Windows Update Being Used to Deliver Malware

anti malware, Lazarus, Ophtek, Security, spear phishing, Updates, , , , ,
08
Feb 2022

Updates are crucial for protecting your PC, so Windows Update is a useful ally in this objective. But what happens when it starts downloading malware?

News has emerged that hackers have exploited the Windows Update system to execute malicious code on users’ PCs. It’s an attack which is typical of hackers as it’s innovative, deceptive and dangerous. Currently, the perpetrators of the attack appear to be Lazarus, a hacking group who are backed by North Korea. Dozens of cyberattacks have been attributed to Lazarus – such as the ThreatNeedle hack – over the last decade, so it should come as no surprise that this latest attack is a serious threat.

At Ophtek, we’ve always advised you that updates are the best way to protect your PC. And this remains the case. However, this exploit of the Windows Update service provides a cautionary tale, so we’re going to take a closer look at it.

Why is Windows Update Downloading Malware?

Lazarus have chosen the Windows Update client as a facilitator in its attack as it’s a highly trusted piece of software. After all, the main consensus of updates is that they protect your PC, so why suspect Windows Update of anything else? However, it’s this type of assumption which leads to threats developing.

This latest attack employs a spear-phishing technique which uses infected Microsoft Word documents, these false email attachments claim to be offering job opportunities at the aerospace firm Lockheed Johnson. However, far from containing opportunities for the recipients, these infected documents only contain opportunities for Lazarus. Once the Word documents are opened, users are prompted to activate macros. And this allows Lazarus to automatically install a fake Windows Update link in the PCs startup folder as well as downloading a malicious .dll file.

This Windows Update link is then used to load the malicious .dll through the Windows Update client. The hackers use this approach as it’s innovative and won’t get picked up by anti-malware tools. Lazarus are then free to download as much malware as they like onto the infected PC.

How to Protect Your PCs Against this Threat

You may think that the simplest way to protect yourself is by turning off Windows Update, but we do not recommend this. The best approach involves ensuring that Windows Update can’t be exploited by Lazarus’ attack methods. And this requires you to understand the techniques involved in spear-phishing, so make sure you practice the following:

  • Awareness: the most important step you can take in tackling spear-phishing is by introducing awareness to your employees. Make sure that regular training is provided to educate your staff on what spear-phishing is and the ways in which it can manifest itself on a PC.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Windows 11 Is Here and There Are Plenty of Changes

Microsoft, Microsoft 365, Ophtek, power automate, Security, teams, upgrade, upgrade software, widgets, Windows 11, Windows Task Scheduler, , , , , , , ,
01
Feb 2022

The latest version of Microsoft’s operating system Windows has now been rolled out; and Windows 11 comes with plenty of changes for PC users.

Windows 10 was released in 2015 and, since then, there have been many changes in IT. While Windows 10 is still more than capable of dealing with modern IT, there always comes a point where an overhaul is needed. And this is why Windows 11 has been released. It’s available as a free upgrade to anyone currently running Windows 10 and contains both updated applications and functionality.

Upgrading to a new operating system has always represented a major shift in the way that PCs operate, so it’s important to understand what happens when you hit that ‘install’ button.

Why Are Upgrades Necessary?

Taking advantage of operating system upgrades allows you to harness numerous benefits. Firstly, an older operating system is always up against a ticking clock of being discontinued. Once support has been discontinued, an older operating system is more at risk of security threats. Secondly, new operating systems are better positioned to cope with the demands of modern IT. Therefore, installing an upgraded version ensures you have a better user experience.

What’s Changed with Windows 11?

As with all previous upgrades on Windows, there are a significant number of changes. Many of these are unlikely to be noticed by your average PC user, but others will be more obvious. The most important changes are:

  • Microsoft Teams: during the Covid-19 pandemic, Microsoft Teams became a valuable tool for employees to communicate through. But it had never been an in-built part of the Windows operating system. Starting with Windows 11, however, it is now included by default.
  • Power Automate: Windows 11 has a new feature called Power Automate which allows PC users to program ‘flows’ which create automated tasks such as notifying team members when new files are added to a specific location.
  • Widgets: the interface of Windows 11 now allows you to harness the power of widgets, a type of software which has been common on mobile devices for some time. These new desktop widgets allow you to install widgets which provide information “at a glance” on a slide-out menu such as calendar updates.
  • Security: one of the major security features of Windows 11 is that it will only run on new machines. Therefore, if your hardware is starting to look even slightly old, it’s unlikely Windows 11 will run on it. This means that Microsoft is setting a strong baseline to ensure PCs running Windows 11 are as up to date as possible. Built on top of this security foundation are several background security processes including updated stack protection and enhanced bootup security.
  • Interface Design: the most notable changes in Windows 11 relate to the visual aesthetics of the interface. The start menu has been overhauled to provide quicker access to the apps you need, notifications are now grouped together to make accessing them quicker and File Explorer has been redesigned to look smarter and more intuitive.

Final Thoughts

Installing updated software is always recommended to ensure your PC is running with the best protection and functionality. And upgrading to Windows 11 is no different. It’s an essential upgrade and one which, although certain features will require some adjustment time, will provide you with enhanced productivity and a smoother user experience.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Microsoft Announces 97 Vulnerabilities in Windows

Microsoft, Ophtek, patches, Windows 10, Windows 11, Windows 7, Windows 8, Windows Server, zero-day, , , , , , , ,
25
Jan 2022

Windows is one of the most popular operating systems around and, as it’s a Microsoft product, you would like to think it’s safe. But this isn’t quite true.

As part of their January 2022 ‘Patch Tuesday’ report, Microsoft announced that 97 new security vulnerabilities had been discovered across its range of operating systems. And with an estimated 1 billion Windows PCs in use across the globe, this is very concerning. Any operating system, of course, is a highly complex piece of software. The sheer amount of coding required, to deliver high quality functionality, means that mistakes are inevitable. And then there are the hackers, individuals who are determined to find new and innovative ways to breach Windows.

What Were the Vulnerabilities?

Nine of the reported vulnerabilities were classed as critical by Microsoft, with the remaining 88 being classed as significant threats. Technical details are yet to be released, but it’s known that some of the critical vulnerabilities were associated with Microsoft Exchange Servers and the HTTP Protocol Stack. And, in particular, the HTTP Protocol Stack vulnerabilitiy is one which would allow hackers to allow remote code execution i.e. taking control of an affected PC from a remote connection.

Six of the vulnerabilities discovered have also been categorized as zero-day vulnerabilties. These affect a range of Windows background processes and, as they are classed as zero-day, it’s believed that they were known to hackers before Microsoft’s announcement. Collectively, the 97 vulnerabilities are believed to have impacted the security of major Microsoft applications including Excel, Word, Edge, Windows Defender and all manner of network tools. As a result, it’s believed that users of Windows 7, Windows 8, Windows 10, Windows 11, Windows Server 2019 and even Windows Server 2022 are all at risk.

How Can Windows Users Stay Safe?

Naturally, any user of Windows is likely to be very concerned after reading the above. But the good news is that Microsoft’s January 2022 patch addresses all of these vulnerabilities. Installing it, therefore, should be the number one priority for any PCs running Windows. And that will be nearly all of them. Unfortunately, for those running Windows Server 2019 and Server 2022, this patch was withdrawn due to bugs it was generating in these environments. Users of these operating systems should remain extra vigilant and ensure that automatic Windows updates are in place.

Final Thoughts

The last few months have been relatively poor for Microsoft when it comes to patching vulnerabilities. In September 2021, it was revealed that their patch for the ‘PrintNightmare’ flaw contained bugs which negatively affected numerous printers. And, now, it appears to be history repeating itself with Windows Server users left vulnerable to both security risks and buggy updates. These issues will, no doubt, be rectified quickly but, as ever, time is of the essence when it comes to PC security. Ultimately, installing each and every security update remains the very best practice for protecting your IT devices.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Ophtek Partners with Identillect Technologies to Provide their Clients with Secure Email Services

Uncategorized
20
Jan 2022

Ophtek offers Delivery Trust to their Medical and Financial Services clients

DANA POINT, CA / ACCESSWIRE / January 20, 2022 / Identillect Technologies Corp., an industry leader in compliant email security announced its first new reseller partner of 2022. Identillect has refocused its market strategy to place a significant effort on providing support and resources to our growing reseller market. The reseller market is expanding and becoming a larger portion of Identillect’s customer base and future growth.

logo-identillect

Ophtek is full-service technology and IT support organization; they have served Northern California’s Bay Area since 2013 and cater significantly to the technical and support needs of medical-based organizations. Ophtek prides itself on providing its customers with the most up-to-date technical service and support while keeping their services compliant with the expanding regulatory requirements. Ophtek has an ongoing education component to its organization which assists their customer base to understand the changing technical environment and the best path to success.

Ophtek founder Arash Shokouh stated, “We are committed to serving all aspects of our clients’ needs, and security is no exception. Partnering with Identillect Technologies allows us to provide secure communication to our clients, ensuring they have a positive user experience and maintain adherence to regulations such as HIPAA. Ophtek will continue in February with their quarterly IT Best Practices lecture series where we are excited to have Identillect’s CEO Todd Sexton as a guest lecturer on cyber-security on February 16th, 2022, at a session where Delivery Trust will be highlighted.”

Identillect CEO, Todd Sexton, states, “Identillect is proud to be the security partner for Ophtek, they have an impressive reputation and growing customer base largely focused in the medical and financial sectors with significant security and regulatory requirements. Identillect is excited to be an ongoing partner to this organization, and I am extremely pleased to be working with Arash who is a progressive and intuitive business leader interested in maintaining cutting edge technology for his clients.”

HIPAA Journal recently reported additional HIPAA regulatory requirements in healthcare data breaches and2020 saw more than 29 million healthcare records breached. The medical profession is seeing a significant increase in data breaches and cyber-security protection is now more important than ever.

About Identillect

Identillect Technologies is the leading provider of email encryption service Delivery Trust®, empowering enterprises of all sizes to protect their business and their client’s critical information against cyber security attacks.

Delivery Trust® is an award-winning, multi-platform plug-in, which gives users complete control of their emails, for one low price. The simple integration complies with all regulations and most importantly provides peace of mind.

For more information, or your free trial, please visit www.identillect.com

On Behalf of the Board of Directors of:

IDENTILLECT TECHNOLOGIES CORP.

Todd Sexton
Chief Executive Officer
Tel: (949) 468-7878
Email: todd.sexton@identillect.com

About Ophtek:

Ophtek is a full-service technology and IT support company committed to the ever-changing needs of their customer base. They serve California ranging from Sacramento to Los Angeles.
They provide their clients with a complete range of IT Managed Services.

Ophtek’s Total IT Coverage services are a fixed cost on-site and remote support solution that helps you eliminate the costs associated with avoidable system downtime. They protect critical systems from security threats, provide updating, patching, preventative maintenance, onsite and remote support, providing a complete Managed IT Solution necessary to keeping your office operating at peak efficiency.

Ophtek LLC

Arash Shokouh
Chief Executive Officer
Tel: 877-674-8356
Email: arash@ophtek.com

Neither TSX Venture Exchange nor its Regulation Services Provider (as that term is defined in policies of the TSX Venture Exchange) accepts responsibility for the adequacy or accuracy of this release.

This news release may include forward-looking statements that are subject to risks and uncertainties. All statements within, other than statements of historical fact, are to be considered forward looking. Although the Company believes the expectations expressed in such forward-looking statements are based on reasonable assumptions, such statements are not guarantees of future performance and actual results or developments may differ materially from those in forward-looking statements. Factors that could cause actual results to differ materially from those in forward-looking statements include market prices, exploitation and exploration successes, continued availability of capital and financing, and general economic, market or business conditions. There can be no assurances that such statements will prove accurate and, therefore, readers are advised to rely on their own evaluation of such uncertainties. We do not assume any obligation to update any forward-looking statements except as required under the applicable laws.

SOURCE: Identillect Technologies Corp

Read More

5 Useful Tips for Setting Up a New PC

Antivirus, Compatability, Default Browser, New PC, Ophtek, Power Options, Updates, , , , , ,
18
Jan 2022

An organization which keeps on top of productivity will regularly replace PCs which have become outdated. But what are the best ways to set up a new PC?

A new PC should instantly bring a boost to productivity to its user, but there’s always room for improvement. The complexity of hardware and software mean that it’s virtually impossible to get a PC’s configuration exactly right, especially the first time that it’s started up. However, there are a few useful tips which can help your organization maximize the functionality of its new PCs from day one. It’s merely a question of understanding the procedures behind this and then taking the time to implement them.

Luckily, we’ve decided to save you some time by outlining five useful tips for setting up a new PC.

Getting Your New PC Up to Speed

If you want to get your PC set up correctly and effectively, make sure you are mindful of these best tips:

  1. Check for Updates: While a new PC is ‘new’ it’s not completely new as its likely been sat in a warehouse for some time before being shipped. As a result, there are likely to be new updates available for not just Windows, but many of the applications pre-installed on the PC. Therefore, one of the first things to do is check for Windows Updates. You can then install these updates to ensure your new PC is as secure and productive as it should be.
  2. Run Your Antivirus Software: It’s not unheard of for new PCs to be pre-infected with malware before they leave the factory. Accordingly, it makes sense to run your antivirus software before a new PC is connected to the internet. This strategy ensures that your PC has the best chance of entering your network with the minimum security risk.
  3. Select Your Default Browser: Connecting to the internet is an important part of business life these days, but there are several options when it comes to browsing the internet. As an organization, it’s useful to adopt a company-wide default browser. Not only does this allow technical issues to be minimized, but it makes training much simpler. So, once a PC has been started for the first time, make sure you apply the default setting to your preferred browser.
  4. Check Existing Hardware is Compatible: A new PC doesn’t mean that you have to replace each and every piece of associated hardware. A mouse, for example, should be fine to keep and connect to your new PC. However, these pieces of hardware may not always be compatible with a new PC or operating system. Therefore, take the time to test existing peripherals to confirm if they can be transferred over or need replacing.
  5. Set Power Options for Laptops: If you are dealing with a new laptop then you need to make sure that its power options are optimized. Your employees are unlikely to be proficient in fine tuning this to provide maximum battery life, so make a point of implementing the best settings for them.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More
1 27 28 29 30 31 123