Month: April 2017

Microsoft Word bug: What you need to know

Software developers and hackers are in a constant game of cat and mouse. When cybercriminals find new security bugs to exploit, tech companies have to quickly release a solution that secures those vulnerabilities. Just this month, Microsoft released a patch to eliminate a Word exploit designed to steal user information. If you’re an avid Microsoft Word user, here’s what you need to know about the bug.

The attack
On April 10, cybersecurity firm Proofpoint discovered scammers running email campaigns to trick people into clicking malware-ridden Word attachments. The fraudulent emails, simply titled “Scan Data,” included attached documents that were named “Scan,” followed by randomized digits.

Although the emails seem harmless, clicking on the documents triggers a download for Dridex malware, a Trojan virus designed to give hackers direct access to your banking information. From there, they can simply log in to your online account and make unauthorized transactions under your name.

In 2015, the distribution of Dridex allowed cybercriminals to steal approximately $25 million from European accounts. And if your business fell victim to this malware, there’s a possibility your company might not be able to recover from the loss.

The solution
Fortunately, two days after the discovery of the bug, Microsoft released a security update to disable the dangerous documents, urging users to install the patch as soon as possible. But even though Dridex was inoculated relatively quickly, employees continue to be the biggest problem.

Like most malware attacks, Dridex was distributed via phishing campaigns that preyed on a victim’s trust and curiosity. Hackers added barely any text to the email, yet people were still fooled into clicking on dangerous links.

To make sure Dridex never reaches your company, you must provide comprehensive security awareness training. In your sessions, encourage employees to practice safe computing habits, which include being cautious of online links, setting strong passwords, and avoiding downloads from untrusted and unknown sources.

Much like updating your software, keeping your staff’s security knowledge up to date on the latest threats is also imperative. Ultimately, your goal is to have employees with a security-focused mindset when browsing the web.

Of course, if security training and cybersecurity solutions are not your company’s specialties, you can always rely on a trusted managed services provider like us to protect your business. We can update and secure your systems regularly, and make sure your staff are actively doing their part to reduce security risks. Contact us today!

Published with permission from TechAdvisory.org. Source.

Best new features in Windows 10

Creators Update contains the most significant upgrades to Microsoft’s Windows 10. Some of the stand-out features include application enhancements, improved user experience, and a few productivity features that may seem too small to be noticed. These upgrades were recently rolled out, giving reason to personal and business users alike to get excited.

Controlled updates

If you’ve been using Windows 10, you’re familiar with this scenario: While you’re on your computer, the system automatically reboots for automatic updates, interrupting your workflow. Although automatically having your system updated on time has advantages, it can also be a burden and a nuisance because it leaves you with no option to decline or delay an update — which you might want to do especially when you’re in the middle of a critical task.

With the Creators Update, you can choose to pause updates for a week. It also lets you set Active Hours, an 18-hour window when Windows won’t install updates. It’s a minor enhancement that should be a welcome feature to users who like having better control over their system updates.

Improved privacy controls

When Windows 10 was launched, privacy was a big concern among users, mainly because of the amount and nature of data being collected. Users and certain regulatory bodies were alarmed that Microsoft, through Windows 10, didn’t have enough control over how it processes and collects data. Microsoft initially responded by announcing that setting up privacy protocols will be easier when it launches its new updates.

And now, Microsoft has taken steps to address these privacy issues. Creators Update introduces a Privacy Dashboard, which offers a more seamless and user-friendly way to control privacy settings, specifically in terms of location, speech recognition, diagnostics, tailored diagnostics data, and relevant ads.

Another privacy enhancement is in Windows Defender, which now features improved scanning options and better reporting of your PC’s performance and health.

Other small changes

Other interface enhancements and updates to the Windows 10 ecosystem also add a nice touch to the overall user experience. These updates include more vivid themes, a bluetooth-enabled lock function called Dynamic Lock, new display settings, videos and maps writing capabilities, and more.

Among the other new features, users might not immediately notice the upgraded storage settings. If you’re worried about all these new applications and programs taking up space in your PC, don’t fret. The new update also comes with a storage setting that auto-deletes unnecessary files when your storage space is about to run out.

All in all, businesses that use Windows 10 can expect better privacy, controlled updates, improved security, and a smoother user experience with the Creators Update. Microsoft is expected to introduce even more updates later this year, and if you want to know how you can make the most of these and other Microsoft features, we’re here to help.

Published with permission from TechAdvisory.org. Source.

The phishing craze that’s blindsiding users

Most phishing attacks involve hiding malicious hyperlinks hidden behind enticing ad images or false-front URLs. Whatever the strategy is, phishing almost always relies on users clicking a link before checking where it really leads. But even the most cautious users may get caught up in the most recent scam. Take a look at our advice for how to avoid the newest trend in phishing.

What are homographs?

There are a lot of ways to disguise a hyperlink, but one strategy has survived for decades — and it’s enjoying a spike in popularity. Referred to as “homographs” by cybersecurity professionals, this phishing strategy revolves around how browsers interpret URLs written in other languages.

Take Russian for example, even though several Cyrillic letters look identical to English characters, computers see them as totally different. Browsers use basic translation tools to account for this so users can type in non-English URLs and arrive at legitimate websites. In practice, that means anyone can enter a 10-letter Cyrillic web address into their browser and the translation tools will convert that address into a series of English letters and numbers.

How does this lead to phishing attacks?

Malicious homographs utilize letters that look identical to their English counterparts to trick users into clicking on them. It’s an old trick, and most browsers have built-in fail-safes to prevent the issue. However, a security professional recently proved that the fail-safes in Chrome, Firefox, Opera and a few other less popular browsers can be easily tricked.

Without protection from your browser, there’s basically no way to know that you’re clicking on a Cyrillic URL. It looks like English, and no matter how skeptical you are, there’s no way to “ask” your browser what language it is. So you may think you’re clicking on apple.com, but you’re actually clicking on the Russian spelling of apple.com — which gets redirected to xn—80ak6aa92e.com. If that translated URL contains malware, you’re in trouble the second you click the link.

The solution

Avoiding any kind of cybersecurity attack begins with awareness, and when it comes to phishing, that means treating every link you want to click with skepticism. If you receive an email from someone you don’t know, or a suspicious message from someone you do, always check where it leads. Sometimes that’s as simple as hovering your mouse over hyperlink text to see what the address is, but when it comes to homographs that’s not enough.

In the case of homographs, the solution is unbelievably simple: Manually type in the web address. If you get an email from someone you haven’t heard from in 20 years that says “Have you checked out youtube.com??”, until your browser announces a fix, typing that URL into your browser’s address bar is the only way to be totally sure you’re safe.

For most, this trend feels like yet another development that justifies giving up on cybersecurity altogether. But for small- and medium-sized businesses that have outsourced their technology support and management to a competent and trustworthy IT provider, it’s just another reason to be thankful they decided against going it alone. If you’re ready to make the same decision, call us today.

Published with permission from TechAdvisory.org. Source.

Mac Pro gets revamped

Mac Pro users have long awaited the release date of the new workstation, and who could blame them when the current model has been available since 2013. Thankfully, Apple just confirmed that the revamped Mac Pro is on its way. From specs, features, and design changes, here’s the latest information we have about Apple’s high-end desktop.

Processor

The new Mac Pro is rumored to feature the next-generation Intel Xeon E5 processor. While the current models are configurable up to 3.5GHz for the six-core option, 3.0GHz for the eight-core option, and 2.7GHz for the 12-core option, the 2018 model could offer up to 14 or 18 cores per processor. What’s more, each model will likely come equipped with the Iris Pro Graphics P580, a highly powerful graphics processing unit (GPU) that will make heavy file renders a breeze.

However, there’s a small chance that Apple might abandon Intel chips altogether and move to AMD’s RYZEN 7 CPUs, which just set a new standard for high performing CPU processors.

RAM and storage

The new Intel Xeon chips are rumored to have DDR4 memory controllers, and if that’s true, you can expect uber fast memory and low latency without having to worry about issues with overheating. Currently, the 15-inch MacBook Pro comes with 16GB RAM, so it’s likely that you could expect the same RAM with the updated entry-level model of the Mac Pro. And because Apple knows that users usually work with very large files, an option for 2TB flash storage could be possible.

Ports

Claims that the new Mac Pro might offer more Thunderbolt ports in the form of USB-3 are also up in the air. This makes sense as it brings Thunderbolt to USB-C at 40Gbps which ensures faster data transfer speed.

While a number of users wish Apple would offer PCI slots so they could add faster SSDs and more powerful video cards, looking back at the company’s previous releases, we don’t think you should get your hopes up just yet.

Design

According to Apple, the triangular design of the Mac Pro’s thermal core was what limited them from offering updates to the machine. Because of that, we’ll probably see a completely new design in the 2018 model.

Prices

Apple just rolled out some minor updates to the current Mac Pro, including enhanced specs at lower price points. For the $2,999, you now get a 6-core Intel Xeon processor, dual AMD FirePro D500 GPUs and 16GB of memory. And for $3,999, you now get an 8-core processor and dual D700 GPUs.

Having said that, you can expect slightly higher prices for the new Mac Pro than the current models, like with most new Apple releases.

Release date

The timeframe is 2018, but keep in mind that the present Mac Pro was unveiled at WWDC in 2013 and supply was so restrained that people didn’t get theirs until the following spring. Therefore it’s highly possible that the new model will be launched at WWDC 2018 during summer and won’t probably ship until the end of the year.

Stay tuned for more updates on the new Mac Pro. And if you’d like to know more about other Apple products, or learn how they can streamline your operations, give us a call and we’ll be happy to help.

Published with permission from TechAdvisory.org. Source.

Why you need to back up your mobile devices

There was a time when mobile phones were used exclusively for calling and texting. Now, they can do so much more. Regardless of your level of tolerance or skill for managing documents in such a small gadget, mobile devices allow you to send and receive email, download and upload media files, store data, and even close business deals. As mobile devices became indispensable in everyone’s personal and professional life, the security risks have also increased — and backing up became more critical than ever.

Malware on mobile

More than 50% of the world’s adult population use a mobile phone with internet connection, so dangers in these handy devices are to be expected. Scarier than the thought of being offline is being online and exposed to malware.

If you use your mobile devices as an extension of your work computers, backing up is a must. Mobile phones have become as vulnerable to malware as laptops and desktops have, especially if you consider the fact that many professionals and business owners use them for emailing confidential documents and storing business-critical files.

Device disasters

Other than malware, other types of disasters can happen on your device. Because you carry it wherever your go, your device can easily be stolen, misplaced, or damaged. They may be easily replaceable, but the data contained in them may not. Having completely backed up data on your devices helps prevent a minor inconvenience from turning into a disastrous situation.

Backup options

Performing backups in iPhone and Android devices is a seamless process. Their operating systems require only minimal effort from users, and backing up entails nothing more than logging into their Apple or Google account. However, other users have different devices with different operating systems, slightly complicating the process.

Mobile devices’ safety is essential to business continuity plans. So whether your office users are tied to a single operating system or prefer different devices, there are options to back up all your organization’s mobile devices. There are cloud backup services that enable syncing of all devices and that back up files, contacts, photos, videos, and other critical files in one neat backup system. These mobile backup tools are offered on monthly or lifetime subscription schemes, which provides small businesses with enough flexibility to ensure protection.

Mobile phones have become so ubiquitous to how people function that many feel the need to have two or more phones, mostly to have one for personal use and another for business. With all these options on hand, there’s no excuse for not backing up data on your mobile devices.

Our experts can provide practical advice on security for your business’s computers and mobile devices. Call us for mobile backup and other security solutions today.

Published with permission from TechAdvisory.org. Source.

Firmware: the threat most users overlook

For decades, one of the most foundational principles of cyber security has remained the same: Always update and patch your software. But for most people, hardware is exempt from this process. They think of hardware as nothing more than a vessel for software to occupy — and that’s totally incorrect. Read on to learn more about this oft-neglected aspect of IT security.

What is firmware?

Firmware is a very basic type of software that is embedded into every piece of hardware. It cannot be uninstalled or removed, and is only compatible with the make and model of the hardware it is installed on. Think of it like a translator between your stiff and unchanging hardware and your fluid and evolving software.

For example, Windows can be installed on almost any computer, and it helps users surf the internet and watch YouTube videos. But how does Windows know how to communicate and connect with your hardware router to do all that? Firmware on your router allows you to update and modify settings so other, more high-level, pieces of software can interact with it.

Why is firmware security so important?

Firmware installed on a router is a great example of why addressing this issue is so critical. When you buy a router and plug it in, it should be able to connect devices to your wireless network with almost zero input from you. However, leaving default settings such as the username and password for web browser access will leave you woefully exposed.

And the username and password example is just one of a hundred. More experienced hackers can exploit holes that even experienced users have no way of fixing. The only way to secure these hardware security gaps is with firmware updates from the device’s manufacturer.

How do I protect myself?

Firmware exploits are not rare occurrences. Not too long ago, a cyber security professional discovered that sending a 33-character text message to a router generated an SMS response that included the administrator username and password.

Unfortunately, every manufacturer has different procedures for checking and updating firmware. The best place to start is Googling “[manufacturer name] router firmware update.” For instance, if you have a DLink of Netgear router, typing “192.168.0.1” into a web browser will allow you to access its firmware and update process, assuming you have the username and password.

Remember that routers are just one example of how firmware affects your cyber security posture. Hard drives, motherboards, even mouses and keyboards need to be checked. Routinely checking all your devices for firmware updates should be combined with the same process you use to check for software updates.

It can be a tedious process, and we highly recommend hiring an IT provider to take care of it for you. If you’re curious about what else we can do to help, give us a call today!

Published with permission from TechAdvisory.org. Source.

Did Microsoft commit a security breach?

In case you didn’t know, Microsoft provides Office 365 users with a free document-sharing platform called docs.com. It’s a great new tool for publishing files intended for public viewing. The downside is, sensitive documents are published without the file owners’ permission. These include hundreds of users who might be unaware that their private files can be viewed by the public.

What’s the damage?

Usernames and passwords for various devices and applications; personal information such as home and email addresses, bank account details, social security numbers, and phone numbers; and medical info comprising patient treatment data and health insurance numbers — all these were some of the supposedly leaked documents, which were clearly meant to be private. A security researcher discovered that these sensitive files were accessible using docs.com’s search function.

After being alerted to the ‘leak,’ Microsoft responded by removing the search bar. However, most of the documents were already indexed by search engines, Google and Bing, which is how these docs remained available to the public despite disabling the search function.

Recent updates

To alleviate the damage, Microsoft launched an update that limited what users can do to uploaded files, such as restricting files to a read-only status. Although buttons to ‘like,’ download, add to collections, and share in social media are enabled, only users who enter an email address, phone number, or sign in using their Office or Microsoft account can perform any of these functions. Since anyone can easily create a Microsoft account, docs.com users may not feel at ease.

Microsoft’s final word

Docs.com is easy-to-use and is valuable to those eager to publish their documents. The site’s user-friendliness also makes it a popular choice for Office 365 users who wish to ‘spread their work to the world.’ Office 365 users can easily upload from their own computer, OneDrive, or Sway account, and share away. Being a free service also adds a lot of incentive for users to upload their Word, Excel, or any other file onto the site.

In an effort to solve glaring privacy issues, Microsoft has issued some key updates, such as a warning message reminding users that the document to be uploaded will be publicly available on the web. While it may seem like Microsoft committed a blunder, a stricter privacy setting and a few stronger, more visible warnings to users can help make docs.com a useful productivity tool rather than a hacker’s hunting ground.

Discerning Office 365 users can make the most out of docs.com, but they should use the service with caution. If you’ve uploaded documents with sensitive information on docs.com, now is the best time to remove them from the site, or review your privacy settings here and in other document-sharing services.

If you’re not sure how to proceed, or want to learn more about this and other Microsoft products and services, call us now for advice.

Published with permission from TechAdvisory.org. Source.

Microsoft says goodbye to Windows Vista

We live in a digital era where innovations are emerging quicker than the speed of light. This means older operating systems might soon be discontinued. Case in point, Microsoft Vista. After a 10-year run, Microsoft is set to discontinue support for Vista users from April 11th onwards. On top of that, key security or software updates will cease as well.

Windows Vista
Launched worldwide on January 30th, 2007, Windows Vista has been Microsoft’s operating system for home and business desktops, laptops, tablet PCs and even media center PCs. This version came with a bunch of new features such as Aero, an updated graphical user interface; Windows Search, a new search function; as well as Windows DVD Maker, a new multimedia tool. Vista aimed to increase communication between machines on a home network, with peer-to-peer technology that simplifies file sharing.

Windows Vista criticism
Not too long after its release, the operating system came under fire from both the users and the press. Initially, Vista aimed to improve the state of security, the main criticism its predecessor — Windows XP — received. There were commonly exploited security vulnerabilities and overall susceptibility to malware, viruses, and buffer overflows. According to Net Applications, Windows Vista has less than 1 percent of global market share in terms of PC operating systems. Despite that, Windows 10 is doing extremely well, boasting over 400 million devices running on it.

Will computers still function properly?
Essentially, yes, but they will be susceptible to viruses on account of Microsoft discontinuing security updates. On top of that, Internet Explorer 9 won’t be supported either, meaning surfing the web with this browser could possibly expose you to even more vulnerabilities. Microsoft also warned users that certain apps and devices would not work with Vista, as software and hardware manufacturers are optimizing services for newer versions of Windows.

What’s the next step for your business?
We recommend that you upgrade to Microsoft’s latest operating system: Windows 10. But before doing so, check the software and hardware specifications of your PCs, since they might not be able to handle Windows 10. If that’s the case, users can opt for a Windows 7 upgrade as an alternative.

Keeping up with the latest technological innovations might be a tedious task, but it’s also an imperative one. To ensure the future of your small- or medium-sized business, you’ll be needing IT that works for you and not the other way round. For more information on Windows operating systems, feel free to get in touch with us today!

Published with permission from TechAdvisory.org. Source.

Is the government really spying on you?

Wikileaks, the website that anonymously publishes leaked information, recently released a number of documents alleging widespread surveillance by the US government. The released documents claim that the vast majority of these efforts took place via smartphones, messaging apps and…TVs? Let’s see just how worrisome they really are.

What devices and apps are supposedly vulnerable?

Wikileaks labeled its ongoing release of 8,761 classified CIA documents “Year Zero.” Nestled among those files are tools and correspondence that explain how operatives could snoop on communications, downloads, and browsing history. Here is a list of the “affected” applications and hardware:

  • Windows operating systems
  • iOS
  • Android
  • Samsung Smart TVs
  • WhatsApp
  • Signal
  • Telegram
  • Confide

Those are some very big names, right? Thankfully, it’s mostly hyperbole. The reality of the situation isn’t nearly as bad as it sounds.

Two considerations before freaking out

First, almost all these exploits require physical access to devices before anything can be compromised. For example, news organizations repeatedly reported that WhatsApp, Signal, Telegram and Confide all had encryption protocols that had been subverted by the CIA. That is 100% false.

What the documents actually revealed is that the CIA was aware of security gaps in Windows, iOS, Android and Samsung’s Tizen OS, which allowed the agency to snoop on messages before they were encrypted. Messages sent in these apps are still totally uncrackable as long as the devices they are installed on haven’t been physically compromised.

Takeaway #1: Physical security is still one of the most important aspects of cyber security. Most data security regulations require certain physical security protocols as a deterrent to breaches that take place via theft of social engineering — and for good reason.

The second reason not to worry is the hardware devices and operating systems that supposedly left encrypted messages vulnerable haven’t been sold for a long time. For example, only Samsung TVs from before 2013 were vulnerable to the always-on microphone bug — which was patched in an OS update years ago.

But what about iOS — surely that’s the scariest reveal of them all, right? Not quite. Only the iPhone 3G, discontinued in 2010, was susceptible to exploitation. Furthermore, Apple immediately responded that they were aware of this vulnerability and patched it in the version of iOS that was released in 2011.

Takeaway #2: Updating software is critical to keeping your data safe. As we saw in the Year Zero leaks, just one piece of outdated software can cause a domino effect of other vulnerabilities.

In reality, the most recent Wikileaks releases shouldn’t change your approach to cyber security at all. As long as you consider data security a never-ending battle, you’ll be safer than everyone too lazy or forgetful to lock up their server rooms or update their operating system.

But running a business doesn’t always leave you a lot of time for fighting a “never-ending battle,” does it? Fortunately, that’s exactly what we do for our clients every single day. To find out more about how we can keep you safe, call today.

Published with permission from TechAdvisory.org. Source.

What’s new in iOS 10.3?

Apple enthusiasts are always eager to get their hands on the latest Apple update, and after seven long beta versions, they’re finally getting their wish. The new iOS 10.3 update, which is available on current iPhone, iPad, and iPod Touch models, comes with new built-in features and bug fixes. To save you some time looking through all the patch notes, we’ve highlighted some of the most important features.

Find my AirPods
Since the new wireless headphones are so small and easy to misplace, Apple released the Find my AirPods feature.

To track your AirPods, simply open the Find iPhone app and look for “AirPods” under your list of Apple devices. From there, you can see where your AirPods are located on a map and even make them emit noise, provided you’re within a certain radius of the bluetooth earphones.

Siri updates
With iOS 10.3, Apple’s digital assistant can now understand and perform more voice requests. With electronic payment apps, you can request Siri to automatically pay bills and track your account status. If you have Uber or other ride hailing apps installed, you can schedule a lift simply by asking Siri, “I need a lift to [location].” You can even check your car’s fuel levels and lock status with automaker apps.

Apple Maps
The newly updated Maps can now display hourly weather updates for your destination and even track the location for your parked car, in case you’ve forgotten where you left it in a crowded lot.

Apple File System (APFS)
One of the biggest changes in iOS 10.3 is the introduction of the APFS, a system that controls how data is stored and retrieved. This new file system replaces the 20-year-old HFS+, which was originally designed for devices with floppy drives! Unlike its predecessors, APFS saves 1-7 GB of storage space, provides better data backups, supports easier file recovery, offers data encryption, and is optimized for Flash/SSD.

Security updates
Meanwhile, iOS 10.3 has received much needed security updates. iPhones and iPads will now actively warn users if they have 32-bit apps installed and request that they update to more secure 64-bit versions.

Additionally, Apple has secured around 100 vulnerabilities, including a bug which allowed cybercriminals to spam Safari users with an endless stream of ‘Cannot Open Page’ pop-ups unless they pay the attacker an iTunes gift card.

Although iOS 10.3 didn’t offer any revolutionary built-in applications, it did make some nice quality-of-life adjustments for iPhone 5, 6, 7, and iPad users. Knowing Apple, we think more optimizations will be rolled out until the big iOS 11 update, but until then take the time to enjoy more storage space, better security, and the new Siri voice commands.

If you want the latest Apple developments, contact us today to be the first to know!

Published with permission from TechAdvisory.org. Source.