vulnerability Archives - Page 2 of 13

Safeguarding Your Business Against Social Engineering

complex passwords, malware, multi factor authentication, Ophtek, Phishing Email, Ransomware, social engineering, vulnerabilitycomplex passwords, malware, multi factor authentication, Ophtek, phishing, ransomware, social engineering, vulnerabilityOphtek, LLC

Dec 2023

One of the biggest threats to your organization’s IT comes in the form of social engineering attacks. Therefore, you need to keep your business protected.

In the digital age, there are many threats to your IT infrastructure. These can include ransomware, software vulnerabilities and malware. However, perhaps the most dangerous, and easiest to launch, attack involves social engineering. This attack relies on exploiting human psychology to gain a foothold within a targeted network. In many ways, it’s an age-old deception strategy from the physical world, but simply transferred over to the digital world. This article looks deep into the world of social engineering and should provide you with a better understanding of how to safeguard your business.

What is Social Engineering?

The main objective of social engineering, for a threat actor, is to convince individuals that divulging sensitive information or performing network actions is the right thing to do. Often, this strategy relies on phishing emails. These are emails which are sent to targets and claim to have been sent from someone they know e.g. a work colleague or a supplier. However, what the threat actor is trying to do here is either extract confidential information – such as login credentials – or encourage the target to click a malicious link.

Get Your Team to Recognize Social Engineering

Social engineering attacks will always be targeted at your employees, so this means that you need to invest in educating your employees. While an IT induction represents a good opportunity to warn them of the telltale signs of social engineering, the sheer range of social engineering strategies requires something more intensive. Accordingly, regular training courses which are followed up with refresher courses are highly recommended. Even better, sending randomised ‘spoof’ phishing emails internally can indicate which employees require tailored training.

Strengthen Your Authentication Processes

If you want to add an extra layer of defense to your IT infrastructure, strengthening your authentication processes is an excellent way of achieving this. Not only will this thwart social engineering campaigns, but it will also protect you against almost all other security threats. Therefore, make sure you focus on the following:

Integrate password rules which require your employees to create complex passwords e.g. using a mixture of case types, numbers and symbols.

Bring in multi-factor authentication to help protect your employees’ existing login credentials and place a further obstacle in the way of unauthorized access.
Put a time limit on passwords and ensure that they have to be updated within a set time e.g. every two months.

Secure Your Communication Channels

Applications such as Microsoft Outlook and Teams have revolutionized the way that businesses communicate, but they also represent a rich source of data. With this in mind, you need to secure these communication channels against the threat of social engineering. Encrypting data flowing in and out of these applications is paramount to protect the type of data that social engineering is hungry for. So, use VPN’s where possible and make sure your employees avoid using their devices on public Wi-Fi.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Security Experts Targeted by Malware on GitHub

GitHub, Hackers, install updates, malicious websites, malware, Ophtek, POC, proof of conceptGitHub, hackers, malware, Ophtek, POC, security, updates, vulnerabilityOphtek, LLC

Sep 2023

It’s always important to be cautious online, but it’s easy for people to fall victim to malware. Even security experts can fall for the tricks of hackers.

Yes, even those skilled and highly experienced security researchers can find themselves on the receiving end of malware. The most recent piece of evidence for this phenomena is an attack which is as brazen as it is powerful. It revolves around a piece of bait left, by threat actors, on GitHub, an online repository for developers to store and share their code. And it was a piece of code, disguised as a highly tempting piece of software for a security expert, which led to many of these professionals being left embarrassed.

How Were the Experts Fooled?

The GitHub attack involved a piece of software being made available which claimed to be a proof-of-concept (POC). Typically, a POC is a demonstration of a software project, and is used to determine how feasible the project is and the potential of its long-term success. For a security researcher, a POC is a useful way to test for security vulnerabilities, and this is why they are frequently downloaded and analyzed.

However, this specific ‘POC’ proved to be little more than malware in disguise. Within the fake POC structure was a malware downloader, which was used to download malware and set off a chain of malicious events. Once the malware was downloaded, it began by executing a Linux script to automate specific commands. This allowed the threat actors to start stealing data, which was automatically downloaded to a remote location, by scraping the entire directory of the infected PC.

The fake POC also allowed the threat actors to gain full access to any of the infected systems. This was achieved by adding their secure shell (a protocol for operating network services) to the authorized keys file on the infected system. All of this was made possible, for the threat actors, due to a vulnerability – known as CVE-2023-35829 – discovered in the Linux operating system, an OS usually used by software developers.

Avoid the Mistakes of the Experts

You may be thinking that, if a security expert can fall victim to malware, what hope do you have in the face of targeted attacks? However, as we know, nobody is 100% immune from the efforts of threat actors, and this includes security researchers. As ever, vigilance is key to maintaining the security of your IT infrastructure:

Always update: the surest way to minimize the risk of your PC being infected is to always install updates. No piece of software, due to the sheer amount of coding involved, is going to be free from mistakes. However, developers are keen to patch these mistakes as soon as they are aware of them, hence the issuing of security patches. Therefore, it makes sense to install these as soon as they are available.

Be wary of malicious websites: while GitHub is far from malicious, the people using it often are. This means you should always do some research on what you’re downloading and who you’re downloading it from. So, for example, try Googling the username of whoever is offering you a download, and see whether there are any trustworthy results or otherwise. Alternatively, ask an IT professional to take a look and assess the risk – contrary to the GitHub attack, they can usually spot malware from a mile away.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Netgear RAX30 Routers Rocked by 5 Security Flaws

login credentials, Netgear RAX30, Ophtek, router, router firmware update, Security, WPA2 encryptionFirmware update, Login credentials, Netgear RAX30, Ophtek, router, security, vulnerability, WPA2 encryptionOphtek, LLC

Jul 2023

Routers are an essential part of any modern business which uses IT systems. But what happens when you’re working with a compromised router?

Routers are devices which help to connect different networks together. They receive data packets from one network, analyze the destination address, and then forward the data to the relevant destination network. Essentially, a router is used to facilitate communication between different devices and networks. The internet, of course, is crucial to directing this data and this makes routers highly attractive targets for threat actors.

Therefore, the discovery of a vulnerability within a router presents a significant threat to your cybersecurity. But, when there are five vulnerabilities within the same router, you have a disaster on your hands.

A Quick Guide to the 5 Vulnerabilities

Netgear has had to concede that their Netgear RAX30 routers have been exposed as lacking that seal of quality when it comes to security. A router, after all, is your gateway to the internet, the place where all your communication begins. If this is compromised, then a whole world of trouble is just waiting to take advantage. The five vulnerabilities picked up for the Netgear RAX30 routers are:

CVE-2023-27357: this security flaw allows external attackers to identify and record sensitive information passing through Netgear RAX30 routers.
CVE-2023-27368: an attacker can use this vulnerability to execute malicious code on the compromised routers. And, as user data is not being correctly validated by the Netgear RAX30 router, threat actors are able to avoid having to authenticate their access.
CVE-2023-27369: much like the previous vulnerability, this specific flaw allows attackers to run malicious code, or indeed any code they like, on affected systems.
CVE-2023-27370: unfortunately, for users of the Netgear RAX30 router, sensitive configuration data is stored in plaintext on the router. This allows attackers, who can easily bypass the authentication mechanisms, to steal system credentials with ease.
CVE-2023-27367: the final vulnerability known to be affecting the Netgear RAX30 router is, again, one which allows attackers to exploit it and run malicious code through it.

With all five vulnerabilities scoring highly on the Common Vulnerability Scoring System (CVSS) – with three of them gaining a CVSS of 8 or above – Netgear has a big problem on their hands.

How Do You Safely Secure Your Router?

Netgear has been quick to address the five vulnerabilities, with an updated firmware version released on April 7, 2023. However, it’s important that you always make sure your router is as secure as possible. And you can do that by putting the following into action:

Always change default login credentials: some routers are shipped with default login credentials, but this makes them incredibly easy to guess. In fact, many lists of default credentials can quickly be found online. Accordingly, make sure you always change your router’s login credentials before going online with it.
Enable WPA2 encryption: Another way to protect your router is to enable WPA2 encryption. This will secure the wireless network and prevent unauthorized access. Make sure to use a strong encryption key and avoid using common words or phrases that can be easily guessed.

Always update your router: regular firmware updates and patches ensure that your router remains as safe as possible. However, it’s crucial that you install these as soon as possible. Sometimes it can be time consuming to go through the update process, but it can save you major headaches further down the line.

For more ways to secure and optimize your business technology, contact your local IT professionals.

How to Complete a Business IT Vulnerability Assessment

Cyber Security, Data Security, email security, IT Vulnerability Assessment, Ophtek, procedureCyber Security, Data Security, email security, IT Vulnerability Assessment, Ophtek, procecure, vulnerabilityOphtek, LLC

Jun 2023

No IT infrastructure is 100% secure, but you can maximize your defenses and reduce your risk. All you need to do is complete an IT vulnerability assessment.

It’s important to understand exactly what your cybersecurity procedures can and can’t protect against. After all, assuming that your security measures are perfect is a sure-fire way to become complacent. And if there’s one thing that threatens the safety of your IT systems, it’s complacency. Therefore, it’s essential you understand why you need to complete an IT vulnerability assessment. And, more importantly, that you know how to complete one.

Understanding the Purpose of a Vulnerability Assessment

A vulnerability assessment looks at your IT infrastructure and reviews each and every security procedure, as well as highlighting any potential weaknesses. This pre-emptive approach is critical for reducing risk and protecting your systems. Its main objective is to evaluate your existing procedures and deliver suggestions for future improvements.

Preparing an Assessment

There are several steps when it comes to preparing an IT vulnerability assessment, and these include:

Identifying assets: if you’re evaluating the security procedures which protect your IT equipment, you need to start by identifying the assets which comprise your infrastructure. This means you will have a foundation to start your assessment from. So, for example, if you know that you have 20 laptops within your organization, you will need to evaluate all of these for upgrades, existing infections etc.
Determining the scope: it’s important for your vulnerability assessment to have a focus, so make sure you establish this early on. It may be that you simply want to carry out an assessment on your internal email systems, or it could be a more in-depth look at all your internet safety measures. Either way, with this scope established, you can conduct a targeted assessment with clearer objectives.
Select your tools: completing a vulnerability assessment requires numerous tools such as human labor, software, and new IT equipment. Accordingly, you need to make sure this is all available and can be budgeted for. This will allow you to complete a comprehensive assessment to the required standard and leave no shortfall e.g. IT systems which need to be upgraded will require funds to be available.

Analyzing Your Assessment

Once all your preparation is in place, you can complete your assessment as per your plan and guidelines. You then need to analyze the results of your assessment. As previously stated, no IT system is 100% secure, and your assessment will likely raise several concerns and vulnerabilities. Therefore, you will need to categorize these vulnerabilities both by area and severity e.g. weak firewall defenses (major) and staff writing passwords down (medium). This will allow you to begin planning a mitigation strategy to nullify these threats.

Implementing a Mitigation Strategy

With the information gleaned from your vulnerability assessment, it’s vital that you begin communicating this with the stakeholders within your organization. Ensure that your IT staff, department managers and executives are all aware of the vulnerabilities. Most importantly, also communicate how these will be mitigated, this will keep everyone on the same page and generate discussion on any potential implementation problems.

Finally, you need to put your mitigation strategy into place. These steps will vary, depending on your vulnerabilities, but common examples include additional training sessions for employees, updating software and upgrading legacy equipment. Whatever the plan, speed is of the essence to prevent these vulnerabilities turning into a catastrophe.

For more ways to secure and optimize your business technology, contact your local IT professionals.

LastPass Hit by Security Incident

Hackers, LastPass, Ophtek, password manager, Password Security, Security, strong passwordshackers, LastPass, Ophtek, password manager, security, vulnerabilityOphtek, LLC

Feb 2023

What exactly happened when LastPass, a password manager service, found itself at the center of a data breach? And what does this mean for your passwords?

Password managers provide a convenient service , one where complex passwords can be generated instantly and then, going forward, auto-fills when requested. LastPass is a successful example of what a password manager can do, but it’s a role which comes with great responsibility. Login credentials, after all, are often the difference between gaining access and being denied access to a user account. Therefore, password managers need to be sure the credentials they hold are highly secure.

However, as LastPass users are now finding out, password managers are highly tempting to threat actors, and far from 100% secure.

How LastPass was Hacked

Used by millions of users all over the world, LastPass has established itself as one of the leading password managers. Unfortunately, this credibility has been rocked by revelations that the service’s encrypted password vaults have been stolen by hackers. The attack – which took place in August 2022 – was ambitious, and its success even more so.

LastPass’ backup copies of their users’ password vaults were stored, apparently securely, on a third-party cloud storage platform. This, in itself, is nothing unusual; storing backup copies of secure data in remote locations is good practice. Nonetheless, once third parties become involved in storing your data, you relinquish control of this data’s security. And this is exactly where LastPass has fallen victim to threat actors.

While the mechanics of the breach remain under wraps, LastPass has had to admit that personal identifiers – including addresses, phone numbers, credit card details and IP addresses – are among the stolen data. The password vaults – which are encrypted – have also been stolen, so this means the threat actors are closer to knowing your password. And, given they now have access to your personal identifiers, it makes brute force attacks easier.

What to Do if You’re a LastPass User

LastPass has been keen to stress that, although stolen, the password vaults are secure due to the encryption protecting them. However, these encrypted passwords are now in the hands of an unauthorized party and means they are seriously compromised. Therefore, it’s crucial all LastPass users take the following decisive actions:

Change your LastPass password: your master password will be the password used to access the LastPass service, and this needs to be changed immediately. Any data breach means access has been compromised, so changing your master password is the first step to take. With your master password changed, you will instantly be reducing the risk of your passwords falling into the wrong hands.

Change all your stored passwords: the passwords stolen from LastPass are encrypted, but it makes bad sense to rely on this. Accordingly, we would recommend going through all your passwords on LastPass and changing them to new ones. With this completed, the details within the stolen password vaults will become redundant.

Make sure your LastPass password is not recycled: following a data breach, it’s always good practice to make sure your master password isn’t used on other platforms. For example, a threat actor may take your login details for LastPass and use a bot to automatically try them in thousands of different other platforms. As such, if you recycle your login credentials across platforms, you run the risk of these being compromised too.

For more ways to secure and optimize your business technology, contact your local IT professionals.

« Previous 1 2 3 4 … 13 Next »

Tag Archives: vulnerability