Category Archives: Blog

Posted on Author Atlantic Computer Services Categories Blog

Microsoft 365 Suggests Rollback After Issues From Update

Does your company use Microsoft 365?  If so, and you’ve noticed that your Office apps have begun to crash mysteriously and inexplicably, be aware that the latest update (build 15330.20298) is the culprit.

Unfortunately, the bug was introduced in the Enterprise channel during the company’s regularly scheduled “Patch Tuesday.”

The error manifests itself when users try to open a contact card or hover over a contact’s name or picture in shared documents, emails, or comments.

For their part, the company has moved quickly. Although they have not identified the root cause of the issue yet, in the meantime, they went back to the last version confirmed to not contain the bug.

Microsoft is advising any users who have installed version 2206 to roll back to version 2205 to get around the issue. For Admins, the company drafted specific rollback instructions and posted them on their website.

For some time last year, Microsoft’s updates were plagued with issues and several annoying bugs crept into the mix in just about every update the company made.

They re-doubled their efforts and tightened up their processes, and the number of faulty updates declined markedly.  This latest update breaks the trend.  With any luck, this will prove to be a one-time mistake with their next update, and the updates that follow will be smooth sailing.  Given the trouble in the recent past, it’s something that bears paying close attention to in the weeks ahead.

Kudos to Microsoft’s engineers for their fast action here, and we hope that the issue will be resolved before much longer.  It’s unfortunate any time a new bug is introduced, especially to a system as complex as Microsoft 365. Overall, the company has done a good job of addressing issues as they arise, and we expect that to be the case in this instance.

0
Posted on Author Atlantic Computer Services Categories Blog

IoT Security With Microsoft Defender

The Internet of Things (IoT) has seen explosive growth in recent years.

If you like, you can now build your own smart home with intelligent toasters, washing machines, dishwashers, and refrigerators. They are all connected to your home network, and they all make vast amounts of data available to you at your fingertips.

Unfortunately, security is slim to non-existent on most of these “smart” devices.  We’ve seen botnets enslave those smart devices and put them to use in a wide range of malicious ways. Although many industry experts have been sounding the alarm, few of the smart device manufacturers have taken much of an interest in bolstering security on the products they sell.

The good news is that Microsoft may have an answer.  The Redmond giant recently released Microsoft Defender for IoT in a bid to secure smart TVs, printers, washing machines, and any other “smart” device you may have connected to your network.

The company previewed Defender for IoT in the waning days of 2021.  Back then it was called Azure Defender for IoT and before that it was Azure Security Center.  By any of those names however, it’s the same code and it’s clear that plugging this gigantic gap in device security has been on Microsoft’s radar for quite some time.

Now at last, the product is ready for a proper unveiling and it’s a solid solution. That is especially given the fact that it integrates seamlessly with Microsoft 365 Defender, which millions of users the world over already rely on.

Michal Braverman-Blumenstyk is Microsoft’s Corporate VP and Chief Technology Officer of Cloud and AI Security.

Michal had this to say about the new product:

“…Defender for IoT now delivers comprehensive security for all endpoint types, applications, identities, and operating systems.

The new capabilities allow organizations to get the visibility and insights they need to address complex multi-stage attacks that specifically take advantage of IoT and OT devices to achieve their goals.

Customers will now be able to get the same types of vulnerability management, threat detection, response, and other capabilities for enterprise IoT devices that were previously only available for managed endpoints and OT devices.”

If you have one or more smart devices connected to your network (and you probably do), you need Defender for IoT.  Kudos to Microsoft.

0
Posted on Author Atlantic Computer Services Categories Blog

Blog 2 – How small businesses can go big on cybersecurity

SMB and Some Basic Employee Security Issues

Training teams

Your employees are your first line of defense. Training is a basic requirement and should be conducted for every employee. This necessitates involving Human Resources so that businesses incorporate cyber security training from the first day of onboarding. must train their employees on cybersecurity best practices and also constantly update them with information about the latest scams and techniques adopted by cybercriminals. This will help employees identify situations where they may end up becoming victims of cybercrime or unwittingly compromise the organization’s cybersecurity. Untrained employees may end up becoming unintended participants in cybercrime.

BYOD Policy

With remote operations becoming the norm, organizations must spell out the dos and don’ts for their employees who are using personal devices for work. While there’s not much that companies can do to monitor and restrict usage when employees use their personal devices, a broad framework of best practices will certainly help. Addressing the details of how your data is accessed remotely is a very important part of a total BYOD policy.

0
Posted on Author Atlantic Computer Services Categories Blog

Hackers Use VoIP Systems To Install PHP Web Shells

Security researchers at Unit 42, a division of Palo Alto Networks, have been tracking the efforts of a massive campaign aimed at Elastix VoIP telephony servers.

They are used by companies of all shapes and sizes to unify their communications, and it is especially attractive because it can be used with the Digium phones module for FreePBX.

So far, the team has collected more than half a million malicious code samples over a three-month period.  An analysis of those code samples reveals that the attackers are exploiting a remote code execution vulnerability. It is being tracked as CVE-2021-4561 and carries a severity rating of 9.8 out of ten.

Security researchers report that hackers have been actively exploiting this flaw since at least December 2021.

Based on the code samples collected, the Unit 42 team believes that the attackers’ goal was to plant PHP web shells on successfully penetrated systems. That would allow them to execute arbitrary commands on the compromised servers.

Another security firm, Check Point, confirms Unit 42’s findings and both teams stress that the campaign is still ongoing.  Worse, it appears that there are two different groups involved in the attack. Although it is not currently known whether they are coordinating their efforts or if that fact is coincidental. Perhaps it is a case of one following the other so as not to miss out on an opportunity.

The attackers behind the campaign are both clever and technically savvy.  They’ve built in some good anti-detection strategies into the attack, such as masking the name of the back door so that the file name resembles that of a known file already on the system.  It would take a sharp pair of eyes indeed to spot it.

In any event, if you use Elastix VoIP, be sure your IT people are aware of this threat.

0
Posted on Author Atlantic Computer Services Categories Blog

Google Experiences International Outage

“Just Google it.”  You’ve probably heard that phrase a thousand times.  In fact, you may use it yourself on a regular basis.

Unfortunately, Googling it wasn’t possible recently.  The iconic search giant went dark across broad swaths of the world and simply could not be accessed at all for thirty 34 very long minutes.

It was a very strange experience, fumbling through the internet without Google to guide the way.  Strange and frustrating.

At the root of the outage was a botched software update that rendered both Google Search and Google Maps inoperable for a time, and #Googledown became a trending hashtag on Twitter.  Google Workspace users faced similar difficulties, as they rely on portions of the Google Search technology to function correctly.

Thankfully, Google’s engineers were quick to respond, and they corrected the issue with admirable speed.  Nonetheless, for many ‘netizines’, it was the first time in living memory that Google didn’t dominate the virtual landscape.

Of course, there are plenty of other search engines out there. During that time, many of them including Bing and DuckDuckGo in particular, saw impressive surges in use that they’ll be talking about for months if not years to come.

And then Google came back to life and those surges in use stopped as quickly as they had started, like the tide going out.

In any case, if you were one of the hundreds of millions of people around the world who experienced a sense of frustration at not having access to what has become the dominant search engine on the web, that’s why.  A botched software update brought the biggest search engine on the planet to its knees for a little over half an hour.  Here’s hoping that doesn’t happen again any time soon!

0
1 12 13 14 15 16 236