Vulnerability Archives - NuTech Services LLC

Aug, 2021

REvil Vanishes, Along With Some Companies’ Hopes to Decrypt Their Data

The Kaseya ransomware attack targeting VSA servers for approximately 1,500 organizations was another notable attack in a recent string of high-profile ransomware attacks, and while most organizations did what most security professionals recommend and did not pay the ransom, others did not listen. Now those who did pay the ransom are having trouble decrypting their data, and REvil is nowhere to be found to help them in this effort.

With REvil, the hackers reportedly responsible for the Kaseya ransomware attack, having shuttered their operations, some organizations who actually paid the ransom are in a tight spot. Following comments from United States President Joe Biden urging Russian officials to take action against REvil, it was reported that dark web sites for REvil’s payment portal, public portal, helpdesk chat, and negotiations portal were all offline. It is unclear what has caused these outages; it could be a government shutdown just as easily as it could not. Either way, our thoughts turn back to those who are impacted most by this outage: those who paid the ransom, but cannot decrypt their data.

Ordinarily, those who need help with decrypting their data after paying the ransom could contact REvil’s helpdesk, but if they are nowhere to be found, and your decryption tools are not working as expected, what is there to do? It is, yet again, a stark reminder that you cannot guarantee that paying the ransom will help you get your data back should you fall victim to a ransomware attack. What good reason is there to trust the goodwill of hackers who extort money from others and create so much trouble for countless organizations and individuals around the world? There cannot possibly be one.

We understand that you may feel you do not have a choice in the matter regarding paying up for ransomware attacks, but at the end of the day, it is simply far too risky to do so. Not only are you paying up for a possibility of decrypting your data—not a guarantee, mind you—but you are also funding future attacks and proving to the world that ransomware works well enough to extort millions of dollars from companies around the world. Show the hackers who is in the driver’s seat by refusing to give in to their demands.

Rather than reacting to ransomware attacks, you should instead take a proactive stance against them. Start with implementing adequate security measures that can detect the many modes of transport that ransomware utilizes, as well as a data backup system that can help to restore your infrastructure in the event of a ransomware infection. Furthermore, you must train your employees on how to identify and respond to potential ransomware threats. If you do all of this, you can minimize the chances that ransomware will significantly influence your organization.

NuTech Services can assist you with the implementation of any new security or data backup solutions, as well as train your team on how to be more mindful about these threats. To learn more, reach out to us at 810.230.9455.

Feb, 2018

Cisco Bug Ranks as One of the Worst

A new exploit is making the rounds in the security environment, and this time, it affects virtual private networks. According to Cisco, the flaw affects its Adaptive Security Appliance (ASA) tool, and it should be patched as quickly as possible. If you don’t do so, your organization could be subject to remote code exploitation as a result of this vulnerability.

Cisco has showcased that the VPN bug can essentially allow hackers to infiltrate their security devices using the ASA operating system. The vulnerability is found in the Secure Sockets Layer (SSL) and can, according to Cisco, “allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code.” What does this mean in plain English? In theory, an attacker could take complete and total control over a system (a considerable threat for any organization, especially considering the ramifications from a physical security standpoint). This vulnerability is so dangerous that it has earned a 10-out-of-10 on the Common Vulnerability Score System, taking its place among the upper echelon of major vulnerabilities.

While the vulnerability is only allowed if WebVPN is enabled, it’s still a major threat that you don’t want to overlook. According to ZDNet, here are some of the devices that are affected by this vulnerability:

3000 Series Industrial Security Appliance (ISA)
ASA 5500 Series Adaptive Security Appliances
ASA 5500-X Series Next-Generation Firewalls
ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
ASA 1000V Cloud Firewall
Adaptive Security Virtual Appliance (ASAv)
Firepower 2100 Series Security Appliance
Firepower 4110 Security Appliance
Firepower 9300 ASA Security Module
Firepower Threat Defense Software (FTD).

At its time of discovery, the bug was not being exploited in the wild, but Cisco has been made aware of attempts to leverage of the vulnerability. Since the announcement, the vulnerability has been spotted in the wild, and the initial patch that Cisco implemented to combat this vulnerability proved to insufficient, as there were additional features and attack vectors that were not identified until later.

Cisco has released an updated patch for this vulnerability, so you need to implement it if you don’t want to take a needless risk, and endanger your network and data. It’s a good rule of thumb to never let known vulnerabilities linger too long, as you could be placing your business in harm’s way.

It’s incredibly important that your business be mindful of not just these vulnerabilities, but all vulnerabilities found in critical business software and hardware. This Cisco bug isn’t the first software vulnerability to be found, and it certainly won’t be the last. Hackers are always working to undermine the efforts of developers who are trying to keep their software as secure as possible. It’s up to you to ensure your organization isn’t exposing itself to threats by neglecting patches and security updates.

NuTech Services can help your organization ensure that patches and updates are applied as needed. We can do this remotely in most cases, without the need for an on-site visit. It’s a great way to get more value out of your business’ technology without sacrificing security. To learn more about how you can make technology work for you, reach out to us at 810.230.9455.

Jan, 2018

ALERT: Meltdown/Spectre Hardware Vulnerability Requires Action

Just a few months after finding themselves in a firmware fiasco, Intel is making news for all the wrong reasons. This issue had the potential to affect the CPU of a device, causing a severe dip in the performance of the device.

In a blog post by a user going by the name Python Sweetness, an issue was reported, describing “an embargoed security bug impacting apparently all contemporary CPU architectures that implement virtual memory, requiring hardware changes to fully resolve.” This means that, thanks to this bug, the interactions that different programs would have with the CPU would be affected.

Under normal circumstances, a CPU will have two modes that it operates under: kernel, which permits the user to make changes to the computer itself, and user, which is considered a ‘safe’ mode. Python Sweetness discovered a bug that blurred the distinction between the two modes. The bug allowed programs run in user mode to also access kernel mode, possibly allowing malware to access the computer’s hardware.

However, the circumstances have proven to be less dire than they originally appeared. The expectation was that this bug would cause entire processes to shift back and forth between user and kernel mode, hamstringing the speed at which the device would operate. There was also the expectation that this issue would not be able to be resolved without a hardware change.

For PCs with Windows 10 installed and an antivirus that supports the patch, the fix should already be in place. However, to confirm this, go to Settings > Update & Security to see if there are any updates waiting to be installed. If not, check your update history for Security Update for Windows (KB4056892) or check with your antivirus provider to find out when it will be supported, the patch will not install until it sees that the antivirus has been updated to a version that the vendor verifies supports this patch.

Android devices had an update pushed on January 5 to provide some mitigations, with more protections coming in later updates. These patches have already been pushed to Google-branded phones, like the Nexus and Pixel lines, and may have been on other Android devices. It doesn’t hurt to check, and if you haven’t been updated, go online and put pressure on your carrier on a public forum.

Google Chrome should be updated with similar mitigations on January 23, with other browsers updating soon after. To help protect yourself until then, have your IT team activate Site Isolation to minimize the chance of a malicious site accessing data from another browser tab.

Other devices (like NAS devices, smart appliances, networking equipment, media equipment, etc.) may also be at risk, as they are using similar hardware. It’s really important for business owners to have their entire infrastructure reviewed and audited.

These kinds of issues help to demonstrate the value of an MSP’s, or managed service provider’s, services. MSPs like NuTech Services are sure to keep themselves informed on the latest developments in IT security and any resolutions they can pass on to businesses like yours, if they don’t implement them on your behalf.

As a result, you and the rest of your team can go about your business without having to concern yourself with solving issues like these, knowing that you can trust the team who is solving it for you. For more ways that an MSP can help keep your business security and operations optimized, reach out to NuTech Services at 810.230.9455.

May, 2017

“The Worst” Windows Bug is Now Taken Care of, Thanks to Google

When a security researcher tweeted about what they thought was “the worst Windows remote code exec” in his memory, a recent incident came to mind: one that allowed a targeted file to implement remote code execution processes in order to manipulate any infected system. This vulnerability let the infected machine spread the issue to others and could be set off if a certain file were to be scanned by the Microsoft Malware Protection Engine. Scary stuff!

Regarding the incident, Microsoft was quick to resolve the issue. Thankfully.

The researchers who uncovered this vulnerability were Tavis Ormandy and Natalie Silvanovich from the Google Project Zero team. Once the pair had discovered the vulnerability, they took to Twitter to announce it to the world, including to Microsoft and the Microsoft Security Response Center.

Upon the notification, the MSRC confirmed that the vulnerability was indeed present, and that there were quite a few pieces of software within the Microsoft Malware Protection Engine that allowed a “specially crafted file” to run code placed on the system. This vulnerability was so widespread that it could be found on just about any recent Windows machine, including those running Windows 7, 8.1, 10, and even Windows RT.

Though this particular problem has been resolved, its urgency serves to remind all business owners that their software solutions need to be up-to-date at all times. While problems are often resolved by programmers, hackers always try to outdo them, creating a vicious, neverending cycle. Unless you want your business to be caught in the crossfire, you should patch your software whenever new updates are released. If you try to function without them, you’ll be leaving your organization wide open to attacks–attacks that can easily be preventable with proactive maintenance.

Does your organization need this type of proactive maintenance and management? If you think that it’s a hassle to keep an eye out for updates, you’re right. You shouldn’t have to worry about this, especially not while keeping your operations afloat. NuTech Services can provide the IT you need by taking care of these updates for you so you can stay focused on running your business. To learn more, reach out to us at 810.230.9455.