Tag Archives: Business Advice

Posted on Author Atlantic Computer Services Categories Blog

Email Phishing Attackers Are Pretending To Be The IRS

Emotet is in the news again according to the latest information from email security firm Cofense.  Emotet is notorious for spreading via phishing campaigns and this latest phishing campaign sees them impersonating the IRS.

By all outward appearances, the emails look legitimate. The Emotet gang knows that with so many people feeling harried during tax season, potential victims are much less likely to look closely at incoming emails that claim to have tax documents since they’re expecting tax documents anyway.

While the particulars vary from one email to the next, the general gist of emails associated with this campaign goes as follows. “Hi, we’re the IRS, and we’re contacting your business with some completed tax forms,” or, in some variants, “We’re contacting you with some tax forms you need to fill out and send back to us.”

Again, given the timing of tax season, this is not at all out of the ordinary. A surprising percentage of email recipients are opening the included attachments.

Simply opening the emails won’t doom you, but if you enter the password required to unlock the file attached to the email, you will doom yourself. Emotet will be installed in the background along with whatever additional malicious payload the hackers want to inflict on you.

In addition to that the malware will rifle through your address book, absconding with the email addresses belonging to your contacts. It does this so it can use those addresses in future reply-chain attacks, thus extending the longevity of the campaign.

There’s no good defense against this kind of attack except for vigilance.  The standard email defenses apply here.  Never open an attachment from someone you don’t know.  In cases where the recipient seems to be a government agency, call to verify that they have, sent you something that needs your attention, and examine the email closely.

Be careful out there.

0
Posted on Author Atlantic Computer Services Categories Blog

Update This WordPress Plugin Immediately To Prevent Security Risks

Do you have a WordPress site?  Do you use the PHP Everywhere plugin?

If so, you’re not alone.  More than 30,000 site owners have installed it.  It’s an excellent plugin that dramatically enhances websites using it, because it allows webmasters to place PHP pretty much anywhere on the page to display dynamic web content.

Wordfence is a global team of WordPress security analysts, threat researchers, software engineers, and support staff. Unfortunately, researchers at Wordfence have recently discovered not one, but three critical security issues with the plugin’s design that allow hackers to remotely execute code by abusing the plugin, on sites running version 2.0.3 and below.

To execute the attack all a hacker needs to do is be granted a subscriber or contributor level account on your site which is generally easy for them to do.

The three flaws are being tracked as CVE-2022-24663, CVE-2022-24664, and CVE-2022-24665.

The Wordfence crew discovered the flaws on January 4, 2022. To their credit the plugin’s authors responded quickly and released an update on January 10th 2022, which addresses the issue. Although they disclosed that the fix required a substantial rewrite of much of the plugin’s code.

Although the security flaws have been patched, unfortunately many admins aren’t as good as they could be when it comes to keeping plugins up to date. Based on stats gleaned from WordPress.org only about half of the 30,000 worldwide installs of the plugin are running the latest version.

Note that if you are using the Classic Editor on your site you’ll need to uninstall the plugin and find some other solution for PHP code embeds because the Classic Editor is being phased out and the update to PHP everywhere no longer works with it.

If you use the plugin be sure to verify that you’re using the latest version. Kudos to the plugin authors for their rapid response.

0
Posted on Author Atlantic Computer Services Categories Blog

Hackers Are Breaking Into Microsoft Teams And Dropping Malware

Researchers at Avanan are a Check Point subsidiary. They have recently issued a warning that anyone who uses Microsoft Teams should be aware of. According to the latest statistics, more than 270 million people use Teams every single month.

According to Avanan, hackers are breaking into Team chats and attaching malicious files to ongoing conversations.  By all outward appearances the attached files appear to be relevant to the conversations, but anyone unfortunate enough to click on the file will be infected.

At this point, it’s not clear how the hackers are gaining access to Teams in the first place. The most likely possibilities include compromising a third-party vendor that a company does business with, phishing attacks, or stealing Microsoft 365 or email credentials.

The disturbing thing about this recent spate of attacks is the fact that it requires absolutely no sophistication.  It’s about the simplest form of attack one could imagine and made possible in no small part by virtue of the fact that Microsoft Teams is almost universally trusted by those who use it.

Very few people think anything of security once they’re entrenched in the Teams framework.

The researchers at Avanan recommend the following to limit your risk and exposure:

  • Encourage end-users to reach out to IT when seeing an unfamiliar file
  • Implement protection that downloads all files in a sandbox and inspects them for malicious content
  • Deploy robust, full-suite security that secures all lines of business communication, including Teams
  • Make sure you recognize anyone leaving files in Teams chat

Even if your employees follow all of those recommendations, it won’t provide bullet-proof protection, but it will make an infection from this vector much less likely.

Although Teams already has robust file protection protocols in place, you can bet that Microsoft will be taking another closer look at this in the weeks and months ahead.

0
Posted on Author Atlantic Computer Services Categories Blog

Hackers Are Setting Their Sights On Linux Systems

For most of the history of the internet Linux has been able to stay below the radar of hackers around the world.

While there have been some attacks that specifically targeted Linux users, they’ve managed to keep a low enough profile that it hasn’t been a major issue.

According to a group of researchers from VMware, that appears to be changing.

They warn that hackers are increasingly setting their sights on Linux-based systems. That’s a problem because to date, there has been no corresponding increase in efforts to detect and manage those threats.

Even worse is that with a growing number of hybrid systems in use today, Linux is becoming much more commonly seen in the Enterprise environment. Given the disconnect between the growing threat level and the level of preparations being made to meet that threat, Linux-based systems may well be the new weakest link in your company’s network.

If there’s a silver lining in the dire warning from the folk at VMware it lies in the fact that most of the attacks targeting Linux-based systems aren’t very sophisticated at this point.  That will change over time but in the here and now it shouldn’t take much to fend off the current generation of attacks.

As the VMware team put it:

“Focus on the basics. The fact is that most adversaries are not super advanced. They’re not looking for unique exploits, they’re looking for the general open vulnerabilities and misconfigurations. Focus on those before you start focusing on zero-day attacks and new vulnerabilities – make sure you’ve got the basics covered first.”

It’s sound advice and easy to follow.  The worst thing you can do in this case is nothing.  The threat level is rising.  That’s an indisputable fact.  Those who take no action do so at their cost.

0
Posted on Author Atlantic Computer Services Categories Blog

This Plugin Could Put Your WordPress Site At Risk

The WP HTML Mail plugin has been installed on more than 20,000 websites. If you’ve built a WordPress site for your business and you use that plugin,  be aware that you are at risk.  A high severity security flaw was recently discovered in the plugin that could allow an attacker to perform a code injection style attack that allows the attacker to send phishing emails to the site’s registered users.

The plugin is popular because it is compatible with a wide range of other plugins including BuddyPress, Ninja Forms, WooCommerce, and others.  The plugin isn’t as wildly popular as many others and doesn’t boast an overly impressive number of total installations. However, many of the sites that do use it have large audiences which means that this flaw puts more people at risk than first meets the eye.

The flaw is being tracked as CVE-2022-0218 and was discovered on December 23rd of last year (2021).  As of now the plugin’s developer has released a patch that addresses the issue.

If you use the plugin check your version number. If you’re using anything earlier than 3.1 update to 3.1 or later right away to protect yourself, your reputation, and the customers who have registered on your site.

The last thing you want is for your company to get a black eye when your customers start complaining about a flood of scam emails that start hitting their inboxes right after they create an account on your site.

Although the plugin developer took nearly a month to address the issue they did address it and we give them kudos for that.  Here’s hoping that if additional security flaws are found in their product they’ll have an even faster response that will help keep their users and the customers of their users safe.

0
1 4 5 6 7 8 23