Security Archives - Page 154 of 155 - IT Services & IT Support Wilmington, NC

March 29, 2019 Atlantic Computer Services Blog

Thunderbolt Vulnerability Could Allow Hackers Access

A new vulnerability was revealed to the world at the 2019 NDSS security conference. It’s a grim one with the potential to impact FreeBSD, Linux, Windows and Mac systems worldwide.

Dubbed ‘Thunderclap,’ the flaw can be exploited to impact the way that Thunderbolt-based peripherals connect and interact with a target system.

If you’re not familiar with Thunderbolt, it’s a hardware interface jointly designed by Intel and Apple that allows users to connect peripherals like chargers, keyboards, video projectors (and the like) to computers. The interface was originally available only in the Apple ecosystem, but subsequent generations of Thunderbolt expanded its reach. These days, Thunderbolt has hooks in every major OS in use today.

At a high level, Thunderclap is nothing more than a union of various security flaws found in the interface. The main flaw stems from the fact that OS’s tend to implicitly trust any newly connected device, granting it access to all system memory. A hacker attacking a system using this exploit can even bypass a system’s IOMMU (Input-Output Memory Management Unit), which is specifically designed to counter such threats.

Research conducted jointly at the University of Cambridge, SRI International, and Rice University discovered Thunderclap in late 2016. They have been quietly sounding the alarm since. Unfortunately, the companies that design and sell operating systems have been slow to act, in a classic case of passing the buck. The most common reason for failing to act is that the OS vendors say the responsibility lies on the peripheral side and vice versa.

The issue is finally getting the attention it deserves, but to date, none of the OS development companies have published a timeframe for when they’ll be issuing a patch to cover the security flaw. Until that happens, the best thing you can do is to disable Thunderbolt ports via your system’s BIOS.

March 28, 2019 Atlantic Computer Services Blog

Social Media Is Big Business For Criminals

The rise of Social Media has been a game changer for businesses around the world, creating opportunities for customer engagement that were previously unimaginable. Unfortunately, business owners aren’t the only ones reaping the benefits of Social Media. The hackers of the world are in on the game too, and for them, Social Media represents a giant piggy bank that they’ve only begun tapping into.

Even now in the early stages of cybercriminal attacks on Social Media, the payoffs have been enormous. Social media attacks have been netting them a staggering $3.25 billion dollars a year. As shocking as that figure might be, it’s important to remember that cybercrime on Social Media is a relatively new phenomenon. Between 2013 and now, the number of cybercrime incidents involving social media has quadrupled.

The attacks take many forms, but one way or another, they come down to abusing the trust that is so essential for a functioning Social Media ecosystem.

Some attackers set up scam pages hawking illegal pharmaceuticals. Others gravitate toward cryptomining malware, while others still ply the Social Media waters intent on committing digital currency fraud or feigning a romantic connection to get money and personal information from their victims. Even if you’re one of the rare companies that doesn’t have a significant Social Media presence yet, that doesn’t mean you’re safe from harm.

Gregory Webb, the CEO of Bromium, recently spoke on the topic, outlining a danger that many business owners are simply unaware of.

“Social Media platforms have become near ubiquitous, and most corporate employees access Social Media sites at work, which exposes significant risk of attack to businesses, local governments as well as individuals. Hackers are using social media as a Trojan horse, targeting employees to gain a convenient backdoor to the enterprise’s high value assets.”

In light of this, it’s probably well past time to sit down with your employees and make sure they’re aware of the risks they’re exposing you to when they access Social Media accounts at work.

March 27, 2019 Atlantic Computer Services Blog

Nvidia Drivers Should Be Updated For Security Issues

If you use a Nvidia graphics card, be aware that the company has recently released their first security patch of 2019, bearing the ID # 4772. It’s an important one in that it addresses eight security flaws that leave un-patched systems vulnerable to attack.

It should be noted that none of the flaws addressed in this patch are rated as critical, but all are rated as high.

The issues addressed in the patch run the gamut of protecting your system. This ranges from denial of service attacks, to remote code execution, and in six of the eight cases, an escalation of privileges.

This patch is applicable across a range of Nvidia’s most popular products, including their GeForce, Quadro, NVS and Tesla graphics cards. So if you use Nvidia graphics cards, then odds are good that this patch will be of benefit to you.

This brings us to the topic of how to apply the latest patch. If your system is Windows based, then applying the latest patch via the Windows control panel should be the only action needed. If you’re a Linux user, then the specific steps you’ll need to follow will vary from one build to the next. It and may involve a bit of manual work, navigating to the Nvidia control panel after the driver has been updated.

Also note that if you have Nvidia products on your system, you can download and install an app called the GeForce Experience, which will alert you when a new patch is available and guide you through its installation.

In any case, this patch is important enough to warrant a special mention, as the issues it protects against are fairly high profile. Make sure your IT staff is aware so they can put this one high on the list of priorities.

March 26, 2019 Atlantic Computer Services Blog

Microsoft Account Email Phishing Attempt Looks Legitimate

Researchers have discovered a pair of nasty phishing campaigns that are making use of Microsoft’s Azure Blob Storage in a bid to steal the recipient’s Microsoft and Outlook account credentials.

Both campaigns are noteworthy in that they utilize well-constructed landing pages that have SSL certificates and a windows.net domain, which combine to make them look totally legitimate.

Given that most users don’t pay close attention to the exact address they’re navigating when they click on a link embedded in an email, these things are more than enough to fool many users. The first campaign relies on some basic social engineering to prompt the user to do something.

The subject lines vary a bit, but fundamentally they are called to action like:

“Action Required: (user’s email address) information is outdated – Re-validate now!”

The body of the email reinforces this point and helpfully contains a link to help you on your way to re-validating your account. Clicking on the link doesn’t raise suspicion because the landing page is a carbon copy of the Outlook Web App that’s complete with a box that allows you to “validate” your password. Of course, what you’re actually doing is giving your email password to the hackers, who then have unfettered access to your inbox and contact list.

The second campaign is the weaker of the two, although it’s set up much the same way. The subject line indicates that you need to take action to re-validate your Facebook Workplace service account, but when you click the link, you’re actually taken to a clone of Microsoft’s landing page. This was no doubt a mix-up on the part of the hackers and will be addressed in short order.

In any case, it pays to make sure your employees are aware of both of these, so they don’t inadvertently wind up handing over the keys to their digital kingdom.

March 22, 2019 Atlantic Computer Services Blog

Bots Are Attacking Retail Sites On A Large Scale

If you own a retail business, an attack known as “credential stuffing” is the latest online threat to be concerned about. If you’re not sure what that is, read on and prepare to be dismayed. According to the 2019 State of the Internet, Retail Attacks, and TPI Traffic Report published by Akamai, there has been an surge in large scale botnet attacks against businesses, with retail outlets being the hardest hit.

In fact, according to the report, between May and December of 2018, there were approximately 28 billion credential stuffing attempts made. One of the web’s largest retail sites suffered over 115 million bot-driven login attempts in a single day.

A spokesman for Akamai had this to say about the report:

“The insidious AIO (all-in-one) bots hackers deploy which are multi-function tools that enable quick purchases by leveraging credential stuffing and a number of evasion techniques, allowing a single AIO bot to have the ability to target more than 120 retailers at once.

A successful AIO campaign may go completely undetected by a retailer, which might see the online sales and record-setting transactions as proof its product is in demand. They’ll have little to no indication that its inventory clearing was automated and used to fuel a secondary market or scrape information from its customers.”

In most cases, the damage caused by credential stuffing attacks is limited. Customers whose accounts are compromised may find that they lose points or perks, and that unauthorized charges are made on their accounts. In some cases, a credential stuffing attack could lead to an attacker gaining a foothold inside your corporate network. Also, large and pervasive attacks could strain web resources and have (on more than one occasion) crashed a web server.

Even in cases where your business isn’t directly impacted, an attack on your customers’ accounts is still an attack on you. Unfortunately, with so many stolen credentials available on the Dark Web, it’s a notoriously difficult problem to come to grips with. The best thing you can do is remain vigilant and maintain excellent communications with the customers you serve.

Previous page 1 … 152 153 154 155 Next page

Tag Archives: Security