Security researchers have discovered a security hole in Samsung, LG, Huawei, Sony, and other Android-based phones, leaving multiple users vulnerable to phishing attacks through text messaging. The exploit takes advantage of the over-the-air (OTA) provisioning. Security researchers discovered that the industry standard of OTA provisioning, Open Mobile Alliance Client Provisioning (OMA CP), can be hacked into, allowing attackers to pose as network operators, sending false OMA CP messages to users. If hackers successfully gain access to the OTA, they can use OMA CP to send messages similar to the one above. These messages will ask the user to install new settings on applications. Upon installing, all traffic will then be redirected through a proxy server owned by the attacker, allowing them to read sensitive information. Out of all Android devices affected, researchers agreed that Samsung is the most vulnerable to this attack. Due to the lack of authentication on received OMA CP messages, users only need to accept the CP to install the malicious applications on their phones. Phones from Huawei and Sony do have a secondary defense against CP messages through the International Mobile Subscriber Identity (IMSI). However, hackers can also obtain this relatively easily. One such way was to download a malicious app meant to read the IMSI off a user’s phone. Another way, which entirely bypasses the IMSI is if the attacker sends the user a text message asking them to accept and install a pin-protected OMA CP message. If the pin is entered, the malicious software will be installed on the phone, completely bypassing the IMSI. If you are unsure if the message on your screen is from a trusted supplier, you should contact your service provider before continuing the installation. Small precautions like this can save you both time and energy in the future and prevent your sensitive information from being read by untrusted individuals. If you are worried about the security of your devices, consider contacting Hammett Technologies! Our team of trained professionals will make sure all your connected devices remain secure and up to date, saving you the headache! If you would like to learn more about what we do, click here!
Following the cyber-attacks that occurred in Baltimore and Florida, last week, Monroe College in New York, had multiple campuses hit, and taken offline, by ransomware, crippling the college’s network. This has not just affected the school’s administrative departments; however; it has also hurt students and teachers. The ransomware is asking for an obscene $2 million for the safe return of the college’s data. Jackie Rugger, the executive director of public affairs at the college, said in an interview on Friday (07/12) with Inside Higher Ed that the school was still unsure who had carried out the attack, but that the school was actively working with local law enforcement and the FBI in order to determine where the attack originated from. There was no comment on whether the school would pay the $2 million ransom. For now, Rugger said, the school continues to operate. However, they have been forced to resort to using “historic” methods. Students and teachers have still been able to attend classes, with homework being turned in on paper. Ransomware infections are usually due to someone on the network falling victim to a phishing email scam. It is difficult to determine the severity and exact amount of ransomware attacks that occur daily, but cybersecurity firms believe that attacks are on the rise. What makes this attack different is that ransomware attacks that focus on colleges usually focus on a specific individual rather than the entire network, said Ben Woelk, according to Insider Higher Ed. He stated that this attack is demanding an amount of money he had ever witnessed before. Depending on how Monroe College reacts to this technological hostage situation could determine whether we see a string of upcoming ransomware attacks on colleges across the country. Cybersecurity analysts, as well as the FBI, believe that no business or institution should pay the ransom, should their network become infected. With no guarantee that the criminals would provide a key upon payment, it seems as though not paying would be a company’s best option. However, with ransomware, companies must understand that with each day, the ransom will continue to increase. In Baltimore, the city government refused to pay to ransom, opting to revamp its network, costing over $18 million. Therefore, despite the lack of reliability on criminals, businesses, and institution placed in this situation must come to terms with the lesser of two evils. At Hammett Technologies, our partners never have to worry about ransomware attacks. We use state-of-the-art cybersecurity software and hardware to ensure our partner’s data security, while not interrupting or slowing down their work process. Hammett Technologies practices prevention, halting cyber-attacks before our partners even know they were there. Want more information as to how we can help your business grow? Click here!
The Microsoft Defender Advanced Threat Protection Research Team have released a warning to all Windows users informing them that a notorious malware has resurfaced and has begun to spread once again. This malware, named Astaroth (The Great Duke of Hell), steals user credentials without ever needing to install malicious software. What makes this malware so notorious is not just that it deploys keyloggers and monitors the clipboard, aiding in its ability to steal login credentials, instead it does all this without downloading any executable file onto the user’s machine. The attack begins when the user opens a link within a phishing email. The link, unbeknownst to the user, opens a shortcut file which launches a terminal command that downloads and runs JavaScript code. From there the JavaScript pulls and runs two DLL files which do the dirty work of keylogging the user’s information and uploading it to the remote attacker. It does this entire process without the user ever knowing it is going on, raising serious concerns for businesses and personal machines. To stop the Malware, Anti-Virus programs need closely monitor how WMIC command-line code, applying rules to such code when necessary. This includes regularly checking the age of the files being called and flagging or completely blocking newly created DLL files. However, Microsoft’s anti-virus, as well as other anti-virus programs, have been updated to watch for such occurrences. Nevertheless, it is crucial that you remain cautious when online. Malware like this, even though modern anti-virus has been updated to watch for these suspicious actions, is not full proof. You should never look at your anti-virus as being the first line of defense; that what you are! If you are worried that an email may be a phishing scam, the chances are that it is. Always verify with the sender before you click on any links or download any files, and you will ensure that your computer and data remains safe! If you are worried that your business may be vulnerable to cyber attacks, contact Hammett Technologies! We use only the latest cybersecurity technology to ensure that your data is always safe. To find out more about what we can do to assist your company, click here!
Microsoft Teams is known for being a reliable chatting software that many businesses use for communicating and sharing documents within your company. We utilize Teams every day at Hammett Technologies and could not be happier with its overall ease of use, innovation, and productivity. However, recently, security researchers have discovered an exploit within the business chatting software from Microsoft. This exploit could potentially allow for malicious files to be downloaded and executed. How Can It Happen? Microsoft Teams utilizes the Squirrel project, which deals with installation and updating. Through the use of the “update” command, hackers can potentially upload and execute malicious files into Microsoft Teams. Along with this are other exploits, allowing for remote download and execution of malicious files. What Can I Do to Secure Teams? When it comes to computer viruses, the rule of thumb is always to make sure you and your team have strong passwords in place. This can deter unwanted guest from gaining access to your accounts and causing damage to your company. This rule applies here, as well. The only way malicious files can be uploaded Teams is through access, therefore, ensure that all members have strong passwords, ensure that permissions are set in place to ensure that those less trusted, or those with temporary access, are unable to upload or download documents. If you are unsure about the security of your Microsoft Teams environment, call Hammett Technologies! Our free assessment scans for issues like these and will bring security risks to your attention immediately. With us as your IT department, you can rest easy knowing your network, and online presence is secure! If you would like to find out more about what we can do for your company, click here!
Across the United States, hackers have been targeted cities through the use of ransomware. Ransomware is a malicious attack on a computer system which completely locks the user out of their computer until a “ransom” is paid (usually in bitcoins). For those who think paying the ransom will be the easiest option should be aware that there is no guarantee that, upon payment, a decryption key will be provided. What makes ransomware especially threatening is the timer that not only counts down how many days left the user has before all files are deleted but also increases the price of decryption each passing day. Ransomware attacks should not be news to residents of Maryland. A similar attack has plagued Baltimore’s city government for a while, and the price of recovery has skyrocketed to $18 million. As of today, Lake City, Florida, another US city infected with ransomware, has decided to pay the ransom in order to regain access to their technology network. Despite Lake City’s technology department successfully disconnecting all infecting computers within a matter of minutes the virus was able to snake its way through the entire government’s network, with the police and fire departments being the exception. Lack City, Florida government officials have agreed to pay a ransom of $500,000. Upon payment, Lake City was granted a recovery key after paying the ransom, something other cities should take note of. Baltimore and Lake City are not the only two cities to have been plagued with the attack. Other cities such as Lynn, Massachusetts, Cartersville and Jackson County, Georgia have also been faced with this serious cyber-attack. These attacks, while expensive to fix, are a wakeup call to local governments. Ransomware is often targeted and successful on outdated systems, something each of the cities listed had. In order to combat these issues, and ensure they do not happen again, regular maintenance, updates, and patches are not only necessary but required. These attacks not only cripple the state government, but they also hurt the general public.
A new adware exploit has been discovered recently. Named “Cavallarin” after its founder, the exploit allows for the unwarranted download of various ads onto the users Mac device, all while being trusted by Apple’s macOS Gatekeeper. How the Cavallarin Exploit Works The exploit takes advantage of Mac’s Gatekeeper protection service, allowing for malicious apps to trick the Gatekeeper into thinking they are Apple-certified applications, granting them elevated access to the device. This is a serious concern that Apple has yet to address, even after Filippo Cavallarin approached them with the discovery. When the Gatekeeper is operating properly, it will prompt the user, informing them that the application they are attempting to install is not Apple-certified and could be hazardous. However, if the application takes advantage of the exploit, this prompt will never occur, and the device will become infected. How to Prevent Your Mac Device from Exploitation For now, the easiest method of prevention would be to only download applications that are 100% known to be Apple-certified. Even then, it is smart to remain vigilant regarding any application you are download, always airing on the side of caution. For now, with no comment from Apple regarding the exploit yet, it is hard to say when a patch will be created and pushed to users. If you are still worried about the potential exploitation of your device, Intego’s free VirusBarrier Scanner is able to check your system for apps using the exploit. These threats will appear as “OSX/Linker.”
The internet can be a dangerous place. Therefore, as we traverse the digital landscape we must always stay on high alert! Recently, a new type of phishing email has hit our digital world. Be one the lookout for emails that are from my-sharepointdrive@notification.messages365.org. At first glance, this email appears to come from Share Point, giving oneself a false sense of security, but do not be fooled! This email, if opened, will contaminate your computer. This false sense of security is only further by the header of the message reading “This mail is from a trusted sender.”. If you receive a message that looks like this, do not open the attachment! When you receive a suspicious email, always make sure to carefully go over the sender information. Ask yourself these questions: “Do I know this sender?” and “Does this email pertain to something I am familiar with?”. Even if you can answer “yes” to both questions, you should remain vigilant. Always be on the look out for anything that is out of place or suspicious. By playing it safe and paying attention you will save yourself both time and money! At Hammett Technologies we put your online security as a top priority. Be with a team you can trust, become a Hammett Technologies Partner today!
- 1
- 2