Tag Archives: Technology Tips

Posted on Author Atlantic Computer Services Categories Blog

You Might Need This HP Bios Security Update

HP recently released a BIOS update to address a pair of high-severity vulnerabilities that affect a wide range of PC and notebook products offered by the company.  In both cases, the vulnerabilities would allow an attacker to execute code arbitrarily and with Kernel level privileges.

The two flaws are being tracked as CVE-2021-3808 and CVE-2021-3809 respectively, and both bear a CVSS 3.1 score of 8.8 which makes them both serious issues indeed.

Worse, the two issues impact more than 200 models of HP equipment, including Zbook Studio, ZHAN Pro, EliteBook, ProBook, Elite Dragonfly, business desktop PCs like the EliteDesk and ProDesk, retail PoS computers like the Engage, workstations like the Z1 and Z2, and thin client PCs.

For a comprehensive listing of impacted products, please refer to HP’s security advisory page and scan for the product you own.

Security researcher Nicholas Starke has done a deep dive into both issues.

Starke had this to say about the matter:

“This vulnerability could allow an attacker executing with kernel-level privileges (CPL == 0) to escalate privileges to System Management Mode (SMM). Executing in SMM gives an attacker full privileges over the host to further carry out attacks.”

HP has been having a tough time of things lately.  Just two months ago, the company released a BIOS update that addressed sixteen separate flaws. Three months before that, they released a BIOS update that addressed a completely different set of flaws.

Kudos to HP for their time and attention to this matter. However, one has to wonder what has broken down in their core development process that allowed so many serious BIOS flaws to slip through undetected in the first place?

Unfortunately, there’s no word on that but if you haven’t yet applied the latest security update, you’ll definitely want to apply this one as soon as possible.

0
Posted on Author Atlantic Computer Services Categories Blog

Update Zyxel Products To Fix Possible Security Vulnerability

Do you use a Zyxel firewall?  If so, there’s good news.  The company has fixed an issue you may not have even been aware that you had.

The company pushed out the fix in a silent update a little over two weeks ago, but when they implemented the push, they didn’t provide many details about it.  More of those details are emerging now.

Security researchers at Rapid7 discovered a critical security flaw, now being tracked as CVE-2022030525, which is listed as being a severity 9.8 (critical) issue.

The flaw is described as an unauthenticated remote command injection issue, via the HTTP interface.  It impacts all Zyxel firewalls that support Zero Touch Provisioning running firmware versions ZLD5.00 to ZLD5.21 Patch 1.

The following models are specifically impacted:

  • USG FLEX 50, 50W, 100W, 200, 500, 700 using firmware 5.21 and below
  • USG20-VPN and USG20W-VPN using firmware 5.21 and below
  • And ATP 100, 200, 500, 700, 800 using firmware 5.21 and below

According to the company, these products are most commonly found in smaller branch offices and corporate headquarters for SSL inspection, VPN, web filtering, email security, and intrusion protection.

Per the Rapid7 report given to Zyxel on April 13, 2022:

“Commands are executed as the “nobody” user. This vulnerability is exploited through the /ztp/cgi-bin/handler URI and is the result of passing unsanitized attacker input into the os.system method in lib_wan_settings.py.

The vulnerable functionality is invoked in association with the setWanPortSt command. An attacker can inject arbitrary commands into the mtu or the data parameter.”

For their part, Zyxel moved very quickly on the issue.  They initially promised to release a fix by June 2022, but quietly pushed out the patch on April 28th, 2022 without supplying a security advisory or other technical details.

We’re not sure why that decision was made, but we’re very pleased to gain access to those details now. Kudos to Zyxel for their rapid response!

0
Posted on Author Atlantic Computer Services Categories Blog

New Malware Can Infect Linux, Mac, Or Windows Users

There’s a new strain of malware called SysJoker to be mindful of. It’s especially dangerous because it can target Windows, Mac or Linux systems.  That makes it an equal opportunity strain.

Researchers at Intezer are credited with discovering the malware in the wild in December of 2021 during an investigation of an attack on a Linux server.  The group was able to obtain samples of the virus for analysis and have concluded that SysJoker is a nasty piece of work indeed.

Written in C++, the malware strain is cunningly constructed to evade detection on all three Operating Systems.  In fact, it’s so good at evading detection that none of the 57 antivirus programs the Intezer researchers tested were able to detect the presence of the malware.

SysJoker is harmless by itself but that is by design.  It is a first-stage dropper and its only job is to gain a foothold in a target network.

Once there it will sleep for two minutes before creating a new directory and then copy itself to that directory all while disguised as an Intel Graphics Common User Interface Service (“igfxCUIService.exe”).

According to the Intezer report, this is what happens next:

“…SysJoker will gather information about the machine using Living off the Land (LOtL) commands. SysJoker uses different temporary text files to log the results of the commands,” explains Intezer’s report.

These text files are deleted immediately, stored in a JSON object and then encoded and written to a file named “microsoft_Windows.dll”.”

When that is done, the malware creates persistence by adding a new registry key (HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun). Random sleep times are interposed between all functions leading to this point.

Finally, it will reach out to the actor-controlled command and control server using a hardcoded Google Drive link.  Once that connection has been established, the hackers can install whatever payload they wish onto the infected system.

None of the major AV programs can detect SysJoker at present. Given that it can infect Windows, Mac and Linux systems, this is one to keep a watchful eye out for.

0
Posted on Author Atlantic Computer Services Categories Blog

Purple Fox Trojan Delivering Malware Via Popular Messaging App

A research team from Minerva Labs are working in conjunction with the MalwareHunterTeam.

They have recently been tracking a Trojan called Purple Fox and have published a warning about it.

The group behind the Trojan is now distributing their malicious code disguised as a Telegram installation file.

If you’re not familiar with that name Telegram is one of several online messaging apps available on the web. The Trojan has been around since at least 2018 and the hackers who control it have tried a number of different ways to get their malicious code onto unsuspecting desktops.

The use of Telegram as a masking agent is new and the group is also now breaking their malware up into several small files. That makes it less likely to be detected and the researchers have been able to confirm it.  They found few AV engines capable of detecting a Purple Fox installation and it is worrisome indeed.

The team behind Purple Fox isn’t resting on their achievements either.  They have been steadily adding features and functionality to their code. These new features include a new .net backdoor dubbed “Fox Socket” spotted by Trend Micro in October of last year (2021) and Guardicore Labs discovered a version of the code with wormlike capabilities which allowed the variant to spread with blinding speed.

In addition to that, the malware comes in both 32-bit and 64-bit variants so this one is not to be underestimated.  Purple Fox may wind up being one of the biggest threats on the landscape in 2022.

Of course, it’s early days yet and we haven’t seen what other nasty surprises that the hackers of the world have been cooking up over the holiday season, but the bottom line is that Purple Fox is one to watch.

0
Posted on Author Atlantic Computer Services Categories Blog

FTC Enforcing That Businesses Patch Log4j Java Security Issue

By now you’re almost certainly aware of the Log4j Java issue.

It’s a serious and fixable flaw relating to java logging.

Recently the United States Federal Trade Commission (FTC) has issued a chilling warning to anyone who hasn’t yet fixed the flaw and protected against the vulnerability.

The FTC’s statement reads in part as follows:

“The FTC intends to use its full legal authority to pursue companies that fail to take reasonable steps to protect consumer data from exposure as a result of Log4j, or similar known vulnerabilities in the future. 

Failure to identify and patch instances of this software may violate the FTC Act.

The Log4j vulnerability is part of a broader set of structural issues.  It is one of thousands of unheralded but critically important open-source services that are used across a near-innumerable variety of internet companies. 

These projects are often created and maintained by volunteers, who don’t always have adequate resources and personnel for incident response and proactive maintenance even as their projects are critical to the internet economy.

This overall dynamic is something the FTC will consider as we work to address the root issues that endanger user security.”

The FTC has already made it clear that they’re not playing around with this issue either.  Not long ago in 2019, they hit Equifax with a staggering $700 million fine because of customer data exposure.

The FTC clearly has the muscle to make this threat stick. So if you haven’t already installed the remedy for Long4j, do it now before you lose track of it. Keep an ear to the ground for other similar issues.

Fines of the sort that the FTC is threatening are enough to rock any business back on its heels. So don’t take any chances.  Stay vigilant out there.  It’s going to be an interesting year.

0
1 3 4 5 6 7 11