Friday, September 27, 2019

Your Google Calendar Settings May Be Sharing Your Info

Twelve years ago, Google introduced a new feature to Google Calendar that allowed users to share their calendars with others.  It's a great feature and invaluable in a corporate environment because it gives teams an easy way to collaborate.  Google itself even touted the "make it pubic" feature of their calendar as being a cool way to use their search engine to discover upcoming events.

Unfortunately, as with most things, there's a potential downside.  Recently, a security researcher named Avinash Jain discovered more than 8,000 publicly accessible Google Calendars, searchable via Google's own search engine.  Many of these calendars contain sensitive information (which is bad enough), but worse, they allow any user to add new events that can cause real harm to the system hosting the calendar. This is done via maliciously crafted events or poisoned links.

As Avinash Jain reports:

"I was able to access public calendars of various organizations leaking out sensitive details like their email IDs, their event name, event details, location, meeting links, zoom meeting links, google hangout links, and much, much more.

This is more of an intended setting by the users and intended behavior of the service. The main issue however, is that anyone can view anyone's public calendar, add anything on it - just by a single search query without being shared the calendar link.

Jain goes onto say that several calendars belonging to many of the top 500 Alexa company's employees were made public, which is certainly cause for concern.

This most recent finding adds to the chorus already warning of the dangers of calendar sharing.  Just a few months ago, researchers from Kaspersky Lab discovered scammers abusing Google Calendar in a variety of ways. For example, there were phishing scams that contained poisoned links masquerading as google calendar event links.

Stay vigilant and be sure you have all employees check their Google Calendar security settings so you're not revealing more than you intended to.

It is also crucial to make sure that your computers or the entire business network is not in any way at risk of any kind of online breach. Call SpartanTec, Inc. in Greenville now and let our team set up and efficient strategy to protect your business.

SpartanTec, Inc.
Greenville, SC  29601
(864) 326-5914


Cities Served
Greenville, Spartansburg, Mauldin, East Park, Overbrook, West Greenville, Greer

Saturday, September 14, 2019

Hackers Are Using Resumes To Deliver Malicious Software


Hackers have used poisoned documents to deliver malware payloads for years. Recently though, researchers at the security company Cofense have spotted a new twist to the ploy, aimed squarely at HR departments. The recently detected campaign uses fake resume attachments to deliver Quasar Remote Administration Tool. It is affectionately known as RAT to any unsuspecting Windows user who can be tricked into jumping through a few hoops.

Here's how it works:

An email containing a document that appears to be a resume is sent to someone in a given company.  The document is password protected, but the password is politely included in the body of the email, and is usually something simple like '123.' If the user enters the password, a popup box will appear, asking the user if he/she wants to enable macros.

Up to this point, the attack is fairly standard, but here's where it gets interesting:

If the macros are allowed to run, they'll display a series of images and a message announcing that content is loading.  What it's actually doing is throwing out garbage code that's designed to crash analysis and detection tools while RAT is installed quietly in the background.

At that point, the system is compromised. RAT's capabilities give the hackers the ability to open remote desktop connections, log keystrokes and steal passwords, record any webcams in use, download files, and capture screenshots of the infected machine.

Worst of all, the first part of the infection process knocks out most detection programs. So, the hackers generally have a large window of time to take advantage of the newly created beach head. That can cause all manner of havoc in your network or simply choose to quietly siphon proprietary data from your systems.

Be on the alert and make sure your HR staff is aware.  This is a nasty campaign and it's just hitting stride.

These kind of attacks can be prevented. The IT Management Services of SpartanTec, Inc. will work with your HR department to ensure the resumes they are receiving are free of any harmful malware. Contact us today for a consultation.

SpartanTec, Inc.
Greenville, SC  29601
(864) 326-5914


Cities Served
Greenville, Spartansburg, Mauldin, East Park, Overbrook, West Greenville, Greer