Tag Archives: Business & Finance

Posted on Author Atlantic Computer Services Categories Blog

Unexpected Support Updates For Older Systems Released By Microsoft

Users of Windows XP, Windows 2003, Windows 7 and Server 2008 got an unexpected benefit from Microsoft recently.

All of the OS’s mentioned above have reached the end of their support lives and the company hasn’t been issuing new security updates for them. However, they made a rare exception in the case of patching CVE-2019-0708.

CVE-2019-0708 is a critical security flaw that allows hackers to exploit the Remote Desktop Service and gain access to a target system without any authentication.

Windows 8 and later versions are unaffected by this flaw, but there are millions of vulnerable users still on the older operating systems we named above who are vulnerable.  Microsoft threw them a lifeline releasing the patch that addressed this issue, along with 79 other security flaws.

Last year, the malware strain known as Wannacry swept across the globe, infecting hundreds of thousands of systems, most of which were running older OS’s.  Fearing that something similar could happen this year, the company took the extraordinary step of issuing an unexpected security patch.

While the smart money says that you should already be well into making plans to migrate away from these older operating systems with little to no support, that may not be possible for everyone.  At the very least then, be sure you grab the latest security patch from Microsoft, which will undoubtedly buy you at least a bit more time.

Honestly though, at this point, the only safe move is to migrate to a more modern OS with all possible speed, even if it means some short-term discomfort.  Wannacry devastated thousands of businesses of all shapes and sizes. Microsoft isn’t going to continue making heroic efforts to save a user base unwilling to migrate forever.

0
Posted on Author Atlantic Computer Services Categories Blog

Adobe Removing Older Software And Products Is Upsetting Users

Adobe is facing harsh criticism after they began sending letters out to portions of their user base. The letters inform users of Creative Cloud that older versions of the products they’re using have been discontinued and licenses to use those products have been revoked. Users are to stop using them immediately and upgrade to newer versions or they “may be at risk of potential claims of infringement by third-parties.”

According to Adobe’s support page, the following programs have discontinued versions::

  • Photoshop
  • InDesign
  • Premier Pro
  • Media Encoder
  • After Effects
  • Animate
  • Audition
  • Lightroom Classic
  • Bridge
  • Prelude
  • SpeedGrade
  • Captivate

Unfortunately, this letter and its contents raise serious issues for developers around the world.  Once a project has been initiated using a specific version of a product, Developers are highly reluctant to upgrade to a newer version in mid-project, for fear of introducing bugs.  In addition to that, there are several older, legacy projects in the wild that are employing older equipment. So, upgrading to the latest version of a given program may not be possible due to hardware compatibility issues.

In days gone by, Adobe took a much different, softer approach, allowing development teams to continue using a discontinued program for a number of years. So far at least, Adobe is sticking to their guns.  They intend for everyone to stop using the older versions of their products and insist that they pay to upgrade, or else.

Adobe declined to comment specifically on the matter. However, insiders suspect that the company’s hard line about the issue stems from a lawsuit filed by Dolby for unpaid license fees related to the use of their technology in a variety of software Adobe makes.  Be that as it may, it has the feel of a massive shakedown and it has even the company’s supporters furious.

0
Posted on Author Atlantic Computer Services Categories Blog

Hackers Continue To Attack POS Transactions And Systems

Have you heard of DMSniff?  If you’re in the restaurant, entertainment, or retail business and you haven’t heard of it, this article is likely to dismay you. It’s the latest threat being deployed against those industries.

Researchers from the cybersecurity company Flashpoint now believe that DNSniff malware has been lurking in the wild since at least 2016.

It has proved to be notoriously hard to detect, which explains why we’re just now hearing about it. Even worse, the hackers behind the software have been specifically targeting small to medium-sized companies that rely heavily on credit card transactions to survive, These companies don’t typically have the resources to deploy state of the art security measures.

One of the key features of this malware strain is that it uses a DGA (Domain Generation Algorithm) to create command and control domains on the fly, which makes it incredibly resistant to blocking mechanisms and takedowns.  For instance, if law enforcement officials raid a site, confiscate servers, and shut down a domain, DNSniff keeps doing its thing.  It will simply spawn a new command and control domain and continue to transmit stolen data.

Although DGA’s are employed by other forms of malware, finding it built into the core functionality of code designed to be injected and run on POS machines is a new twist the researchers hadn’t seen coming.

In addition to that, DNSniff also utilizes a string-encoding routine, which enables it to hide even when actively searched for. This makes it more difficult for security personnel to uncover the inner workings of the code.

The goal for the hackers, of course, is to siphon off as many credit card numbers and as much other payment information as they can. They then bundle the stolen data and resell it on the Dark Web.  The group behind DNSniff has been wildly successful.  If you’re in any of the businesses we mentioned at the start, make sure your staff is aware of this latest threat, and stay on your guard.

0
Posted on Author Atlantic Computer Services Categories Blog

Iconic Software Adobe Shockwave Unavailable After April

It’s the end of an era.  Way back in 1995, a company called Macromedia released the iconic Shockwave player, which quickly became a mainstay on Windows-based machines.

A decade later, Adobe purchased Macromedia, taking ownership of the Shockwave player and the company’s other  products (like Flash), both of which continued under the Adobe brand.

Time has not been kind to the technology.  Not only has the company struggled to keep them secure, but the web itself has moved on.  While Flash and Shockwave were once instrumental to cutting edge web development, today’s developers have migrated to WebGL and HTML5, leaving these products with a withering market share.

Although there’s not much current demand for the products, there are a surprising number of legacy websites that still rely on the aging tech.  That’s why Adobe’s recent end of life announcement for Shockwave is sending ripples of panic through the internet.

Adobe has begun sending out emails to their customers bearing the subject line “Adobe Shockwave Product Announcement” in a bid to give webmasters whose sites are built around the tech time to shift gears. The Shockwave Player will officially be retired as of April 8th, 2019, about a year before another iconic Adobe product called Flash Player is slated to retire.

According to the official announcement, business owners with existing Shockwave Enterprise licenses will continue to receive product support until the end of their current contract.  There will be no renewals.

All that to say, the clock is ticking.  If redesigning your company’s website to migrate away from Shockwave and Flash is something you’ve had on the backburner for a while, it’s time to move it to the front of the queue.  Be sure your IT and web development staff are aware, and plan accordingly.  The end is nigh.

0
Posted on Author Atlantic Computer Services Categories Blog

Bots Are Attacking Retail Sites On A Large Scale

If you own a retail business, an attack known as “credential stuffing” is the latest online threat to be concerned about.  If you’re not sure what that is, read on and prepare to be dismayed. According to the 2019 State of the Internet, Retail Attacks, and TPI Traffic Report published by Akamai, there has been an surge in large scale botnet attacks against businesses, with retail outlets being the hardest hit.

In fact, according to the report, between May and December of 2018, there were approximately 28 billion credential stuffing attempts made.  One of the web’s largest retail sites suffered over 115 million bot-driven login attempts in a single day.

A spokesman for Akamai had this to say about the report:

“The insidious AIO (all-in-one) bots hackers deploy which are multi-function tools that enable quick purchases by leveraging credential stuffing and a number of evasion techniques, allowing a single AIO bot to have the ability to target more than 120 retailers at once.

A successful AIO campaign may go completely undetected by a retailer, which might see the online sales and record-setting transactions as proof its product is in demand.  They’ll have little to no indication that its inventory clearing was automated and used to fuel a secondary market or scrape information from its customers.”

In most cases, the damage caused by credential stuffing attacks is limited.  Customers whose accounts are compromised may find that they lose points or perks, and that unauthorized charges are made on their accounts. In some cases, a credential stuffing attack could lead to an attacker gaining a foothold inside your corporate network.  Also, large and pervasive attacks could strain web resources and have (on more than one occasion) crashed a web server.

Even in cases where your business isn’t directly impacted, an attack on your customers’ accounts is still an attack on you.  Unfortunately, with so many stolen credentials available on the Dark Web, it’s a notoriously difficult problem to come to grips with.  The best thing you can do is remain vigilant and maintain excellent communications with the customers you serve.

0
1 18 19 20 21