Tag Archives: Recent News

Posted on Author Atlantic Computer Services Categories Blog

Windows 11 2022 Update

Microsoft released the “first major update” for Windows 11 on Tuesday, September 20, 2022, as Windows 11 nears its first anniversary. According to a blog posted by Microsoft, the Windows 11 update focuses on four key areas:

● Making the PC easier and safer to use for everyone
● Empowering people to be more productive
● Making Windows the best place to connect, create and play
● Delivering added security, management, and flexibility to the workplace

Microsoft is committed to making computers more accessible. An added accessibility feature includes system-wide live captions to automatically generate captions from any form of audio content on Windows 11.

Windows 11 also includes snap layouts which have become a game changer for multitasking by helping users optimize their applications and documents. In addition, Microsoft introduced Focus sessions and Do Not Disturb to assist in minimizing distractions.

Advanced artificial intelligence features significantly improve the new Windows Studio camera and audio effects. The Voice Focus, background blur, eye contact, and automatic framing features can assist users in conference calls and content creation.

According to Microsoft, “Windows 11 provides layers of hardware and software integration for powerful, out-of-the-box protection from the moment you start your device – and we’re
continuing to innovate.” For example, within the Windows 11 update is the launch of Microsoft Defender SmartScreen. Microsoft Defender SmartScreen will alert users when their login credentials are entered on a malicious application or website.

The Windows 11 2022 is packed with many subtle changes that all come together to boost
productivity and empower creativity. The changes include enhancements to the file explorer, photo applications, taskbar overflow, and much more.

Microsoft Windows users can access the new features by updating and restarting their
computers. To begin the update for Windows 11 2022, users can go to the start menu, select settings, then choose update and security from the list of options. Next, users are taken to the menu, where they can update and restart their computer immediately or schedule the restart.

Updating to Windows 11, users can experience all the newly added and improved on applications to increase productivity while protecting from known vulnerabilities.

0
Posted on Author Atlantic Computer Services Categories Blog

Microsoft 365 Accounts Targeted In New BEC Scam

Recently, researchers at Mitiga have sounded the alarm about a new Business Email Compromise (BEC) campaign.  They discovered evidence of the campaign responding to another incident and have watched the campaign grow in scope and scale over time.

Here’s how the attack works:

The individual targeted by the campaign receives an email that appears to be from a bank and explains that the corporate account they usually send payments to has been frozen while a financial audit is underway.

In the meantime, the email explains that if the target needs to send payments, they can follow the instructions below the message.

The instructions appear to be inside a document behind a DocuSign wall, which is a contract management platform used widely in the corporate world.

To access the instructions, a potential victim needs to press the “Review Documents” button, which hands the victim off to a website controlled by the hackers.

These websites typically have names that appear to be legitimate companies the victim is familiar with, but a careful review of the URL will reveal an intentional typo, which gave rise to the term “typosquatting” to describe this very phenomenon.

On this page, the victim is asked to log into the Windows domain. If they do so, they inadvertently hand the attackers their Microsoft 365 account details which can be used later for any nefarious purpose the hacker’s desire.

On the face of it, this may not seem terribly convincing, but the hackers employ several tricks to make it seem completely legitimate.  Chief among these is the fact that the hackers hijack existing email streams and interrupt them. So to a reader who’s not paying close attention, the instructions seem to come from someone the victim is having an ongoing conversation with.

So far, the campaign has been devastatingly effective, so keep your guard up.  You don’t want to become their next victim.

0
Posted on Author Atlantic Computer Services Categories Blog

Modern Security Solutions For Evolving Ransomware Attacks

Based on a recent survey conducted by the folks at Titaniam, a solid majority of organizations have robust security tools in place. Yet nearly 40 percent of them have fallen victim to a ransomware attack in the past year.

How can this be?  With conventional tools in place, how can this still be happening?

The answer to that question is complex. Ransomware attacks ultimately have three different phases.  Each phase must be protected against and in each case, the type of protection needed varies.  Let’s start by taking a closer look at the anatomy of a typical ransomware attack. They always begin the same way: Infiltration.

To do anything to your company’s network, the hackers first must gain access to your network.  Thus, your first line of defense is to keep that from happening.

The good news is that most companies have robust tools that are specifically designed to block unauthorized intruders.  The bad news is that hackers can get around those tools entirely by stealing an employee’s login credentials. That is how many of these types of attacks occur. Once inside, the hackers proceed with data exfiltration.  Wholesale copying sensitive data and uploading it to a command-and-control server operated by the hackers.

From the perspective of the hackers, this is where the payday is.  They know all too well that companies will pay handsomely to keep proprietary data from being leaked to the broader public, and hackers are only too happy to take full advantage of that fact.

This is where many companies are weak.  To protect against data exfiltration, companies need to invest in three different types of encryptions.  Encryption at rest, encryption in transit, and encryption in use. Most companies invest in one.  A solid minority invest in two, but very few invest in all three. That creates a window of opportunity for the attacker.

Finally, the third stage is wholesale file locking. This is exactly like what you think it is.  All the files that the malicious code can get to will be locked and encrypted.  If you want them back, you must pay.  Assuming you don’t have a recent backup, of course. Even if you do have a backup, you’ll pay in the form of downtime while you’re restoring those files.

Understanding exactly how a ransomware attack is put together and how it functions is key to designing a security routine that will defeat it, preventing the attackers from ever gaining a foothold on your network.

0
Posted on Author Atlantic Computer Services Categories Blog

Oracle Cloud Infrastructure New Vulnerability Patch

In June, Wiz engineers discovered and reported #AttachMe, a critical cloud isolation flaw in Oracle Cloud Infrastructure (OCI).

Due to its potential to affect all OCI customers, the #AttachMe cloud vulnerability is one of the most severe vulnerabilities discovered to date. The majority of the time, cloud isolation flaws only impact a single cloud service. However, in this case, the impact is related to an integral part of the cloud service.

Engineers discovered that no special permissions were necessary to attach a disk to a virtual machine under a different user account. This suggests that a potential attacker could have gained access to and modified the data of any OCI client and, in certain circumstances, take control of the environment.

Before the patch, any OCI customer could have been a target of a malicious actor familiar with the #AttachMe vulnerability. If the attacker had the Oracle Cloud Identifier, any unattached or attached storage volume that allowed multiple attachments could have been viewed or altered (OCID). This would have allowed sensitive data to be stolen and future attacks initiated through executable file manipulation.

After being informed by Wiz of the vulnerability, Oracle quickly and efficiently distributed a patch for #AttachMe to all OCI customers in less than one day.

The separation of tenants is a critical aspect of cloud computing. Customers expect their data to be inaccessible to other customers. Still, vulnerabilities in cloud isolation break down the walls between tenants. This demonstrates the critical need for proactive research into cloud vulnerabilities, ethical disclosure, and public tracking of cloud vulnerabilities for cloud security.

0
Posted on Author Atlantic Computer Services Categories Blog

Known Senders Option In Google Calendar Decreases Spam Invites

Recently, Google’s engineers introduced a small but important feature to their Calendar app.  If you haven’t used the “known senders” option, you owe it to yourself to check it out.

It allows you to toggle a setting that will filter out invites from people you don’t know, with an eye toward eliminating or drastically reducing instances of invites from people you don’t know automatically appearing in your calendar.

It’s a surprisingly good addition because prior to its inclusion, you had to jump through an annoying number of hoops to filter out unknown senders. This was done in a process which forced you to disable automatic event additions entirely, meaning that you had to respond manually to every invitation.

Google had been promising this fix since 2019 but time, circumstance, and recent events including the pandemic delayed its release significantly.  Its recent release received little fanfare and with everything going on, it would be no great surprise if you missed it.

It’s worth mentioning that the new setting won’t do anything to prevent you from receiving spam invitations, but they won’t land on your calendar, which is what most people are after.

It’s a small change but much more helpful than you might think. It is one of a multitude of recent improvements to a whole range of Google’s Workspace apps in recent months.

If you rely on Google Calendar to help keep yourself organized, you’re sure to love this feature.

Kudos to Google for continuing the hard work of continuous improvement with an eye toward an ever-better user experience.  It is work that often goes unnoticed and underappreciated but over the last few years, we’ve seen Google’s entire suite of productivity apps improve markedly. We can hardly wait to see what further improvements lie ahead.

0
1 3 4 5 6 7 196