Tag Archives: Security

Posted on Author Atlantic Computer Services Categories Blog

Microsoft Is Phasing Out Windows 8.1

If you are still using Windows 8.1 and if you’ve somehow managed to avoid seeing the parade of notices Microsoft has been sending out, you should know that the end is nigh.

Support for the aging OS will end on January 10, 2023.  If you have not already done so, you should begin making plans now to migrate away from that OS, and to something more modern.

This is a similar track the company adopted where the end of Windows 7 support was concerned, and the current deadline should not be a surprise to anyone.

After all, Windows 8 itself reached the end of support back in 2016. Although users of version 8.1 got a considerable extension from that point.

It’s worth mentioning that Microsoft has decided not to offer an Extended Security Update (ESU) program for Windows 8.1, so when the date arrives, that’s it.  No matter how much you may want one, you won’t be able to pay for an extension. That means you’ll lose the benefit of ongoing security patches from that point forward.

Although Windows 10 gets the lion’s share of the press for being the most widely used version of the OS of all time, Windows 8.1 was significant for the Redmond Giant.

Windows 8’s initial release was not well received, and the company worked hard to address the (often legitimate) concerns that the OS’s massive user base had.  Windows 8.1 was the culmination of those efforts and the Windows 8.1 era of the company’s history saw steady improvements in both aesthetics and functionality.

In fact, it’s fair to say that without the gains made during the Windows 8.1 era, the current OS would still look dated and many of the components that are integral to all of Microsoft’s operating systems might not have yet been overhauled.

In any case, the sun is indeed setting on Windows 8.1.  Be sure you’re ready when it goes full dark.

0
Posted on Author Atlantic Computer Services Categories Blog

Twilio Data Breach Happened Via Employee Smishing

Twilio is the Cloud Communications Company. They are the latest to fall victim to a data breach.

The company recently disclosed that some of its customer data was accessed by unknown attackers who gained access to the system by stealing employee login credentials via an SMS phishing attack, known as ‘Smishing,’ for short.

The company’s disclosure reads in part as follows:

“On August 4, 2022, Twilio became aware of unauthorized access to information related to a limited number of Twilio customer accounts through a sophisticated social engineering attack designed to steal employee credentials.

The attackers then used the stolen credentials to gain access to some of our internal systems, where they were able to access certain customer data.”

The smishing attack succeeded because the attackers were able to convince company employees that the SMS messages they were receiving were coming from the company’s own IT department.  The messages contained URLs containing the keywords “Twilio,” “SSO” and “Okta” which are commonly used by the company.

Unfortunately, if an employee tapped these links, they would not be taken to company resources but rather to a page that had been cloned to appear as a legitimate company sign in page.

Here, they received a message that their password had expired, and the employee was asked to enter their information as part of the process of changing it.

Naturally, this action did not change the employee’s password, but it did hand it over to the hackers waiting on the other end.

Per a Twilio spokesman, the attackers were only able to access data belonging to a limited number of customers, and the company is currently in the process of reaching out to those who were impacted.

If you have a Twilio account and are not contacted, your data and your account should be fine.  If you are contacted, Twilio will provide you with additional information at that time.

0
Posted on Author Atlantic Computer Services Categories Blog

OpenSea Warns Users Of Phishing Attacks From Data Breach

Are you a fan of NFTs?  If so, you’ve probably heard of OpenSea, which is the largest marketplace for non-fungible tokens.

If you have an account there, be aware that recently the company disclosed that their network had been breached and they issued a warning to their clients urging them to be on the lookout for possible phishing emails.

Cory Hardman is OpenSea’s head of security. According to Hardman, an employee of Customer.io, which is the company’s email delivery vendor, downloaded a file containing email addresses that belong to OpenSea users and newsletter subscribers. The precise number of email addresses the attacker made off with was not disclosed.

Mr. Hardman said:

“If you have shared your email with OpenSea in the past, you should assume you were impacted. We are working with Customer.io in their ongoing investigation, and we have reported this incident to law enforcement.”

This is not the first time OpenSea users have been targeted.  Last year, threat actors impersonating fake support staff successfully absconded with roughly two million dollars (USD) worth of NFTs. Last September (2021) the company addressed a security flaw that allowed attackers to empty an OpenSea user’s cryptocurrency wallets by luring them to click on maliciously crafted NFT artwork.

Although the industry is still in its formative stages, it has grown at a blistering pace. OpenSea is the largest marketplace in the NFT industry. They boast more than 600,000 users and total transactions that surpass $20 billion (USD) which make it a prime target for hackers.

Sadly, this will almost certainly not be the last time OpenSea and other NFT markets find themselves in the crosshairs.

If you have an account there, be on high alert.  Odds are good that the attacker will try to put your email address to malicious use.

0
Posted on Author Atlantic Computer Services Categories Blog

Secret Twitter Accounts Are Not What You Think

Do you have a Twitter account?  Have you been patting yourself on the back while assuming that your identity was a secret, allowing you to ply the waters of Twitter in anonymity?

Unfortunately, that’s probably not the case.  Recently, Twitter disclosed the existence of a critical security vulnerability that allows someone to discern whether a specific phone number or email address is associated with an existing Twitter account.

The company’s blog post related to the matter reads in part as follows:

“In January 2022, we received a report through our bug bounty program of a vulnerability in Twitter’s systems. As a result of the vulnerability, if someone submitted an email address or phone number to Twitter’s systems, Twitter’s systems would tell the person what Twitter account the submitted email addresses or phone number was associated with, if any.”

So much for anonymity.

Apparently, the flaw in the system arose from a code update that the company performed back in June of 2021.

The flaw existed in the code for a total of seven months before Twitter engineers discovered and fixed it. During that time, someone exploited it.  Data tied to more than 5.4 million Twitter users was found for sale on the Dark Web, with the hackers charging a hefty $30,000 (USD) for access.

Twitter has announced that they’ve begun the process of reaching out to any user whose data was compromised.

If you are contacted by Twitter regarding this issue, there’s really nothing to be done.  Your information is out there. Out of an abundance of caution, it would be wise to change your password. If you use the same password on Twitter that you use elsewhere on the web, change those too.

While we’re on that topic, if you are in the habit of using the same password across multiple web properties, now would be an excellent time to develop a new password habit.

0
Posted on Author Atlantic Computer Services Categories Blog

Malware Is Targeting Small Office And Home Office Routers

Researchers at Lumen’s Black Lotus Labs recently spotted evidence of a highly sophisticated and tightly targeted campaign aimed at SOHO (small office/home office) routers across both Europe and North America.

Based on the evidence the team has collected thus far, their conclusion is that the unidentified actor must be state sponsored. This is because garden variety hackers do not typically have the tools, techniques, and procedures in place to pull off the kinds of attacks that the researchers are seeing.

It is telling that this campaign’s ramp up coincided with the pandemic-fueled shift to large numbers of employees working from home.

A recently published summary report about the campaign reads in part, as follows:

“This (the massive surge in people working from home) gave threat actors a fresh opportunity to leverage at-home devices such as SOHO routers – which are widely used but rarely monitored or patched – to collect data in transit, hijack connections, and compromise devices in adjacent networks.

The sudden shift to remote work spurred by the pandemic allowed a sophisticated adversary to seize this opportunity to subvert the traditional defense-in-depth posture of many well-established organizations.”

The report goes on to say that:

“The capabilities demonstrated in this campaign – gaining access to SOHO devices of different makes and models, collecting host and LAN information to inform targeting, sampling and hijacking network communications to gain potentially persistent access to in-land devices and intentionally stealth C2 infrastructure leveraging multi-stage siloed router to router communications – points to a highly sophisticated actor that we hypothesize has been living undetected on the edge of targeted networks for years.”

This is a genuine threat. Although your IT department is likely stretched as thin as it is, one of the best ways you can minimize your risk is to assist your employees who are working from home with patch planning to make sure their gear is up to date and as well protected as possible.

0
1 7 8 9 10 11 155