IT Services Archives

Tech Optimizer

May 29, 2025

Sophos warns MSPs over DragonForce threat

Sophos has warned managed service providers (MSPs) about their vulnerability to ransomware attacks targeting remote monitoring and management (RMM) tools. They reported a ransomware incident involving DragonForce, where attackers accessed the SimpleHelp RMM to deploy ransomware across multiple endpoints and exfiltrate sensitive data using a double extortion strategy. An alert was triggered by a suspicious SimpleHelp installer file pushed through the MSP's legitimate RMM instance. MSPs utilizing Sophos's managed detection and response (MDR) services successfully prevented hacker access, while those without security investments were impacted by the ransomware and data exfiltration. Following the incident, the affected MSP sought help from Sophos Rapid Response for digital forensics. Mark Appleton from Also Cloud UK stressed the importance of MSPs investing in advanced exposure management tools to mitigate cyber threats, noting that endpoints are primary targets for breaches. He highlighted the significance of continuous threat exposure management as essential for MSPs to protect themselves and their clients from attacks.

Tech Optimizer

May 28, 2025

Watch out – that antivirus website could be a fake, and infecting your PC with malware

Researchers have discovered a fraudulent website, "bitdefender-download[.]com," posing as Bitdefender antivirus, which is used to distribute the VenomRAT Remote Access Trojan. The site, hosted on an Amazon S3 bucket, tricks users into downloading harmful software through an executable file named "StoreInstaller.exe," which is linked to VenomRAT and contains code from post-exploitation frameworks SilentTrinity and StormKitty stealer. VenomRAT allows cybercriminals to gain unauthorized control over Windows systems, steal sensitive information, log keystrokes, access webcams, and execute commands remotely. The primary goal of this campaign is to steal cryptocurrency by compromising credentials and crypto wallets. The investigation also found connections to other fraudulent operations impersonating banks and IT services, including the Armenian IDBank and the Royal Bank of Canada.

Tech Optimizer

May 28, 2025

Hackers Mimic Popular Antivirus Site to Deliver VenomRAT & Steal Finance Data

Cybercriminals are executing a sophisticated malware campaign through a counterfeit Bitdefender antivirus website, specifically the domain “bitdefender-download[.]co,” which mimics the legitimate site. This fraudulent site distributes three types of malware: VenomRAT, StormKitty, and SilentTrinity, aimed at stealing financial data and maintaining persistent access to victims’ computers. When users click the “Download For Windows” button, they inadvertently download a ZIP file containing these malicious programs. VenomRAT acts as a remote access tool, allowing attackers to steal files, cryptocurrency wallets, and browser data, including credit card information. StormKitty quickly harvests sensitive credentials, while SilentTrinity provides stealthy long-term access for further exploitation. The fake Bitdefender site is linked to other malicious domains impersonating banks, indicating a coordinated phishing operation. The attackers utilize the same command and control infrastructure, with the IP address 67.217.228.160:4449 identified as a connection point. Bitdefender is working to take down the fraudulent site, and Google Chrome has begun flagging the link as malicious. Security experts recommend verifying website authenticity and downloading software only from official sources.

AppWizard

May 14, 2025

Slack Rolls Out ‘Mark as Read’ Option in Notifications for Android App

Slack is introducing a "Mark as Read" option in the notification window for its Android app, allowing users to mark messages as read directly from notifications without opening the app. This feature is currently being rolled out to Android users, while desktop users have had similar functionality through keyboard shortcuts. The update is part of a phased rollout, meaning not all users will have access immediately. Additionally, Slack recently launched 25 new AI applications in its marketplace to enhance productivity across various professional tasks.

Tech Optimizer

November 28, 2024

The Black Friday 2024 Cybersecurity, IT, VPN, & Antivirus Deals

As Black Friday 2024 approaches, various deals are being offered in computer security, software, online education, and IT services. VPN Deals: - NordVPN: 74% discount on a 2-year subscription, total cost .73 (.49/month). - SurfShark: 86% off a 2-year subscription, total cost .72. - ProtonVPN: Discounts up to 70%, varying by subscription length. Antivirus Software Deals: - Avast Software: Up to 70% off antivirus software. - ESET: Up to 50% off antivirus software. - Malwarebytes: 50% discount on 1-year or 2-year subscriptions. IT and Security Courses Deals: - PuralSight: 50% discount on yearly subscriptions for programming and IT courses. - Udemy: Courses available for .99 through November 29th. Security & IT Black Friday Deals: - Any.Run: Additional licenses or TI lookups at the same price. - DeleteMe: 25% discount with coupon code BFCM25OFF. - Firewalla: Discount on sitewide purchases and additional discount on specific firewall solutions with coupon code FWBFCMPURPLE2024. - Hak5 Store: Deals on items like the Lan Turtle and O.MG Elite Gift Pack. - Incogni: 58% discount on its annual plan. - LastPass: Up to 40% off on various LastPass products. - Yubico: Discounts on orders over 0 or €25 off on purchases exceeding €100.

AppWizard

September 24, 2024

Mobile device security: download the Outlook app prior to Oct. 1 | Marquette Today

Information Technology Services is enhancing mobile device security at Marquette University. Employees must download the Outlook app by Tuesday, October 1, when it becomes mandatory for accessing Marquette email. Apple device users should also download and configure Microsoft Authenticator, while Android users need to download and set up the Intune Company Portal before the deadline. The university does not access personal information on devices, such as text messages or browsing history. For Apple devices: Download Outlook and Microsoft Authenticator. For Android devices: Download the Intune Company Portal, then download Outlook from the Company Portal store. Mobile Application Management (MAM) secures specific applications on personal devices accessing university Microsoft 365 apps, while Mobile Device Management (MDM) is used for Marquette-owned devices to secure application data and device settings. Both MDM and MAM are crucial for maintaining the integrity of university data, especially with the risk of loss or theft of mobile devices. A detailed FAQ section is available on the IT Services website for further clarification. Marquette-owned devices utilize MDM, while personally-owned devices use MAM. MDM allows for more extensive control, including resetting lost devices and viewing device names, while MAM focuses on securing specific applications without managing the device itself.

Tech Optimizer

July 25, 2024

Crunchy Data Goes All-In With Postgres

Crunchy Data has been building a Postgres hosting business for transactional workloads for over a decade and is now aiming to take Postgres into the realm of analytics.

Winsage

July 15, 2024

Marquette computers updating to Windows 11 | Marquette Today

Marquette University is transitioning all university computers to Windows 11 as Windows 10 will no longer be supported after October 2025. Key features of Windows 11 include a centered start menu, snap layouts for multitasking, and integration with Microsoft Teams. General pool classrooms and new computers provided by IT Services are already upgraded to Windows 11. Compatibility with university-supported software and services is ensured, and incompatible computers will be replaced. Users are responsible for software not listed on the university's Software at Marquette page. Updates on the transition process will be communicated through Marquette Today by IT Services.