vulnerability Archives - Page 3 of 12

PowerPepper Malware is the Master of Evasion

attachments, malware, Ophtek, PowerPepper, shell terminalsmalware, Ophtek, PowerPeppet, security, vulnerabilityOphtek, LLC

Dec 2020

There’s only one thing worse than malware and that’s malware which is difficult to detect. And PowerPepper is incredibly difficult to detect.

Discretion is one of the most crucial aspects of any form of hacking. A well-executed hack should remain invisible to the victim for as long as possible. Such a scenario allows a hacker to cause maximum damage and also gives them time to cover their tracks. Thankfully, good security practices should either eliminate this risk from happening or, where anti-malware apps are in place, provide an early warning. But hackers are well aware of these defenses and are constantly trying to outwit them.

The emergence of the PowerPepper malware demonstrates that hackers have (temporarily) succeeded in hiding their activities better than ever before.

What is PowerPepper?

PowerPepper, discovered and named by Kaspersky, is a new strain of malware which is believed to have been designed by hacking group DeathStalker. Active since 2012, DeathStalker has made a name for themselves by developing numerous strains of innovative malware. Complex delivery chains are their trademark, but what really stands out is their dedication to evading detection. And PowerPepper is the latest development in DeathStalker’s abilities.

First discovered in May 2020, PowerPepper allows hackers to carry out shell commands from a remote location. But what is a shell command? It’s not something that the average PC user will ever carry out, but a shell command allows you to control your computer by using commands entered with a keyboard through special apps such as Terminal. Naturally, this is a highly valuable app to exploit and DeathStalker have made sure that PowerPepper is not detected. It does this by filtering the clients MAC address, tailoring its processes to deceive anti-malware tools and evaluating mouse movements.

For PowerPepper to take hold, of course, it needs to get on to a victim’s PC. And it does this through a variety of spear phishing campaigns. These attacks utilize both malicious links and email attachments in a number of ways aimed at reducing detection e.g. hiding malicious code in embedded shapes in Word documents and using compiled HTML files to obscure malicious files.

How Do You Protect Your PCs?

PowerPepper has already gone through a number of changes since it was first discovered, so keeping on top of it is difficult for even the most knowledgeable PC user. However, there are plenty of preventative measures you can take:

Install all Updates: One of the surest methods to protect your PC systems is by ensuring all their software and hardware is up to date. This is easily achievable by installing all the relevant updates your system needs. The last thing that you want to present malware with is a back door entry point, so eliminate this by installing all updates.

Restrict Access to Shell Terminals: There’s little need for your PC users to have access to shell terminals, so it makes sense to restrict this access. By removing this privilege you are also removing the risk of hackers taking control of such a powerful app.

Be Wary of Attachments: Malware such as PowerPepper makes its way through the digital landscape thanks to a lack of vigilance on the part of PC users. This is most often demonstrated by opening malicious email attachments. Therefore, it’s crucial to evaluate all email attachments before opening them.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Google’s Password Checkup Aims to Secure Your Passwords

Ophtek, Password Security, Passwork Checkup, Securitychrome, google, Ophtek, Password Checkup, passwords, security, vulnerabilityOphtek, LLC

Dec 2020

Passwords are crucial in IT security and will remain relevant for the near future. But Google’s Password Checkup shows there’s always room for improvement.

We all have a long list of passwords that we use to access various IT apps and services. They’re perhaps the simplest, but most effective step you can take in thwarting hackers. Without a password it’s almost impossible to gain unauthorized access to an IT system. That’s why social engineering and phishing emails have become so popular with hackers. And one of the major problems with passwords is that computer users have a tendency to recycle the same passwords for different IT systems.

Passwords, therefore, have a number of flaws. Thankfully, Google have designed the Password Checkup app to verify the security of your passwords.

What is Password Checkup?

It’s difficult to keep up to date with the sheer number of passwords we use on a daily basis. The simplest way to combat this is to write all your passwords down, but this is one of the biggest password mistakes you can make. Now, instead of writing these passwords down, you can store them in your Chrome browser. As long as you’re running a Google account which is synced to your Chrome browser, you will be able to securely store your passwords. Naturally, this is useful for auto-complete password functions – although even this is risky – but the functionality doesn’t stop here.

The most exciting and useful feature of Password Checkup is that it will automatically tell you if your login details have been breached. A sophisticated and clever password manager, Password Checkup is linked to a database containing in excess of four billion login credentials. These username/password combinations have all, at some point, been leaked online in large scale hacks. This could potentially mean that, for example, your existing Gmail credentials are visible online for anyone to see. With Password Checkup on your side, however, you will receive an alert in your Chrome browser that your login details have been breached.

And, going back to the fact that many of us recycle our passwords, these Password Checkup alerts serve as a nudge to use unique passwords. After all, if a hacker knows that you have used the password “abc123” on your Gmail account, there’s every chance you may have used the same password on your Facebook account. Anything that reduces the time taken to breach an account is a win for hackers and you need to minimize this wherever possible.

How to Use Password Checkup

Password Checkup originally started as a standalone Chrome add-on and this continued to work until September 2020. The reason for retiring this add-on was down to Google deciding to build Password Checkup into the Chrome browser as an integral component. Therefore, the only way to access the Password Checkup service now is by using an up to date version of Chrome. You must, of course, sign into your Chrome browser with a Google account in order for your details to sync. Ultimately, using Password Checkup will make your online experience safer and securer.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Understanding the Basics of Botnet Attacks

botnets, Hackers, Online Security, Ophtek, PC Maintenance, Security, Updatesbotnets, Ophtek, security, updates, vulnerabilityOphtek, LLC

Nov 2020

The internet has connected us to each other in a way we would have thought impossible a few decades ago. But these massed connections can be very dangerous.

The beauty of the internet is that one PC can connect to another PC with relative ease. And these connections allow us to pool resources, share information and provide services. The foundations of almost every web service are based upon collections of PCs all working together to deliver an end result. These are often automated tasks that allow a website to continue operating correctly. But the fact that these PCs are generally left to their own devices means they aren’t actively monitored. And this situation makes them a security risk.

Known as botnets, these collections of PCs can have their cumulative power put to use for the gains of hackers.

What are Botnet Attacks?

While most botnets combine harmless coding with hardware, malicious botnets are another matter. A malicious botnet can gain access to your PC via two methods:

A targeted attack such as an infected email or password breach
The discovery of a vulnerability in your PC by an automated code which crawls the internet in search of such weaknesses

Regardless of the strategy involved, the end result is the same: an infection which adds your PC to the hacker’s botnet. Naturally, the more PCs added to the botnet, the more powerful it is. And, with the infection in place, the hacker will have full control of your PC. This allows them to carry out the following tasks:

Spread across the rest of your organization’s PCs by executing malware in order to swell the numbers of the botnet
Loading fake adverts in your internet browser designed to trick you into providing financial details to malicious websites
Use the cumulative processing power of all the PCs in a botnet to carry out DDoS campaigns in order to take websites down
Generating spam emails to be automatically sent from your organization’s email server

How Can You Protect Against Botnets?

As you can tell, a botnet attack will do your organization no favors and will cause untold damage to other businesses it targets. Therefore, you need to put these precautions into place:

Make sure that your internet traffic is monitored in terms of both what is entering and leaving your network. Any unusual levels of internet traffic are often an indicator that a botnet is either attacking you or you have become part of a botnet.
Install all updates to prevent falling victim to any vulnerabilities. Hackers regularly unleash web crawling bots that automatically scan online PCs for these vulnerabilities. With all updates in place, however, you are minimizing this risk.
Practice best email security practices such as not opening attachments that look suspicious or from senders you don’t recognize. Remember, all it takes is one infected email to bring your organization to a halt.
Use internet security software to help protect your PC as comprehensively as possible. Tools such as Kaspersky and McAfee’s security suites can provide warnings against visiting malicious websites and infected email attachments – two sure-fire ways of falling victim to a botnet.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Zerologon is the Latest Microsoft Vulnerability

Ophtek, patches, PC Security, Windows vulnerability, ZerologonOphtek, patches, security, vulnerability, ZerologonOphtek, LLC

Oct 2020

Microsoft may be one of the leading names in PC technology, but hackers have recently exposed their Zerologon vulnerability.

A vulnerability is a flaw within a PC which can be exploited and used to gain access to the PC in question. These vulnerabilities can be found in both software and hardware, so pretty much everything on your PC is at risk. Thankfully, the majority of your PC’s apps and components will be secure. But PCs are complex pieces of machinery. The sheer amount of coding involved means that it’s inevitable that mistakes will be made and gaps not plugged. And this is what hackers spend half their lives looking for.

Protecting your PCs is a crucial part of any organization’s security, so we’re going to take a closer look at the Zerologon vulnerability.

What is Zerologon?

Zerologon is not an app or piece of hardware that you will find in your PC, it’s simply the name that has been assigned to this new vulnerability. To understand what the Zerologon flaw is would require degree-level knowledge of how PC software works. But we can describe it in layman’s terms. If a PC is logging on to a specific type of server – one that uses NT LAN Manager – then it performs a specific logon process. But where part of the code behind this logon should contain a random number it actually contains four zeros. And it’s these four zeros that give the vulnerability its name.

How is Zerologon Exploited?

Hackers can exploit the Zerologon flaw within seconds as the number of encryption keys needed to decipher the four zero text is relatively small. With access to a PC account secured, the hacker is then able to begin changing passwords within the network. It’s a strategy which, as well as being quick, also grants full control of the PC. This means that a hacker with unauthorized access has the potential to start injecting malware – such as ransomware – onto the network. And this is where your problems will really begin.

Can You Patch Zerologon?

The good news is that Microsoft has quickly released a patch to address the Zerologon vulnerability. Installing this patch should be labeled a priority to protect your organization’s network. The average time taken on install a patch is between 60 – 150 days which is far too slow. All it takes to install the Zerologon patch is a few seconds, so there are few excuses for delaying it. The best rule of thumb, when it comes to patches, is to install them immediately to nullify any threats.

Final Thoughts

As long as software and hardware is being designed then there will be flaws in their build. Designers are only human and mistakes will happen. Vulnerabilities may be inevitable, but your networks don’t need to fall foul of them. While a PC user will be the last party to know about the emergence of a threat such as Zerologon, they can help their case by installing any patches as soon as possible.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Microsoft Printers Patch Exposed as Vulnerable

Ophtek, patches, printer vulnerability, Security, Security Threats, Updates, upgradeOphtek, patches, printer, security, update, Upgrade, vulnerability, Windows vulnerabilityOphtek, LLC

Sep 2020

The importance of installing updates and patches should never be underestimated. However, did you know that even these are not 100% secure?

Microsoft knows a thing or two about computers, but this doesn’t mean they are immune from mistakes and flaws. Accordingly, they regularly release patches and updates to address any vulnerabilities in their software. A recent investigation, though, has discovered that these updates aren’t quite the safeguard consumers would expect. And, when you consider the amount of applications that Microsoft bundle with their systems, this is a matter of major concern.

Given the number of patches you are prompted to install each and every week, it’s important to understand what has happened on this occasion.

A Vulnerable Patch

The initial vulnerability in question relates to a flaw which was discovered in Windows printing services. Your first thought may be that printers are far from a security risk, but this couldn’t be further from the truth. If a device or application has any form of access to your network then it needs strong defenses. And this is why Microsoft was keen to patch a vulnerability which offered hackers a route into PC networks through print spooler software. This patch was issued in May and Microsoft believed this was the end of the story. But this story was due to run a little longer.

Researchers discovered that the impact of this initial patch could be negated by simply bypassing it. By modifying .SHD files (better known as Shadow), the researchers were able to add them into the spooler folder. This particular type of folder allows commands to be sent between a PC and a printer. Usually this is the preserve of printing documents, but the modified Shadow files allowed the researchers to send all manner of commands. It’s a scenario which had the potential to give hackers full access to a network.

How Can You Defend Against Weak Patches?

The vulnerability in question is no longer in present in systems which have since been updated, but it paints a worrying picture for PC users. If you are unable to rely on patches to give you full protection then what hope do you have?

First of all, you must, no matter what, always install all security patches. They are a crucial aspect of security and are all programmed with an objective of preventing an attack. This printer spooler fiasco demonstrates they are not perfect, but the majority are capable of fulfilling their aims. Nonetheless, being overcautious with IT security is always a good idea. Therefore, make sure you follow these simple steps:

Section your network into different sections which each have different password requirements. This will minimize the amount of data at risk.

Each employee will only need access to certain areas of your system. Granting them full access to the network will only increase the risk of it becoming compromised.

Embrace multi-factor authentication as it has the potential to stop hackers gaining access to your systems almost instantly.

For more ways to secure and optimize your business technology, contact your local IT professionals.

« Previous 1 2 3 4 5 … 12 Next »

Tag Archives: vulnerability

What is PowerPepper?

How Do You Protect Your PCs?

What is Password Checkup?

How to Use Password Checkup

What are Botnet Attacks?

How Can You Protect Against Botnets?

What is Zerologon?

How is Zerologon Exploited?

Can You Patch Zerologon?

Final Thoughts

A Vulnerable Patch

How Can You Defend Against Weak Patches?