by Carceron | Feb 13, 2022 | Techminutes
Google partner Zimperium zLabs has recently discovered a sophisticated scam targeting more than 100 million Android users. The scam has been in operation right under Google’s nose for nearly two years. The scam has now been shut down by Google but while it was in operation, it spanned some 470 Android apps on the Play Store. It was quietly subscribing users who installed the infected apps to a premium service that charged $15 USD per month through Direct Carrier Billing (DCB). The decision to leverage DCB is both brilliant and terrifying. It’s a legitimate mobile payment option that allows people to pay for digital content from the Play Store either via their pre-paid balance or post-paid with a bill. Oftentimes, a user would be subscribed to a premium service for months before they noticed. While that was happening, the scammers behind the attack (dubbed Dark Herring by the group that discovered it) were raking in profits from some 106 million Android users spread over more than 70 different countries. Each of the hundreds of different apps that were infected with the malware had a different identifier. That means the scammers were able to track (with some granularity) which apps were bringing them in the most illicit profits. One thing that this attack really underscored is how hard it is to stop something like this that has a global footprint. Consumer protection laws vary wildly from one country to the next. So while users in some countries may have legal recourse, users in most other countries have no protection at all. They’re simply out the money. In any case kudos...
by Carceron | Feb 11, 2022 | Techminutes
There’s good news for Apple users. The company has been busy and has recently released security updates that address two Zero-Day vulnerabilities. These are security flaws that could be exploited by hackers to cause no end of trouble to anybody running macOS or iOS. The first Zero-Day addressed is being tracked as CVE-2022-22587 and is a nasty memory corruption bug that impacts macOS Monterey, iPadOS and iOS. The second issue the company focused on was a Zero-Day bug in Safari’s WebKit and it impacted users running iPadOS and iOS. Tracked as CVE-2022-22594 this allowed websites to track your browsing activity and user identities in real time. If you’re running an OS version earlier than 15.3 you are vulnerable to both exploits. Note that Apple has found evidence that they are actively being exploited in the wild. To protect yourself you’ll want to update to 15.3 as soon as possible. These two represent the first Zero-Day bugs that Apple has tackled in 2022 which makes them significant. It’s also proof positive that the company isn’t sitting back and resting on its laurels. They’re actively taking the fight to the hackers and addressing security flaws head on and at a rapid clip. It’s very good to see but last year Apple seemed to be chasing an unending stream of Zero-Day flaws. Here’s hoping that this year will see relatively fewer of them. Even if that proves not to be the case, Apple has and continues to demonstrate how seriously they take the security of their user base. Whatever happens one thing we can say with certainty is that 2022 is bound...
by Carceron | Feb 11, 2022 | Techminutes
One of the most persistently frustrating aspects of our highly interconnected world is that we seem to exist in at least three different distinct ecosystems. Apple users live in the Apple ecosystem which encompasses both its mobile products and its PCs. Windows users live in the Windows ecosystem which encompasses both laptops and desktops but leaves mobile devices out in the cold. Of course, Android users live in their own ecosystem which is mobile-centric. By design there’s almost no overlap between these spheres and that’s a pity. Microsoft thinks so, too. As part of their ongoing Windows 11 development they’re rolling out a feature that will allow users to run Android apps in a virtualized environment on their PCs. This is huge news and a first tentative step that begins to bridge the divide between the various ecosystems. Imaging installing a fun game on your Android based phone and then being able to pick up where you left off when you’re sitting at your Windows PC. Or imagine downloading some type of productivity app on your Android phone and leveraging your PC to get even more out of it. Both of those are now possible with the latest release of Windows 11. If you’re an early adopter of Windows 11 you probably already know what the most recent build contains. If you aren’t aware, in addition to the Android app functionality the latest build also sports a new look for Notepad, Media Player, and a raft of taskbar and other improvements. Even better is that the company is reporting that Windows 11 adoption rates are even higher than the...
by Carceron | Feb 10, 2022 | Techminutes
There is a new phishing campaign to keep a watchful eye on according to email security firm INKY. It’s a particularly fiendish one. The attackers have designed an email template that does an admirable job of imitating the look and feel of emails sent from the US Department of Labor. These are being sent out to recipients asking them to submit bids for an ongoing DOL project with the specifics of the project varying from one email to the next. The emails are professionally and meticulously arranged. Thanks to some clever spoofing they appear to come from an actual Department of Labor server. Naturally they do not come from the DOL, and there are no ongoing projects that require the Department of Labor to blindly spam out emails seeking bids. Nonetheless, an unwary recipient could easily be taken in by the scam and click the “Bid” button embedded in the email. That button is of course masking a malicious link which will take the email recipient to one of the phishing sites controlled by the scammers. Like the emails themselves, these spoofed sites look completely legitimate. A comparison of the HTML and CSS on the scam sites with the actual Department of Labor reveals that they have identical code behind them which is clear evidence that the scammers scraped those sites and used the code to create their own copies. What’s different is the fact that the scam site includes a pop-up message that is there seemingly to guide the email recipient through the bidding process. What it’s really doing is moving the potential victim closer to giving up...
by Carceron | Feb 8, 2022 | Techminutes
Cisco recently discovered a critical security flaw in their Cisco Redundancy Configuration Manager (RCM) for Cisco StarOS. The vulnerability allowed an attacker to execute code arbitrarily and gain root-level access on any device suffering from the vulnerability which is being tracked as CVE-2022-20649. The good news is that Cisco responded with blistering speed and this issue has already been patched. Based on the best intelligence currently available, there were no examples of this exploit having been used ‘in the wild’ so the company was able to catch and correct it before hackers got wind of it and started taking advantage of the flaw. The company explained how the flaw could be used in a recent blog post, which read in part as follows: “A vulnerability in Cisco RCM for Cisco StarOS Software could allow an unauthenticated, remote attacker to perform remote code execution on the application with root-level privileges in the context of the configured container. An attacker could exploit this vulnerability by connecting to the device and navigating to the service with debug mode enabled. A successful exploit could allow the attacker to execute arbitrary commands as the root user.” They still could so if your company uses Cisco RCM for StarOS 21.25.3 or below you’ll want to grab the 21.25.4 version at your earliest opportunity. Kudos to Cisco for their rapid response here. It’s still early in the year so we’re bound to see several other issues like this but when they occur if every company responds the way Cisco did here it stands to be a good year indeed. Of course, that’s unlikely to happen but...
by Carceron | Feb 7, 2022 | Techminutes
The WP HTML Mail plugin has been installed on more than 20,000 websites. If you’ve built a WordPress site for your business and you use that plugin, be aware that you are at risk. A high severity security flaw was recently discovered in the plugin that could allow an attacker to perform a code injection style attack that allows the attacker to send phishing emails to the site’s registered users. The plugin is popular because it is compatible with a wide range of other plugins including BuddyPress, Ninja Forms, WooCommerce, and others. The plugin isn’t as wildly popular as many others and doesn’t boast an overly impressive number of total installations. However, many of the sites that do use it have large audiences which means that this flaw puts more people at risk than first meets the eye. The flaw is being tracked as CVE-2022-0218 and was discovered on December 23rd of last year (2021). As of now the plugin’s developer has released a patch that addresses the issue. If you use the plugin check your version number. If you’re using anything earlier than 3.1 update to 3.1 or later right away to protect yourself, your reputation, and the customers who have registered on your site. The last thing you want is for your company to get a black eye when your customers start complaining about a flood of scam emails that start hitting their inboxes right after they create an account on your site. Although the plugin developer took nearly a month to address the issue they did address it and we give them kudos for that. Here’s...
(770) 424-3393
Atlanta, GA 