by Carceron | Feb 6, 2022 | Techminutes
When Apple first released iOS 15 they posted a promise on their website. That promise was: “If you’re using iOS or iPadOS 14.5 or later, you might now see the option to choose between two software update versions. This option allows you to choose between updating to the latest version of iOS or iPadOS 15 as soon as it’s released, or continuing on iOS or iPadOS 14 while still getting important security updates for a period of time.” Although the promise specifically states “for a period of time” many users assumed it would be forever or at least indefinitely. It isn’t and Apple just pulled the plug on iOS 14 support. There won’t be any more. In some ways that’s disappointing but it’s not really a surprise. It is disappointing because most companies continue offering support to older products for a full year at least and in Apple’s case it hasn’t been that long. On the other hand, it is not surprising because it’s clear that Apple really wants people to upgrade to iOS 15. If it gets a little too heavy-handed to make that happen the company has now demonstrated a willingness to do so. Unfortunately, based on Apple’s own statistics fully 30 percent of their user base is running iOS 14. That means by pulling the plug they’re essentially leaving about a third of their user base to fend for themselves in terms of security updates they’re no longer getting. Yes this will provide a powerful incentive for them to upgrade but given Apple’s reputation, that seems a bit out of character. At the root the issue...
by Carceron | Feb 5, 2022 | Techminutes
Scammers delight in impersonating government agencies and well-known brands to lure email recipients into giving up their personal information. That information is then either exploited directly or sold to the highest bidder on the Dark Web. Have you ever wondered which agencies, companies or brands are the most imitated by these attackers? Whether you have or not it should come as no surprise that someone is tracking that. Security firm Checkpoint is tracking it to be precise. Quite often Microsoft tops the list but this year they’ve been dethroned by shipping company DHL. That may not be surprising given the realities of the pandemic and the rise in popularity of online shopping. Here is the list of the top ten for this year from their report: DHL (impersonated in 23 percent of all phishing attacks, globally) Microsoft (20 percent) WhatsApp (11 percent) Google (10 percent) LinkedIn (8 percent) Amazon (4 percent) FedEx (3 percent) Roblox (3 percent) Paypal (2 percent) Apple (2 percent) The specific lure used in each of these cases varies wildly. For instance, when a scammer spoofs a shipping company the email is typically some variation of “we’re trying to deliver a package to you but are having problems, press this button for more information.” While PayPal scams typically go the route of “Your account has been temporarily suspended. Please click here to verify your information.” Microsoft and Google are commonly spoofed in various software giveaway schemes. Or in the case of Google some variation of “click here to claim your free Chromebook.” Now that you are armed with a list of the most often imitated...
by Carceron | Feb 4, 2022 | Techminutes
There was a recently discovered issue with the way the IndexedDB API was implemented in Safari’s WebKit engine. This is giving IT professionals who work in an environment dominated by Apple products heartburn. The faulty implementation allows or could allow an attacker to intercept leaking browser activity in real time including the user IDs associated with vulnerable machines. Indexed DB is a commonly used API that has a robust client-side storage system with no capacity limits. Normally it is used for caching web application data so users can view it offline at a later date but of course, it can also be used to store sensitive information. To prevent data leaks IndexedDB developers followed the “same-origin” policy which controls which resources are allowed to access each piece of data. Unfortunately, researchers at FingerprintJS discovered that the IndexedDB API doesn’t follow the same-origin policy used by Safari 15 on macOS and the difference in policy could lead to the disclosure of sensitive information. In order to be impacted by this issue a user has to log onto websites like YouTube and Facebook or visit service portals like Google Keep or Google Calendar. Doing so creates a new IndexedDB database and appends the Google Username. According to the researchers who first discovered the bug: “We checked the homepages of Alexa’s Top 1000 most visited websites to understand how many websites use IndexedDB and can be uniquely identified by the databases they interact with. The results show that more than 30 websites interact with indexed databases directly on their homepage, without any additional user interaction or the need to authenticate. We suspect...
by Carceron | Feb 3, 2022 | Techminutes
There’s a new strain of malware called SysJoker to be mindful of. It’s especially dangerous because it can target Windows, Mac or Linux systems. That makes it an equal opportunity strain. Researchers at Intezer are credited with discovering the malware in the wild in December of 2021 during an investigation of an attack on a Linux server. The group was able to obtain samples of the virus for analysis and have concluded that SysJoker is a nasty piece of work indeed. Written in C++, the malware strain is cunningly constructed to evade detection on all three Operating Systems. In fact, it’s so good at evading detection that none of the 57 antivirus programs the Intezer researchers tested were able to detect the presence of the malware. SysJoker is harmless by itself but that is by design. It is a first-stage dropper and its only job is to gain a foothold in a target network. Once there it will sleep for two minutes before creating a new directory and then copy itself to that directory all while disguised as an Intel Graphics Common User Interface Service (“igfxCUIService.exe”). According to the Intezer report, this is what happens next: “…SysJoker will gather information about the machine using Living off the Land (LOtL) commands. SysJoker uses different temporary text files to log the results of the commands,” explains Intezer’s report. These text files are deleted immediately, stored in a JSON object and then encoded and written to a file named “microsoft_Windows.dll”.” When that is done, the malware creates persistence by adding a new registry key (HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun). Random sleep times are interposed between all...
by Carceron | Jan 31, 2022 | Techminutes
According to the latest Gartner’s statistics, a total of 339.8 million personal computers were shipped in 2021. That was up from 309.1 million in 2020 which amounts to about 10 percent growth in the market. The company noted that the fourth quarter of 2021 saw a 5 percent drop compared to last year, which may be signaling the end of the pandemic-fueled growth in sales. Lenovo is the PC maker that has been top of the charts in recent years and they were once again in the top spot accounting for nearly a quarter (24.7 million) of PCs shipped in the year that just ended. HP was not far behind them with a 21.8 percent share, or 74.2 million units shipped. Then we have Dell bringing up the top three scoring 17.6 percent of the market with 59.7 million PCs shipped. Apple was at the top of the second tier with a 7.6 percent share of the market and shipping 24.3 million units. Acer and Asus rounded out the top six. The interesting thing about the Gartner analysis is that it stands in stark contrast to rival Canalys’ projection that 2022 will be another year of record PC sales. As Gartner sees it, the pandemic fueled a one-off, not-to-be-repeated surge in demand and points specifically to the 4th quarter data point as a sign that demand is slowing. Canalys sees it differently and cites supply chain issues as the main driver behind the 4th quarter slowdown. Canalys insists that demand will remain strong throughout this new year. Both companies have a very good record when it comes to predicting...
by Carceron | Jan 31, 2022 | Techminutes
Chalk up another first for the hackers. For the first time that we know of, a successful hacking attack caused prisoners in New Mexico to be confined to their cells for a time. The Metropolitan Detention Center in Bernalillo County, New Mexico went into lockdown on January 5th of this year (2022) when hackers infiltrated the prison system’s network and deployed a malware payload. For the duration of the system outage the prison cells could not be opened. While the incident was not reported at the time, details came to light indirectly when the attack and its effects were referenced in court documents. One public defender representing the inmates suggested that their Constitutional rights had been violated due to the incident, which meant that visitations were cancelled. In addition to the uproar it caused among the prison population, a number of the local government’s databases appear to have been corrupted. Until functionality was restored the employees of the prison could not access camera feeds or access any inmate data. Of course, the physical keys carried by the guards still worked. However, given the situation, the Warden placed the entire facility on lockdown for the duration of the incident. Full functionality was restored by the afternoon of January 5th. Few additional details have been revealed about the attack. We don’t even know what sort of malware was deployed. Only that the system is “still being repaired,” according to country officials, and that certain systems are still being impacted. Unfortunately, the issue has prompted Federal Law Enforcement’s involvement as the prison was already under fire for poor conditions. What happens next...
(770) 424-3393
Atlanta, GA 