It’s impossible for a PC to be 100% secure, but there’s nothing to stop you strengthening the defenses of your PC.

With cyberattacks on small businesses at an all-time high, there’s never been a more important time to strengthen your PC’s security. However, as ever, budgets are a crucial factor in achieving this. Thankfully, investing thousands upon thousands of dollars isn’t your only option (although it certainly helps) as simpler solutions are available. Many of these are processes which are either overlooked or simply unknown to most PC users. But the enhanced security they offer is unarguable. Therefore, it’s time integrate these 7 quick tips to improve the security of your PC:

  1. Automatic updates: software vulnerabilities are a sure-fire way to open your IT infrastructure to the world, so it’s vital you install updates as soon as possible. Installing updates, though, is far from glamorous and this is why many PC users fail to install them when available. Luckily, it’s possible to implement automatic updates in Windows to take the pain out of this process.
  • Never write down your passwords: it may be one of the biggest sins when it comes to PC security, but PC passwords are routinely written down in every single business in the world. And it’s a practice which needs to stop. The only place passwords should ever be stored is in either your memory or a password manager.
  • Shut your PC down: when you’ve finished on your PC for the day, you should always shut it down. It may be tempting to leave it running, so that you can start straight away again the next day, but all this does is label your PC as a sitting duck for hackers.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


A new malware threat has been discovered which uses the public excitement around the Webb telescope to deliver a phishing scam.

The first image to be released by the Webb telescope project was entitled SMACS 0723, and its new, stunning view of the galaxy created headlines around the world. However, it’s this level of interest which has led to hackers using it as bait. The image is used as part of an email phishing scam and, unfortunately, fails to highlight the wonders of space. Instead, it compromises a PC and leaves it at risk of further attacks.

Phishing scams are a contemporary irritant in the IT security world, so we’re going to delve deeper into this one and see what we can do to help protect your PC.

The Threat from Outer Space

This latest strain of malware has been given the rather complex name of GO#WEBBFUSCATOR but the way in which it operates is simple. Security experts Securonix have discovered a phishing email – described as one promoting satellite service plans – which contains an infected Microsoft Office document. If this document is downloaded and opened, the malware will – if Word macros are enabled – begin to release its payload.

The malware begins by downloading the SMACS 0723 image, but this image is far from innocent as it contains hidden Base64 code. With this code activated, the infected PC is then systematically tested for vulnerabilities and weaknesses. Once these have been detected and analyzed, the hackers begin a campaign of exploitation to take control of the PC. It’s also interesting to note that the computer language behind this malicious code is constructed from Go, a cross-platform language which highlights the scope of the threat actors behind GO#WEBBFUSCATOR.

Staying Safe on Planet Earth

The number of vulnerabilities this malware targets, along with its deceptive approach, make it a powerful weapon for hackers. Therefore, protecting yourself against its dangers is paramount and you must make sure you:

  • Monitor network activity: once malware such as GO#WEBBFUSCATOR has made its way onto your PC, it’s likely that you will notice a surge in unusual activity on your network e.g. increased traffic and downloads. And this is likely to be one of the only signs you receive, so it pays to keep a close eye on any spikes in network activity.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


Microsoft has announced that Windows login credentials can now be bypassed by a new strain of malware, one which is being used by Russian hackers APT29.

Logging onto Windows is the first thing we do after turning a PC on, and we do this by entering a combination of username/password credentials to gain access. This first step in security is crucial for protecting the integrity of your PC. If your credentials are highly secure, and known to no one else, it’s going to be difficult for anyone else to log on to your PC. And you certainly don’t want anyone gaining unauthorized access to your desktop. Accordingly, this has made login credentials a major target for threat actors.

This latest piece of malware, known as MagicWeb, doesn’t, however, steal your username/password combination. Instead, it’s much cleverer.

MagicWeb’s Deceptive Power

Windows passwords are hashed, and this means that although they are stored on your PC and associated servers, they are encrypted and translated into a series of unintelligible characters. So, for example, your password of PASSWORD (please don’t ever use this!) may be hashed into %fG1a:: – and these hashed passwords are completely useless. However, by entering PASSWORD into a login system, it will be translated into a hash and then matched against the stored hash to determine if it’s the correct password.

As it’s incredibly difficult to decrypt hashed passwords, threat actors must find different methods to bypass login credentials. MagicWeb does this by obtaining unauthorized access to login credentials for Active Directory Federation Services (ADFS) servers. It’s within these ADFS servers that access to systems within an organization can be processed. This access is validated by a token generated within ADFS. MagicWeb compromises this token by manipulating the claims process used to authorize any logon requests. Therefore, it can validate any Windows logon request.

Protecting Your PCs from MagicWeb

Once MagicWeb has a foothold within your ADFS servers, it can allow anyone to log on to your network with ease. Both identifying and preventing this is important for you IT infrastructure’s security. As such, you need to make sure you do the following:

  • Make ADFS secure: one of the most effective ways to protect your ADFS is by designing it to be secure. This is far from straightforward, but it will pay dividends down the road when it comes face-to-face with threats such as MagicWeb. Luckily, Microsoft have provided advice on the best practices for achieving this.
  • Isolate admin access: malware threats such as MagicWeb have the opportunity to gain unauthorized admin access, and this gives them free rein to make major changes to your IT network. It makes sense, therefore, to isolate any admin infrastructures and restrict access to as few people as possible. Also, make sure your admin infrastructure is regularly monitored for any changes, as this may indicate an attack is taking place.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


Chrome is the most popular web browser on the market by far, but its success is no guarantee of being free from vulnerabilities as a new update shows.

No piece of software is created perfectly, so there’s always a need to update and refine applications. In particular, security vulnerabilities are one of the most common issues which software designers find themselves needing to go back and solve. And this is because threat actors will use all their resources to discover even the tiniest chink in an application’s armor. Once this has been discovered, they’re presented with the opportunity to bypass security and exploit the software.

Chrome’s latest update comes packed full of functionality upgrades, but also 11 security fixes. As it’s likely your organization regularly works with Chrome, we’re going to look at what this patch offers you.

What is Chrome’s Latest Update?

The latest update from Chrome – details of how to install it are here – delivers a variety of fixes which include:

  • A zero-day vulnerability – tagged as CVE-2022-2856 – which has allowed hackers to take advantage of a flaw in Web Intents, a process which allows web apps to connect with web services.
  • Several ‘use-after-free’ vulnerabilities, these are flaws that are usually opened when an application fails to clear its memory when used. This scenario provides a foothold to threat actors looking to breach security.
  • A heap buffer overload vulnerability relating to downloads made through Chrome, a vulnerability which allows memory corruption to open a backdoor for threat actors.

t only takes one vulnerability to compromise a PC, so the need to patch 11 vulnerabilities strikes a major blow to Chrome’s reputation. To make matters worse, this is the fifth zero-day vulnerability Chrome have had to issue in 2022. Digging deeper into the contents of the update, it also becomes apparent that ‘use-after-free’ errors are a significant problem within Chrome at present.

Is Chrome Safe to Use?

Computer Keyboard with symbolic padlock key

Chrome will continue to work even without the latest update. However, the protection at its disposal will be lacking any substantial strength. There’s a chance, of course, you won’t fall victim to a cyber-attack which exploits these flaws, but do you really want to take a chance? The sensible answer is: NO! And, although Chrome haven’t released any specific details about these latest vulnerabilities, you can bet your bottom dollar that hackers will now be focusing their attention on Chrome.

Therefore, it’s crucial you install this latest Chrome update as soon as possible. Even if your organization’s preference is, for example, to use the Edge browser, you need to update Chrome if it’s present on your PCs. This is the only way to ensure that security gaps are plugged. Naturally, there will be further vulnerabilities which remain unidentified, but you can only deal with threats which are known. Chrome, on the whole, is a reputable and safe browser, you just need to make sure that automatic updates are activated.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


Using a new remote access trojan, threat actors behind the Cuba ransomware have amassed ransom payments estimated to be close to $44 million.

Over the past five years, countless headlines have been generated by the damage caused by ransomware attacks. Not only do they compromise access to your organization’s data, but they also have the potential to inflict painful financial damage. To make matters worse, these attacks are evolving to become more powerful and harder to prevent. In fact, on many occasions (and as we’ll see with the Cuba ransomware) these evolutions will take place over a matter of months.

Ransomware, therefore, is a very real threat to your organization’s IT network, so it’s important that you understand exactly how the Cuba ransomware operates.

What is the Cuba Ransomware?

Cuba was first detected in late 2019 before disappearing from the frontline and returning two years later in November 2021. Evidence of the Cuba ransomware has been detected in around 60 ransomware attacks, with 40 of these victims revealed to be US-based. Cuba is delivered to PCs through the Hancitor loader, a type of malware which is used to download and execute additional malware e.g. remote access trojans. Hancitor makes its way onto PCs through a variety of means such as phishing emails, stolen login credentials and software vulnerabilities.

Since Cuba first emerged onto the digital landscape, it has undergone a series of significant changes. The most notable changes have seen it terminating more processes before it locks files, widening the range of file types it encrypts and, believe it or not, enhancing its support options for victims wanting to pay. Cuba has also been observed operating a backdoor trojan called ROMCOM RAT, a piece of malware which deletes files and logs data to a remote server.

Protecting Yourself Against the Cuba Ransomware

With Cuba collecting ransom payments of over $40 million, it’s clear to see Cuba is a dangerously effective threat. It’s also important to point out there is currently no known decryption tool available to combat Cuba’s encryption methods. Accordingly, you need to be on your guard against this threat and any similar attacks. Therefore, make sure you practice the following:

  • Install updates: Cuba has the power to exploit software vulnerabilities to gain unauthorized access to computer networks, so it’s crucial that you always install updates as soon as possible. The install process for updates can feel time consuming, but when you have the option to automate these installations, there’s no reason this shouldn’t take place.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More