Tag Archives: Technology Tips

Posted on Author Atlantic Computer Services Categories Blog

A New iPhone Bug In HomeKit Could Brick Your Phone

Thank Trevor Spiniolas’ sharp eyes if you own an iPhone.  The independent security researcher recently discovered a critical security flaw in iOS that impacts all version from 14.7 to 15.2.

If exploited, this flaw can turn your fancy phone into a very expensive paperweight, so it’s one to take seriously.

Trevor discovered that by changing the name of a HomeKit device to a large string of characters, it would cause the iPhone to crash. In his case Trevor used a string half a million characters long for testing.

Unfortunately, there’s no easy way out if this should happen to a user because of course the new device name is backed up to the iCloud. So if the user tried to restore the iPhone it would pull the relevant information from the Cloud, hit the renamed device, and trigger the error again.

Spiniolas has publicly disclosed his findings, so Apple is aware of the issue.  Initially the company promised a fix before the end of 2021 but they’ve since come back with a revised timeframe of “early 2022.” For now, if you run afoul of this issue you don’t have many good options.

Spinolas recommends the following steps for impacted users:

  • Restore the affected device from Recovery or DFU Mode
  • Set up the device as normal but do NOT sign back into the iCloud account
  • After setup is finished, sign into iCloud from settings. Immediately after doing so disable the switch labeled “Home.” The device and iCloud should now function again without access to “Home” data.

It’s a bit of a process with more hoop jumping than many people will care for. However, the steps outlined above will get the job done and give you your phone back.  Here’s hoping Apple doesn’t hesitate in terms of the fix.

0
Posted on Author Atlantic Computer Services Categories Blog

New Emotet Malware Found A New Way To Distribute

Emotet is one of the most feared malware strains circulating right now. The team behind it has managed to infect a staggering array of targets all around the globe. To say that it is a major threat would be an understatement. Recently the group behind Emotet just upped the ante even further. Researchers have recently discovered that the malware is now being distributed via a new channel.

The new channel is a malicious Windows App Installer that appears to be an innocuous Adobe PDF reader. Windows App Installer is a built-in feature of both Windows 10 and 11 and systems can be infected by “tricking” users to click attachments in emails which trigger the App Installer.

Emotet’s preferred methodology revolves around a “conversation in progress” approach.  An email is crafted that already has several replies. So at a glance it appears that the recipient and whomever sent this email have already been conversing about something. The “most recent” reply says some variation of “please see attached” and contains a PDF file.

When the recipient clicks the file the built in App Installer is triggered and the malware is installed. Note that this completely bypasses most malware and AV software because the recipient is making a conscious decision to open the file in question.

The campaign is amazingly well put together.  The attachment and subsequent prompts appear to be legitimate Adobe Acrobat components right down to sporting an official company icon and a certificate marking it as a trusted application. So there’s no reason for a user to think that there’s anything amiss unless they look more closely at the email containing the attachment.

That’s exactly what the hackers are counting on.  They know that people are busy and may only give the body of the email a cursory glance before clicking to see what all the fuss was about.

As ever vigilance and mindfulness are the keys to avoiding these types of shenanigans.

0
Posted on Author Atlantic Computer Services Categories Blog

Beware Certain Sites Because Of TSA PreCheck Renewal Scam

According to a report recently released by Abnormal Security there’s been a huge upsurge of instances of people getting scammed after visiting what they thought were Global Entry, NEXUS, and TSA PreCheck service sites. The issue is that scammers are building very convincing fakes of these types of sites and charging busy travelers $140 for pre-check service. Naturally they are not delivering anything at all after pocketing the money.

The surge in such activity began back in March of this year (2021) but has steadily intensified since then. That’s no great surprise really.

After all with the holiday travel season fast approaching we can conclude that the purpose of the instances earlier in the year were to give the scammers time to refine their approach in advance of the much busier holiday season. They were anticipating a big boost in travel as the pandemic began to recede.

The whole idea behind TSA PreCheck is to streamline the airport screening process and allow travelers to pass through the security checkpoints more quickly once they actually arrive at the airport. Millions of busy travelers have shown a willingness to pay extra for that convenience which is why such sites have increased in popularity since they were first introduced.

You simply enroll in the service, a background check is conducted on you, and you get to travel with minimal hassle from that point forward. Unless you wind up at a fake site set up by the scammers of course.

Then you only think you’re enrolling in the service and the scammers pocket your money and don’t actually do anything. That sets you up for a nasty surprise when you arrive at the airport expecting smooth sailing.

Ahead of the holiday travel seasons scammers are upping their game and sending emails that war of the imminent cancellation of their membership. If they act fast they can “renew” it and have one less thing to worry about when they book their holiday flights.

The key here is to be mindful of the scam and to check the URL of the site you actually wind up at. That’s the giveaway. The scam sites can replicate the overall appearance of TSA PreCheck but they can’t hide the URL.

0
Posted on Author Atlantic Computer Services Categories Blog

Some People Still Use 20 Year Old Windows XP

Windows XP recently turned twenty. Two decades is an eternity in the world of computers. Yet despite its age the venerable OS still has a surprising number of loyal users.

The problem is that Windows XP stopped receiving security updates in 2014. That means those who are still clinging to it run a very real risk of having their systems compromised.

It’s actually worse than the dates above indicate because mainstream support for Windows XP ended in 2009. However a small number of users were able to get extended support which lasted for an additional five years.

Microsoft has in a handful of cases issued emergency security patches to deal with critical security threats. However the bottom line is that there are a whole host of serious security flaws in the OS at this point and further help is not coming.

So who are the Windows XP users and why haven’t they upgraded to a more modern OS yet?

Broadly speaking they fall into two categories. The first group resides in the public sector. Public sector agencies tend to be notoriously slow where upgrades are concerned. Given how long public sector employees have been using it there’s a significant re-training cost to consider that many public agencies simply don’t have the budget for.

The second major category are agencies that have legacy applications that are incompatible with more modern operating systems. In these cases upgrading the OS requires a total rewrite of those legacy applications which may be ruinously expensive. On top of that a total rewrite of business critical applications would result in massive hardware and retraining costs on top of the software development.

It’s a tricky proposition which has left a small but significant number of users in a vulnerable position. The sooner these remaining holdouts find a way out of their situations the safer and better off they will be.

0
Posted on Author Atlantic Computer Services Categories Blog

Warn Your Employees About The New DocuSign Phishing Campaign

Phishing attacks tend to focus on executive level targets. They focus on high ranking targets who have considerable system access.

That appears to be changing. A recent trend tracked by researchers from Avanan has revealed that nearly half of all phishing emails analyzed in recent months were crafted to impersonate non-executives.

Additionally more than three quarters of them (77 percent) targeted employees on the same level.

This is something of a departure and it allows those who orchestrate phishing campaigns to target a significantly larger pool of potential victims. The reason behind the shift in focus is easy enough to understand.

The Avanan researchers summarize it as follows:

“Security admins might be spending a lot of time providing extra attention to the C-Suite and hackers have adjusted. At the same time, non-executives still hold sensitive information and have access to financial data. Hackers realized, there is no need to go all the way up the food chain.”

Increasingly hackers and scammers are coming to rely on spoofed DocuSign emails to gain access.

If you’re unfamiliar with it DocuSign is a legitimate platform used to digitally sign documents. In this case a scammer creates a dummy DocuSign document and emails a request to a low to mid-level employee to update direct deposit information or something similar.

By all outward appearances the DocuSign request looks completely legitimate but there is one important difference. An actual DocuSign email won’t ask the recipient for login credentials. The spoofed ones do. Naturally this is done so that the hackers can harvest those credentials.

Given the crush and volume of daily business emails the difference is easy to overlook which explains why this approach has enjoyed an uncannily high degree of success.

Be sure your employees are aware of this latest threat and stay on their guard against it. One moment of carelessness could wind up being costly indeed.

0
1 4 5 6 7 8 11