Tag Archives: Business & Finance

Posted on Author Atlantic Computer Services Categories Blog

WordPress NinjaForms Plugin Was Force Updated Due To Vulnerability

Do you run a WordPress site?  Do you also use the popular forms design and management plugin called NinjaForms?  If you answered yes to both of those questions, be aware that NinjaForms was recently found to have a critical security flaw.

The flaw takes the form of a code injection vulnerability and impacts all versions of NinjaForms from 3.0 forward.  With more than a million installations to its name, that makes the newly discovered bug a problem indeed.

To their credit, the company behind the plugin moved quickly and issued an update which should have auto-installed on your system.

Chloe Chamberland is a researcher at Wordfence Threat Intelligence.

Chloe had this to say about the security flaw:

“We uncovered a code injection vulnerability that made it possible for unauthenticated attackers to call a limited number of methods in various Ninja Forms classes, including a method that unserialized user-supplied content, resulting in Object Injection.

This could allow attackers to execute arbitrary code or delete arbitrary files on sites where a separate POP chain was present.”

The security patch was auto applied to more than 730,000 NinjaForms installations.  While that’s excellent, it’s clear that some admins don’t take kindly to auto-applied patches of any sort and have taken active countermeasures against such things.

If your company is one of those, you’ll need to install the latest version of NinjaForms as soon as possible. If you’re not sure you use it, check with your IT staff, and make them aware of the issue.

This isn’t the first time WordPress has taken away user agency in the name of security.  For instance, in 2019 the Jetpack plugin received a critical security update that corrected how the plugin processed embedded code.  The company didn’t make a fuss over it, they simply updated everyone’s Jetpack to the latest (safer) version.

Kudos to WordPress and the developers of NinjaForms for their rapid response in this instance. Kudos for keeping the web relatively safe.

0
Posted on Author Atlantic Computer Services Categories Blog

Some Requested Features May Be Coming To Microsoft Teams

Do you use Microsoft Teams?  If so, you’ll be thrilled to know that the Redmond Giant is continuing to pour resources into improving the software with a specific focus on audio and video quality.

Recently, the company announced a plan to add echo cancellation, which is a feature that legions of Teams users have been clamoring for.

When the company made the announcement, they also revealed that they’re using machine learning algorithms to “teach” Teams to learn the difference between the speaker’s voice and a background sound. The goal is that echo cancellation will never mute (or even partially mute) a human speaking, even in instances where several people are speaking at once.

The machine learning algorithm is being “trained” using a model that contains more than 30,000 hours of speech. To head off questions on the topic, Microsoft stressed that no customer data was collected for the data set used to train the new models under development.

Per Microsoft:

“Instead, we either used publicly available data or crowdsourcing to collect specific scenarios. We also ensured that we had a balance of female and male speech, as well as 74 different languages.”

Since the Pandemic, Teams has grown to be one of the most widely used virtual meeting platforms and we are thrilled to see Microsoft directing so many resources to making it better, both in terms of basic functionality and overall user experience.  The planned inclusion of Echo Cancellation is proof positive that the company listens and responds to customer requests.

Kudos to Microsoft for a great job in recent months, both here and on the Windows 11 development front.  While it’s true that the company has made more than its share of missteps over the years, their recent track record has been exemplary.

0
Posted on Author Atlantic Computer Services Categories Blog

It May Be Time To Update Your Business Logo

Corporate branding can be worth its weight in gold and certain images are absolutely iconic.  The Golden Arches, the Nike “swoosh,” and Apple’s Apple all come to mind.

Logo images give companies the means of offering a consistent brand image over time, and that  can be a very good thing.

Over time, tastes and styles change.  If your company presents itself as being on the bleeding edge of the technological curve, then your logo should almost certainly change with the times.  If you go back and look at Apple’s logo over the years, you’ll see that while it’s fundamentally the same, the company has made a few subtle modifications and adjustments over the years.

Changing your brand’s logo can be an expensive proposition so it’s not something you want to do at the drop of a hat. However, if you feel that it’s beginning to look a bit stale or dated, then there can be some real and tangible advantages to giving it an update. That is especially if you time the update with the release of a new product that offers tangible proof that your firm is headed off in some new and exciting direction.

The best brands tell a story and engage their customers.  Pictures are worth a thousand words, so branding images are  a big part of telling your brand’s story.  Ultimately then, the decision of if or whether to update your logo comes down to the following.

What kind of story do you want to tell your customers?  Do you want to offer them a tale of stability and rock-steady performance?  If so, then you’ll probably only want to update your logo rarely.  On the other hand, if you want to tell a story of momentum and velocity, the updating your logo more often would be a worthwhile endeavor.

0
Posted on Author Atlantic Computer Services Categories Blog

How To Protect Your Company With Cybersecurity Awareness

These days, companies spend significant sums of money to protect themselves from cyber criminals.  The threat matrix is vast, and attacks can come from almost any quarter. That is why many companies not only spend heavily on antivirus software, but also on a wide range of tools that IT security professionals can leverage to intercept attacks “at the gates” and prevent attackers from ever breaching their defenses.

Further, many companies will engage with third-party specialists to provide round the clock monitoring.  Managers invest even more money to ensure that regular backups are taken. This is so that if the worst happens, the process of recovery will be relatively quick and the company can get back to the business of its business with as little downtime as possible.

All of that is commendable, but the unfortunate reality is that even the most elaborate and expensive systems designed to defend your corporate network can be reduced to nothing by one moment of carelessness by one of your firm’s employees.

If you want to increase the return on your IT Security investment, the very best thing you can do is educate your workforce to the dangers that are lurking on the ‘net.  Teach them security best practices so that they become part of your network security solution rather than being yet another risk factor you have to guard against.

A few examples of the way your employees may be unwittingly putting your firm at risk include the following:

  • They use simple, easy to guess passwords that any hacker could guess with minimal effort
  • They seldom change their passwords unless forced to
  • When traveling, many will connect to your company’s network using free, unsecured WiFi hotspots
  • A disturbing percentage of people use the same easily guessed passwords across multiple web properties
  • They fail to use multi-factor authentication paradigms, even when and where you make them available
  • Far too many people will automatically assume that any attachment that lands in their work email inbox is safe, and will open it without thinking twice
  • And there is very little cross-checking done when someone reaches out to them via corporate channels to ensure that the person contacting them is who they claim to be

All of these pose a very real risk to the security of your company.  Make sure your employees get the training they need to keep both themselves and your corporate network safe.

0
Posted on Author Atlantic Computer Services Categories Blog

Hackers Are Teaming Up To Wreak Havoc On Corporate Users

It’s never a good thing when well-organized groups of hackers start working together, but that’s what appears to be happening.

Recently, evidence has emerged that the Black Basta ransomware gang has begun tight-knit cooperation with the infamous QBot malware operation. They share the specific goal of inflicting maximum damage on corporate targets.

While many different groups make use of QBot for initial infection, Black Basta’s use is somewhat different. The group is leveraging it to spread laterally through a network once they have infected it.

The partnership stands to be devastatingly effective.  Black Basta’s ransomware paired with QBot’s penchant for stealing banking credentials and injecting additional malicious payloads could easily deliver a one-two punch that would be very difficult for a company to recover from.

The bad news here is that QBot (also known as QakBot) can move quickly once inside a compromised network.

Fortunately, the way Black Basta is leveraging QBot, there is a window of opportunity between the time that QBot is moving laterally and the actual ransomware infection. So diligent IT Security professionals may be able to stop QBot’s spread before the ransomware payload is deployed.

That’s good in theory but the sad truth is that many companies won’t move quickly enough to stop the ransomware attack, which will leave them crippled from that and see their banking credentials compromised to boot.

Exactly how effective this new partnership will be remains to be seen, but both QBot and Black Basta have made names for themselves as fearsome hacking groups. Black Basta has been breaching dozens of networks over the course of their relatively short existence and QBot has made a name for themselves over a much longer period.

In any case, this is a dangerous combination and you will want to be on the alert for both groups and the ransomware they are deploying.  The hackers represent genuine threats, whether operating on their own or in tandem.

0
1 3 4 5 6 7 21