Tag Archives: Security

Posted on Author Atlantic Computer Services Categories Blog

Hackers Are Stealing Facebook Accounts With Malicious Messenger Bots

Researchers at Trustwave have shed light on a recently discovered phishing campaign revolving around Facebook Messenger bots.

If you don’t spend much time on social media, chatbots are programs designed to impersonate live people and are usually relegated the task of answering simple questions as a form of triage customer support.

If the bot can’t answer the question, then a handoff escalation is made to a human customer support person.

That’s how it’s supposed to work, anyway.  This newly discovered campaign abuses chatbots.

Here’s how they’re structuring the campaign:

The first step is to send an email out to an individual concerning their Facebook page, generally claiming that the page has violated some portion of Facebook’s Community Standards and giving the email recipient 48 hours to appeal the decision or risk their page being deleted.

Naturally, this is mortifying to most people, who will rush to resolve the issue.

That’s exactly what the phishers are counting on.  By “helpfully” providing a link or button embedded in the email which connects them to a chatbot, but one that the scammers control.

By all appearances, the email recipient is connected to a member of Facebook’s customer support team.  It is in fact a chatbot controlled by the scammers.

The fake customer support person will basically regurgitate the information contained in the email and then will send the victim a message containing an “Appeal Now” button.

Clicking this button takes the victim to a website disguised as the “Facebook Support Inbox.” At this point, only an observant potential victim will see through the ruse as the inbox domain is in no way associated with Facebook. Others may easily miss it.

If the victim doesn’t see through the ruse, he or she will be asked to input a variety of information on a form.  When this form is submitted, a pop-up box appears asking the user to re-enter their Facebook password, and that’s the hook.

Everything up to this point has been bait designed to get the potential victim to give up their password.

Even if you’re not personally on Facebook, make sure everyone you know who is knows about this scam.  If we can help even one person avoid being taken in, that’s a victory.

0
Posted on Author Atlantic Computer Services Categories Blog

Fake Copyright Infringement Emails Used To Spread Malware

Hackers found a new way to slip malware past your defenses.  Researchers around the world have spotted a curious new campaign designed to scare victims by sending them emails warning of copyright infringement.

The email begins by warning that the recipient’s website is hosting copyright-protected content and threatens legal action if the offending material isn’t removed immediately.

The red flag here is that rather than simply spelling out what materials are copyright protected in the body of the email, the attackers include a ZIP protected archive file which supposedly provides the details.

Naturally, anyone who gets scared into opening the archive will not find any details. Rather, they will have inadvertently opened the door to allow LockBit 2.0 ransomware to be installed on their machine.

Worse, if that machine happens to be connected to your corporate network, the malware will spread laterally from there while infecting and locking files on as many devices as it can manage.

It’s a clever bit of social engineering.  Nobody wants to run afoul of copyrights, so the hackers are playing on common fears and the current campaign is well organized.  Not only are the emails slickly put together, but the hackers are using one of the most prolific ransomware strains out there.

You’re probably not actually displaying copyrighted materials on your website. Even if you were, the content in question would be mentioned prominently in the body of whatever email you got from the owner of the copyright.

Be sure your staff is aware of the current campaign.  Once someone opens the archive, it’s too late and your company will probably be facing some downtime, not to mention the loss of trust you’ll suffer.  It’s just not worth the risk.  Stay safe out there.

0
Posted on Author Atlantic Computer Services Categories Blog

Android And iOS Network Protection Added With Microsoft Defender

Recently, Microsoft added a new feature for Microsoft Defender for Endpoint (MDE) which has fans of the product cheering.

Once the new “Mobile Network Protection” feature is enabled on the iOS and Android devices you want to monitor, the security platform will provide the same robust protections and notifications that your other network devices currently enjoy.

The company had this to say about the recent addition:

“As the world continues to make sense of the digital transformation, networks are becoming increasingly complex and provide a unique avenue for nefarious activity if left unattended.

To combat this, Microsoft offers a mobile network protection feature in Defender for Endpoint that helps organizations identify, assess, and remediate endpoint weaknesses with the help of robust threat intelligence.”

This new feature is part of a larger, ongoing effort by Microsoft to expand Defender for Endpoint’s capabilities and provide an umbrella of protection that extends across multiple platforms.

Given the complexities of today’s network security environment, we’re thrilled to see tech giants like Microsoft taking bold steps to help simplify, and a cross platform security solution is seen by many as being the Holy Grail of the industry.  While it’s certainly true that Defender for Endpoint isn’t that yet, it’s clear that Microsoft is interested in seeing it become that.

Again, from Microsoft:

“With this new cross-platform coverage, threat and vulnerability management capabilities now support all major device platforms across the organization – spanning workstations, servers, and mobile devices.”

In addition to this new capability, the Redmond giant has also added a feature to MDE that allows admins to “contain” unmanaged Windows devices on their network if they are compromised, or even if there’s a suspicion that they might be.  This is in a bid to keep hackers from abusing those devices and moving laterally through corporate networks.

All of this is great news indeed and if you’re not yet taking advantage of Defender for Endpoint, we recommend giving it serious consideration.

0
Posted on Author Atlantic Computer Services Categories Blog

The Windows 11 Apps That Use Your Microphone And Camera

Are you a member of the Windows 11 Insiders group?  If so, then you already know that you get a sneak peek at all the cool new features the engineers at Microsoft are building into the new Operating System.

If you’re not yet a member of that group, then this announcement might entice you to join.

In a June Windows 11 Preview Build, the company added a new privacy feature that keeps track of apps that have access to your microphone, camera, location, and the like.

To view your installed apps and which ones have access to what, activate your Windows 11 Settings app and look under Privacy & Security.  There, you’ll see a section labeled “App Permissions” as a “Recent Activity” dropdown menu.

You’ll see a complete listing of apps stacked against every tracked category of information, putting it all right at your fingertips.

This is the latest of the new security features that the new OS will sport.  In addition to this, the company is also planning to make improvements to Microsoft Defender that will make it better at blocking phishing and malware attacks against users.

On top of that, Microsoft is currently developing a Personal Data Encryption feature that will protect users’ files when they’re not logged in by blocking access to that data until the user authenticates via Windows Hello.

Finally, the company is flirting with the notion of enabling both Credential Guard and Local Security Authority by default. Although, they have not made a firm commitment to either of those at the time this article was written.

These feature additions stand to make Windows 11 the most secure OS that Microsoft has ever offered.  We’re looking forward to seeing how Windows 11 is accepted by the broader public.

0
Posted on Author Atlantic Computer Services Categories Blog

WordPress NinjaForms Plugin Was Force Updated Due To Vulnerability

Do you run a WordPress site?  Do you also use the popular forms design and management plugin called NinjaForms?  If you answered yes to both of those questions, be aware that NinjaForms was recently found to have a critical security flaw.

The flaw takes the form of a code injection vulnerability and impacts all versions of NinjaForms from 3.0 forward.  With more than a million installations to its name, that makes the newly discovered bug a problem indeed.

To their credit, the company behind the plugin moved quickly and issued an update which should have auto-installed on your system.

Chloe Chamberland is a researcher at Wordfence Threat Intelligence.

Chloe had this to say about the security flaw:

“We uncovered a code injection vulnerability that made it possible for unauthenticated attackers to call a limited number of methods in various Ninja Forms classes, including a method that unserialized user-supplied content, resulting in Object Injection.

This could allow attackers to execute arbitrary code or delete arbitrary files on sites where a separate POP chain was present.”

The security patch was auto applied to more than 730,000 NinjaForms installations.  While that’s excellent, it’s clear that some admins don’t take kindly to auto-applied patches of any sort and have taken active countermeasures against such things.

If your company is one of those, you’ll need to install the latest version of NinjaForms as soon as possible. If you’re not sure you use it, check with your IT staff, and make them aware of the issue.

This isn’t the first time WordPress has taken away user agency in the name of security.  For instance, in 2019 the Jetpack plugin received a critical security update that corrected how the plugin processed embedded code.  The company didn’t make a fuss over it, they simply updated everyone’s Jetpack to the latest (safer) version.

Kudos to WordPress and the developers of NinjaForms for their rapid response in this instance. Kudos for keeping the web relatively safe.

0
1 8 9 10 11 12 155