Tag Archives: Security

Posted on Author Atlantic Computer Services Categories Blog

Modern Security Solutions For Evolving Ransomware Attacks

Based on a recent survey conducted by the folks at Titaniam, a solid majority of organizations have robust security tools in place. Yet nearly 40 percent of them have fallen victim to a ransomware attack in the past year.

How can this be?  With conventional tools in place, how can this still be happening?

The answer to that question is complex. Ransomware attacks ultimately have three different phases.  Each phase must be protected against and in each case, the type of protection needed varies.  Let’s start by taking a closer look at the anatomy of a typical ransomware attack. They always begin the same way: Infiltration.

To do anything to your company’s network, the hackers first must gain access to your network.  Thus, your first line of defense is to keep that from happening.

The good news is that most companies have robust tools that are specifically designed to block unauthorized intruders.  The bad news is that hackers can get around those tools entirely by stealing an employee’s login credentials. That is how many of these types of attacks occur. Once inside, the hackers proceed with data exfiltration.  Wholesale copying sensitive data and uploading it to a command-and-control server operated by the hackers.

From the perspective of the hackers, this is where the payday is.  They know all too well that companies will pay handsomely to keep proprietary data from being leaked to the broader public, and hackers are only too happy to take full advantage of that fact.

This is where many companies are weak.  To protect against data exfiltration, companies need to invest in three different types of encryptions.  Encryption at rest, encryption in transit, and encryption in use. Most companies invest in one.  A solid minority invest in two, but very few invest in all three. That creates a window of opportunity for the attacker.

Finally, the third stage is wholesale file locking. This is exactly like what you think it is.  All the files that the malicious code can get to will be locked and encrypted.  If you want them back, you must pay.  Assuming you don’t have a recent backup, of course. Even if you do have a backup, you’ll pay in the form of downtime while you’re restoring those files.

Understanding exactly how a ransomware attack is put together and how it functions is key to designing a security routine that will defeat it, preventing the attackers from ever gaining a foothold on your network.

0
Posted on Author Atlantic Computer Services Categories Blog

Oracle Cloud Infrastructure New Vulnerability Patch

In June, Wiz engineers discovered and reported #AttachMe, a critical cloud isolation flaw in Oracle Cloud Infrastructure (OCI).

Due to its potential to affect all OCI customers, the #AttachMe cloud vulnerability is one of the most severe vulnerabilities discovered to date. The majority of the time, cloud isolation flaws only impact a single cloud service. However, in this case, the impact is related to an integral part of the cloud service.

Engineers discovered that no special permissions were necessary to attach a disk to a virtual machine under a different user account. This suggests that a potential attacker could have gained access to and modified the data of any OCI client and, in certain circumstances, take control of the environment.

Before the patch, any OCI customer could have been a target of a malicious actor familiar with the #AttachMe vulnerability. If the attacker had the Oracle Cloud Identifier, any unattached or attached storage volume that allowed multiple attachments could have been viewed or altered (OCID). This would have allowed sensitive data to be stolen and future attacks initiated through executable file manipulation.

After being informed by Wiz of the vulnerability, Oracle quickly and efficiently distributed a patch for #AttachMe to all OCI customers in less than one day.

The separation of tenants is a critical aspect of cloud computing. Customers expect their data to be inaccessible to other customers. Still, vulnerabilities in cloud isolation break down the walls between tenants. This demonstrates the critical need for proactive research into cloud vulnerabilities, ethical disclosure, and public tracking of cloud vulnerabilities for cloud security.

0
Posted on Author Atlantic Computer Services Categories Blog

DuckDuckGo Email Privacy Service Beta Released

DuckDuckGo has a reputation for protecting the privacy of its users far more than most other companies.  Last year, the tiny search engine announced that they were experimenting with a free service designed to dodge email trackers as a means of further protecting the privacy of its users.

The company’s Email Protection service works by stripping email trackers from messages.

Initially, DuckDuckGo’s Email Protection service was available via a waitlist only.  You had to sign up.  If/when a spot opened for you, you could test it out.  During this waitlist testing period, the company reports that it found trackers in some 85 percent of incoming messages.

Now, DuckDuckGo’s Email Protection service has moved to Open Beta, so literally anyone can get a @duck.com email address. Per the company, you can create as many private email addresses as you like and they will be accessible from your desktop, iOS or Android devices.

Not only does the service promise to strip out unwanted email trackers, but it will also give you a report detailing exactly what trackers it found in your messages. It includes a new Link Tracking feature that helps prevent tracking across email links.

If that wasn’t enough, the service also includes Smart Encryption, which upgrades unencrypted HTTP links in emails to their secure HTTPS counterparts whenever possible. You can reply to messages with a @duck.com email address in lieu of whatever address you normally use.

To make use of the service, you’ll need to install the DuckDuckGo Privacy Browser for iOS or Android.  Once installed, simply go to the Email Protection section of the Settings menu to try it out.

If you’re planning to use it on your desktop PC, you’ll need the DuckDuckGo Privacy Essentials extensions depending on the browser you use. It is available for Chrome, Edge, Brave, Firefox or the DuckDuckGo Mac browser.  Once you’ve got the extension installed, just pay a visit to the email section of the company’s website.

0
Posted on Author Atlantic Computer Services Categories Blog

Microsoft Teams Vulnerability Discovered

Microsoft Teams is a part of the 365 product family and is used by more than 270 million people for exchanging text messages, videoconferencing, and file storage.

In August of 2022, the team at Vectra Protect discovered a post-exploitation vulnerability in the plaintext storage disk used by Microsoft Teams while conducting research for a client. This vulnerability gives malicious actors, with either the local or remote systems access, the ability to obtain valid user credentials. Vectra discovered that the unencrypted credential management weakness affected all commercial and GCC Desktop Teams clients for Windows, Mac, and Linux.

In a blog post dated September 13, 2022, Vectra informed the public about the vulnerability and provided an example of how the hackers may exploit it.

Vectra explained that malicious actors could impersonate the user through Teams-related applications such as Skype and Outlook while bypassing multifactor authentication (MFA). With access to team-related applications, the hackers could target other employees or impersonate senior executives inside the corporation.

Connor Peoples, a security architect at Vectra, wrote, “Attackers can tamper with legitimate communications within an organization by selectively destroying, exfiltrating, or engaging in targeted phishing attacks.”

The desktop application is especially susceptible to attack since it does not have “additional security safeguards to protect cookie data.”

While Microsoft acknowledges the concern raised by Vectra, the corporation states, “The technique described does not meet our bar for immediate servicing as it requires an attacker to first gain access to a target network.”

Given the uncertain availability of a solution in the immediate future, Vectra advises users to utilize the browser-based version of Microsoft Teams. The additional safeguards in a browser helps user avoid security vulnerabilities that could be readily exploited.

0
Posted on Author Atlantic Computer Services Categories Blog

Lenovo Issues Important Update

Lenovo issued a security notice informing customers of multiple serious BIOS vulnerabilities affecting hundreds of Lenovo devices across various models (Desktop, All in One, IdeaCentre, Legion, ThinkCentre, ThinkPad, ThinkAgile, ThinkStation, ThinkSystem).

Exploiting the vulnerabilities might result in the disclosure of sensitive information, an increase in privileges, a denial of service, and possibly even the execution of arbitrary code in some situations.

The following are the six flaws detailed in Lenovo’s security advisory:

  • CVE-2021-28216: Fixed pointer flaw in TianoCore EDK II BIOS (reference implementation of UEFI), allowing an attacker to elevate privileges and execute arbitrary code.
  • CVE-2022-40134: Information leak flaw in the SMI Set Bios Password SMI Handler, allowing an attacker to read SMM memory.
  • CVE-2022-40135: Information leak vulnerability in the Smart USB Protection SMI Handler, allowing an attacker to read SMM memory.
  • CVE-2022-40136: Information leak flaw in SMI Handler used for configuring platform settings over WMI, enabling an attacker to read SMM memory.
  • CVE-2022-40137: Buffer overflow in the WMI SMI Handler, enabling an attacker to execute arbitrary code.
  • American Megatrends security enhancements (no CVEs).

The problems have been resolved in the most recent BIOS upgrades that Lenovo has released for the affected models.

The majority of patches have been accessible since July and August of 2022.

Additional patches are anticipated to be released by the end of September and October. In addition, a limited number of models will receive updates in the following year.

The security alert contains a comprehensive list of the affected computer models, the BIOS firmware version that mitigates each vulnerability, and download links for each model.

Lenovo device owners can also go to the “Drivers & Software” website, search for their device by name, select the “Manual Update” option and then download the most recent version of the BIOS firmware.

0
1 2 3 4 5 6 155