Category Archives: Blog

Posted on Author Atlantic Computer Services Categories Blog

Hackers Might Guess Your Passwords Easier Than You Thought

Password security has long been a thorn in the side of IT Security Professionals. It’s easy enough to understand why. Passwords are inconvenient from the perspective of users, which is why they tend to keep them as simple as possible, so they can remember them. On the other hand, IT Security staff keeps warning users that if they use passwords that are too simple, it’s a trivial task for hackers to guess those passwords and breach the system.

That’s why, despite periodic warnings, we still see passwords like “password,” or “123456.” That’s why we see so many people still using birth dates and the names of pets, and unfortunately, there doesn’t seem to be an easy fix for that.

To understand the scope and scale of the problem, the National Cyber Security Centre tracks password habits and has some bad news to report:

Even now, when almost everyone knows better, statistics indicate that some 15 percent of people use the names of their pets as passwords, and 14 percent use the name of a family member. 13 percent are prone to use birth dates or anniversaries, and 6 percent gravitate to their favorite sports team.

The big problem, of course, is the fact that even a moderately talented hacker who spends any time at all on social media can collect this information with ease. That means they can break into accounts where such things are used with equal ease.

In terms of current best practices, the National Cyber Security Centre in the UK recommends not using any of the above. Instead, create passwords for every site you visit that requires a logon by using three, randomly selected words, with special characters, capital letters, and numbers thrown in as they are allowed.

It’s excellent advice, and the next time you send another missive to your employees regarding password security, it’s well worth sharing.

0
Posted on Author Atlantic Computer Services Categories Blog

Latest Windows 10 Update Replaces Edge Legacy With Chromium Edge

It’s no secret that Microsoft has struggled where web browsers are concerned. Internet Explorer was basically a security-riddled disaster and was eventually retired for that very reason.

The company’s next attempt was Microsoft Edge, but unfortunately, it never gained much traction in the market and the company never did a lot with it.

What they did do, however, was rather innovative, and their most recent move may have made the Redmond giant relevant again in the world of browsers. They created a new Chromium-based Edge browser. It’s essentially Google Chrome under the hood, and as such, it can use the full range of Chrome extensions, but Microsoft took pains to add some unique features and capabilities to it that makes it…more.

While we’d hesitate to say that it’s better than Chrome, it is a distinctly different product at this point. Over the past several months, it has enjoyed rampant growth and increased adoption, recently surpassing Mozilla’s Firefox in terms of market share.

Make no mistake, it still lags behind Apple’s Safari, and far behind Google Chrome, but as of now, Chromium Edge is the third most popular browser on the web.

Back in January of 2020, Microsoft took the step of pre-installing Chromium-based Edge on all devices that shipped with the Windows 10, October 2020 update. Now though, they’re upping the ante further, and the next time you install a Windows 10 update, you’ll automatically be upgraded away from legacy Edge and to Chromium-based Edge.

There’s no point in trying to fight it or make any effort to hold onto Legacy Edge, the company formally ended support for it last month. Not that it was around long enough that many custom applications were developed for it, but even if your firm did something like this, your best bet is to simply upgrade your app and enjoy the new capabilities of Chromium Edge.

0
Posted on Author Atlantic Computer Services Categories Blog

Update Adobe Now For Several Critical Security Updates

Adobe continues to work at a feverish pace to address critical security vulnerabilities in its product line. Their most recent patch addresses a total of ten security flaws across the following four products:

  • Photoshop
  • Adobe Digital Editions
  • Adobe Bridge
  • RoboHelp

Of the ten flaws addressed by the latest patch, seven are rated as being Critical in their severity as they allow either arbitrary file writes or arbitrary code execution when exploited.

Adobe Bridge got the most attention, with the patch addressing four critical flaws and two additional vulnerabilities rated as ‘Important.’ Next up, the patch deals with a pair of security flaws in Photoshop, and one critical issue each in RoboHelp and Adobe Digital Editions.

If you use any of the products listed above, you should update to the latest version as soon as possible to minimize your risk. In most cases, this is as simple as firing up the software in question and navigating to Help, and then to “Check for updates,” although if this happens not to work for you, it’s easy enough to simply head to Adobe’s Download Center and grab the files you need from there.

Adobe has had an unfortunate history with many of their products, which have seen more than their share of security flaws. However, to the company’s credit, they’ve abandoned the worst offenders, like their beleaguered Flash player, and have been steadily working to shore up the rest.

Kudos to Adobe for keeping up the good work and for addressing so many security issues with this latest update. As mentioned, if you use any of the products above, be sure to update as soon as possible. Hackers around the world seem to have a soft spot for Adobe products and the longer you wait to patch, the higher your risks.

0
Posted on Author Atlantic Computer Services Categories Blog

Security Is Top Priority In Latest Chrome Build

Back in February, Google began experimenting with a new feature that defaulted all URLs to use “https:” rather than the less secure “http:.”

While defaulting to the secure socket layer isn’t ironclad protection for ‘netizins, it’s certainly a step in the right direction, which is why Google recently promoted the change out of the canary builds and into the mainstream.

Right now, if you download and install Chrome 90, you’ll find that this protection is automatic. You don’t have to do anything beyond installing Chrome 90.

In addition to offering the protection outlined above, Chrome 90 also includes nearly 40 security fixes, including resolving 3 low-severity flaws, 10 medium-severity flaws and six high-severity issues.

Finally, Chrome 90 includes the AV1 encoder, which provides enhanced support for a number of video-conferencing applications including Webex, Meet, and Duo. Among other things, AV1 offers improved screen sharing capabilities and allows users on low bandwidth networks to utilize video.

All that to say, Chrome 90 is an update you don’t want to miss. If it’s been a while since you paid attention to Chrome updates and you’re a bit behind the times, this is one upgrade you’ll definitely want to make a priority. While nothing in the build is particularly flashy, it does provide solid protection. That, combined with the fact that it addresses a wide range of security issues as described above, and includes a raft of other enhancements makes it well worth getting.

Kudos to Google for continuing to put user security front and center and making it an integral part of their product improvement road map. While it’s true that there are other companies out there that are even more active when it comes to bolstering user security, the number is small enough that you could probably count them on one hand with fingers left over.

0
Posted on Author Atlantic Computer Services Categories Blog

Hackers Are Using Legitimate Google Services To Wreak Havoc

The Microsoft 365 Defender Threat Intelligence Team recently issued a dire warning that every IT professional should take seriously.

They’ve discovered an emerging threat in the form of hackers utilizing legitimate “Contact Us” forms associated with Google websites to distribute malware to unsuspecting site visitors.

Since the website is legitimate, it almost always bypasses email security filters and also sometimes even bypasses CAPTCHA challenges.

Right now, the hackers are using this novel attack vector primarily to infect users with the IcedID info-stealing banking Trojan, but as the team notes, there’s no particular reason that they couldn’t shift gears at any moment and start infecting people with something even more directly damaging to target systems.

The Redmond giant thought that the threat was dire enough that they reached out to Google directly to warn them. Although the company is now aware, there has yet been any word about what Google will do to keep it from happening, or when that might happen.

For now, just be aware that if any of your employees get an email that appears to be from Google, and sends a user to a legitimate Google “Contact Us” form, it may well be a ploy designed to infect the recipient’s system. Then hackers can start stealing all manners of information, starting with the recipient’s Google login credentials.

It’s proof positive that no company, no matter how large, and no matter how elaborate its security measures, is immune. As mentioned above, by leveraging the legitimate URLs of a trusted company that serves as one of the cornerstones of the web itself, there’s really no limit to the amount of damage the hackers could potentially do.

As ever, vigilance is the best defense. Stay on your guard and impress upon your employees that they are not safe.

0
1 100 101 102 103 104 236