vulnerability Archives - Page 5 of 13

WordPress Sites are Quietly Downloading Malware

Hacking, Ophtek, Security, Security Threats, WordPresshacking, Ophtek, security, vulnerability, wordpressOphtek, LLC

Dec 2019

WordPress is a popular platform for building websites, but this popularity has made it a target for hackers. And it’s now being used to launch hacks.

It’s estimated that around 75 million websites use WordPress as the backbone for their content. But not even the largest and most profitable tech companies are immune from hacking. Vulnerabilities are present in almost every piece of software ever designed. And when these vulnerabilities are discovered they will be exploited almost instantly by hackers. WordPress has fallen foul of this all too common scenario and, as a result, 100,000 web users have felt the attentions of these hackers.

Due to the ubiquity of WordPress websites it’s likely that your organization engages with them on a daily basis. It may even be that your organization’s website is hosted through WordPress. Either way, the threat presented is one you want to avoid, so let’s take a look at it.

How were the WordPress Sites Compromised?

Security experts Zscaler were the first people to identify that WordPress sites had been compromised. The nature of the hack is sophisticated, but relatively simple to pull off. After discovering a vulnerability in the ‘theme’ plugin, which is included in WordPress sites, the hackers were able to infect the sites with malicious scripts. These scripts were a form of code which redirected visitors to a Flash Player update alert. However, this urgent update was fake and all that would be downloaded was a malicious file.

The file in question was a Remote Access Trojan (RAT) which allowed remote access to the infected PC. And, with unrestrained access, the hackers were granted the opportunity to download and distribute malware as well as the chance to compromise data. But this isn’t the only way in which the malware infects PCs. Those using the Chrome browser faced an additional threat. Upon visiting the infected WordPress sites, Chrome users were prompted to download an update for the ‘PT Sans’ font. Again, this is a deceptive request and downloads the RAT.

Protecting Against the WordPress Hack

If you own a website which is built on the foundations of WordPress then it’s crucial that you update the associated content management system. This will instantly prevent your website from cultivating the hack and protect your visitors.

Unfortunately, it’s not always possible to tell when a website is using the WordPress system, so you should make sure you practice the following:

Scrutinize all Popups: The sheer range of dangerous popups means that they should always be scrutinized. Fake updates tend to stress an extreme urgency which is designed to tempt users into clicking them without checking. Instead, users need to take a second and consult with an IT professional to verify the update is genuine.

Install Anti-Virus Software: It’s vital that your organization uses anti-virus software. Not only can it identify threats such as the WordPress hack, but they are regularly updated. This ensures that your organization is protected from all the latest threats.

Educate Your Staff: Good training is the cornerstone of good cyber security. Therefore, you need to make sure that your employees are regularly trained against the most current threats. This approach allows your staff to remain confident online and simultaneously protects your IT infrastructure.

For more ways to secure and optimize your business technology, contact your local IT professionals.

All You Need to Know About the Titanium Malware

malware, Ophtek, Security, Security Threats, Titaniummalware, Ophtek, security, virus, vulnerabilityOphtek, LLC

Nov 2019

The Titanium malware has been released into the wild and is already making plenty of headlines. But what’s the full story behind this backdoor malware?

New malware is released every day, but certain strains are more dangerous than others. And Titanium certainly stands out. It’s a piece of malware which is highly advanced in terms of technology and pushes the boundaries of hacking. Any organization which values its privacy and security, therefore, needs to be aware of Titanium. Hacking, after all, hits productivity hard and this is magnified when it’s an advanced hack.

So, to help protect your computer network and maintain productivity, we’re going to tell you all you need to know about the Titanium malware.

Where Did Titanium Come From?

A major hack needs a major ‘talent’ behind it and Titanium certainly satisfies this condition. The perpetrator is believed to be the hacking group known as Platinum. And, in the last few years, Platinum has gained notoriety for developing persistent threats in the Asia-Pacific area. Believed to be state-sponsored, Platinum has access to funds and technology to develop advanced hacking tools. And this is exactly what Titanium is.

Titanium spreads from PC to PC in a number of different ways:

Vulnerable intranets that have already been exploited by malware allow Titanium to get a foothold before infecting multiple workstations
Stealthily infecting Windows installation tasks and installing itself at the same time as legitimate software
Using a shellcode which is activated as part of the Windows logon process to ensure it’s active from startup

What Does Titanium Do?

Titanium is advanced malware and is able to infect computers in a number of different ways. It’s a combination which marks it out as a major threat, but what does Titanium actually do? Well, once it’s unleashed, it can do the following:

Read, send and delete any file contained within the infected PC
Edit configuration settings on the PC
Receive commands from a remote server

Titanium is particularly virulent due to its emphasis on stealth. The potential for mimicry within Titanium is strong as it can imitate a wide range of legitimate software. And it’s this skill for imitation which enhances Titanium’s ability to deceive and spread.

How Do You Tackle Titanium?

With its combination of multiple infection threats, ability to imitate and connection to remote servers, Titanium is a slice of malware you want to avoid. While it may be dangerous, it isn’t impossible to avoid. To keep one step ahead of Titanium make sure you practice the following:

Only install software that comes from a legitimate source e.g. purchased products and not illegal torrents
Make sure that network activity is continuously monitored to detect any unusual traffic
Double check all requests for software upgrades/firmware as these could easily be compromised by Titanium
Use a firewall at all times to help prevent unauthorized connections in and out of your network

Titanium may be very quiet at the moment – Kaspersky are yet to detect any current activity – but vigilance is recommended due to the forces behind it. By understanding the threat of Titanium you can ensure that your network is protected from yet another pressing threat.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Healthcare Data Leak: The Cloud is still Not Secure

Cloud, Cloud Backup, Cloud Storage, Ophtek, Password Security, Security, Security Threatscloud, Ophtek, passwords, security, update, vulnerabilityOphtek, LLC

Oct 2019

Cloud computing is seen as the future of IT, but concerns regarding its security remain. A case in point is the Freedom Healthcare Staffing leak.

Compromised data is always associated with various dangers and problems, but these are always magnified when the data at risk is personal. And the employees of Freedom Healthcare Staffing (FHS) now know what this feels like. Around 957,000 private records were found to be readily available to anyone with an internet connection. These records included drug test records, recruitment details and in-house communications among more technical networking details. Not only were these records available, but the opportunity to edit and delete this data was also an option.

As more and more organizations are moving towards cloud computing, it’s important to understand where FHS went wrong. Let’s see what we can find out.

What Happened with FHS?

The unsecured data at FHS was compromised for one reason and one reason only: negligence. The folder, which contained close to a million records, was on a publicly available drive and had no password protection. Therefore any web browser, such as Chrome or Firefox, could access the data without providing any administration credentials. To make matters worse, the technical data that was visible in this folder provided an opportunity for hackers to delve even deeper into the FHS network. After a security researcher from Security Discovery analyzed this compromised database they informed FHS and all records were quickly secured.

Why is Cloud Security So Lax?

Cloud storage is a relatively recent development in IT, so it should come as no surprise that there are teething problems with the technology. But this doesn’t mean data should be left unsecured. Unfortunately, many consumers feel as though the responsibility of their data security should lie purely with the cloud provider. This approach, as FHS discovered, can be highly dangerous. You only have to take a look at the attacks taking place on cloud based data to understand why.

Organizations need to adopt a shared responsibility mindset in order to protect their cloud. And this should incorporate the following:

Ensure that all folders on your networks are only accessible to those who need them. Regardless of whether this folder is on your local network or in the cloud it needs to have the correct protection in place.
Part of your cloud provider’s service will include installing patches and upgrades, but this will only be relevant to your cloud software. Software updates, such as patches for Windows 10, must be installed by your in-house teams immediately to prevent threats to your data.
Remember that many Internet of Things devices come already loaded with default passwords. This presents a major security risk to cloud computing, so it’s crucial you change all default passwords before the devices go live on your network.

Enhanced knowledge will, with time, allow us to understand the limitations of cloud security, but as FHS discovered it’s important to take a proactive approach immediately.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Reductor Malware Brings a New Threat to Data Security

Data Security, Internet, malware, Ophtek, Securityinternet, malware, Ophtek, security, vulnerabilityOphtek, LLC

Oct 2019

Each time that malware evolves it becomes more dangerous. And our data becomes less secure. A case in point is the Reductor malware.

We’re used to malware being used to download malicious files and open up remote access to infected PCs, but Reductor is different. It’s new and it does things differently. And it’s this unfamiliarity which makes it all the more dangerous. Focusing its target on web traffic, Reductor brings a new threat to data security. Combating it is crucial, but to do this you need to understand how Reductor works.

It’s not easy to understand how a new piece of malware operates, so let’s drill down into its core and see what we can discover.

The Basics behind Reductor

Reductor, which has only recently been uncovered by Kaspersky, is a sophisticated piece of malware. Its main objective is to compromise encrypted web traffic. But what does this mean? And how does Reductor achieve this? Well, when a website is secure it will use Hypertext Transfer Protocol Secure (HTTPS) to securely transmit data. And this allows sensitive data such as login and credit card details to be encrypted into nonsensical code. Anyone attempting to view this encrypted data will be unable to make use of it.

But Reductor allows hackers to view all of this sensitive data before it’s encrypted. It does this by compromising the Transport Layer Security (TLS) and manipulating the associated security certificates. Reductor also patches the pseudo random number generator (PRNG) to establish how the corresponding data will be encrypted. It’s then possible to decrypt any resulting data with ease. And, despite all this activity taking place, the web traffic does not exhibit any signs of having been altered. Therefore, Reductor is unlikely to arouse the suspicious of any infected users.

Staying Safe from Reductor

Web traffic contains such an immense amount of data that concealing it from prying eyes is crucial. Reductor aims to remove these barriers and exploit as much data as it can. But you can protect yourself by taking note of the following:

Reductor has been located within distribution software including WinRAR and Internet Downloader Manager, so proceed with caution when working with any third-party software.

The infection spread by Reductor appears to infect the Chrome and Firefox browsers, so it is advised that these are regularly scanned for unauthorized files.

Run any downloaded files through anti-malware software to limit the risk of executing carefully concealed malware.

Thankfully, following the discovery of Reductor, the majority of anti-malware manufacturers now offer protection against Reductor and the ability to block it.

Final Thoughts

Privacy concerns have become a major issue over the last decade with malware being at the forefront of this rise. And Reductor is only going to fan these flames further. It’s likely that malware will evolve into something even more sophisticated over the next couple of years, so it’s important to take note of any developments in malware. As ever, proceed with caution online and, most importantly, if something looks suspicious do not click it.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Out-of-Office Auto-Replies: A Major Threat to Security

Best Practices, cyber attacks, Cyber Security, Data Security, Ophtek, out-of-office, Safety, Security, spam emailemail, Ophtek, out-of-office, security, vulnerabilityOphtek, LLC

Sep 2019

If you’ve worked away from the office then it’s likely you’ve set an out-of-office auto-reply on your emails. However, this could be very dangerous.

The problem with most out-of-office auto-replies is that they’re usually teeming with sensitive data. And this is data that anyone can harvest simply by sending you an email. There’s no filter on who receives the auto-reply. It’s sent to everyone. And this opens you up to a whole world of danger.

Let’s take a closer look at what these dangers are and how you can avoid them.

The Dangers of Auto-Reply Emails

The type of out-of-office auto-reply email you’re likely to have sent in the past looks like this:

I will be out of the office during the week of October 21 – 27 at the Networking Conference in Houston, Texas. During this time please contact my assistant Ralph Smith on 555-2820 with any service-related issues. If you need to reach me directly then please call me on my cell at 555-1234 and leave a message

Peter Jones – Service Manager – Plant Manufacturing – Jones.Peter@plantmanf.com

This is an informative auto-reply and one that will help anyone that has a genuine interest in working with your business. But it also provides far too much information. It could compromise your safety and also the security of your organization. Social engineering is a criminal’s best friend and, in the above example, you have provided them with several pieces of valuable information:

Availability: It’s not recommended that you reveal where you are and how long you will be there for in an auto-reply. In the example above it advises that Peter will be away from the office and his home for a set amount of time. Criminals, therefore, could plan to rob his home or, even more audaciously, turn up at his office and try to gain access.

Signature: When you’re actively communicating with someone else in business it’s recommended to use a signature block at the end of your emails. This helps to underline who you are in the organization and the various ways you can be contacted. It’s an excellent communication tool, but only when it’s used wisely. You don’t want this information being sent to just anyone, so it’s best to remove this from your out-of-office auto-reply.

Live Email Address: When it comes to email-spam there’s nothing the spammers love more than a confirmation that their spam has landed. And, when you set up an auto-reply, this confirms to any spammer that your email address is live. This information is then logged, automatically by spam bots, and your email address added to further spam lists as a worthy target.

Chain of Command: It’s important to limit the organizational details in your out-of-office auto reply message, so revealing that, for example, Peter’s assistant is Ralph Smith is not a wise move. This not only helps to leak a further individual’s contact details, but it reveals an insight into the chain of command that’s in place. And this could allow a criminal to impersonate Ralph Smith to gain further access to your data.

Final Thoughts

The key to a safer out-of-office auto-reply is to provide minimal specifics when it comes to your excursion. You shouldn’t provide contact details and it’s safer to simply state that you’re unavailable when it comes to your location. By reducing the amount of sensitive data in your auto-reply you should be able to thwart any criminals and any security risks.

For more ways to secure and optimize your business technology, contact your local IT professionals.

« Previous 1 … 3 4 5 6 7 … 13 Next »

Tag Archives: vulnerability

How were the WordPress Sites Compromised?

Protecting Against the WordPress Hack

Where Did Titanium Come From?

What Does Titanium Do?

How Do You Tackle Titanium?

What Happened with FHS?

Why is Cloud Security So Lax?

The Basics behind Reductor

Staying Safe from Reductor

Final Thoughts

The Dangers of Auto-Reply Emails

Final Thoughts