15
Jan, 2018
meltdown_spectre_four_400.jpg

ALERT: Meltdown/Spectre Hardware Vulnerability Requires Action

meltdown_spectre_four_400.jpg

Just a few months after finding themselves in a firmware fiasco, Intel is making news for all the wrong reasons. This issue had the potential to affect the CPU of a device, causing a severe dip in the performance of the device.

In a blog post by a user going by the name Python Sweetness, an issue was reported, describing “an embargoed security bug impacting apparently all contemporary CPU architectures that implement virtual memory, requiring hardware changes to fully resolve.” This means that, thanks to this bug, the interactions that different programs would have with the CPU would be affected.

Under normal circumstances, a CPU will have two modes that it operates under: kernel, which permits the user to make changes to the computer itself, and user, which is considered a ‘safe’ mode. Python Sweetness discovered a bug that blurred the distinction between the two modes. The bug allowed programs run in user mode to also access kernel mode, possibly allowing malware to access the computer’s hardware.

However, the circumstances have proven to be less dire than they originally appeared. The expectation was that this bug would cause entire processes to shift back and forth between user and kernel mode, hamstringing the speed at which the device would operate. There was also the expectation that this issue would not be able to be resolved without a hardware change.

For PCs with Windows 10 installed and an antivirus that supports the patch, the fix should already be in place. However, to confirm this, go to Settings > Update & Security to see if there are any updates waiting to be installed. If not, check your update history for Security Update for Windows (KB4056892) or check with your antivirus provider to find out when it will be supported, the patch will not install until it sees that the antivirus has been updated to a version that the vendor verifies supports this patch.

Android devices had an update pushed on January 5 to provide some mitigations, with more protections coming in later updates. These patches have already been pushed to Google-branded phones, like the Nexus and Pixel lines, and may have been on other Android devices. It doesn’t hurt to check, and if you haven’t been updated, go online and put pressure on your carrier on a public forum.

Google Chrome should be updated with similar mitigations on January 23, with other browsers updating soon after. To help protect yourself until then, have your IT team activate Site Isolation to minimize the chance of a malicious site accessing data from another browser tab.

Other devices (like NAS devices, smart appliances, networking equipment, media equipment, etc.) may also be at risk, as they are using similar hardware. It’s really important for business owners to have their entire infrastructure reviewed and audited.

These kinds of issues help to demonstrate the value of an MSP’s, or managed service provider’s, services. MSPs like NuTech Services are sure to keep themselves informed on the latest developments in IT security and any resolutions they can pass on to businesses like yours, if they don’t implement them on your behalf.

As a result, you and the rest of your team can go about your business without having to concern yourself with solving issues like these, knowing that you can trust the team who is solving it for you. For more ways that an MSP can help keep your business security and operations optimized, reach out to NuTech Services at 810.230.9455.

10
Apr, 2017
last_pass_leak_400.jpg

Alert: LastPass Vulnerability Found. Is Any Password Manager Safe?

last_pass_leak_400.jpg

Thanks to one of Google’s researchers with the Zero Day Project, it has been discovered that LastPass has a major vulnerability as a result of a major architectural problem. This news comes on the heels of many other flaws the same researcher discovered within LastPass. However, based on what the researcher claims, these vulnerabilities were much less serious than his latest discovery.

After having “an epiphany in the shower,” Tavis Ormandy realized that the latest version of the password manager’s browser extension is subject to a flaw that allows some malicious websites to have their way with the user’s system. Otherwise, the vulnerability allows malicious websites to steal the user’s passwords from behind LastPass’ protections. Unfortunately, this vulnerability seems to be present in the extensions for every major browser on Windows and Linux, and is most likely present for Mac users as well.

Making this vulnerability even more significant, the vulnerability only requires the extension to be installed in order for it to be exploited. A user could be logged out and still be subject to receiving malicious code from the website they’re visiting.

To their credit, LastPass is committed to resolving this issue, acknowledging Ormandy’s report a mere hour after he submitted it. Two days later, LastPass released a blog post going over these events and offering a few recommendations:

  • Launch websites from the LastPass vault: To retain the highest level of security as possible, it’s better to access websites from the LastPass vault itself.
  • Use Two-Factor Authentication wherever possible: This will add an extra layer of security to prevent leaked credentials from granting easy access to your accounts.
  • Keep an eye out for phishing attacks: Clicking on a malicious link is a great way to hand over your access credentials to malicious entities, so before you click on a link in a received message, take a moment to ask yourself if the link makes sense to be coming from who allegedly sent it.

LastPass has also been vocal in their appreciation for people like Ormandy finding issues like these before they are found the hard way. According to Joe Siegrist, cofounder and vice president of LastPass, “We greatly appreciate the work of the security community to challenge our product and uncover areas that need improvement.

LastPass now has 90 days before Ormandy and Project Zero release the technical details as part of their disclosure policies. In the meantime, it would be prudent to take LastPass’ advice to heart for the sake of your own network security.

To ensure your credentials are protected, and to schedule a full security audit, contact NuTech Services at 810.230.9455.

3
Apr, 2017
do_you_have_a_data_leak_400.jpg

Alert: 33.7 Millions Records Released to Public Due to Leak of Massive Marketing Database

do_you_have_a_data_leak_400.jpg

In recent news, millions of records containing personal information were made available to the public in a sizable data leak, providing potential scammers with plenty of information to utilize in their schemes. These records were all part of a 53 GB database that was available for purchase from Dun & Bradstreet, a business service firm.

The database contained information that could be of great use to hackers and marketers alike, as it outlined corporate data for businesses within the United States, providing professional details and contact information for members at every level of the businesses included.

Dun & Bradstreet released a statement via email in an attempt to remove the firm from any responsibility. According to the firm, there was no evidence of a breach on their systems. The email also pointed out that the leaked data was sold to “thousands” of other companies, and that the leaked data seemed to be six months old. In essence, Dun & Bradstreet’s position was “not our fault.,” and that there was little cause for worry, as the list only contained “generally publicly available business contact data.”

However, not everyone feels that the responsibility for this event can be passed off so easily, especially considering the nature of the data found on the database.

Troy Hunt manages Have I Been Pwned, a data leak alert site that allows a user to reference one of their accounts to determine if their credentials have been compromised. He offered up his own take after reviewing the database for himself. Hunt’s analysis revealed that the organizations with the most records in the database were:

  • The United States Department Of Defense: 101,013
  • The United States Postal Service: 88,153
  • AT&T Inc.: 67,382
  • Wal-Mart Stores, Inc.: 55,421
  • CVS Health Corporation: 40,739
  • The Ohio State University: 38,705
  • Citigroup Inc.: 35,292
  • Wells Fargo Bank, National Association: 34,928
  • Kaiser Foundation Hospitals: 34,805
  • International Business Machines Corporation: 33,412

If this list alarms you, you have the right idea. In his comments, Hunt brought up a few concerns that he had with the contents of the database out in public.

First of all, this list is essentially a guidebook for someone running a phishing campaign. A resourceful scammer could easily use the information contained in this list (including names, titles, and contact information) to create a very convincing and effective campaign. Furthermore, the most common records in the leaked database were those of government officials and employees. Hunt went so far as to mention which personnel records could be found in the database for the Department of Defense: while “Soldier” was the most common, the list also included “Chemical Engineer” and “Intelligence Analyst” entries.

In his response, Hunt asked a very important question: “How would the U.S. military feel about this data – complete with PII [personally identifiable information] and job title – being circulated?” With the very real threat of state-sponsored hacking and other international cyber threats in mind, Hunt brought up the value this list would have to a foreign power that isn’t fond of the U.S.

Finally, Hunt cited the chances of this data being recovered to be at a firm “zero” percent.

In short, despite the reassurances from Dun & Bradstreet, this database going public could present some very real dangers to any businesses included in it.

If you’re worried that your business may be vulnerable, there are two things you should do. First, you should see if your data has been exposed by checking Hunt’s site, Have I Been Pwned. Second, you should reach out to us at NuTech Services, so we can help keep you secured against threats like this and others. Give us a call at 810.230.9455.

12
Dec, 2016
facebook_safety_check_400.jpg

In Case of Emergency, Activate Facebook’s Safety Check

facebook_safety_check_400.jpg

In 2014, Facebook launched Safety Check, a helpful tool allowing users to “check in” that they’re okay during a crisis event, like a natural disaster, mass shooting, etc. Recently, Facebook made a major change to Safety Check by allowing users affected by the crisis to activate the feature. This is yet another example of how social media is changing the way people find out about major events and react to them.

To give you an idea of the sizeable difference this change makes, consider the fact that in the first year of Safety Check (when it was exclusively controlled by Facebook), the feature was activated 39 times worldwide. Since the change was made in December of 2015, Safety Check was activated a total of 328 times over the following six months. That is a significant number of crisis situations that would have been overlooked if Facebook alone was at the helm.

Rest assured, Facebook is still involved in Safety Check’s activation process. Otherwise, jokesters and Internet trolls would surely abuse the tool and “cry wolf” every chance they get, which would effectively render the tool useless. To prevent this, Facebook has a two-step activation system.

  • Step 1: A user submits a crisis event to Facebook they deem to be worthy of Safety Check activation.
  • Step 2: Facebook checks on the validity of the event by analyzing the chatter over its social network, along with third party organizations.

If the crisis event makes it through rigors of this automated process, then Safety Check is activated and those affected can begin “checking in” that they’re okay.

Of course, the Internet being the Internet, there will always be those who make light of a crisis situation by “checking in” on Safety Check events that have nothing to do with them. However, this annoyance aside, society can only benefit from the public having a tool like Safety Check to quickly notify scores of friends and family of one’s status during a crisis.

Have you used Facebook’s Safety Check to notify your friends that you’re okay? If so, then share with us in the comments if you’ve found this tool to be useful or not.

29
Aug, 2016
ransomware_money_400.jpg

Alert: Microsoft Outlook Users Be Wary of New Ransomware

ransomware_money_400.jpg

Ransomware is a particularly nasty strain of malware that continues to pop up in unexpected forms. In the case of a new variant of called Cerber, it targets users of Microsoft Outlook using a zero-day vulnerability via phishing messages. To make matters worse, Cerber can also utilize DDoS attacks, which is a major cause for concern.

Distributed Denial of Service attacks utilize previously-infected “botnets” (networks of infected computers) to slam the targeted system with a ferocious amount of traffic. The legs of the targeted system eventually buckle, and the organization’s operations are crippled by downtime. Now that ransomware is using DDoS attacks, it becomes much riskier to ignore a ransomware warning. Plus, the infected computer is brought into the botnet and used to torture other poor souls who are unfortunate enough to get infected.

Cerber demands a ransom of 1.24 Bitcoins to unlock the ransomware. As of this time of writing, 1.24 Bitcoins are valued at approximately $718.

The intended victim receives an email containing the ransomware which, when activated, adds three files to the desktop of the victim’s computer. Each contains the same message; one is a simple TXT file, another is HTML, and the third is a Visual Basic Script that converts to an audio message. Their message reads: Attention! Attention! Attention! Your documents, photos, databases and other important files have been encrypted! To add insult to injury, this message will trigger every time you boot your computer.

The hackers make it quite easy for users to pay the ransom. The two files contain instructions to navigate to the Tor payment site, while also offering some inspirational advice: “What doesn’t kill me makes me stronger,” transcribed in Latin. In most cases, we recommend against paying the ransom, but sometimes it’s unavoidable; particularly if you don’t have a secure data backup. Still, there’s no guarantee that the hacker will ever release your files, and contributing funds will only further their goals to attack others like yourself.

There’s currently no known way to eliminate Cerber, which makes it crucial to protect your systems from infection. In particular, you should focus on security best practices and identify phishing scams, as this is the primary mode through which ransomware spreads. As the business owner, you need to ensure that your organization follows these practices, from the top-down.

  • Users need to understand email security best practices. This includes being wary of unsolicited messages that contain attachments or suspicious links.
  • All of your organization’s mission-critical data should be backed up and stored in an isolated location. This way, even if your network becomes infected with ransomware, you can just restore the backup to avoid paying the hackers.
  • Keep your systems updated with the latest versions of software solutions, and always keep your antivirus solution updated with the latest threat definitions. Malware designers are always trying to outpace security professionals, so stay one step ahead to help keep yourself secure.

For more information about cyber security and other best practices, reach out to NuTech Services at 810.230.9455.

11
Aug, 2016
alert_windows_and_edge_updates_400.jpg

Alert: Microsoft’s Latest Patches Address 27 Vulnerabilities

alert_windows_and_edge_updates_400.jpg

Microsoft recently issued security patches to fix 27 vulnerabilities, many of which are critical in nature. The vulnerabilities are significant and popular titles are affected like Windows, Microsoft Office, Internet Explorer, and the new Edge browser. Microsoft users that ignore these security patches are putting their system at unnecessary risk.

If you’ve already applied the security patches, then rest assured, your computers are safe and what follows is an informative read of what you’re protected from. On the other hand, if you haven’t yet applied the security patches, then we’ll go over why you’ve got good reason to worry.

In relation to the critical vulnerabilities affecting Microsoft Office, Internet Explorer, and Edge, hackers have found a way to remotely execute malicious code through Office documents or web pages. Microsoft goes into detail about this in the following security bulletins:

Microsoft has also found and fixed vulnerabilities with the Windows Graphics Component, which affects Windows, Microsoft Office, Skype, and Lync. Hackers can exploit this vulnerability to remotely execute code through malicious documents and web pages.

Perhaps affecting the most users is a vulnerability discovered in Windows PDF Library, which comes bundled with Windows 8.1, Windows RT 8.1, Windows 10, Windows Server 2012, and Windows Server 2012 R2. This vulnerability involves a critical remote code execution flaw. The Edge browser is uniquely affected by this vulnerability, giving hackers an opening to exploit a malicious PDF document hosted on a website, which they’ll use to trick users into downloading.

Not all vulnerabilities fixed by Microsoft are categorized as “critical.” The security patches also take care of vulnerabilities deemed “important.” Still, the lessened severity of the threat doesn’t mean users can afford to ignore the patches.

Have you already applied Microsoft’s security patches? It’s important that you do and NuTech Services is standing by to assist if you require our services. To make this happen, simply call us at 810.230.9455.

We should also mention that NuTech Services clients who are taking advantage of our managed IT service have no need to worry about applying the security patches; our techs have already remotely performed this task for you. This is the case with all security patches and major software updates, meaning that you can rest easy knowing that your system is protected.

25
Jul, 2016
android_malware_400.jpg

Alert: New Malware Can Download 200 Malicious Apps in a Few Short Hours

android_malware_400.jpg

You don’t often hear about mobile operating systems being vulnerable to security threats (desktop vulnerabilities usually hog the spotlight), but when you do, they’re usually major problems that you need to be aware of. One such threat is called “Hummer,” a trojan that has installed unwanted apps and malware to more than a million phones all over the world.

About the Hummer Malware Family
The Hummer family of malware has increased in reach and scope since earlier this year. Cheetah Mobile reports that, at its peak, Hummer infected as many as 1.4 million devices daily. Thought to originate in China, Hummer infected over 63,000 devices daily in China alone. While the number of infections has begun to drop off, there still remain an astounding number of infected devices: about 1,190,000.

As reported by TechRepublic, here are the top five countries that are infected by the Hummer malware family:

  • India: 154,248
  • Indonesia: 92,889
  • Turkey: 63,906
  • China: 63,285
  • Mexico: 59,192

What It Does
The Hummer trojan roots the device that it infects, effectively unlocking the operating system and allowing for administrator privileges. Once it has done this, it begins to install malware and unwanted applications, games, pornographic applications, and other dangerous, if not annoying, programs. Since the Hummer trojan gains root access, traditional antivirus and other preventative measures aren’t capable of eliminating it from your device.

Perhaps the most annoying part of this malware is the fact that you can’t even uninstall the unwanted apps. The trojan will reinstall them continuously, which is both frustrating and cause for concern. Cheetah Mobile ran a test on the Hummer trojan and came to some shocking results: “In several hours, the trojan accessed the network over 10,000 times and downloaded over 200 APKs, consuming 2 GB of network traffic.” In other words, you can bet that you don’t want this trojan installed on your device.

How to Fix It
If you think that wiping your device will get rid of the trojan, think again. Cheetah Mobile claims that even a factory reset won’t remove it from your device. However, Cheetah Mobile’s Killer app is capable of removing the trojan. Alternatively, users can flash their device, but this is a complicated procedure that may not be worth the effort.

Hummer is just one of the many mobile threats out there that users of smartphones and other devices need to worry about. To learn more about how you can secure your organization’s mobile devices from Hummer and other threats, reach out to us at 810.230.9455.

13
Jun, 2016
7zip_vulnerability_400.jpg

Alert: 7-Zip Software Can Leave Your System Vulnerable

7zip_vulnerability_400.jpg

Software vulnerabilities can cause major issues for individuals and businesses. Cisco’s Talos Security Intelligence and Research Group, which is designed as an organization to “protect consumers from known and emerging threats,” has found such a vulnerability with 7zip.

The 7zip software is an open-sourced file archiver and decompressor, and has many software developers scrambling to patch their products. Since 7zip is freeware, it is naturally used in the development of other applications’ code; and that is making this particular vulnerability more than your run-of-the-mill code malfunction. Currently there are two discovered vulnerabilities with the software. ZDNet explains the issues in stark detail:

  • “The first vulnerability, CVE-2016-2335, is an out-of-bounds security flaw caused by the way 7zip handles Universal Disk Format (UDF) files. When partition maps are scanned to find objects within the file system, there is a lack of proper checking which can cause a read-out-of-bounds problem. If exploited, cyberattackers could use the vulnerability to execute code remotely.”
  • “The second security flaw, CVE-2016-2234 , is an exploitable heap overflow vulnerability found within the Archive::NHfs::CHandler::ExtractZlibFile method functionality of 7zip. In the software’s HFS+ system, files can be stored in a compressed format using zlib, and depending on the size of the data, this information may be stored in blocks.”

In layman’s terms, the vulnerabilities affected the way that many programs utilizing 7zip function. In particular, software programs like antivirus solutions are affected. The vulnerabilities change the way that files are compressed and decrypted; and, since the 7zip code was used as a part of so many other pieces of software, the opportunities are real and prevalent. While this vulnerability may not present network administrators with as much fear as 2014’s Heartbleed vulnerability, the potential for data and network breaches is concerning.

Working with Talos, the 7zip developers have patched the problems, with their latest offering, 7zip v. 16.00, being free of these vulnerabilities. Any other version of the software needs to be updated immediately to ensure that users are not subject to data breaches as a result of this vulnerability. Any other software that has the 7zip code needs to be patched as well.

For more information on the latest security vulnerabilities, as well as information on how to protect your organization from potential threats, call us today at 810.230.9455.