Tag Archives: Microsoft

Posted on Author Atlantic Computer Services Categories Blog

Ransomware Hackers Have Set Their Sights On Exchange Servers

Microsoft Exchange servers are once more in the crosshairs of hackers around the world.  Most recently, hacking groups have been specifically targeting them to deploy BlackCat ransomware.

As is common among ransomware attacks, the hackers here first rifle through an infected network, looking for login credentials, proprietary information, and other sensitive files that they can copy and exfiltrate.  They exploit a target organization in two ways. They ultimately encrypt a target’s files and demand payment to unlock them and then ransom the copied files for additional payment.

This should be regarded as a serious threat.  Although Microsoft tries gamely to keep Exchange servers secure, there are several vulnerabilities in the code. An organization that doesn’t apply security patches as soon as they are available is incredibly vulnerable to these attacks.

It’s a sufficiently significant threat that in April, the FBI issued a Flash Alert about BlackCat, warning that the recent surge in attacks have compromised more than sixty different organizations worldwide.

Their alert reads, in part as follows:

“Many of the developers and money launderers for BlackCat/ALPHV are linked to Darkside/Blackmatter, indicating they have extensive networks and experience with ransomware operations.”

The FBI has also requested the assistance of any organization that becomes compromised so they can track the attacks back to their source and take action against them.

Again, per the recent FBI Flash Alert, the specific information they’re looking for is as follows:

“IP logs showing callbacks from foreign IP addresses, Bitcoin or Monero addresses and transaction IDs, communications with the threat actors, the decryptor file, and/or a benign sample of an encrypted file.”

Here’s hoping your organization doesn’t wind up in the crosshairs of the hackers. If you happen to, give the FBI a hand so they can shut these miscreants down.

0
Posted on Author Atlantic Computer Services Categories Blog

New Malware Uses Word Documents To Get On Your System

Researchers at HP have discovered a new malware loader that they’ve dubbed SVCReady.  While new malware strains are common, this one is distinct for a couple of different reasons.

Like many malicious programs, this spreads primarily via phishing email campaigns.  One way that this new strain differs however, is the fact that the malware is loaded onto the target machine via specially crafted Word documents attached to the email.

The idea is that these Word documents leverage VBGA macro code to execute shellcode that’s stored in the properties of the Word document.  That’s both new and dangerous.

The HP researchers found evidence that tracks the malicious code back to its origin in April of 2022, with the developers releasing several updates just one month later in May.  The number of updates is suggestive of a large, well-organized team that is committed to continued development of their new toy.

Currently, SVCReady boasts the following capabilities:

  • Download a file to the infected client
  • Take a screenshot
  • Run a shell command
  • Check if it is running in a virtual machine
  • Collect system information (a short and a “normal” version)
  • Check the USB status, i.e., the number of devices plugged-in
  • Establish persistence through a scheduled task
  • Run a file
  • And run a file using RunPeNative in memory

In addition to these capabilities, SVCReady can also fetch additional payloads from the command-and-control server.  While the bullet points above are dangerous in their way, it is the last, recently added capability that makes the new malware strain especially dangerous.  It enables the hackers to tailor the level of destruction for each infected target.

Worse, the new strain contains bits of code that lead the HP researchers to conclude that the threat actor TA551 may be behind it.  This is a large, well-organized group with ties to multiple other hacking organizations and ransomware affiliates. That implies that SVCReady may soon become much more widely available than it is now.

You will want to be sure this one stays on your radar.

0
Posted on Author Atlantic Computer Services Categories Blog

Microsoft Adding Restore Apps Feature To Make Reinstalling Easier

Are you excited about Windows 11?  Many people are and in fact there are legions of beta users who are in the Windows Insiders group so they can get a sneak peek at some of the features on deck as updates are released.

One of the coolest new features making its way through the development pipeline is the “Restore Apps” feature the company is working on.

Its development came about from the realization that one of the most time-consuming tasks associated with setting up a new PC with a fresh Windows installation is the process of restoring all your previously installed apps.

This new feature aims to shortcut the process. Unfortunately, it doesn’t work with desktop applications, but any app you’ve downloaded and installed from the Microsoft Store can be put back in place via a single click, and that’s amazing.

Microsoft had this to say about the new feature:

“To make it easier for customers to transition to their new PCs quickly and seamlessly, we will soon test a new feature in the Windows Insider channel that helps customers automatically restore their apps, previously installed from the Microsoft Store, to their new Windows device.  This will also help developers retain their customers without having to remind customers to re-download their app.”

In addition to the “Restore Apps” feature, Microsoft will soon be adding the ability to install apps directly from a search in the Windows 11 Start Menu. Given that many people use the Start Menu’s search function to find new apps, this is a natural fit. By not having to access the Microsoft Store directly, it saves a step while offering a bit of added convenience.

While neither of these are available just yet, they will be soon. So if you’re a Windows Insider, be on the lookout for them.

0
Posted on Author Atlantic Computer Services Categories Blog

Beware New Windows Vulnerability With Remote Search Window Access

You may not know the name Matthew Hickey, but you should thank him for a recent discovery that could save you a lot of grief.

Hickey is the co-founder of a company called Hacker House.  He recently discovered a flaw that could allow for the opening of a remote search window simply by opening a Word or RTF document.

This newly discovered zero-day vulnerability is about as serious as it gets.

Here’s how it works:

A specially crafted Word Document or RTF is created which, when launched, will automatically launch a “search-MS” command, which opens a Windows Search window.

This window lists executable files on a remote share and the share can be given any name the attacker desires such as “Critical Updates” and the like. That would naturally prompt an unsuspecting user to click the file name to run that file.

Naturally, clicking the file name wouldn’t do anything other than install malware, which is exactly what the hackers are trying to do.

Although not quite as dangerous as the MS-MSDT remote code execution security flaw, this one is still incredibly serious. Even worse, there is not currently a patch that will make your system safer.

The good news however, is that there are steps you can take to minimize your risks.

If you’re worried about this security flaw, here’s what you can do:

  • Run Command Prompt as Administrator.
  • To back up the registry key, execute the command “reg export HKEY_CLASSES_ROOTsearch-ms search-ms.reg”
  • Execute the command “reg delete HKEY_CLASSES_ROOTsearch-ms /f”

Kudos to the sharp eyes of Matthew Hickey for first spotting this flaw.  We can only hope when the next zero-day rears its head, researchers like Mr. Hickey will be there to help point them out and show us how to defeat them.

0
Posted on Author Atlantic Computer Services Categories Blog

Microsoft Releases Multiple New Features For Teams

Teams was “just another Microsoft application” before the pandemic.  Thanks to Covid-19 though, demand for video conferencing solutions shot through the roof, and suddenly Teams found its groove.

Microsoft had been gamely trying to bolster its popularity and the pandemic certainly helped. For more than two years, the Redmond giant has been pouring an increasing number of resources into polishing Teams and really making it shine.

Recently (May of this year), Microsoft made a significant update to Teams which introduced a whole raft of new features.  If it’s been a while since you’ve been on Teams, it’s well worth taking a bit of time to check out the latest features.

Until you get that chance, here’s a quick overview of what’s new:

May 2022 was the first time that the Teams app made an appearance on the Microsoft Store, which makes it easier and more convenient than ever for Windows 10 users to grab a copy and install.

Windows 11 users can download the Teams app for work and school accounts from the store. Note that Windows 11 users do not have access to personal accounts for Teams.  That’s because Windows 11 includes a built-in Teams chat app for individual consumers.

This has created a situation that Microsoft had hoped to avoid where there are now two different Teams apps.  It is uncertain at this point whether Microsoft will eventually combine the two or just live with the different variants.

In addition to easier availability, Microsoft added two new filters to improve video quality. Meeting organizers get a new “Together Mode” which places all meeting participant faces in the same virtual room (like an auditorium).  Just select the mode and choose a theme/scene.

For VDI users, there’s the new pop-out chat function and a new feature that allows users to give or take control, which allows other users to share content.

Teams has come a very long way in a relatively short amount of time.  Check out the latest it has to offer today!

0
1 3 4 5 6 7 49