We’ve been talking a lot about security lately, but there’s a reason for this. We’re not exaggerating when we say you need to prioritize protecting your business. Whether you’re aware of it or not, your business is under constant attack. Many people fall into the trap of assuming their business isn’t worth the time or attention of hackers. They believe their business is too small to be a target. This is simply not the case. Read more
At ABS, we help businesses with day-to-day and long-term technological solutions. This means we help people with the technological constraints that they face daily and seek to proactively develop future technical strategies that will serve them in the future.
We’ve been doing this for over 20 years. What we’ve discovered over time is that few businesses are aware of the cyber-security threats they face on a daily basis and every business is at risk of attack. Because of this, we wanted to approach cyber-security more holistically. Read more
Every business is at risk of a cyber-attack – including yours. While some industries are more at risk than others, no industry or business is safe. In fact, one study proved that hackers attack every 39 seconds. If you, your business, and your employees don’t perfectly follow proper cybersecurity measures, then you have a problem. A key thing to remember is that cybersecurity is a journey, not a destination. You always need to be thinking about how you’re protecting your network. In the world of cybersecurity, we’re always dealing with new kinds of threats because they’re constantly evolving. Unfortunately, it’s not just a box you can check off and forget. You must constantly be monitoring and evaluating your environment and making changes when you see a hole. Read more
Multi-factor authentication (MFA) is a method of authentication that requires the use of an additional verification method and adds a second form of security to user sign-ins, transactions, and activity. Office 365 offers MFA for all of their programs and we recommend you implement this feature. Not only does this extra method of verification provide maximum security but it allows the Microsoft 365 Admin Center to manage and access all activity from the suite. Here is all of the information our team wants you to know about this level of authentication for Office 365. Read more
Too many businesses are making headlines for all the wrong reasons. Data breaches are on the rise. Every week it seems as though another organization is announcing that its systems have been compromised and its customers’ sensitive information is at risk. All too often, these data breaches are caused by an employee falling prey to a phishing scam.
Historically, the largest IT security concerns were attacks from the outside. These days, though, hackers are turning to employees to open the door to a business’ network and important data through both simple and sophisticated phishing scams. In fact, Verizon’s 2019 Data Breach Investigations Report found that 32% of data breaches involved phishing. Read more
Email spamming has become increasingly relevant as well as extremely convincing. Before opening those emails that flood your email inbox, consider the source and take an extra minute or two to examine the email closely. Email spammers are disguising themselves as familiar companies such as ADP. This tactic tricks us into thinking these are valuable sources and anything they are asking makes sense when it comes to giving away personal information. It is important to know the signs and the differences between the “real” emails and the “fake” emails to avoid exposure to phishing. Below is an example provided by Appriver- an anti-spam service protecting you from harmful emails. Read more
Do you remember Meltdown and Spectre, the Intel processor vulnerabilities we mentioned a few weeks ago? Well, Intel has recently rolled out a patch for the bugs – but be careful, it doesn’t come without issues.
To recap, the Meltdown and Spectre bugs are design flaws that result in a weakened separation in the secure kernel memory of most Intel processors. This causes secure data to become available to anyone who can exploit the vulnerability. This flaw was discovered recently, and is causing havoc in the IT industry due to the sheer number of potentially affected devices. Although it’s mostly Intel processors that are affected, it can be a potential threat to AMD systems as well, although the biggest hit for AMD has been the rollout of “fixes.” (more on that in a bit.) The overall impact of this flaw potentially opens users up to serious data vulnerabilities. These design flaws affect not only desktop and laptop computers, but also smartphones, tablets, and any other devices that use one of the affected processors.
Unfortunately, the patch itself is causing some major issues. Microsoft has found that the patch is causing particularly severe issues with some computers containing AMD processors. The patching of this vulnerability is widely known to cause a slowdown of the affected computers. It is even causing some AMD computers to lock up completely. According to The Verge, tests have shown a slowdown of up to 25 percent on some systems. Along with deteriorating performance, some computers with the patch are rebooting randomly, causing frustration for users. Microsoft has even had to roll back their patch due to the issues it has caused in some environments.
There are different variants of the Spectre and Meltdown bugs. So far, Intel has been able to create a patch that prevents the reboot issue for HP and Dell computers. However, Spectre Variant 2 and other variations of the exploits are still up in the air. Meanwhile, Google has rolled out an update called Retpoline that has successfully combatted the Spectre Variant 2 in the some Intel processors, but not all. So far, no one has found an overall fix.
Microsoft, Dell, and HP are currently advising against deploying most of the recently rolled out updates until they are sure they will fix all variations of the bugs while incurring the least possible side effects.
Although this has caused a huge stir in the IT industry, no exploits of these vulnerabilities have been found “in the wild” so far, so the race is on to develop a workable fix before hackers learn to fully exploit these vulnerabilities. We will continue to keep you updated on the latest news regarding the Spectre and Meltdown vulnerabilities, as well as the recommended fixes as they are released.
In a stunning turn of events, researchers discovered a significant vulnerability in virtually ALL Intel processors. The vulnerability is similar to the Heartbleed bug of 2012. The bug allows normal programs to access the secured memory in the system’s kernel. A kernel is the core of an operating system—and just so happens to be responsible for handling the MOST sensitive tasks carried out by your operating system. Needless to say, this is bad.
What does this mean for you? Another major security patch will be rolled out in the coming days, and it will need to be installed on every PC that has an Intel CPU, including Apple and Linux systems. However, don’t completely panic. Many OS’s will patch this issue automatically, as long as you say yes to those pesky little updates.
This security flaw was first noticed after the introduction of a new kernel page table isolation (KPTI) in Linux operating systems. Yet, Intel has said that this affects every Intel CPU made in the last 10 years. AMD chips are thought to be unaffected by this vulnerability.
In order to combat this, a technique is being employed by several OS manufacturers that works to separate the user and kernel space memory, therefore preventing the hardware security vulnerability. Kernel space can contain sensitive, private information posing a real issue if compromised. The down side—this fix will have adverse effects on your processor’s performance.
Researchers have estimated that the fix (or rather workaround) for this issue will cause a significant slowdown of the affected systems, anywhere from 0.28 to 35 percent. It is a hardware-based vulnerability. Therefore, software security patches can only go so far to correct it.
More vulnerability details are expected to be available on January 9. Until then, check out the full article HERE and bring yourself up to speed.
While it’s months since the Netflix phishing scam was first reported, unfortunately, it’s showing no signs of slowing down anytime soon. For those unaware, a popular phishing scam targets Netflix users with an urgent email notifying the user that their account has been suspended and requires immediate action. However, this fake, yet convincing, landing page is just the hacker’s first step toward collecting your sensititve data, sometimes going as far as requiring your social security number, credit card number, and more.
Read the full article from WIRED to learn ways to protect yourself against phishing scams that expose your sensitive data. Have questions? Contact the experts at ABS. We’re more than happy to provide you with the advice and service you need to protect your systems and information, and have the tools and technicians to do the job right to meet your needs.