security Archives - Page 3 of 49

Security Experts Targeted by Malware on GitHub

GitHub, Hackers, install updates, malicious websites, malware, Ophtek, POC, proof of conceptGitHub, hackers, malware, Ophtek, POC, security, updates, vulnerabilityOphtek, LLC

Sep 2023

It’s always important to be cautious online, but it’s easy for people to fall victim to malware. Even security experts can fall for the tricks of hackers.

Yes, even those skilled and highly experienced security researchers can find themselves on the receiving end of malware. The most recent piece of evidence for this phenomena is an attack which is as brazen as it is powerful. It revolves around a piece of bait left, by threat actors, on GitHub, an online repository for developers to store and share their code. And it was a piece of code, disguised as a highly tempting piece of software for a security expert, which led to many of these professionals being left embarrassed.

How Were the Experts Fooled?

The GitHub attack involved a piece of software being made available which claimed to be a proof-of-concept (POC). Typically, a POC is a demonstration of a software project, and is used to determine how feasible the project is and the potential of its long-term success. For a security researcher, a POC is a useful way to test for security vulnerabilities, and this is why they are frequently downloaded and analyzed.

However, this specific ‘POC’ proved to be little more than malware in disguise. Within the fake POC structure was a malware downloader, which was used to download malware and set off a chain of malicious events. Once the malware was downloaded, it began by executing a Linux script to automate specific commands. This allowed the threat actors to start stealing data, which was automatically downloaded to a remote location, by scraping the entire directory of the infected PC.

The fake POC also allowed the threat actors to gain full access to any of the infected systems. This was achieved by adding their secure shell (a protocol for operating network services) to the authorized keys file on the infected system. All of this was made possible, for the threat actors, due to a vulnerability – known as CVE-2023-35829 – discovered in the Linux operating system, an OS usually used by software developers.

Avoid the Mistakes of the Experts

You may be thinking that, if a security expert can fall victim to malware, what hope do you have in the face of targeted attacks? However, as we know, nobody is 100% immune from the efforts of threat actors, and this includes security researchers. As ever, vigilance is key to maintaining the security of your IT infrastructure:

Always update: the surest way to minimize the risk of your PC being infected is to always install updates. No piece of software, due to the sheer amount of coding involved, is going to be free from mistakes. However, developers are keen to patch these mistakes as soon as they are aware of them, hence the issuing of security patches. Therefore, it makes sense to install these as soon as they are available.

Be wary of malicious websites: while GitHub is far from malicious, the people using it often are. This means you should always do some research on what you’re downloading and who you’re downloading it from. So, for example, try Googling the username of whoever is offering you a download, and see whether there are any trustworthy results or otherwise. Alternatively, ask an IT professional to take a look and assess the risk – contrary to the GitHub attack, they can usually spot malware from a mile away.

For more ways to secure and optimize your business technology, contact your local IT professionals.

How to Future Proof Your IT Infrastructure in 2023

Cloud, future, new technology, Ophtek, proof your IT infrastructure, security, virtualizationcloud, future, IT Infrastructure, new tech, Ophtek, proof, security, virtualizationOphtek, LLC

Sep 2023

Technology advances at a rapid pace, and this means you need to build scalability into your IT infrastructure to maintain future productivity.

Businesses need to future proof their IT infrastructure to ensure long-term success and sustainability. After all, technology is constantly evolving, and failing to adapt can result in outdated systems which hinder growth, productivity, and competitiveness. But if you adopt a culture of future proofing, you can minimize this risk by using new technology to enhance scalability and maximize your productivity. Implementing scalability, however, is easier said than done. And that’s why we’ve decided to give you a head start with some suggestions.

The Best Future Proofing Methods for Success

If you want to make sure that your IT infrastructure remains relevant and keeps one eye on the future, make sure you adopt these best practices for future proofing:

Use the cloud: one of the simplest ways to future proof your IT operations is by adopting cloud-based solutions. With a wide range of providers and plans available, you can use cloud-based platforms to take care of your storage, software, and infrastructure. Best of all, these services can easily be upgraded to cope with future demand, this makes cloud computing the epitome of scalability and reduces the risk of your in-house hardware becoming obsolete.

Invest for the future: while it may make financial sense, in the short term, investing in low quality IT hardware will only ever provide a short term solution. You see, given how fast technology evolves, if you buy IT equipment at the cheaper end of the market, its performance levels will soon be superseded by newer technology. Therefore, while remaining financially sensible, make sure you invest in the best technology you can afford to increase its lifespan and suitability for your needs.
Virtualization: this creates virtual versions of resources and allows your business to optimize your equipment and reduce costs. Virtualization optimizes your resources by consolidating multiple virtual machines onto a single server, this approach will reduce costs and enhance efficiency. It also helps to future proof your IT infrastructure as it allows you to scale resources up or down quickly based on demand. So, not only is your system flexible and scalable, but it also provides a strong foundation for your IT infrastructure going forwards.
Watch technology: if you want to future proof your businesses IT operations, then it’s crucial that you keep an eye on what’s happening in the world of technology. This will ensure that you are aware of innovative opportunities for growth within your business. More importantly, it will give you time to plan and implement these innovations early on compared to your competitors. This will give you not only a competitive edge, but it will also allow you to anticipate changes in customer behavior.
Strengthen your security: cyber criminals are constantly updating their methods of attack, so you need to keep pace with them to secure your IT infrastructure. Accordingly, always make sure that your antivirus software is up to date and that your employees are educated about upcoming, as well as contemporary, threats. These simple steps will help facilitate the future security of your IT systems.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Microsoft Teams at Risk of Letting Malware In

install updates, malware, Microsoft Teams, Ophtek, Phishing, securitymalware, Microsoft Teams, Ophtek, phishing, security, updatesOphtek, LLC

Aug 2023

Microsoft Teams has experienced a surge in popularity among businesses since the pandemic, and this makes it a highly prized target for hackers.

Businesses find Microsoft Teams a powerful tool as it allows employees to work remotely, communicate and be productive. And it’s all through one app. This is why it’s a fantastic business solution and used by 280 million people. Naturally, the size of this audience is going to turn a threat actor’s head. Where there are high numbers of users, there’s an opportunity for malware to be successful. And that’s why the discovery of a vulnerability in Teams has caused so much concern.

The Vulnerability Lying Within Microsoft Teams

One of the main uses of Teams is as a communication tool, a nd this means that the potential for spreading malware via file transfers and linked hard drives is high. But this newly discovered vulnerability is very different. Therefore, it’s important you understand the threat it poses.

Now, Microsoft Teams allows you to communicate with a wide range of people within your organization. It also allows you to communicate with external parties e.g. subcontractors, clients and facility management teams. Usually, these external users are unable to transmit files to other organizations through Teams. And this is a good thing, as it lowers the risk of malware being sent between businesses.

However, the security protocols which are in place to stop unauthorized file sending can, it turns out, be compromised. Once this vulnerability is exploited, a threat actor can start sending malware direct to the Teams inbox of staff within that business. Often, the threat actors are increasing the chances of their attack being successful by setting up similar email addresses to that of their target. All it takes is for one employee to open the malware and it can start to spread.

While the incoming message will still be tagged as “External”, the busy nature of many employees’ days means that it’s likely this message will be ignored. Also, this method of attack is relatively new. Users are well drilled in the telltale signs of a phishing email, but a Teams instant message is very different. Accordingly, the risk of falling victim to this attack is concerning.

Staying Safe on Microsoft Teams

Curiously, Microsoft has advised that this vulnerability doesn’t, at present, warrant fixing. No doubt, at some point, it will be patched, but for now you should remain cautious. To help strengthen your defenses, make sure you practice the following:

Always update: there’s never an excuse for not carrying out software updates once they are available. It’s the quickest and simplest way to plug weak points in your cyber defenses, so, if they are not already in place, setting up automatic updates should be your priority.

Warn your staff: make sure that your staff are aware of this new threat to minimize the risk of your business falling victim. You can achieve this by sending out email updates to your staff and also updating your IT induction process to cover this new form of attack.

Reduce your availability: it’s possible to limit your communication through Teams to specific domains only. Again, this reduces your risk by ensuring that your staff can only communicate with trusted sources and not threat actors operating from similar, yet malicious domains.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Every business wants their IT infrastructure to be secure, so it’s crucial that you understand all your options. And two of the best are an SOC and an NOC.

A Security Operations Center (SOC) and a Network Operations Center (NOC) are exciting options for your defenses, but not everyone knows what they are. The good news is that both of these options, which can be based in-house or outsourced to external contractors, are here to protect your IT operations. And they both do this with a high level of sophistication, which ensures that cybersecurity threats are quickly identified and nullified.

How Does an SOC Protect Your IT Infrastructure?

Integrating an SOC into your cybersecurity strategies is one of the quickest ways to enhance your defenses. In short, an SOC is a dedicated team of professionals who can provide 24/7 monitoring of your IT systems. Their main duties include:

Maintenance: one of the surest ways to keep any system operating effectively is through routine and preventative maintenance. And this is a duty which an SOC will take in its stride. From initiating and installing updates through to updating firewalls and managing backup protocols, a dedicated SOC will ensure that none of these vital tasks are missed.
Creating response plans: in the case of a security incident, your organization needs to have a solid response plan ready to go. This could involve restoring data from backups, partitioning your networks, or even shutting your entire IT infrastructure down. Regardless of the strategy, you need to make sure that the perfect response plan has been formulated. And, thanks to the experience of those employed in an SOC, you can rest assured that your response minimizes disruption.
Monitoring: security incidents can strike your organization at any time of day, so it’s important that you have round-the-clock monitoring to flag up any attacks. An SOC can take care of this by not only monitoring network activity, but also analyzing it to provide a strong determination as to the threat level posed. This allows the SOC team to quickly identify potential threats and react accordingly.

Why Does Your Organization Need an NOC?

IT networks are complex, highly complex. This means that monitoring them effectively is difficult, but crucial when it comes to securing them. It’s difficult for your standard IT team to dedicate themselves to this task, so this is why the emergence of NOCs is so exciting for organizations. With an NOC supporting your IT infrastructure, you can expect 24/7 coverage in the following areas:

Network monitoring: an NOC can provide your organization with constant network monitoring and surveillance. This monitoring will cover all of the most common elements found in a network such as servers, routers, and switches. It’s an approach which is not only comprehensive, but also allows the NOC team to minimize any disruptions to your network.
Enhanced security: the main aim of a threat actor is to bypass the security of your network, and it’s very easy for them to sneak in when a vulnerability is in place. However, the presence of an NOC team means that not only will updates and patches be installed quickly, but their constant monitoring of your network will allow them to identify any unauthorized access.
Performance monitoring: given the level of competition within business in the 21^st century, your organization’s network needs to perform at a high level. Monitoring the complexities of an IT network, though, is a tough ask. But the experience of an NOC team means they can easily analyze your network performance, and then suggest plans for improving and maximizing its output.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Netgear RAX30 Routers Rocked by 5 Security Flaws

login credentials, Netgear RAX30, Ophtek, router, router firmware update, Security, WPA2 encryptionFirmware update, Login credentials, Netgear RAX30, Ophtek, router, security, vulnerability, WPA2 encryptionOphtek, LLC

Jul 2023

Routers are an essential part of any modern business which uses IT systems. But what happens when you’re working with a compromised router?

Routers are devices which help to connect different networks together. They receive data packets from one network, analyze the destination address, and then forward the data to the relevant destination network. Essentially, a router is used to facilitate communication between different devices and networks. The internet, of course, is crucial to directing this data and this makes routers highly attractive targets for threat actors.

Therefore, the discovery of a vulnerability within a router presents a significant threat to your cybersecurity. But, when there are five vulnerabilities within the same router, you have a disaster on your hands.

A Quick Guide to the 5 Vulnerabilities

Netgear has had to concede that their Netgear RAX30 routers have been exposed as lacking that seal of quality when it comes to security. A router, after all, is your gateway to the internet, the place where all your communication begins. If this is compromised, then a whole world of trouble is just waiting to take advantage. The five vulnerabilities picked up for the Netgear RAX30 routers are:

CVE-2023-27357: this security flaw allows external attackers to identify and record sensitive information passing through Netgear RAX30 routers.
CVE-2023-27368: an attacker can use this vulnerability to execute malicious code on the compromised routers. And, as user data is not being correctly validated by the Netgear RAX30 router, threat actors are able to avoid having to authenticate their access.
CVE-2023-27369: much like the previous vulnerability, this specific flaw allows attackers to run malicious code, or indeed any code they like, on affected systems.
CVE-2023-27370: unfortunately, for users of the Netgear RAX30 router, sensitive configuration data is stored in plaintext on the router. This allows attackers, who can easily bypass the authentication mechanisms, to steal system credentials with ease.
CVE-2023-27367: the final vulnerability known to be affecting the Netgear RAX30 router is, again, one which allows attackers to exploit it and run malicious code through it.

With all five vulnerabilities scoring highly on the Common Vulnerability Scoring System (CVSS) – with three of them gaining a CVSS of 8 or above – Netgear has a big problem on their hands.

How Do You Safely Secure Your Router?

Netgear has been quick to address the five vulnerabilities, with an updated firmware version released on April 7, 2023. However, it’s important that you always make sure your router is as secure as possible. And you can do that by putting the following into action:

Always change default login credentials: some routers are shipped with default login credentials, but this makes them incredibly easy to guess. In fact, many lists of default credentials can quickly be found online. Accordingly, make sure you always change your router’s login credentials before going online with it.
Enable WPA2 encryption: Another way to protect your router is to enable WPA2 encryption. This will secure the wireless network and prevent unauthorized access. Make sure to use a strong encryption key and avoid using common words or phrases that can be easily guessed.

Always update your router: regular firmware updates and patches ensure that your router remains as safe as possible. However, it’s crucial that you install these as soon as possible. Sometimes it can be time consuming to go through the update process, but it can save you major headaches further down the line.

For more ways to secure and optimize your business technology, contact your local IT professionals.

« Previous 1 2 3 4 5 … 49 Next »

Tag Archives: security