Learning Center

October 3, 2022 Atlantic Computer Services Blog

Windows 11 2022 Update

Microsoft released the “first major update” for Windows 11 on Tuesday, September 20, 2022, as Windows 11 nears its first anniversary. According to a blog posted by Microsoft, the Windows 11 update focuses on four key areas:

● Making the PC easier and safer to use for everyone
● Empowering people to be more productive
● Making Windows the best place to connect, create and play
● Delivering added security, management, and flexibility to the workplace

Microsoft is committed to making computers more accessible. An added accessibility feature includes system-wide live captions to automatically generate captions from any form of audio content on Windows 11.

Windows 11 also includes snap layouts which have become a game changer for multitasking by helping users optimize their applications and documents. In addition, Microsoft introduced Focus sessions and Do Not Disturb to assist in minimizing distractions.

Advanced artificial intelligence features significantly improve the new Windows Studio camera and audio effects. The Voice Focus, background blur, eye contact, and automatic framing features can assist users in conference calls and content creation.

According to Microsoft, “Windows 11 provides layers of hardware and software integration for powerful, out-of-the-box protection from the moment you start your device – and we’re
continuing to innovate.” For example, within the Windows 11 update is the launch of Microsoft Defender SmartScreen. Microsoft Defender SmartScreen will alert users when their login credentials are entered on a malicious application or website.

The Windows 11 2022 is packed with many subtle changes that all come together to boost
productivity and empower creativity. The changes include enhancements to the file explorer, photo applications, taskbar overflow, and much more.

Microsoft Windows users can access the new features by updating and restarting their
computers. To begin the update for Windows 11 2022, users can go to the start menu, select settings, then choose update and security from the list of options. Next, users are taken to the menu, where they can update and restart their computer immediately or schedule the restart.

Updating to Windows 11, users can experience all the newly added and improved on applications to increase productivity while protecting from known vulnerabilities.

October 1, 2022 Atlantic Computer Services Blog

How To Optimize Your Website With SEO

So, you’ve built your company’s website. That’s great news and a major milestone, for sure. Unfortunately, your work is just beginning. If you want anybody to be able to find you among the billions of sites that make up the internet, you’re going to need a little bit of help.

The first and best thing you can do for your new site is to optimize it for SEO.

SEO is shorthand for “Search Engine Optimization.”

A long time ago, search engines weren’t all that smart. Back then, site owners could get away with things like “keyword stuffing,” which is to use the same key word or phrase up to a hundred times in a given web page’s content, thereby ramming the point home.

The search engines took a dim view of that, and the phenomenon was thankfully short-lived.

These days, search engines are much smarter. They can skim through your content and gain an understanding of what each page of content is all about.

The important thing to understand however, is that every search engine uses a different algorithm, which means that the optimization strategies are different for each one. Given the fact that Google is the dominant search engine on the web, when most people talk about Search Engine Optimization, what they’re really talking about is optimizing for Google.

If you use a content management system like WordPress, you’re in luck!

WordPress has tons of great plugins that help you optimize your site for Google. These will literally walk you through the process while helping to ensure that you’re making good use of titles and meta tags. Those titles and tags help web crawlers understand what your site is about.

If you’re not using an SMS, then you’re going to need to validate your HTML by hand, which is a somewhat time-consuming process, but well worth the effort.

The other big thing you can do is to make sure your website’s structure is logical and easy for a human to follow.

If your site is just a random mishmash of poorly interlinked pages, then neither humans nor web crawlers will be able to find good information on your website. You can bet that neither will spend much time looking. Organization is key!

Finally, make sure your content is “human readable.”

All the major search engines use LSI, which is short for Latent Semantic Indexing. That’s just a fancy way of saying that if you build a site about the latest Apple products, web crawlers will “know” that your site is about technology and the results won’t show up when someone types in a search request for something else. Your site will not come up for “Apple Recipes”, for example, since that person is probably looking for food items.

SEO optimization is a very deep rabbit hole, but quite intuitive. The basic idea is that you want to make sure your content is highly organized, clearly labeled, and easy to navigate to.

September 30, 2022 Atlantic Computer Services Blog

Microsoft 365 Accounts Targeted In New BEC Scam

Recently, researchers at Mitiga have sounded the alarm about a new Business Email Compromise (BEC) campaign. They discovered evidence of the campaign responding to another incident and have watched the campaign grow in scope and scale over time.

Here’s how the attack works:

The individual targeted by the campaign receives an email that appears to be from a bank and explains that the corporate account they usually send payments to has been frozen while a financial audit is underway.

In the meantime, the email explains that if the target needs to send payments, they can follow the instructions below the message.

The instructions appear to be inside a document behind a DocuSign wall, which is a contract management platform used widely in the corporate world.

To access the instructions, a potential victim needs to press the “Review Documents” button, which hands the victim off to a website controlled by the hackers.

These websites typically have names that appear to be legitimate companies the victim is familiar with, but a careful review of the URL will reveal an intentional typo, which gave rise to the term “typosquatting” to describe this very phenomenon.

On this page, the victim is asked to log into the Windows domain. If they do so, they inadvertently hand the attackers their Microsoft 365 account details which can be used later for any nefarious purpose the hacker’s desire.

On the face of it, this may not seem terribly convincing, but the hackers employ several tricks to make it seem completely legitimate. Chief among these is the fact that the hackers hijack existing email streams and interrupt them. So to a reader who’s not paying close attention, the instructions seem to come from someone the victim is having an ongoing conversation with.

So far, the campaign has been devastatingly effective, so keep your guard up. You don’t want to become their next victim.

September 29, 2022 Atlantic Computer Services Blog

Modern Security Solutions For Evolving Ransomware Attacks

Based on a recent survey conducted by the folks at Titaniam, a solid majority of organizations have robust security tools in place. Yet nearly 40 percent of them have fallen victim to a ransomware attack in the past year.

How can this be? With conventional tools in place, how can this still be happening?

The answer to that question is complex. Ransomware attacks ultimately have three different phases. Each phase must be protected against and in each case, the type of protection needed varies. Let’s start by taking a closer look at the anatomy of a typical ransomware attack. They always begin the same way: Infiltration.

To do anything to your company’s network, the hackers first must gain access to your network. Thus, your first line of defense is to keep that from happening.

The good news is that most companies have robust tools that are specifically designed to block unauthorized intruders. The bad news is that hackers can get around those tools entirely by stealing an employee’s login credentials. That is how many of these types of attacks occur. Once inside, the hackers proceed with data exfiltration. Wholesale copying sensitive data and uploading it to a command-and-control server operated by the hackers.

From the perspective of the hackers, this is where the payday is. They know all too well that companies will pay handsomely to keep proprietary data from being leaked to the broader public, and hackers are only too happy to take full advantage of that fact.

This is where many companies are weak. To protect against data exfiltration, companies need to invest in three different types of encryptions. Encryption at rest, encryption in transit, and encryption in use. Most companies invest in one. A solid minority invest in two, but very few invest in all three. That creates a window of opportunity for the attacker.

Finally, the third stage is wholesale file locking. This is exactly like what you think it is. All the files that the malicious code can get to will be locked and encrypted. If you want them back, you must pay. Assuming you don’t have a recent backup, of course. Even if you do have a backup, you’ll pay in the form of downtime while you’re restoring those files.

Understanding exactly how a ransomware attack is put together and how it functions is key to designing a security routine that will defeat it, preventing the attackers from ever gaining a foothold on your network.

September 28, 2022 Atlantic Computer Services Blog

Oracle Cloud Infrastructure New Vulnerability Patch

In June, Wiz engineers discovered and reported #AttachMe, a critical cloud isolation flaw in Oracle Cloud Infrastructure (OCI).

Due to its potential to affect all OCI customers, the #AttachMe cloud vulnerability is one of the most severe vulnerabilities discovered to date. The majority of the time, cloud isolation flaws only impact a single cloud service. However, in this case, the impact is related to an integral part of the cloud service.

Engineers discovered that no special permissions were necessary to attach a disk to a virtual machine under a different user account. This suggests that a potential attacker could have gained access to and modified the data of any OCI client and, in certain circumstances, take control of the environment.

Before the patch, any OCI customer could have been a target of a malicious actor familiar with the #AttachMe vulnerability. If the attacker had the Oracle Cloud Identifier, any unattached or attached storage volume that allowed multiple attachments could have been viewed or altered (OCID). This would have allowed sensitive data to be stolen and future attacks initiated through executable file manipulation.

After being informed by Wiz of the vulnerability, Oracle quickly and efficiently distributed a patch for #AttachMe to all OCI customers in less than one day.

The separation of tenants is a critical aspect of cloud computing. Customers expect their data to be inaccessible to other customers. Still, vulnerabilities in cloud isolation break down the walls between tenants. This demonstrates the critical need for proactive research into cloud vulnerabilities, ethical disclosure, and public tracking of cloud vulnerabilities for cloud security.

Previous page 1 … 5 6 7 8 9 … 238 Next page

ACS will provide all your IT services in Wilmington, North Carolina