Tag Archives: Technology

Posted on Author Atlantic Computer Services Categories Blog

This Malware Can Turn Off Windows Defender

Some malware strains are built with robust protections in order to avoid detection. Zloader goes a step further and actually disables Microsoft Defender AV (formerly known as Windows Defender). That’s significant because according to stats provided by Microsoft Defender AV is preinstalled on more than a billion PCs running Windows 10.

The hackers behind the campaign have changed their delivery vector. Former campaigns conducted by the group that controls Zloader relied on spam and phishing emails. The most recent campaign with the variant that disables Microsoft Defender AV is delivered via TeamViewer Google ads that redirect potential victims to fake download sites.

Antonio Pirozzi and Antonio Cocomazzi are researchers from SentinelLabs.

They had this to say about the most recent campaign:

“The attack chain analyzed in this research shows how the complexity of the attack has grown in order to reach a higher level of stealthiness.

The first stage dropper has been changed from the classic malicious document to a stealthy, signed MSI payload. It uses backdoored binaries and a series of LOLBAS to impair defenses and proxy the execution of their payloads.”

If you’re not familiar with the name Zloader you should know that this malware strain also goes by the names DELoader and Terdot. It was originally built as a banking Trojan way back in 2015 and has been kept up to date. As with many other strains it is based on the Zeus v2 Trojan whose source code was leaked online more than a decade ago.

Zloader has been used in attacks on financial institutions all over the world but a significant number of their attacks have been focused on the US, Australia and Brazil.

Originally it was used to pilfer a wide range of financial data for resale. More recently it has been modified to deliver ransomware payloads such as Egregor and Ryuk. This adds a new and devastating dimension to the attack.

If your business is in any way connected to the financial industry keep a watchful eye on Zloader. It represents a significant risk.

0
Posted on Author Atlantic Computer Services Categories Blog

Ransomware Attackers Look For Unpatched Systems To Exploit

Not long ago Microsoft patched a critical MSHTML remote code execution security flaw being tracked as CVE-2021-40444.

Beginning on August 18th of this year (2021) the company spotted hackers exploiting this flaw in the wild. So far there have been fewer than ten attacks made that exploit this flaw but it’s inevitable that the number will increase.

So far all of the attacks that have been tracked exploiting this flaw have relied on maliciously crafted Word documents and all have resulted in the installation of Cobalt Strike Beacon loaders.

Beacons deployed on at least one of the networks that were attacks communicated with infrastructure connected with a number of cyber crime campaigns. Those include the ones that utilize human-operated ransomware.

At least two of the other attacks tracked to date have delivered Trickbot and BazaLoader payloads. Microsoft observed a huge spike in exploitation attempts from multiple threat actors including some affiliated with ransomware-as-a-service operations.

Microsoft is continuing to monitor the situation but the bottom line is simply this: This flaw has been patched. Researchers connected with Bleeping Computer have independently verified that the exploit no longer works after applying the September 2021 security patch.

Hackers around the world are actively scanning for unpatched systems in order to exploit the vulnerability. If your system is vulnerable then your risk in this instance is extreme. The best course of action is to patch your way out of danger at your earliest opportunity.

If for any reason you are unable to apply the patch be aware that Microsoft has published a viable workaround that includes disabling ActiveX controls via Group Policy and preview in Windows Explorer.

Kudos to Microsoft for addressing the issue and for coming up with a workaround for those who are unable to patch their way to safety.

0
Posted on Author Atlantic Computer Services Categories Blog

Microsoft Accounts Will Allow Passwordless Methods For Users

Microsoft will be rolling out a new passwordless login scheme in the weeks ahead and that should make just about everyone happy.

Passwords and having to remember endless multitudes of them are one of the most annoying aspects of using the web today. Anything that can be done to reduce the number of passwords you have to contend with has to be counted as a good thing.

The Redmond giant began allowing its commercial customers to use the new paradigm back in March of 2020. This was after the company reported that more than a million users were logging into Azure Active Directory without using their passwords.

Liat Ben-Zur, Microsoft’s Corporate Vice President, had this to say about the new feature:

“Now you can remove the password from your Microsoft account and sign in using passwordless methods like Windows Hello, the Microsoft Authenticator mobile app or a verification code sent to your phone or email.

This feature will help to protect your Microsoft account from identity attacks like phishing while providing even easier access to the best apps and services like Microsoft 365, Microsoft Teams, Outlook, OneDrive, Family Safety, Microsoft Edge and more.”

Weak passwords are often what hackers leverage to gain access to corporate networks around the world. Unfortunately recent surveys have indicated that fully fifteen percent of people use their pets’ names as passwords and other obvious data points like dates of birth, anniversaries and the like.

All that to say that eliminating passwords is about more than simple convenience. It stands to make corporate networks around the world more secure.

If you want to start using the new passwordless login feature right now the first thing you’ll need to do is to install the Authenticator app and link it to your personal Microsoft account.

Once that’s done go to your Microsoft account page and sign in and turn on the ‘Passwordless Account’ under Advanced Security Options. It’s fantastic and you’re almost certain to love it.

0
Posted on Author Atlantic Computer Services Categories Blog

Instagram Will Require Age Verification Soon

More and more social media platforms are taking steps to improve protections for younger folk. Instagram is the latest company to take steps in that direction with the recent announcement that the platform will soon require users to provide their date of birth if they have not already done so.

The DOB prompts are already present and if you’re an Instagram user you may have already seen them. As of now those prompts are opt-in. If you don’t want to provide your date of birth you can simply close the window. The day is coming however when you won’t have a choice. If you want to keep using Instagram you’ll have to report your DOB.

The change is part of a broader effort which seeks to make it harder for adults to contact teens or pre-teens on Instagram. The company is also monitoring user contacts and flagging certain adults as “potentially suspicious” if they have a habit of reaching out minors on the platform.

These are good changes and long overdue. Even most privacy advocates who are usually wary about providing more information to service providers of any type generally applaud the recent announcement.

In any case it’s very good to see more and more social media platforms taking solid steps to see to the protection of minors. The internet is (or can be) a wild and dangerous place. Anything we can do to make it even marginally safer for our children has to be counted as a good thing.

Kudos to Instagram for joining the ever-growing chorus of social media companies to embrace changes like this. A list that currently includes social media and technology giants like TikTok, YouTube and Google. While it will take some time yet to measure their full impact and overall effectiveness, these are undoubtedly moves in the right direction that will make our kids safer.

0
Posted on Author Atlantic Computer Services Categories Blog

Popular Ring Doorbells To Get Encryption Option

Do you have a Ring Doorbell? They are offered by Amazon and they’re a wildly popular smart device that allows you to keep tabs on who’s coming to or walking by your door. The doorbell’s camera records video and saves it to the cloud so you can review it at your leisure.

Unfortunately there’s a problem. The videos on the cloud aren’t secured and it’s not difficult for hackers to gain access to them. It is easy for law enforcement to access them too for that matter. This is something that privacy advocates around the world have been complaining about since the Ring was first introduced. Now Amazon has done something about it.

Recently the company added E2EE (End to End Encryption) to the Ring but they’ve included it as an optional security feature. If you’re concerned about privacy and you want to make use of the new feature you’ll need to install the latest version of the Ring application on your phone then specifically opt in to using E2EE. If you opt in you’ll be required to set a password and you’ll need to remember it because AWS won’t keep a copy or store it anywhere.

Unfortunately E2EE isn’t fully integrated into the product line and specifically it won’t work with the company’s best-selling and lowest-priced unit. You should also be aware that although law enforcement won’t automatically have access to your doorbell’s videos they can still request access to the footage. If your town’s police force has partnered with Ring you can expect to get email requests from local law enforcement officials any time a crime is committed in your immediate area.

Although the new encryption feature isn’t perfect it is a powerful step in the right direction. Kudos to Amazon for taking steps to make the Ring doorbell and the video it takes more secure.

0
1 4 5 6 7 8 10