We live in a world where countries are capable of blocking internet access for their citizens, but Tor Snowflake allows the people to beat this censorship.

A contemporary example of internet censorship can be found in Iran, a country currently undergoing protests and civil unrest due to confrontations with the authorities. To minimize the ‘noise’ of these protests, the government has enacted a series of regional shutdowns of internet services. The aim, it is believed, is to prevent news of the civil unrest reaching the wider world. However, internet access is far from straightforward, and simply hitting the OFF button is, it turns out, not enough to stop those being suppressed from getting online.

What is Tor?

The Tor internet browser has been available for 20 years but has only started making inroads with mainstream PC users in the last decade. Tor’s unique selling point is that it delivers completely anonymous browsing; you don’t even need a VPN installed to browse under a cloak of anonymity with Tor.

Tor achieves its anonymity through the use of ‘onion routing’ and a peer-to-peer overlay network. In simpler terms, Tor provides a series of randomly chosen relay servers (imagine a series of virtual tunnels) which it uses to direct traffic through before reaching its destination. This method ensures that any traffic which passes through it is encrypted. This applies to both the source and destination of the traffic, they are fully concealed from any prying eyes such as your ISP or government departments.

What Happens When Access to Tor is Banned?

Tor may provide a fantastic option when it comes to anonymous browsing, but the authorities are well aware of this. Accordingly, countries such as Iran and Russia have taken steps to block access to Tor. However, these attempts at shutting down access to Tor have been met with innovation in the form of Tor bridges. These bridges allow users to get around national blocks on Tor, but the problem is that the authorities can identify the IP addresses of these bridges and block them.

There is, though, a way to get around the restrictions: pluggable transports. These processes disguise connections to Tor as ordinary internet connections to popular destinations such as Google. The problem with pluggable transports was that they were difficult to set up and implement for your average PC user. Thankfully, an easy-to-use pluggable transport has now been released under the name of Snowflake. And, within seconds, those affected by internet shutdowns can be back online.

How Does Snowflake Work? Tor Snowflake works thanks to volunteers who can provide short-lived proxies on their browser. The volunteers do this by opening their browser up to those who are seeking access to Tor. In between the volunteers and those with restricted internet, a broker sits to facilitate the connection between the two parties. The broker will set up a connection between both parties in a manner similar to the way in which Skype calls are connected. This allows the volunteer to pass the requestee’s traffic to the Tor internet safely and anonymously.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


Each new edition of Windows comes with a range of features to make life easier, and Windows 11 is no different. But do you know all its tips and tricks?

Windows 11 was released in October 2021 and instantly became the go-to operating system for PC owners. With enhanced accessibility, beautiful visual aesthetics, and optimizations in almost every area, it’s easy to see why Windows 11 has proved to be such a success. However, as with any new software, there’s a lot to be learned when it comes to getting the best out of Windows 11. Thankfully, we’ve done the hard work for you and tracked down 7 helpful tips and tricks for Windows 11 which will make life easier.

Enhance Your Windows 11 Experience

Make sure you start incorporating the following tips and tricks into your daily usage of Windows 11 to get the best out of it:

  1. Avoid distractions with Focus Assist: it’s easy to get distracted by notifications on a modern PC, with Teams notifications and Outlook popups being two of the major culprits. The built-in Focus Assist app, however, allows you to minimize and even eliminate all notifications when you need to concentrate.
  • Pin your most used apps: Windows 11 gives you the opportunity to pin your most regularly accessed apps to either your Start menu or taskbar. All you have to do is find the app within your Start menu, right-click it and then select either ‘Pin to Start’ or ‘Pin to taskbar’ for quick access.
  • View all your apps: previously, accessing the Start menu in Windows would have allowed you to view all of your apps at once. However, with Windows 11 the layout is slightly different. If you want to view all of the apps on your PC, you need to open your Start menu and then click the ‘All Apps’ button in the top right corner.
  • Snap Layouts: Microsoft have enhanced the ‘snap and resize’ ability of previous Windows versions by introducing Snap Layouts. This feature provides enhanced options such as hovering over apps and accessing layout options.
  • New keyboard shortcuts: the new features of Windows 11 mean that there are a new series of keyboard shortcuts associated with them:
  • Windows key + c: opens the Teams chat box
  • Windows key + n: opens your notifications center
  • Windows key + a: opens quick settings
  • Windows key + z: opens snap layouts

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


The importance of installing updates has been highlighted by VMware Users who have failed to update and found themselves at the mercy of malware attacks.

VMware is a tech company which specializes in providing both cloud computing services and virtualization technology (such as remote desktop software). Founded nearly 25 years ago, VMware has proved to be highly popular with businesses of all sizes. However, this experience doesn’t mean their software is perfect. In fact, no tech company – not even the biggest ones – can claim to create products which are 100% resistant to threat actors.

And that’s why VMware’s Workspace ONE Access service, an application which allows digital apps in an organization to be accessed on any device, has been compromised. The attack has been declared a significant one, so we’re going to take you through it.

Workspace ONE Compromised

The attack, which was discovered by security experts at Fortiguard Labs, centers around a vulnerability patched by VMware back in April 2022. However, this attack is still targeting this exploit, an indicator that the uptake of VMware’s patch has been poor. As a result, the CVE-2022-22954 vulnerability has the potential to open your PC up to all manner of malware.

If the vulnerability is still present, threat actors have the opportunity to launch remote code execution attacks against an infected PC. With the help of this foothold, the hackers have been able to download a wide range of malware to PCs and their associated networks. Examples involved in this attack have included:

  • Cryptoware
  • Ransomware
  • Software which removes other cryptomining apps
  • Malware used to spread the attack even further
  • Botnets

All of these campaigns are installed and operated separately, indicating that this is a well-organized attack by the unknown threat actors. Activity for the overall campaign peaked in August 2022, but it remains active as it seeks further users of Workspace ONE who have failed to patch their software.

Protecting Yourself Against Software Exploits

The impact of falling victim to the Workspace ONE vulnerability is huge as it attacks its victims on numerous fronts. Not only is there the financial risk of ransomware, but the activity of cryptoware and ransomware is going to seriously eat into the resources of your IT infrastructure. Therefore, you need to make sure you carry out the following:

  • Install all updates: if you are a Workspace ONE user then you need to ensure it’s fully patched and up to date. And, once this is complete, it’s crucial you make sure all your software is patched.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


A vulnerable Windows driver has been revealed to be the ‘hole in the fence’ that the BlackByte ransomware needs to breach your IT infrastructure.

The attack is interesting in that it uses a relatively new attack strategy known as Bring Your Own Vulnerable Driver (BYOVD). It’s an attack method which targets vulnerabilities in drivers to take control of the victim’s PC. And, to maximize the impact of the breach, the ransomware goes on to disable more than 1,000 drivers associated with security software.

The ransomware involved in this recent attack is believed to have been brewed by the BlackByte threat actors, a hacking group whose origins can be traced to the infamous Conti hacking team. Clearly, the BlackByte team know what they are doing and it’s vital that you are aware of their strategies.

What is BlackByte?

The vulnerable driver in the sights of BlackByte’s target is RTCore64.sys, a driver associated with the MSI Afterburner utility found in countless graphics cards. To be specific, RTCore64.sys is a kernel driver, and this means that it’s involved in the transfer of data between a piece of hardware and a PC’s operating system. The problem with RTCore64.sys is that it’s associated with the CVE-2019-16098 vulnerability.

Once BlackByte has exploited the CVE-2019-16098 vulnerability, the threat actors can access the arbitrary memory of that PC. Access to this area gives BlackByte the opportunity to assume administration privileges, execute commands and transmit data. The ransomware also prides itself on its ‘anti-analysis’ strength, a fact most evidenced by its ability to disable numerous security products and remain undetected.

The Importance of Updating Drivers

The vulnerability at the heart of BlackByte’s attack, CVE-2019-16098, is far from new and, therefore, is a very different attack to that of a zero-day vulnerability. In fact, the CVE-2019-16098 vulnerability has been known of since 2019. This underlines the fact that hackers will focus on known vulnerabilities – after all, it’s much easier to attack an existing vulnerability than to spend time trying to find new ones. As a result, it’s crucial that you update any drivers when prompted to or, more simply, you activate automatic updates.

Not all driver vulnerabilities, however, have updates available due to a variety of reasons such as support being discontinued for a product. Thankfully, it’s still possible to minimize the risk of these vulnerable drivers. As long as your organization keeps a log of all the authorized drivers used within your IT infrastructure, you can regularly check the security status of these drivers. If one is found to be vulnerable with no patch available, you can simply apply block rules to these drivers.

Final Thoughts

The threat presented by BlackByte’s ransomware has the potential to create chaos across your IT network and needs to be taken seriously. And it’s not the only risk which utilizes these methods as, for example, the Avos Locker ransomware uses similar strategies. Accordingly, the importance of applying updates and monitoring vulnerable drivers has never been stronger.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


It may sound like a backwards step, but a group of cyber criminals have decided to enlist the help of the postal service to deliver their malware.

Snail mail may feel like an archaic method of attack for cyber criminals, but it’s surprisingly effective as a series of attacks – using the BadUSB malware – have proven. We all deal with traditional mail daily, so it’s easy to take it for granted, and it’s this familiarity that the hackers are targeting. This particular attack, as the name suggests, involves a malicious USB drive. These attacks have proved successful in the past and the BadUSB campaign has the potential to cause significant damage.

How Does BadUSB Work?

Delivered through the United Parcel Service and United States Postal Service, the malicious USB drives come loaded with malware and allow a threat actor to take control of a victim’s USB port. Activating the malware is simple: all it needs is to be plugged into a USB port.

However, there needs to be a reason why a victim decides to plug the device into their PC. And the minds behind BadUSB do this by instilling a sense of urgency in the recipient. This is achieved by claiming that the USB drive contains official Covid-19 warnings or that the drive is an Amazon gift from a friend.

Once plugged into a PC, the affected USB port can be manipulated to believe that an alternate device is installed e.g. a keyboard or mouse. These fake devices can then be controlled by remote cyber criminals and used to cause untold damage. For example, a keyboard and mouse could be used to take full control of a PC and download further malware. In 2020, the BadUSB malware was involved in a series of attacks which downloaded ransomware to exploit the finances of those attacked, and this could easily happen again.

Staying Safe from Malicious USB Drives

BadUSB has the potential to cause you a serious headache, both in terms of your data and your finances. As a result, it’s crucial that you steer clear of this and similar attacks, an outcome which is possible if you do the following:

  • Be wary of USB drives: while they are not one of the ‘go to’ options for hackers, infected USB drives (and the USB killer) have the capacity to cause real damage. Therefore, if you are presented (or even find) a USB drive which doesn’t belong to your company, do not plug it in to your PC. Instead, ask an IT professional to safely analyze it.
  • Disable USB ports: there’s not a pressing need for your employees to be plugging additional devices into their PC, so it makes sense to disable access to USB ports. Sometimes, this is as simple as blocking any unused ports and, in other scenarios, you may want to restrict access to these ports through administration privileges.
  • Disable Autorun: if your employees do need access to their USB ports, then it may be worth disabling the autorun feature associated with them. This feature allows USB drives to automatically open – and activate their contents – once plugged in. However, with autorun disabled, there is a chance to view the drive’s contents before running it.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More