Tag Archives: Business Advice

Posted on Author Atlantic Computer Services Categories Blog

Large Scale Okta Phishing Campaign Targets Many Organizations

According to ongoing research by Group-IB, a massive phishing campaign is currently underway.

This is a campaign that has impacted no less than 130 organizations across a broad range of industries. These include but are not limited to professional recruiting firms and companies connected to finance and technology.

Some of the companies targeted include giants in their respective fields such as:

  • TTEC
  • Best Buy
  • HubSpot
  • Evernote
  • Riot Games
  • AT&T
  • Epic Games
  • Microsoft
  • Twitter
  • Slack
  • Verizon Wireless
  • MetroPCS
  • Twilio
  • MailChimp
  • Klaviyo
  • And T-Mobile

This comes with an unsuccessful attempt to breach Cloudflare’s network as well.

The phishing campaign utilizes a kit that has been code-named ‘Oktapus,’ and has been underway since at least March of this year (2022).  As the Group-IB report indicates, it has many tentacles indeed.  So far, the group behind the campaign has been able to steal nearly ten thousand login credentials and use these to gain access to targeted networks.

The attack begins simply enough, as many such attacks do.  The target receives an SMS message with a link to a web page.  This page appears to be legitimate.  It is a precise copy of a corporate webpage, utilizing all the right branding and logo images.

Invariably, users are presented with a login box and are promoted to enter their account credentials and two-factor authentication codes if applicable.  Doing so hands that information over to the hackers controlling the site, giving them another login to abuse.

Okta is a perfectly legitimate and in fact, widely respected Identity-as-a-service (IDaaS) platform that allows users to employ a single login to access all software assets in their company.  Unfortunately, hackers have discovered a means of abusing that to steal customer data, which is then used to conduct additional attacks, targeting firms in the supply chain of the initially targeted company.

Even if your company isn’t connected to any of the industries the hackers have targeted thus far, be sure your IT staff is aware of this threat.

0
Posted on Author Atlantic Computer Services Categories Blog

Lenovo Models Affected By Medium Severity Vulnerabilities

If you own a Lenovo laptop, be aware that researchers at ESET have recently discovered a trio of bugs reported to Lenovo that could allow an attacker to disable security features and hijack your operating system.

The issues are tracked as CVE-2022-1890, CVE-2022-1891, and CVE-2022-1892 and are all classed as medium severity level.

The first of these is an issue in the ReadcyBootDxe driver used in some of Lenovo’s products, while the other two are overflow bugs in the SystemLoadDefaultDxe driver.

Unfortunately, the issue is quite widespread, as the SystemLoadDefaultDxe driver is used in more than 70 different Lenovo models. That includes everything in the IdeaPad, Flex, ThinkBook, V14, V15, V130, Slim, S145, S540, S940, and Yoga product lines.

The company has issued a formal advisory regarding the issue and has a complete listing of all their products impacted by these flaws on their website.

ESET had this to say about their recent discovery:

“These vulnerabilities were caused by insufficient validation of DataSize parameter passed to the UEFI Runtime Services function GetVariable.  An attacker could create a specially crafted NVRAM variable, causing buffer overflow of the Data buffer in the second GetVariable call.”

If there’s a silver lining to be found here, it lies in the fact that exploiting these flaws is not a trivial task and requires a skillset that is likely beyond a great many of the world’s hackers.

That does not mean that you are safe. You are very much at risk. The good news though is that at least a casual or relatively inexperienced hacker will not be able to easily exploit these weaknesses.  They’re still well worth keeping on your company’s radar, however.

One final note to be aware of is that if you’re having trouble determining whether your Lenovo is on the vulnerable list, the company has published a website that auto-detects for the vulnerability.  It is hands down the fastest way to find out for sure. Good luck out there!

0
Posted on Author Atlantic Computer Services Categories Blog

Hackers Use VoIP Systems To Install PHP Web Shells

Security researchers at Unit 42, a division of Palo Alto Networks, have been tracking the efforts of a massive campaign aimed at Elastix VoIP telephony servers.

They are used by companies of all shapes and sizes to unify their communications, and it is especially attractive because it can be used with the Digium phones module for FreePBX.

So far, the team has collected more than half a million malicious code samples over a three-month period.  An analysis of those code samples reveals that the attackers are exploiting a remote code execution vulnerability. It is being tracked as CVE-2021-4561 and carries a severity rating of 9.8 out of ten.

Security researchers report that hackers have been actively exploiting this flaw since at least December 2021.

Based on the code samples collected, the Unit 42 team believes that the attackers’ goal was to plant PHP web shells on successfully penetrated systems. That would allow them to execute arbitrary commands on the compromised servers.

Another security firm, Check Point, confirms Unit 42’s findings and both teams stress that the campaign is still ongoing.  Worse, it appears that there are two different groups involved in the attack. Although it is not currently known whether they are coordinating their efforts or if that fact is coincidental. Perhaps it is a case of one following the other so as not to miss out on an opportunity.

The attackers behind the campaign are both clever and technically savvy.  They’ve built in some good anti-detection strategies into the attack, such as masking the name of the back door so that the file name resembles that of a known file already on the system.  It would take a sharp pair of eyes indeed to spot it.

In any event, if you use Elastix VoIP, be sure your IT people are aware of this threat.

0
Posted on Author Atlantic Computer Services Categories Blog

The Importance Of Having An Email Newsletter

Most business owners understand the importance of being active on at least one social media channel. That’s fine as far as it goes, but have you considered supplementing your social media presence with a good, old-fashioned newsletter?

Of course, when we say newsletter, we’re not talking about something you print and mail to your customers but rather something you publish electronically and email.

Not many companies do this anymore and that’s a real shame. While social media is fine, a regularly published newsletter can be a powerful companion to your online presence and can have several benefits.

First and foremost, it makes you stand out in the minds of your customers because again, not many companies are doing that anymore.

Second, whether you publish every two weeks or once a month, it gives you an opportunity to reach out to your customers at regular intervals. That keeps you on the collective minds of your customers.  If they’re thinking about you, they’re apt to head to your website or brick and mortar location the next time they need something.

Third, if your newsletter contains case studies or if it highlights the ways in which your company is responding to industry changes, it sends a clear message that you’re an authority on the topics you’re writing about. Everybody loves doing business with experts because experts really know what they’re doing.  It gives your customers peace of mind and confidence when they buy from you, and that makes them more likely to do so.

Finally, it’s a great way to give people who have done business with you before a sneak peek of upcoming products or services you plan to release, which makes them feel like they’re one of the insiders.  They’re in the know in ways that people who don’t get your newsletter simply aren’t, and that helps to create a powerful connection.

All that to say, if you don’t yet have a company newsletter, you may want to give serious consideration to starting one.  Done well, it will help your company in a wide range of ways.

0
Posted on Author Atlantic Computer Services Categories Blog

How To Easily Create An Efficient Workspace

The more efficient you are, the more effective you are.  That’s true whether you’re working from the office or from home.

Fortunately, most office environments lend themselves to being efficient, so there’s probably not much you need to do on that front. So, the tips below are aimed mostly at those who are working from home.

Having said that, if you want to try and squeeze out a bit more efficiency from your office setup, you can certainly apply these ideas there too!

1 – A second monitor

One thing that’s true about modern work life is that it’s complicated.  On any given day, depending on what you do for a living, you need to access a stunning range of online resources.  So many in fact, that it can be a little overwhelming.

The advent of tabbed browsing has helped somewhat. However, if you find yourself having to access your email system, several locations on your company’s network, and several online applications during  a typical workday, having a second monitor can be a real lifesaver.  Consider it a matter of “dividing and conquering” digital style.

2 – Remove distractions

This is a big one for anyone working from home.  Most offices are inherently designed to minimize distractions. If you’re working from home and have decided to set up shop at the kitchen table, you could find your work day to be absolutely riddled with distractions.

Far better than the kitchen table would be a seldom used spare room if you have one.  A place you can go and shut the door as needed so you can focus on the task at hand.  If that’s not possible, then communication with and understanding from your family is key so they know that when you’re working, you’re working.

3 – A visually interesting space

Our minds don’t tolerate monotony and drudgery very well.  Most people need at least a splash of color to make a space visually interesting to work at something close to peak efficiency.

That will take different forms for different people.  Some might be enchanted by the idea of a small deskside plant.  Others will want a visually interesting picture on the wall or on their desk.  Find your thing.  Find that component that puts your mind at ease and add it to your work environment.  You’ll be amazed at the results!

Efficiency is as much about organization as it is a state of mind.  Both of those elements need to be working in tandem if you want to maximize your efficiency and your productivity.

0
1 2 3 4 23