Tag Archives: Business Advice

Posted on Author Atlantic Computer Services Categories Blog

Cisco Email Gateway Appliance Users Should Apply Security Patch

Tech giant Cisco recently sent out a notification to its vast customer base urging them to apply a recently issued patch that addresses a critical security vulnerability. This vulnerability could allow an attacker to bypass the authentication process entirely and gain access to the web management interface of Cisco email gateway appliances with non-default configurations.

The flaw in question is being tracked as CVE-2022-20798 and is present in the external authentication routines of ESAs (Cisco’s Email Security Appliances) and Cisco Secure Email and Web Manager appliances, both virtual and hardware.

The company had this to say about the flaw:

“An attacker could exploit this vulnerability by entering a specific input on the login page of the affected device.  A successful exploit could allow the attacker to gain unauthorized access to the web-based management interface of the affected device.”

Oddly enough, this security flaw does not impact appliances with default configurations. That makes this one of the rare times where if an admin had not switched away from the default configs, he’d be safer. That is at least where this flaw is concerned.

In any case, if you have one of the Cisco appliances mentioned above on your network, be sure to apply the patch as soon as possible to minimize your risk.  If you’re unable to apply the patch for one reason or another, there is a workaround you can use in the short run, described below.

You’ll need to disable anonymous binds on the external authentication server, which should give you at least some protection and some additional time to deploy the patch.

Kudos to Cisco for their fast action here.  We can only hope that the next critical security flaw we report on is handled as adroitly by whatever company is at the helm.

0
Posted on Author Atlantic Computer Services Categories Blog

Simple Ways To Hire The Perfect Candidate The First Time

Top quality talent can be difficult to find in any field, if you have spent any time looking for and hiring people, you know the challenge can be an especially daunting one.  There’s tremendous competition for talented folks. Given the cost of hiring and training new people, it’s something you want to get right the first time as often as possible.

The question is: how?

The good news is that there are multiple things you can do to take the guesswork out of the equation.

The most pivotal steps are these:

First, if you’re not already plugged into the best online recruiting platforms, that should be your first stop.  This is far and away superior to placing an ad in your local paper or other more traditional means of hiring.

It isn’t that you can’t find plenty of good people in most any good-sized city, but you gain access to a much broader and deeper pool of talent if you shop globally for your new hires.

In the old days, that usually meant paying a premium to try and get a new hire to relocate. However, managers are increasingly embracing the notion of letting many of their staff members work from home, wherever that might be.  If you’re willing to do that, you can find top talent anywhere in the world and put them to work for you in short order.

Second, you’ll want to hold at least three interviews.  One should be over the phone to get a general sense of the employee. Next would be a second interview where you introduce the prospective new hire to the people they’ll actually be working with to ensure that he or she is a good fit. Finally as a last step, do a written or practical interview that serves the same function as a university exam.

This last bit is key, because it gives you a chance to see how they work and how they think. That can generally tell you how efficient and effective they’ll be in the position you have in mind for them.

If you do all of these things every time you hire, you’ll almost never mis-step when bringing a new employee onboard.

0
Posted on Author Atlantic Computer Services Categories Blog

Researchers Warn About Symbiote Malware Which Attacks Linux Machines

Are you a Linux user?  If so, be aware that there is a new kind of malware to be concerned about. The BlackBerry Threat Research and Intelligence team, in concert with Joakim Kennedy (an Intezer Analyze security researcher), have announced the discovery of a new strain of malware.

They’ve dubbed it Symbiote, and it was named because of its parasitic nature.

Actual discovery of the strain occurred a few months ago but the team has been studying it since.  It is markedly different from most of the Linux malware you see today, as it acts as a shared object library that is loaded on all running processes via LD_PRELOAD.

Once the malicious code has its hooks in a target machine, it provides the hackers controlling it with rootkit functionality.

The earliest samples of this strain date back to November 2021, and based on an analysis of its code, its primary targets were intended to be financial institutions located in Latin America.

The researchers had this to say about their recent discovery:

“When an administrator starts any packet capture tool on the infected machine, BPF bytecode is injected into the kernel that defines which packets should be captured.  In this process, Symbiote adds its bytecode first so it can filter out network traffic that it doesn’t want the packet-capturing software to see. When we first analyzed the samples with Intezer Analyze, only unique code was detected.  As no code is shared between Symbiote and Ebury/Windigo or any other known [Linux] malware, we can confidently conclude that Symbiote is a new, undiscovered Linux malware.”

The Linux ecosystem isn’t targeted as often as Apple, Windows, or Android. So the fact that this new threat has emerged is noteworthy indeed.  If you have any Linux infrastructure on your network, be sure to stay aware of this new potential threat.

0
Posted on Author Atlantic Computer Services Categories Blog

Beware New Windows Vulnerability With Remote Search Window Access

You may not know the name Matthew Hickey, but you should thank him for a recent discovery that could save you a lot of grief.

Hickey is the co-founder of a company called Hacker House.  He recently discovered a flaw that could allow for the opening of a remote search window simply by opening a Word or RTF document.

This newly discovered zero-day vulnerability is about as serious as it gets.

Here’s how it works:

A specially crafted Word Document or RTF is created which, when launched, will automatically launch a “search-MS” command, which opens a Windows Search window.

This window lists executable files on a remote share and the share can be given any name the attacker desires such as “Critical Updates” and the like. That would naturally prompt an unsuspecting user to click the file name to run that file.

Naturally, clicking the file name wouldn’t do anything other than install malware, which is exactly what the hackers are trying to do.

Although not quite as dangerous as the MS-MSDT remote code execution security flaw, this one is still incredibly serious. Even worse, there is not currently a patch that will make your system safer.

The good news however, is that there are steps you can take to minimize your risks.

If you’re worried about this security flaw, here’s what you can do:

  • Run Command Prompt as Administrator.
  • To back up the registry key, execute the command “reg export HKEY_CLASSES_ROOTsearch-ms search-ms.reg”
  • Execute the command “reg delete HKEY_CLASSES_ROOTsearch-ms /f”

Kudos to the sharp eyes of Matthew Hickey for first spotting this flaw.  We can only hope when the next zero-day rears its head, researchers like Mr. Hickey will be there to help point them out and show us how to defeat them.

0
Posted on Author Atlantic Computer Services Categories Blog

Millions Of MySQL Server Users’ Data Found On The Internet

Do you maintain a MySQL server?  If so, you’re certainly not alone.  What you may not know is that according to research conducted by The Shadowserver Foundation, (a cybersecurity research group) there are literally millions of MySQL servers visible on the internet that shouldn’t be. In all, the group found more than 3.6 million MySQL servers visible on the web and using the default port, TCP port 3306.

The company noted that they did not check for the level of access possible, or the exposure of specific data. The fact remained that the server itself was visible and that alone was a security risk, regardless of any other factors.

The United States led the world in terms of total number of exposed servers, with just over 1.2 million, but there were also substantial numbers to be found in Germany, Singapore, the Netherlands, and China.

The company broke their scan down in much more detail and granularity in their report.

Here are the highlights:

  • Total exposed population on IPv4: 3,957,457
  • Total exposed population on IPv6: 1,421,010
  • Total “Server Greeting” responses on IPv4: 2,279,908
  • Total “Server Greeting” responses on IPv6: 1,343,993
  • 67 percent of all MySQL services found are accessible from the internet

And here’s the bottom line:  An exposed MySQL server has serious security implications that can lead to a catastrophic data breach that sees a company lose control of proprietary data or sensitive customer data.

In addition to that, it can give hackers an easy inroad to mine your network with a wide range of malware, allowing them to siphon data from you in real time and over an extended period. They can also wholesale encrypt your files and demand a hefty ransom to regain access.

None of those outcomes are good for your company, so if you’ve got a MySQL server, check to be sure it’s properly secured today.

0
1 2 3 4 5 6 23