Tag Archives: Recent News

Posted on Author Atlantic Computer Services Categories Blog

Cyber Security Best Practices For Businesses

Smaller companies often struggle to develop and invest in robust IT security systems, which can leave them relatively more vulnerable to cyber attacks.

If that’s the situation you’re in and you’re trying to decide what to invest in and where to use the money that you have to spend on IT security, here’s a quick overview of the basics you need to have covered.

1 – Door Access Control

Believe it or not, this properly falls under the cybersecurity umbrella since magnetic door locks and swipe cards (or similar technology) are ultimately managed via a server on your company’s network.

If you don’t have such a system in place, we strongly urge you to consider one. Once it’s in place, regularly review who has what level of access.

In addition to that, most door security systems include some type of monitoring software, and it pays to set up automated alerts when an employee shows as deviating from their usual routine.

Example:  If Linda’s regular work schedule has her swiping her card and entering the office just before 8AM, and leaving a little after 5PM and suddenly you see her coming in at 3:00 in the morning, that’s a sign that something is amiss and is well worth investigating.

2 – Encryption, Encryption, Encryption

Even if a hacker breaches your network, they can’t make use of any files they get their hands on if they can’t decrypt the data.

There are three types of encryption you want to be focused on:  Encryption at rest, encryption in use, and encryption in transit.  If your files are encrypted in all three states, a hacker is going to be hard-pressed to get anything useful from your network, even if they break in.

 3 – Ongoing Security Training

The sad truth is that all the fancy hardware and software in the world can be circumvented by going after the weakest link in your security chain, which is always your people.  If someone uses a weak password for the sake of convenience, that’s a way in for a hacker.

If someone is prone to opening email attachments from unverified sources, that’s another potential inroad. The problem is that too many employees don’t fully appreciate the security risks that these seemingly innocuous activities carry with them.  Make sure they know.  Make sure everyone knows.

There’s a lot more to robust security of course, and cybersecurity is constantly evolving, but if you start here, with these three items, you’ll be miles ahead.

0
Posted on Author Atlantic Computer Services Categories Blog

Zoom Outage Reported

Recently Zoom, a popular, cloud-based communications platform used for online meetings and video conferencing, experienced an outage that impacted tens of thousands of users worldwide. The issue began shortly after 8:00 am PDT on Thursday, September 15, 2022, when users reported that they could not log in or join meetings. At 8:17 PDT, the company posted the following message on their incident status page:

“We are investigating reports of zoom.us being unavailable.

Our teams are currently investigating the service-impacting event. Our engineers are investigating.”

By 8:30 PDT, the company’s engineers had identified the issue, and the company updated the incident status page with the following:

“We have identified the issue starting and joining meetings. We will continue to investigate and provide updates as we have them.”

By 8:37 PDT, the interruption appeared resolved as the company moved to monitor the situation. Zoom posted the following update:

“We have resolved the issue causing users to be unable to start and join Zoom Meetings. We will continue to monitor and provide updates as we have them.”

Then, at 8:49 PDT, Zoom’s engineers were confident that the issue would not recur and formally closed the incident.

Zoom did not release any technical details as to what caused the outage. In any case, if you are a Zoom user and could not log in for a time yesterday morning, this was the reason.

This severe but quickly resolved issue serves as a reminder that any company is susceptible to outages. Therefore, it is crucial to have different technology avenues to switch to your backup option when a similar outage occurs without losing time in your day.

0
Posted on Author Atlantic Computer Services Categories Blog

Latest Microsoft Patch Fixes Dozens of Bugs

Even if you don’t consistently install Microsoft’s security patches as soon as they’re released, the September 2022 patch released this week deserves immediate attention.

Dozens of bugs, flaws, and vulnerabilities were addressed in this iteration, including fixes for:

 

  • *30 Remote Code Execution vulnerabilities
  • 18 Elevation of Privilege vulnerabilities
  • 16 Edge/Chromium vulnerabilities
  • 7 Information Disclosure vulnerabilities
  • 7 Denial of Service (DoS) vulnerabilities
  • 1 Security Feature Bypass vulnerability

In addition to the above, the patch also addresses two zero-day vulnerabilities. The first of these is being tracked as CVE-2022-37969.

It was discovered independently by researchers from CrowdStrike, Zscaler, Mandiant, and DBAPP Security. Described as a Windows Common Log File System Driver Elevation of Privilege Vulnerability, hackers are currently exploiting this flaw in the wild.

The other is being tracked as CVE-2022-23960 and is described as a Cache Speculation Restriction Vulnerability.

The researchers at VUSec who discovered the issue have dubbed it “Spectre-BHB” and utilize Branch History Injection to allow for speculative execution. While it is similar to the Spectre security flaws found in chipsets last year, it is only tangentially related. Furthermore, there is no evidence that hackers are currently exploiting it.

On top of the impressive bug fixes, this release also includes improvements to Microsoft Defender and enhanced IT administrators’ capabilities to make it easier to control language-related features remotely in the OS.

Patch Tuesdays are always significant, but this one is even more critical than most. If you haven’t already done so, head to Microsoft’s website and install it on all your Windows 10 devices running versions 1809, 21H1, and 21H2. Also, note that one week before Microsoft released this patch, they released Windows 10 builds KB5017308 and KB5017315, which addressed various performance issues and patched twenty bugs.

Patch Tuesday is a regularly scheduled event. Microsoft rolls them out on the second Tuesday of each month at 10:00 AM PST.

0
Posted on Author Atlantic Computer Services Categories Blog

New Phishing Service Is Targeting Banks

Hackers are increasingly adopting practices that legitimate business owners will immediately recognize.

Recently, a new PhaaS (Phishing as a Service) operation has surfaced that specifically targets major banks. These banks include Bank of America, Wells Fargo, Citibank, Capital One, PNC, US Bank, Lloyds Bank, Santander, and the Commonwealth Bank of Australia.

Snarkily named “Robin Banks,” the service also offers templates to steal T-Mobile, Netflix, Google, and Microsoft accounts.

The group was unearthed by analysts from IronNet, whose evidence indicates that the group has been active since at least March of this year (2022).

Even though the group hasn’t been active for terribly long, they’ve already made quite a name for themselves for their high-quality phishing pages that target customers of the organizations mentioned above.

The group has two different pricing tiers to those who wish to engage their services.  Their budget option is just fifty dollars a month and offers a single page and 24/7 support. Their deluxe package is available for $200 a month and it gives their customers unlimited access to their templates, along with 24/7 support.

The service even offers a professionally designed dashboard. This allows threat actors who hire them to keep an eye on every aspect of their illicit operation, create and manage the pages they have created using the offered templates, wallet management, and a variety of other advanced tools, including reCAPTCHA services to thwart bots.

If you’re in any way associated with information security, the details above should alarm you.  Robin Banks has seen their popularity on the Dark Web explode.  What’s perhaps most disturbing about the service they’re offering is that increasingly, hackers don’t need a broad or deep skillset to set up an effective phishing campaign.  The service does all the hard work for them.

Unfortunately, that means that IT Security just got a whole lot harder.  Stay vigilant out there.

0
Posted on Author Atlantic Computer Services Categories Blog

Fresh Look For Gmail Users Has Been Released

If you’re a Gmail user and you haven’t seen the change already, be aware that Google has freshened up their email interface.  Don’t expect a radical change, however.  This update is more of an evolution than a revolution.

Chiefly, you’ll notice that the Chat, Spaces, and Meet buttons have all been drawn closer together. This makes the left-hand sidebar of the email display look more cohesive.

At this point, it looks pretty much the same. However, Google has promised additional refinements in the months ahead, including better support for Gmail on tablets, more accessibility features, and better emoji support to name a few.

If the change has already been rolled out to you and you’re not a fan, you do have the option to switch back to the old view for now. That’s not a permanent situation.  Eventually, you’ll have to make peace with the new look.

If you want your old view back, the process is both simple and straightforward.  At the top right of your screen, click “Settings.”  Under “Quick Settings” you’ll see an option that says: “Go back to the original Gmail view.” Click that and then reload and you’ll be all set.

Also be aware that if you don’t use some of the apps listed on the sidebar, you can selectively disable the ones you don’t need, causing them to vanish from that view.

Change is hard and it is harder for some folks than others, but we like the approach Google is taking here.  Overall, we find these changes to be quite modest but we do agree that they make for a cleaner interface that offers a marginally improved user experience.

Kudos to Google for continuing to refine all their products.  We look forward to seeing what additional changes lie ahead.

0
1 5 6 7 8 9 196