We are now in week two of National Cybersecurity Awareness Month. And this week has an important theme, "Fight the Phish!" We have talked about phishing before, and this won't be the last time we talk about it. Phishing is one of the most common ways hackers gain access to secure networks and trick people into giving away their personal information. Because of this, it is vital to cybersecurity that you understand how to identify and handle phishing attempts.
The Lighthouse IT Podcast - 18th, 2020
Matt and Griffin discuss Malicious Wallpapers, Phishing Trends, Coors wanting to send you to your Zoom background, Labor Day deals actually focusing on jobs, and the fabled TikTok deal coming to a close!
Listen here! Want to get straight to the news? Go to the 5:05 minute mark.
Could your wallpaper be trying to steal your credentials?
Well it turns out that new rubber-ducky theme you downloaded for your Windows 10 computer might just be an attempt to steal your credentials. Our friends over at Bleeping Computer and Sophos have both published similar findings that the Windows 10 theme files can be used to pass credentials to a third party. In the Sophos study, they setup a server to spoof or "phish" credentials by requesting files (such as the wallpaper background) from a remote resource and using an authentication prompt to look similar to a normal Windows credential prompt. By trying to convince you that you need to enter your local credentials to continue, the remote server stores and serves the files appropriately - but now your account has been compromised.
In the Bleeping Computer study, they stepped it up another notch and were able to use a Pass-the-Hash attack using an remote SMB server. SMB is used by Windows for sharing files between computers and is largely trusted. When your computer attempts to access an SMB share, it will automatically pass a hash of your credentials to the other computer to attempt to login. In normal circumstances, this makes connecting to SMB shares painless, but in this example, the hash is stored by the remote server and can be used later by de-hashing tools to attempt to determine your username and password.
While right now these both show great ways to determine your username and password, image files have also had some history in the past of remote code execution issues - meaning it could be possible that if another vulnerability is found in an image library, it could be a one stop shop for installing a malicious payload AND getting your account information to install itself.
The Lighthouse IT Podcast - July 10th, 2020
Matt and Griffin discuss how Microsoft estimates that the global workforce will add 149 million new tech-oriented jobs by 2025, Free/Easy DNSSEC Upgrades for your site, Google's one year SSL certificates, Google testing feature to hide parts of the URL in Chrome’s address bar, and Reddit and Pinterest, It’s Time to Shine.
It's been some time since lockdowns were in place and businesses have now begun to re-open. With all the negative news that had been floating around, we have some perks coming from lockdown. Microsoft estimates that the global workforce will add 149 million new tech-oriented jobs by 2025. The job industry is shifting to roles that can be completed remotely. Other studies are showing that the automation space is expected to grow handily as well as remote workers are needing better workflows that rely less on manual and physical processes.