the redesign of the interface. There is one aspect of the new OS that’s been raising hackles and causing analysts to sound alarm bells. That has to do with the new software’s browser controls.

Microsoft faced a chorus of accusations of unfair competition from web browser competitors when recent Windows 10 updates made Microsoft Edge the machine’s default browser. That was even in cases where users had previously selected some other browser to serve as their default.

If rival browser companies didn’t like that move they’re going to be absolutely furious about Windows 11. The new version of Windows makes it even more difficult to change the default browser away from Microsoft Edge.

Tom Warren of the Verge discovered that in order to set Chrome or some other browser as default, there are are quite a few steps. Users would have to check boxes identifying Chrome or the browser of the user’s choice for every type of link (HTM, HTML, PDF< SHTML, XHTML, FTP, HTTP, HTTPS, etc.).

In other words there is no single box you can check to set a default browser and its absence may confuse a certain percentage of users. Users will wind up using Edge whether they want to or not simply because they find it too confusing to switch to something else.

After a user selects some other browser as default by clicking the requisite check boxes they’ll get one additional plea from the company asking them to “Try Microsoft Edge – It’s fast, secure, and built for Windows 11.”

Microsoft explains that the presence of multiple check boxes give users more fine-grained control over what browser they want to use. While that may be the case competitors see it as a heavy-handed means of ensuring that more users wind up staying with Edge. That’s even if they don’t really want to.

0
1 78 79 80 81 82 236