Advanced Technology Consultants https://www.atcus.com Sat, 27 Jun 2020 17:16:33 +0000 en-US hourly 1 https://wordpress.org/?v=4.9.15 Major T-Mobile Outage Was Not A DDOS Attack https://www.atcus.com/2020/06/27/major-t-mobile-outage-was-not-a-ddos-attack/ https://www.atcus.com/2020/06/27/major-t-mobile-outage-was-not-a-ddos-attack/#respond Sat, 27 Jun 2020 15:00:00 +0000 https://www.atcus.com/2020/06/27/major-t-mobile-outage-was-not-a-ddos-attack/ Rumors were recently swirling around cellphone carrier T-Mobile. Fears were running rampant that a massive DDOS attack may be underway on the heels of a major outage. The rumors spread like wildfire ...]]> Rumors were recently swirling around cellphone carrier T-Mobile. Fears were running rampant that a massive DDOS attack may be underway on the heels of a major outage.

The rumors spread like wildfire through the internet. At one point, even a US Senator got involved, retweeting a rumor that the attack was supposedly based out of China.

The company's IT staff duly sprang into action, but as they conducted their research, it quickly became apparent that something else was going on. That 'something else' turned out to be a problem with one of the company's leased fiber circuits. Apparently, the company was in the process of making some changes to the way network traffic was routed. Things began to go badly, leading to a series of cascade failures, which ultimately caused a widespread outage.

Neville Ray is T-Mobile's President of Technology. Once the company had a firm handle on what was going on, he tweeted the following information in a series of messages in an attempt to assuage concerned.

Ray Stated:

"Our engineers are working to resolve a voice and data issue that has been affecting customers around the country. We're sorry for the inconvenience and hope to have this fixed shortly."

A follow up message read:

"Teams continue to work as quickly as possible to fix the voice and messaging problems some are seeing. Data services are now available and some calls are completing. Alternate services like WhatsApp, Signal, iMessage, Facetime etc. are available. Thanks for your patience."

A few hours after that, Mr. Ray sounded the all clear, stating that the issue had been resolved and apologizing again for the inconvenience.

More complete information recently published on T-Mobile's website reads, in part as follows:

"This is something that happens on every mobile network, so we've worked with our vendors to build redundancy and resiliency to make sure that these types of circuit failures don't affect customers...

This redundancy failed us and resulted in an overload situation that was then compounded by other factors. This overload resulted in an IP traffic storm that spread from the Southeast to create significant capacity issues across the IMS (IP multimedia Subsystem) core network that supports VoLTE calls."

Despite the rapid response, many of the company's customers took to Twitter to express their frustrations. Their frustration is justified with how much more heavily so many people are leaning on technology during the pandemic. Sadly, this will almost certainly not be the last time we encounter problems like this until things begin to return to something closer to normal.

Used with permission from Article Aggregator

]]>
https://www.atcus.com/2020/06/27/major-t-mobile-outage-was-not-a-ddos-attack/feed/ 0
Intel Steps Up Game With CPU-Level Malware Protection https://www.atcus.com/2020/06/26/intel-steps-up-game-with-cpu-level-malware-protection/ https://www.atcus.com/2020/06/26/intel-steps-up-game-with-cpu-level-malware-protection/#respond Fri, 26 Jun 2020 15:00:00 +0000 https://www.atcus.com/2020/06/26/intel-steps-up-game-with-cpu-level-malware-protection/ Tech companies both big and small are always looking for new ways to protect their customers from the threat of malware.While that's not something that hardware vendors are known for, Intel has ...]]> Tech companies both big and small are always looking for new ways to protect their customers from the threat of malware.While that's not something that hardware vendors are known for, Intel has leapt into the fray with a recent announcement.

Their planned "Tiger Lake" mobile processers will offer CPU-level malware protection features.

Tom Garrison is Intel's VP & General Manager of Client Security Strategy and Initiatives.

Tom had this to say about the planned features:

"Intel CET is designed to protect against the misuse of legitimate code through control-flow hijacking attacks--widely used techniques in large classes of Malware...Intel has been actively collaborating with Microsoft and other industry partners to address control-flow hijacking by using Intel's CET technology to augment previous software-only control-flow integrity solutions."

Specifically, Intel's CET provides two new capabilities to help guard against control-flow hijacking malware: Indirect Branch Tracking (IBT) and Shadow Stack (SS). Collectively, these two new tools work by defeating malware designed to use ROP (Return Oriented Programming), JOP (Jump Oriented Programming) and COP (Call Oriented Programming).

Garrison adds:

"The significance of Intel CET is that it is built into the microarchitecture and available across the family of products with that core...While Intel vPro platforms with Intel Hardware Shield already meet and exceed the security requirements for Secure-core PCs, Intel CET further extends advanced threat protection capabilities....when used properly by software, [it] is a bit step in helping prevent exploits from hijacking the control-flow transfer instructions."

As mentioned, the new capabilities will initially roll out for mobile processors, but the company has plans in the work to expand the microarchitecture into desktop and server platforms as well.

This is good news and we're excited to see the hardware's capabilities in action. Of course, it remains to be seen how effective the new protections will be, but industry experts are cautiously optimistic.

Used with permission from Article Aggregator

]]>
https://www.atcus.com/2020/06/26/intel-steps-up-game-with-cpu-level-malware-protection/feed/ 0
Update Fix For VLC Media Player Security Bug Now Available https://www.atcus.com/2020/06/25/update-fix-for-vlc-media-player-security-bug-now-available/ https://www.atcus.com/2020/06/25/update-fix-for-vlc-media-player-security-bug-now-available/#respond Thu, 25 Jun 2020 15:00:00 +0000 https://www.atcus.com/2020/06/25/update-fix-for-vlc-media-player-security-bug-now-available/ Do you use the VLC Media Player to watch downloaded movies and other videos? If so, be aware that researchers have discovered a serious security flaw in the code that allows for ...]]> Do you use the VLC Media Player to watch downloaded movies and other videos?

If so, be aware that researchers have discovered a serious security flaw in the code that allows for remote code execution, which could compromise your system.

The vulnerability is being tracked as CVE-2020-13428 and is described as a buffer overflow issue.

This could allow an attacker to execute commands under the same security level as the currently logged in user.

Fortunately, VideoLan, the company behind the media player, has rushed to fix the issue and released a patch. Version 3.0.11 of the program is currently available for Windows, Mac and Linux.

VLC Media Player is one of the most popular and flexible media players on the market today, and boasts an impressive number of installs. Even if you only make use of it occasionally, if you've got it installed on your system, it is strongly recommended that you take a few moments to install the latest update. The company also took the time to address a few other issues with the code.

Installing the update will also address the following issues:

  • Fixes HLS regressions
  • Fixes a potential crash on startup on macOS
  • Fixes imprecise seeking in m4a files
  • Fixes resampling on Android
  • Fixes a crash when listing bluray mountpoints on macOS
  • Avoid unnecessary permission warnings on macOS
  • Fixes permanent silence on macOS after pausing playback
  • Fixes AAC playback regression

Video playback is something that many of us simply take for granted. Unfortunately, an unpatched version of whatever program you're using could leave the door open to an attack by hackers that could lead to a total system compromise. It's definitely worth checking to see if you've got the player installed, and then verifying that you're running the latest version.

Used with permission from Article Aggregator

]]>
https://www.atcus.com/2020/06/25/update-fix-for-vlc-media-player-security-bug-now-available/feed/ 0
Credit Card Data Breach Affects Popular Jewelry And Accessory Store https://www.atcus.com/2020/06/24/credit-card-data-breach-affects-popular-jewelry-and-accessory-store/ https://www.atcus.com/2020/06/24/credit-card-data-breach-affects-popular-jewelry-and-accessory-store/#respond Wed, 24 Jun 2020 15:00:00 +0000 https://www.atcus.com/2020/06/24/credit-card-data-breach-affects-popular-jewelry-and-accessory-store/ Claire's Jewelry and Accessories is the latest company to fall victim to hackers. According to a recent disclosure made by the company, both the retail giant's main website, and the website of ...]]> Claire's Jewelry and Accessories is the latest company to fall victim to hackers.

According to a recent disclosure made by the company, both the retail giant's main website, and the website of their subsidiary, Icing, were compromised.

They were hit by what appears to be a Magecart attack.

The company's disclosure reads in part as follows:

"On Friday, we identified an issue related to our e-commerce platform and took immediate action to investigate and address it. Our investigation identified the unauthorized insertion of code to our e-commerce platform designed to obtain payment card data entered by customers during the checkout process. We removed that code and have taken additional measures to reinforce the security of our platform.

We are working diligently to determine the transactions that were involved so that we can notify those individuals. Cards used in our retail stores were not affected by this issue. We have also notified the payment card networks and law enforcement. It is always advisable for cardholders to monitor their account statements for unauthorized charges.

The payment card network rules generally provide that cardholders are not responsible for unauthorized charges that are timely reported. We regret that this occurred and apologize to our customers for any inconvenience caused"

The attack apparently came just one day after the retailer closed down all of their brick and mortar shops worldwide as a result of the COVID-19 pandemic. Based on the investigation to this point, the hackers were actively trying to steal customer credit card data between April 30th and June 13th, 2020.

If you or any member of your family has made a purchase on either the Claire's website or their subsidiary site Icing, be aware that your payment card information may have been compromised. Be sure to alert your credit card issuing company right away, and be on the alert for any suspicious charges that may appear on the card or cards used to make those purchases.

Used with permission from Article Aggregator

]]>
https://www.atcus.com/2020/06/24/credit-card-data-breach-affects-popular-jewelry-and-accessory-store/feed/ 0
Watch Out for Fake YouTube Channels Asking For Bitcoin https://www.atcus.com/2020/06/23/watch-out-for-fake-youtube-channels-asking-for-bitcoin/ https://www.atcus.com/2020/06/23/watch-out-for-fake-youtube-channels-asking-for-bitcoin/#respond Tue, 23 Jun 2020 15:00:00 +0000 https://www.atcus.com/2020/06/23/watch-out-for-fake-youtube-channels-asking-for-bitcoin/ A group of highly organized scammers have commandeered a pair of Youtube channels and renamed them to "SpaceX Live" and "SpaceX" in order to capitalize on the popularity of Elon Musk and ...]]> A group of highly organized scammers have commandeered a pair of Youtube channels and renamed them to "SpaceX Live" and "SpaceX" in order to capitalize on the popularity of Elon Musk and his SpaceX company. SpaceX made headlines recently with their manned launch out of Florida. Over the course of just two days, the scammers were able to collect nearly $150,000 in bitcoins.

Here's how the scam works:

It's fairly common knowledge that Elon Musk is a fan of cryptocurrency, and the group, impersonating Musk, uses the pirated channels to promise managed investments. You send them a small amount of bitcoin, and they promise spectacular investment returns.

Once taken over, the two channels were loaded with recorded videos of Elon Musk found elsewhere. Taken together, the two channels have nearly half a million subscribers. While that's a far cry from the more than four million subscribers that the official SpaceX channel boasts, it's certainly large enough to be significant. The scammers' efforts have been wildly successful.

Fortunately, this scam is easy to avoid. Simply don't buy into the hype. If you're going to purchase any type of cryptocurrency, do it through a legitimate exchange.

Even so, that's sometimes easier said than done. Some people get caught up in the excitement, and in a moment, will be drawn by the lure of easy returns and get careless. If you can avoid that, you can avoid the scam.

Given the success the group has had, we're almost certain to see copycat efforts going forward. Just be mindful of where you are on the web, stay alert, don't get drawn in by the hype, and you should be fine. Unfortunately, there has been no word from Google yet on when the two channels will be deactivated, and as of the writing of this piece, both are still active.

Used with permission from Article Aggregator

]]>
https://www.atcus.com/2020/06/23/watch-out-for-fake-youtube-channels-asking-for-bitcoin/feed/ 0
Thanos Ransomware May Get Around Certain Security Systems https://www.atcus.com/2020/06/22/thanos-ransomware-may-get-around-certain-security-systems/ https://www.atcus.com/2020/06/22/thanos-ransomware-may-get-around-certain-security-systems/#respond Mon, 22 Jun 2020 15:00:00 +0000 https://www.atcus.com/2020/06/22/thanos-ransomware-may-get-around-certain-security-systems/ In 2019, a new strain of ransomware called Thanos burst onto the scene and has since been spreading quietly and seeing increased adoption by hackers around the world. The code has been ...]]> In 2019, a new strain of ransomware called Thanos burst onto the scene and has since been spreading quietly and seeing increased adoption by hackers around the world.

The code has been traced to a Russian hacker going by the name Nosophorus, who has been offering the software as 'Ransomeware-as-a-service' on Russian-speaking forums on the Dark Web since February 2020.

The reason for Thanos' increasing popularity is that Nosophorus has monetized its spread, creating an affiliate program that shares revenue from any ransom payments collected. This is only one of a number of interesting and alarming features about the code, however.

Most of the ransomware written in C# isn't very robust or sophisticated. However, Thanos is an exception, sporting a modular design that makes it easy to upgrade or reconfigure based on each hacker's specific needs.

In addition to that, Thanos is the first ransomware strain that makes use of RIPlace anti-ransomware evasion techniques, which makes it notoriously difficult to detect and prevent. The technique was first discovered by a security researcher going by the name of Nyotron. He duly reported it to security companies around the world, only to be told that the technique, while interesting, was purely theoretical and would never be seen in the wild.

Sadly, those predictions have now been proved to be incorrect. Thanos is actively making use of the evasion technology, which leaves security companies scrambling to catch up. Unfortunately, when RIPlace was described to Microsoft, a spokesman for the company had something to say.

He said:

"The technique described is not a security vulnerability and does not satisfy our Security Servicing Criteria. Controlled folder access is a defense-in-depth feature and the reported technique requires elevated permissions on the target machine."

Given this and the other advanced features Thanos sports, you can bet that it's going to see increasingly widespread use. Ultimately, this will force big tech firms to take action, but not before the malware has the opportunity to do serious damage. Be on the alert for this one. Thanos is a serious threat.

Used with permission from Article Aggregator

]]>
https://www.atcus.com/2020/06/22/thanos-ransomware-may-get-around-certain-security-systems/feed/ 0
Internet Based Devices May Have Issues Following SSL Certificate Expiration https://www.atcus.com/2020/06/20/internet-based-devices-may-have-issues-following-ssl-certificate-expiration/ https://www.atcus.com/2020/06/20/internet-based-devices-may-have-issues-following-ssl-certificate-expiration/#respond Sat, 20 Jun 2020 15:00:00 +0000 https://www.atcus.com/2020/06/20/internet-based-devices-may-have-issues-following-ssl-certificate-expiration/ Recently, a number of Roku streaming channels mysteriously stopped working, leaving customers scratching their heads trying to figure out what went wrong. After some research, Roku's support staff discovered that the issue ...]]> Recently, a number of Roku streaming channels mysteriously stopped working, leaving customers scratching their heads trying to figure out what went wrong.

After some research, Roku's support staff discovered that the issue stemmed from a global certificate expiration.

They advised impacted customers to update their certificates manually by visiting the company's website and following the instructions posted there.

Since Roku's announcement, both Stripe and Spreedly experienced similar disruptions that traced back to the same root cause. This issue has revealed a hidden flaw in the design of many, if not most Internet of Things devices, and many of them will ultimately suffer the same fate.

IoT devices are becoming increasingly popular, but unfortunately, making use of them is fraught with peril. Most have no security at all, and few have anything more than the most rudimentary security protocols in place and can be hacked with relative ease.

Worse, as this issue highlights, many IoT devices simply have no means of receiving updates automatically, which puts users on the hook to manually update every smart device they have in their homes.

Security researcher Scott Helme had this to say about the issue:

"This problem was perfectly demonstrated recently, on 30 May at 10:48:38 GMT to be exact. That exact time was when the AddTrust External CA Root expired and brought with it the first signs of trouble that I've been expecting for some time."

"We're coming to a point in time now where there are lots of CA Root Certificates expiring in the next few years simply because it's been 20+ years since the encrypted web really started up and that's the lifetime of a Root CA certificate. This will catch some organizations off guard in a bit way."

Heme notes that the next potentially significant date will be 20th September, 2021, when the CA certificates issued by DST Root CA X3 are slated to expire. If you have one or more IoT devices in your home, be aware, and be prepared to manually intervene when they stop working.

Used with permission from Article Aggregator

]]>
https://www.atcus.com/2020/06/20/internet-based-devices-may-have-issues-following-ssl-certificate-expiration/feed/ 0
Nintendo Switch User Information Breach Affected Over 300,000 Users https://www.atcus.com/2020/06/19/nintendo-switch-user-information-breach-affected-over-300000-users/ https://www.atcus.com/2020/06/19/nintendo-switch-user-information-breach-affected-over-300000-users/#respond Fri, 19 Jun 2020 15:00:00 +0000 https://www.atcus.com/2020/06/19/nintendo-switch-user-information-breach-affected-over-300000-users/ A couple of months ago, Nintendo announced that their Switch gaming and live streaming service had been hacked, and as a result, some 160,000 user accounts had been compromised. As the company ...]]> A couple of months ago, Nintendo announced that their Switch gaming and live streaming service had been hacked, and as a result, some 160,000 user accounts had been compromised. As the company has continued their investigation into the incident, however, they've updated their disclosure, revealing that an additional 140,000 accounts were compromised, bringing the total to just over 300,000.

The information gained as a result of the hack includes screen names, dates of birth, the email addresses associated with each account, location, and gender data. If there's a silver lining to be found in the incident, it is the fact that credit card information does not appear to have been accessed.

Also note that based on information provided by Nintendo, it appears that the hackers used brute force and other methods to access accounts, as opposed to taking advantage of some type of security flaw. The company also reports that although the total number of compromised accounts has increased markedly, it still represents less than 1 percent of the total accounts on the platform.

If anything, these types of attacks are only increasing in their frequency, so the usual recommendations still apply. Change your passwords on a regular basis. Use a different password on each of the websites you frequent. If you are in the habit of using the same password on multiple web properties, it's long past time to break that habit. If a hacker gets into one account, you've just handed him the keys to large swaths of your digital kingdom.

Also, anytime it's offered, enable and use two-factor authentication, which provides an added layer of security. If you want to be extra cautious, it wouldn't hurt to make use of a VPN on top of that. Even if you don't have the funds to use a paid service, there are a number of decent quality free ones available. Stay safe out there.

Used with permission from Article Aggregator

]]>
https://www.atcus.com/2020/06/19/nintendo-switch-user-information-breach-affected-over-300000-users/feed/ 0
Update Windows 10 Immediately If You Haven’t Updated Since March https://www.atcus.com/2020/06/18/update-windows-10-immediately-if-you-havent-updated-since-march/ https://www.atcus.com/2020/06/18/update-windows-10-immediately-if-you-havent-updated-since-march/#respond Thu, 18 Jun 2020 15:00:00 +0000 https://www.atcus.com/2020/06/18/update-windows-10-immediately-if-you-havent-updated-since-march/ When was the last time you applied a Windows 10 security patch? If you haven't patched since March 10th, it would be an excellent idea to do so as quickly as possible. ...]]> When was the last time you applied a Windows 10 security patch?

If you haven't patched since March 10th, it would be an excellent idea to do so as quickly as possible. Recently, the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency issued a dire warning concerning a newly discovered security flaw.

The flaw is known as SMBGhost or its more colorful name, "Eternal Darkness". It was discovered by security analysts and a crude proof of concept created by a researcher who goes by the online alias of 'Chompie.'

Although the proof of concept was pieced together quickly and is not well optimized, it works and allows for fairly consistent remote code execution. That is a fancy way of saying that hackers can use the exploit to compromise machines connected to the internet without being in close physical proximity.

As Chompie reports:

"This has not been tested outside of my lab environment. It was written quickly and needs some work to be more reliable. Using this for any purpose other than self-education is an extremely bad idea. Your computer will burst in flames. Puppies will die."

Although the flaw isn't quite that bad, it poses some serious concerns for IT Security Professionals. The good news is that although Windows 10 builds 1903 and 1909 are both vulnerable, older and newer versions of Windows 10 are not. So if you're running either of the above, patch now to avoid the possibility of seeing your system compromised.

According to the DHS warning:

"Malicious cyber actors are targeting unpatched systems with the new PoC according to recent open-source reports. CISA strongly recommends using a firewall to block SMB ports from the internet and to apply patches to critical- and high-severity vulnerabilities as soon as possible."

Make sure this one's high on your list of priorities.

Used with permission from Article Aggregator

]]>
https://www.atcus.com/2020/06/18/update-windows-10-immediately-if-you-havent-updated-since-march/feed/ 0
New Chromium Based Edge Browser Update From Windows 10 https://www.atcus.com/2020/06/17/new-chromium-based-edge-browser-update-from-windows-10/ https://www.atcus.com/2020/06/17/new-chromium-based-edge-browser-update-from-windows-10/#respond Wed, 17 Jun 2020 15:00:00 +0000 https://www.atcus.com/2020/06/17/new-chromium-based-edge-browser-update-from-windows-10/ Microsoft has been talking for months about their new Edge browser based on Chromium technology. Users will finally be able to see it in action as of the KB4559309 Windows 10 update, ...]]> Microsoft has been talking for months about their new Edge browser based on Chromium technology. Users will finally be able to see it in action as of the KB4559309 Windows 10 update, which will replace the legacy Edge browser with the company's latest offering.

It should be noted that previous Windows 10 releases did include the new Chromium-based Edge browser, but it was installed alongside the legacy Edge browser.

Also, in order to use the new Chromium-based browser, you had to make the conscious choice to open the new browser. Your legacy Edge browser would open by default.

That changes with the KB4559309 update, which purges the legacy Edge browser. At that point, if you want to use a Microsoft-based browser, your only option will be the new Chromium Edge. Any attempt to open the legacy browser will automatically redirect to the new product.

As part of the update, all of your user data stored in the legacy Edge browser will be ported to the new code. That includes tabs from previous sessions, saved passwords, and bookmarked websites. A small point, but one still worth mentioning, is the fact that unlike previous updates, a system restart is not required to begin making use of the new browser.

If you don't want to have the new Edge browser installed on your device, you can prevent it. However, doing so requires you to go deep into the system, adding a "DoNotUpdateToEdgeWithChromium" key in your Windows Registry.

That, however, is not a step recommended for anyone except the most experienced Windows users. That is because any time you start playing in the Registry, you run the risk of doing serious damage to the system, so proceed with extreme caution.

On balance, the new Chromium-based Edge browser looks like a good upgrade and the early sense is that most users will be pleased with the change. Stay tuned, because it's coming soon!

Used with permission from Article Aggregator

]]>
https://www.atcus.com/2020/06/17/new-chromium-based-edge-browser-update-from-windows-10/feed/ 0