vulnerability Archives - Page 5 of 12

Reductor Malware Brings a New Threat to Data Security

Data Security, Internet, malware, Ophtek, Securityinternet, malware, Ophtek, security, vulnerabilityOphtek, LLC

Oct 2019

Each time that malware evolves it becomes more dangerous. And our data becomes less secure. A case in point is the Reductor malware.

We’re used to malware being used to download malicious files and open up remote access to infected PCs, but Reductor is different. It’s new and it does things differently. And it’s this unfamiliarity which makes it all the more dangerous. Focusing its target on web traffic, Reductor brings a new threat to data security. Combating it is crucial, but to do this you need to understand how Reductor works.

It’s not easy to understand how a new piece of malware operates, so let’s drill down into its core and see what we can discover.

The Basics behind Reductor

Reductor, which has only recently been uncovered by Kaspersky, is a sophisticated piece of malware. Its main objective is to compromise encrypted web traffic. But what does this mean? And how does Reductor achieve this? Well, when a website is secure it will use Hypertext Transfer Protocol Secure (HTTPS) to securely transmit data. And this allows sensitive data such as login and credit card details to be encrypted into nonsensical code. Anyone attempting to view this encrypted data will be unable to make use of it.

But Reductor allows hackers to view all of this sensitive data before it’s encrypted. It does this by compromising the Transport Layer Security (TLS) and manipulating the associated security certificates. Reductor also patches the pseudo random number generator (PRNG) to establish how the corresponding data will be encrypted. It’s then possible to decrypt any resulting data with ease. And, despite all this activity taking place, the web traffic does not exhibit any signs of having been altered. Therefore, Reductor is unlikely to arouse the suspicious of any infected users.

Staying Safe from Reductor

Web traffic contains such an immense amount of data that concealing it from prying eyes is crucial. Reductor aims to remove these barriers and exploit as much data as it can. But you can protect yourself by taking note of the following:

Reductor has been located within distribution software including WinRAR and Internet Downloader Manager, so proceed with caution when working with any third-party software.

The infection spread by Reductor appears to infect the Chrome and Firefox browsers, so it is advised that these are regularly scanned for unauthorized files.

Run any downloaded files through anti-malware software to limit the risk of executing carefully concealed malware.

Thankfully, following the discovery of Reductor, the majority of anti-malware manufacturers now offer protection against Reductor and the ability to block it.

Final Thoughts

Privacy concerns have become a major issue over the last decade with malware being at the forefront of this rise. And Reductor is only going to fan these flames further. It’s likely that malware will evolve into something even more sophisticated over the next couple of years, so it’s important to take note of any developments in malware. As ever, proceed with caution online and, most importantly, if something looks suspicious do not click it.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Out-of-Office Auto-Replies: A Major Threat to Security

Best Practices, cyber attacks, Cyber Security, Data Security, Ophtek, out-of-office, Safety, Security, spam emailemail, Ophtek, out-of-office, security, vulnerabilityOphtek, LLC

Sep 2019

If you’ve worked away from the office then it’s likely you’ve set an out-of-office auto-reply on your emails. However, this could be very dangerous.

The problem with most out-of-office auto-replies is that they’re usually teeming with sensitive data. And this is data that anyone can harvest simply by sending you an email. There’s no filter on who receives the auto-reply. It’s sent to everyone. And this opens you up to a whole world of danger.

Let’s take a closer look at what these dangers are and how you can avoid them.

The Dangers of Auto-Reply Emails

The type of out-of-office auto-reply email you’re likely to have sent in the past looks like this:

I will be out of the office during the week of October 21 – 27 at the Networking Conference in Houston, Texas. During this time please contact my assistant Ralph Smith on 555-2820 with any service-related issues. If you need to reach me directly then please call me on my cell at 555-1234 and leave a message

Peter Jones – Service Manager – Plant Manufacturing – Jones.Peter@plantmanf.com

This is an informative auto-reply and one that will help anyone that has a genuine interest in working with your business. But it also provides far too much information. It could compromise your safety and also the security of your organization. Social engineering is a criminal’s best friend and, in the above example, you have provided them with several pieces of valuable information:

Availability: It’s not recommended that you reveal where you are and how long you will be there for in an auto-reply. In the example above it advises that Peter will be away from the office and his home for a set amount of time. Criminals, therefore, could plan to rob his home or, even more audaciously, turn up at his office and try to gain access.

Signature: When you’re actively communicating with someone else in business it’s recommended to use a signature block at the end of your emails. This helps to underline who you are in the organization and the various ways you can be contacted. It’s an excellent communication tool, but only when it’s used wisely. You don’t want this information being sent to just anyone, so it’s best to remove this from your out-of-office auto-reply.

Live Email Address: When it comes to email-spam there’s nothing the spammers love more than a confirmation that their spam has landed. And, when you set up an auto-reply, this confirms to any spammer that your email address is live. This information is then logged, automatically by spam bots, and your email address added to further spam lists as a worthy target.

Chain of Command: It’s important to limit the organizational details in your out-of-office auto reply message, so revealing that, for example, Peter’s assistant is Ralph Smith is not a wise move. This not only helps to leak a further individual’s contact details, but it reveals an insight into the chain of command that’s in place. And this could allow a criminal to impersonate Ralph Smith to gain further access to your data.

Final Thoughts

The key to a safer out-of-office auto-reply is to provide minimal specifics when it comes to your excursion. You shouldn’t provide contact details and it’s safer to simply state that you’re unavailable when it comes to your location. By reducing the amount of sensitive data in your auto-reply you should be able to thwart any criminals and any security risks.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Don’t Make these Password Mistakes

Ophtek, Password Security, PC Security, SecurityOphtek, passwords, security, vulnerabilityOphtek, LLC

Sep 2019

Your PC network’s first line of defense is usually a password. But if you’re working with bad passwords then you run the risk of compromising this security.

Almost every computer application requires a password to access it. And, in business, these passwords can provide access to numerous terminals and networks. A lot of data is available on these computer systems and this is why security should always be a priority. However, your security can only be as strong as your first line of defense. And if your passwords are weak then your organization’s security is going to be equally weak.

There are certain mistakes associated with weak passwords that need to be eliminated from your business to keep it safe and secure. Let’s take a look at some of the most common password mistakes:

Writing it Down: All over the country there are thousands of Post-It notes containing secure login details that are attached to PCs. This is a major security risk. Passwords need protection of their own. If they’re on display for the entire world to see then, that’s right, the entire world can take advantage of them. Instead, memorize the password or invest in a password manager.

Sharing Passwords: Although not quite as severe as writing your password down, sharing passwords with colleagues is still a guaranteed method of weakening your password. It may feel as though sharing your password – if, for example, you’re away from the office and a colleague needs to access a document on your PC – is a safe move, but there is no guarantee that your PC will remain secure. If you do have to share your password then make sure you change it as soon as possible.

Using the Same Password: You should never use the same password across multiple applications. If you do favor recycling your passwords in this manner then you can easily fall victim to password bots. These automated pieces of code are loaded up with login details – usually purchased on the dark web – and then instructed to try and gain access to other websites with them. So, if your LinkedIn login details have been hacked, it’s possible for a hacker to use a bot to try these details in Gmail, Twitter and Instagram. And, if the details are the same, you’re going to get hacked.

Based on Personal Details: An easy method for formulating a password that you can remember is by basing it on some personal details. So, for example, you may use your date of birth or your mother’s maiden name. It’s unlikely you’ll forget these, so you won’t have to write them down and compromise their security. The only problem is that personal details can easily be accessed by others. And this is never truer than in the digital age where our personal details are splashed all over our social media accounts.

Too Simple: A password needs to be complex, so working with passwords such as ‘123456’ and ‘Password’ is a poor strategy. However, due to the ease with which these can be remembered, many people use them as passwords. And hackers are aware of this. What you really want is a password which is unusually complex e.g. one that doesn’t contain recognizable words or number sequences.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Windows Hit by New Enabler Malware

Cyber Security, malware, Ophtek, Security, Security Threatsmalware, Ophtek, security, update, vulnerabilityOphtek, LLC

Aug 2019

Malware is well known for infecting systems and causing major problems from the second it’s executed. But certain strains of malware act as an enabler.

Security researchers have recently discovered one of these enablers and dubbed it SystemBC. It’s important to stress that SystemBC isn’t an immediate attack. However, it’s just as dangerous as your everyday malware. If not more dangerous. And this is why understanding how an enabler works is crucial for the security of your organization.

It’s always important, where PC security is concerned, to be proactive. So, to help you enhance your organization’s defenses, we’re going to run over the principles of the SystemBC malware.

What is the SystemBC Malware?

The simplest definition of SystemBC is that it enables other malware to unleash attacks. But how does it do this? The answer lies within SOCKS5 proxies. The average PC user will be unaware of what SOCKS5 proxies are, but this doesn’t mean they are impossible to understand. SOCKS5 is a method of internet communication that takes place between a client and a server. And it’s most commonly used in authorizing access to servers.

SystemBC takes advantage of these SOCKS5 proxies to overcome security systems and exploit vulnerabilities. The main method of exploitation is to illegally access a server and then install a command and control (C&C) server. With this C&C in place, SystemBC has the ability to cloak traffic and activity from other malware which can then spread outwards through the server.

How is SystemBC Distributed?

SystemBC has, at the time of writing, been discovered in both the Fallout and RIG exploit kits. These kits allow hackers to package together several different exploits in one product. These assorted exploits can work in synchronicity with each other or independently. And this makes them very dangerous. The Fallout and RIG exploit kits tend to focus on vulnerabilities in Flash and Internet Explorer, an approach which is exceptionally common when it comes to hacking.

Protecting Your Organization from SystemBC

The key to protecting your server from the threat of SystemBC is by being vigilant. Software patches remain the number one preventative measure when it comes to combating vulnerabilities. Software developers release these on a fairly regular basis, but also in emergencies when major vulnerabilities are discovered. And they need to be installed immediately. An exposed entry point to your network is a major threat to your security and plugging it is crucial.

One of the major problems facing organizations, in terms of IT security, is the use of legacy systems. These are systems which no longer receive support from their developers. If a vulnerability is discovered in such a system then it will remain there. It will not be resolved. Therefore, it’s vital that your organization regularly assesses the suitability of your PC systems for engaging with the internet. If a particular part of your network is no longer supported then it’s time to replace it. Otherwise you could soon find malware such as SystemBC making its home on your server.

For more ways to secure and optimize your business technology, contact your local IT professionals.

What are Malicious Websites?

Adobe Flash, anti malware, Company Updates, Hackers, malicious code, malware, Ophtek, PC Security, SecurityOphtek, security, update, updates, vulnerabilityOphtek, LLC

Aug 2019

We visit websites on a daily basis, but how do we know how safe they are? No matter how genuine they look there’s every risk they’re a malicious website.

It’s estimated that up to 18.5 million websites are infected with malicious content. That’s around 1% of the total number of websites online. It may not sound a huge percentage, but it’s a percentage that could cause your business significant trouble. And it’s a problem that most organizations aren’t entirely clear on. Malicious emails, for example, are well known due to the scare stories that flood our newsfeeds. But we’re less informed about malicious websites. And that’s what makes them dangerous.

However, if you’re able to understand the basics of a malicious website then you’re going to be in a much better position to avoid falling victim. So, what are malicious websites?

What is a Malicious Website?

A malicious website is like any other website on the internet: you connect to it with a browser. But if you dig a little deeper you’ll soon realize why it’s unlikely to become one of your favorite websites. The main objective of a malicious website is to install malware on to your PC. And, in most cases, it won’t even ask permission. The moment that you land on a malicious website is the moment that the malware starts downloading.

But why is a malicious website so misleading? Well, hackers are incredibly clever and they’re even more deceptive. That’s why they design malicious websites to look as genuine as possible. We, as humans, make quick decisions based on first impressions and, in this busy digital age, this is never truer than when online. Malicious websites take full advantage of this. And the false layer of trust that this engenders can soon lead to us clicking on links that we really shouldn’t.

How Do You Protect Yourself from Malicious Websites?

No one wants to fall victim to a malicious website. But, without a prior knowledge of how to protect yourself, this is difficult. Thankfully we’re here to make things easier. That’s why we’ve put together this amazing set of safety tips:

Always keep your software updated and install the latest patches as soon as possible. Malicious websites are often used to distribute malware that targets software vulnerabilities. With this updated protection in place you can minimize one of the main threats of malicious websites.
It’s vital that you never install any software you’re unfamiliar with. Malicious websites are sometimes courteous enough to ask permission before installing their malicious content. And it’s easy to click the Yes button just to clear the screen of yet another pop-up window. But it can spell disaster for your PC. Therefore, always read pop-up windows carefully and, if you don’t trust it, leave that website immediately.
If you’re sent a link to a website that’s unfamiliar then you shouldn’t click it. But you should do some research first. The best way to verify a mystery link is to type that link into the search box of a search engine. The results should soon highlight whether that web address is trustworthy or dangerous.
Install internet security software that can identify malicious websites before they’re loaded up. Knowledge of malicious websites can spread quickly and this has led to massive databases being created to help alert users to those that contain a threat.

For more ways to secure and optimize your business technology, contact your local IT professionals.

« Previous 1 … 3 4 5 6 7 … 12 Next »

Tag Archives: vulnerability

The Basics behind Reductor

Staying Safe from Reductor

Final Thoughts

The Dangers of Auto-Reply Emails

Final Thoughts

What is the SystemBC Malware?

How is SystemBC Distributed?

Protecting Your Organization from SystemBC