Tag Archives: Security

Posted on Author Atlantic Computer Services Categories Blog

IoT Security With Microsoft Defender

The Internet of Things (IoT) has seen explosive growth in recent years.

If you like, you can now build your own smart home with intelligent toasters, washing machines, dishwashers, and refrigerators. They are all connected to your home network, and they all make vast amounts of data available to you at your fingertips.

Unfortunately, security is slim to non-existent on most of these “smart” devices.  We’ve seen botnets enslave those smart devices and put them to use in a wide range of malicious ways. Although many industry experts have been sounding the alarm, few of the smart device manufacturers have taken much of an interest in bolstering security on the products they sell.

The good news is that Microsoft may have an answer.  The Redmond giant recently released Microsoft Defender for IoT in a bid to secure smart TVs, printers, washing machines, and any other “smart” device you may have connected to your network.

The company previewed Defender for IoT in the waning days of 2021.  Back then it was called Azure Defender for IoT and before that it was Azure Security Center.  By any of those names however, it’s the same code and it’s clear that plugging this gigantic gap in device security has been on Microsoft’s radar for quite some time.

Now at last, the product is ready for a proper unveiling and it’s a solid solution. That is especially given the fact that it integrates seamlessly with Microsoft 365 Defender, which millions of users the world over already rely on.

Michal Braverman-Blumenstyk is Microsoft’s Corporate VP and Chief Technology Officer of Cloud and AI Security.

Michal had this to say about the new product:

“…Defender for IoT now delivers comprehensive security for all endpoint types, applications, identities, and operating systems.

The new capabilities allow organizations to get the visibility and insights they need to address complex multi-stage attacks that specifically take advantage of IoT and OT devices to achieve their goals.

Customers will now be able to get the same types of vulnerability management, threat detection, response, and other capabilities for enterprise IoT devices that were previously only available for managed endpoints and OT devices.”

If you have one or more smart devices connected to your network (and you probably do), you need Defender for IoT.  Kudos to Microsoft.

0
Posted on Author Atlantic Computer Services Categories Blog

Hackers Use VoIP Systems To Install PHP Web Shells

Security researchers at Unit 42, a division of Palo Alto Networks, have been tracking the efforts of a massive campaign aimed at Elastix VoIP telephony servers.

They are used by companies of all shapes and sizes to unify their communications, and it is especially attractive because it can be used with the Digium phones module for FreePBX.

So far, the team has collected more than half a million malicious code samples over a three-month period.  An analysis of those code samples reveals that the attackers are exploiting a remote code execution vulnerability. It is being tracked as CVE-2021-4561 and carries a severity rating of 9.8 out of ten.

Security researchers report that hackers have been actively exploiting this flaw since at least December 2021.

Based on the code samples collected, the Unit 42 team believes that the attackers’ goal was to plant PHP web shells on successfully penetrated systems. That would allow them to execute arbitrary commands on the compromised servers.

Another security firm, Check Point, confirms Unit 42’s findings and both teams stress that the campaign is still ongoing.  Worse, it appears that there are two different groups involved in the attack. Although it is not currently known whether they are coordinating their efforts or if that fact is coincidental. Perhaps it is a case of one following the other so as not to miss out on an opportunity.

The attackers behind the campaign are both clever and technically savvy.  They’ve built in some good anti-detection strategies into the attack, such as masking the name of the back door so that the file name resembles that of a known file already on the system.  It would take a sharp pair of eyes indeed to spot it.

In any event, if you use Elastix VoIP, be sure your IT people are aware of this threat.

0
Posted on Author Atlantic Computer Services Categories Blog

Apple Users Will Want To Update As Soon As Possible

Do you own a device running macOS Monterey 12.5.1, or iOS/iPadOS 15.6.1? If so, you’ll want to download and install the latest patches as soon as possible. Apple recently released a small but critical security update aimed at fixing a pair of serious vulnerabilities that could allow an attacker to execute arbitrary code on an unpatched device.

The two issues addressed by this patch are tracked as CVE-2022-32894 and CVE-2022-32893. The former is a flaw that allows an attacker to gain kernel-level privileges and execute arbitrary code. The second is a WebKit flaw that allows poisoned web pages to run arbitrary code. If you’re not familiar with it, WebKit is the platform that Apple’s Mail app, Safari, and all of its iOS web browsers rest on. Don’t expect much in the way of details from the patch release notes. You won’t find any. The only thing the latest security update does is patch to close these two security flaws.

If you own an Apple watch, also be aware that watchOS 8.7.1 has also been recently released, though when it was released, it was done without accompanying patch notes so we’re not certain whether or not this release is related to the security flaws referenced above or not.

While Apple has already fixed the issues with Monterey, some older versions of MacOS have yet to be patched. It is not currently known whether these versions are vulnerable or not, so be sure to keep an eye out for new releases if you are running older versions of MacOS.

0
Posted on Author Atlantic Computer Services Categories Blog

Raspberry Robin Worm In Hundreds Of Windows Networks

Analysts at Red Canary Intelligence have recently spotted a Windows worm on hundreds of networks belonging to a wide range of organizations around the world.

Dubbed “Raspberry Robin” by the research team that discovered it, this worm spreads via infected USB devices and was initially spotted in September of last year (2021).  Another firm, Sekoia, observed the worm even earlier, citing appearances of similar code strains on QNAP NAS devices as early as November of 2019.

So far, nothing is known about the threat group that created the worm.  There’s nothing in the code that ties it definitively to any of the large, organized, active groups of hackers around the world. Although a code analysis reveals that it is quite advanced.

Although it has spread far and wide, and it is clearly capable of unleashing untold amounts of harm, the threat actors behind the worm have simply opted not to. At least not yet.

It is not known whether it’s because they wish to give the worm more time to spread before inflicting harm to maximize the impact of that harm, or because the group is still in early stages and is essentially testing its capabilities to see how far and how easily it will spread.

Given how little is known about the particulars and the theoretical capabilities of the worm, Microsoft tagged this as a high-risk threat. They stress that although the hackers have, not opted to use it to deploy additional malicious payloads so far, that could change at literally any time.

This is one to be on the lookout for.  Make sure your IT staff are aware of it and on high alert.  As additional details emerge about the worm and who might be behind it emerges, we’ll almost certainly have more to say about this latest threat.

0
Posted on Author Atlantic Computer Services Categories Blog

Prepare For Windows Server 2012 End Of Support

Another week, another Microsoft “End of Life” reminder to write about.

This time, it’s Windows Server 2012 R2.  If you’re a user, then you’re probably already aware of the looming deadline. If you’ve blocked it out of your mind, or if you’ve missed the notifications that Microsoft has been sending out, here’s what you need to know.

The End-of-Life deadline for Windows Server 2012 R2 is October 10, 2023.  If you have not begun making transition plans, now is the time to do so.  Beyond that date, you’ll no longer receive regular patches or security updates which will put your company at risk.

To minimize that risk, Microsoft recommends updating to Windows Server 2019 at your earliest convenience.

It’s also worth mentioning that Server 2012 R2 will follow Microsoft’s “Fixed Lifecycle Policy,” which means it has 5 years of mainstream support plus an additional five years of extended support.

During the mainstream support period, the product receives all updates and support.  During the extended support period, users stop getting non-security-related updates.  Once the extended support period ends, all updates cease. Thus, End of Support.

If you’re evaluating the October 10th 2023 deadline with a pit in your stomach, it’s worth mentioning that customers who need more time can opt-in for a paid plan called “Extended Security Update” that gives you another three years, but that’s a hard deadline.  After that, there is no more support no matter how much you offer to pay.

The cost of the “Extended Security Update” gets more expensive in each of the three years it’s offered. It amounts to 75 percent of License Cost for year one, 100 percent for year 2, and 125 percent for year three. If you need the extra time to transition away from Server 2012 R2, you may consider that to be money well spent.

In any case, the time to start making plans is now.

0
1 6 7 8 9 10 155