Windows Print Spooler Vulnerability Accidentally Leaked

Cyber Security, Microsoft, Network, Ophtek, patches, print spooler, zero-day, , , , , ,
13
Jul 2021

If a hacker can find a software vulnerability, then it grants them easy access to a PC. This is even easier when a vulnerability is leaked by researchers.

Security researchers are constantly searching for software and hardware vulnerabilities. But where researchers and hackers differ is their intent. A security researcher wants to legitimately identify vulnerabilities so that they can be secured and lessons learned for the future. However, a Chinese technology firm by the name of Sangfor recently revealed details of an unknown Windows vulnerability in Print Spooler. And, unfortunately, Microsoft hadn’t managed to patch it.

What is a Zero-Day Vulnerability?

The type of vulnerability found in Print Spooler is known as a zero-day vulnerability. This name refers to the number of days a software vendor has had to patch a vulnerability and the percentage chance that a user has of being protected. And this is why zero-day vulnerabilities are so dangerous. There is no immediate protection available, so hackers are given free rein to cause widespread chaos.

What is the Print Spooler Vulnerability?

The design of the Print Spooler vulnerability – whose exploit code was listed within Sangfor’s paper – has the potential to cause numerous issues. The specifics of this exploit allow hackers to obtain full system access privileges. This is achieved by granting them permission to load malicious drivers into any servers containing this vulnerability. With full control of an IT network, hackers can then download further malware, steal data and operate infected workstations from a remote location. And, although a patch was recently released for vulnerabilities in Print Spooler, this particular exploit was not identified by Microsoft.

How Do You Protect Against Vulnerabilities?

As of the time of this article, Microsoft do not have a patch available for what has been dubbed the PrintNightmare vulnerability. This is concerning as it provides a significant amount of risk to Windows users. While it is certain that Microsoft will release a security patch, the fact remains that – as revealed by Microsoft – attacks using this exploit have already been identified. Therefore, you need to know how to protect your IT systems:

  • Disable Print Spooler: In the case of the PrintNightmare vulnerability, you can eliminate the risk is by temporarily disabling the print spooler. This does, however, remove the ability for your organization to print across its network.
  • Monitor Network Activity: If your IT system has been exploited through a vulnerability then it’s likely there will be an increase in network activity. This will be most visible in outgoing traffic as the hackers will likely be transmitting data to a remote server. An increase in data output to an unknown location should ring alarm bells and indicate that something is wrong.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

How can Microsoft 365 Business Help Your Organization?

Cloud, collaboration, Microsoft, Microsoft 365, Ophtek, security, , , ,
06
Jul 2021

The way in which we work has changed radically in the last 10 years. Helping organizations get to grip with these changes is Microsoft 365 Business.

The need for flexibility within business has never been more apparent since the Covid-19 pandemic entered our lives. Thankfully, flexibility had been on the rise in business for some time. Remote working, bring your own device schemes and tailored working hours have all helped to make flexible working a reality. Traditional IT infrastructures, however, aren’t necessarily set up to deal with these arrangements. But this is where a service such as Microsoft 365 Business steps in.

What is Microsoft 365 Business?

Originally launched in 2011 as Office 365, Microsoft 365 is a collection of products and services designed by Microsoft. The service is subscription based with plans available including consumer, small business and enterprise. These plans are made available to users through cloud computing and this is what makes it invaluable for flexible working. Not only is it perfect for teamwork, but it also meets the needs of individual users.

The ‘business’ subscriptions of Microsoft 365 feature significantly more features than the consumer plan. Additional features and functions available to Microsoft 365 Business users include:

  • Microsoft 365 Apps for Business: A range of Office applications that can be used across a variety of PC, Mac and mobile devices for up to five devices per user.
  • Office 365 Enterprise: Provides users with access to the complete range of Office applications and hosted services. Full support is also available to safeguard against any technical issues.

What are the Benefits of Microsoft 365 Business?

It’s important to understand how Microsoft 365 Business can benefit your organization, so let’s take a look at the benefits on offer:

  • Enhanced Collaboration: Microsoft 365 Business was built with collaboration in mind. And it delivers this with power. The presence of Microsoft Teams allows team members to communicate and share files with ease. This is essential for collaboration, but Microsoft 365 Business also allows you to synchronize your email, contacts and calendar. An important function and one which ensures you will never miss meetings and communications again.
  • Powerful Security: The threat of malware increases with each passing day, so protecting your IT infrastructures is paramount. And Microsoft 365 Business takes the pain out of this security with its simplistic, yet powerful security options. Devices such as laptops and mobile phones can easily be remotely wiped of all data if they are lost or stolen. It’s also possible for IT teams to quickly restrict access to specific users to minimize the risk of any data loss.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Database of 26 Million Stolen Passwords Discovered

Cyber Security, Data Security, Ophtek, Password Security, Two Factor Authentication, Updates, , , ,
22
Jun 2021

Passwords are one of the most common security measures, but they’re still considered a risk. And 26 million stolen passwords have just been found.

We all use passwords on a regular basis throughout our working day. Logging on to remote servers and online platforms all require a set of login credentials. And, on the whole, they provide an adequate level of security. But security which is considered only adequate will always remain a tempting prospect to hackers. Login credentials will typically consist of only two pieces of information: username and password. Naturally, with only two data values required – which can be entered from any keyboard – login credentials represent some major security concerns.

That’s why the discovery of this database, containing 26 million sources of information, is considered a major alert.

What’s in the Database?

Coming in at a huge 1.2TB, the database – which was discovered by NordLocker – contains the following:

  • 26 million login credentials
  • 2 billion browser cookies
  • 1.1 million email addresses
  • 6.6 million various files including Word, PDF and image files

These numbers are, of course, huge. And it’s a safe bet that some serious data has been compromised along the way. It has also been revealed that the malware made a point of creating an image file by taking a screenshot via active webcams on infected devices. This, again, is troubling as it underlines the danger contained within the malware for compromising personal data.

The actual malware behind these data harvests is currently unknown. It is believed, however, that its method of attack is fairly standard. Upon infection, the malware will connect to a remote server where it can transmit any stolen data. The compromised data, as NordLocker found, was being hosted on a cloud-based hosting service and has now been taken down. But it’s likely that this database has already been traded and is out in the digital wild.

How Do You Protect Yourself?

Attacks such as this are sadly commonplace in the modern age, but there is a lot that you can do to protect your organization’s data:

  • Use Two-Factor Authentication: The combination of a username and password may seem strong, but it can be made even stronger by two-factor authentication. This additional layer of security requires the use of a unique piece of data transmitted to a device separate from your IT network.
  • Install All Updates: The attack in question could easily have been caused by a vulnerability put in place by outdated technology. Both software and hardware require regular updates to patch any issues that may be discovered post-launch. And it’s your responsibility to install these as soon as possible to close any potential back door attacks.
  • Regularly Monitor Network Activity: If significant amounts of data are being stolen and transmitted to a remote server, this activity will be associated with a rise in outgoing network activity. Therefore, it pays to keep a close eye on any spikes in traffic to minimize the impact of any breach.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

How to Reduce Network Downtime in your Business

backup power, IT Network, network outages, Ophtek, Spare network connection, , , ,
15
Jun 2021

When your IT network goes down it’s usually associated with a sudden drop in productivity. But it doesn’t have to be this way. You can reduce your downtime.

A well-designed IT network should run smoothly and maintain your productivity. No IT network, however, is perfect. And this means that your network is always at risk of running into problems. It’s a scenario that no organization wants to face, but the reality is that it can and will happen. Planning for potential problems, though, is the perfect way to tackle them. If you can prepare for these bumps in the road, then you stand a better chance of avoiding them.

Let’s explore what you can do to maintain your IT network and keep your productivity high.

Maintaining Your IT Network

There are numerous strategies you can employ to safeguard the health of your network connection:

  • Install a Backup Power Solution: A sudden power outage is two things in business: unpredictable and disastrous. Losing power in the modern business world means an instant loss in IT capabilities. And this can seriously damage productivity. But by installing an uninterruptable power supply, you can achieve peace of mind that your IT infrastructure will remain online.
  • Evaluate Your Network Connection: It’s crucial that you don’t take your network connection for granted. A poorly maintained or outdated network can quickly and regularly cause your business numerous headaches. Therefore, at least once a year, take the time to evaluate your network to understand where its weaknesses lie. This could be outdated hardware or even a susceptibility to cyber-crime. Either way, understanding these problems will allow you to fix them before cause trouble.
  • Don’t Cut Costs: IT technology can be costly, but these costs often underline the quality and reliability of the product. Accordingly, it makes long term sense to invest in an IT network which can call upon quality hardware and internet connections. This type of setup may seem expensive at first, but it will ensure that your network is resilient. And, in turn, this allows you to minimize network downtime and keep your employees productive.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Disk Wiping Malware Disguises itself as Ransomware

Apostle, Cyber Security, malware, Ophtek, Ransomware, Updates, , , ,
08
Jun 2021

Ransomware is a highly destructive form of malware, but it turns out that it can also provide the perfect cover for disk wiping malware.

The pitfalls of becoming a victim of ransomware are well documented. And, as such, the term ransomware is one that strikes fear into the heart of any PC user. But, at the very least, ransomware does give you an option of getting your files back. Naturally, you have to pay a ransom fee for the files to be decrypted, but you can get them back. However, a form of malware called Apostle has now been discovered which pretends to be ransomware when, in fact, it simply wipes your disk drive beyond retrieval.

Data is a crucial commodity in any organization, so it’s important you make it as secure as possible. And one of the perfect ways to do this is by understanding how Apostle works.

How Does Apostle Wipe Disks?

The Apostle malware is believed to originate from Iran and is related to a previous wiper malware called Deadwood. Apostle is not brand new as it has been in the digital wild for some time. But these initial versions of Apostle were flawed and failed to deliver their malicious payload. Since then, the designers of Apostle have tweaked its design to make it more effective. This contemporary version of Apostle presents itself as standard ransomware, but this is merely to throw the victims off guard; its true intent is to destroy data and cause disruption.

The hackers behind Apostle are particularly cunning and are also happy to take ransom payments while destroying the data in question. But this is not where the attack ends. There are signs that Apostle is being used in conjunction with a backdoor attack called IPSec Helper. This allows the hackers to download and execute additional malware and move, undetected, within infected networks. Again, the intention here is to cause disruption.

How Do You Stop Your Disk Being Wiped?

The focus of Apostle, so far, has been Israeli targets, but this does not mean it should be considered a low-level threat. The design of this disk wiper malware can easily be engineered into more virulent and dangerous forms. And this could easily strike at the heart of your business’ operations. Therefore, it’s crucial that you maintain the following practices:

  • Evaluate All Attachments Before Opening: It’s likely that you receive numerous email attachments through the day, but how often do you verify them before opening? Trusted email addresses can, very easily, be taken over or even replicated. And this provides the perfect route for infected files to be opened. So, if in doubt over whether an attachment is safe, always check with an IT professional before opening.
  • Keep Your Software Updated: Another sure-fire way for hackers to gain access to your network is through vulnerabilities caused by outdated software. The best way to counter this threat is by implementing software updates as soon as possible. This minimizes the presence of vulnerabilities and keeps hackers out.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More
1 31 32 33 34 35 57