Multi-factor authentication (MFA) is a method of authentication that requires the use of an additional verification method and adds a second form of security to user sign-ins, transactions, and activity. Office 365 offers MFA for all of their programs and we recommend you implement this feature. Not only does this extra method of verification provide maximum security but it allows the Microsoft 365 Admin Center to manage and access all activity from the suite. Here is all of the information our team wants you to know about this level of authentication for Office 365. Read more
Too many businesses are making headlines for all the wrong reasons. Data breaches are on the rise. Every week it seems as though another organization is announcing that its systems have been compromised and its customers’ sensitive information is at risk. All too often, these data breaches are caused by an employee falling prey to a phishing scam.
Historically, the largest IT security concerns were attacks from the outside. These days, though, hackers are turning to employees to open the door to a business’ network and important data through both simple and sophisticated phishing scams. In fact, Verizon’s 2019 Data Breach Investigations Report found that 32% of data breaches involved phishing. Read more
Email spamming has become increasingly relevant as well as extremely convincing. Before opening those emails that flood your email inbox, consider the source and take an extra minute or two to examine the email closely. Email spammers are disguising themselves as familiar companies such as ADP. This tactic tricks us into thinking these are valuable sources and anything they are asking makes sense when it comes to giving away personal information. It is important to know the signs and the differences between the “real” emails and the “fake” emails to avoid exposure to phishing. Below is an example provided by Appriver- an anti-spam service protecting you from harmful emails. Read more
Do you remember Meltdown and Spectre, the Intel processor vulnerabilities we mentioned a few weeks ago? Well, Intel has recently rolled out a patch for the bugs – but be careful, it doesn’t come without issues.
To recap, the Meltdown and Spectre bugs are design flaws that result in a weakened separation in the secure kernel memory of most Intel processors. This causes secure data to become available to anyone who can exploit the vulnerability. This flaw was discovered recently, and is causing havoc in the IT industry due to the sheer number of potentially affected devices. Although it’s mostly Intel processors that are affected, it can be a potential threat to AMD systems as well, although the biggest hit for AMD has been the rollout of “fixes.” (more on that in a bit.) The overall impact of this flaw potentially opens users up to serious data vulnerabilities. These design flaws affect not only desktop and laptop computers, but also smartphones, tablets, and any other devices that use one of the affected processors.
Unfortunately, the patch itself is causing some major issues. Microsoft has found that the patch is causing particularly severe issues with some computers containing AMD processors. The patching of this vulnerability is widely known to cause a slowdown of the affected computers. It is even causing some AMD computers to lock up completely. According to The Verge, tests have shown a slowdown of up to 25 percent on some systems. Along with deteriorating performance, some computers with the patch are rebooting randomly, causing frustration for users. Microsoft has even had to roll back their patch due to the issues it has caused in some environments.
There are different variants of the Spectre and Meltdown bugs. So far, Intel has been able to create a patch that prevents the reboot issue for HP and Dell computers. However, Spectre Variant 2 and other variations of the exploits are still up in the air. Meanwhile, Google has rolled out an update called Retpoline that has successfully combatted the Spectre Variant 2 in the some Intel processors, but not all. So far, no one has found an overall fix.
Microsoft, Dell, and HP are currently advising against deploying most of the recently rolled out updates until they are sure they will fix all variations of the bugs while incurring the least possible side effects.
Although this has caused a huge stir in the IT industry, no exploits of these vulnerabilities have been found “in the wild” so far, so the race is on to develop a workable fix before hackers learn to fully exploit these vulnerabilities. We will continue to keep you updated on the latest news regarding the Spectre and Meltdown vulnerabilities, as well as the recommended fixes as they are released.
In a stunning turn of events, researchers discovered a significant vulnerability in virtually ALL Intel processors. The vulnerability is similar to the Heartbleed bug of 2012. The bug allows normal programs to access the secured memory in the system’s kernel. A kernel is the core of an operating system—and just so happens to be responsible for handling the MOST sensitive tasks carried out by your operating system. Needless to say, this is bad.
What does this mean for you? Another major security patch will be rolled out in the coming days, and it will need to be installed on every PC that has an Intel CPU, including Apple and Linux systems. However, don’t completely panic. Many OS’s will patch this issue automatically, as long as you say yes to those pesky little updates.
This security flaw was first noticed after the introduction of a new kernel page table isolation (KPTI) in Linux operating systems. Yet, Intel has said that this affects every Intel CPU made in the last 10 years. AMD chips are thought to be unaffected by this vulnerability.
In order to combat this, a technique is being employed by several OS manufacturers that works to separate the user and kernel space memory, therefore preventing the hardware security vulnerability. Kernel space can contain sensitive, private information posing a real issue if compromised. The down side—this fix will have adverse effects on your processor’s performance.
Researchers have estimated that the fix (or rather workaround) for this issue will cause a significant slowdown of the affected systems, anywhere from 0.28 to 35 percent. It is a hardware-based vulnerability. Therefore, software security patches can only go so far to correct it.
More vulnerability details are expected to be available on January 9. Until then, check out the full article HERE and bring yourself up to speed.
While it’s months since the Netflix phishing scam was first reported, unfortunately, it’s showing no signs of slowing down anytime soon. For those unaware, a popular phishing scam targets Netflix users with an urgent email notifying the user that their account has been suspended and requires immediate action. However, this fake, yet convincing, landing page is just the hacker’s first step toward collecting your sensititve data, sometimes going as far as requiring your social security number, credit card number, and more.
Read the full article from WIRED to learn ways to protect yourself against phishing scams that expose your sensitive data. Have questions? Contact the experts at ABS. We’re more than happy to provide you with the advice and service you need to protect your systems and information, and have the tools and technicians to do the job right to meet your needs.
If you’re like us, you use email on a daily basis to communicate information to clients, colleagues, and friends. But, with any routine, we tend to become a bit too comfortable with it, move faster than we should, and ultimately make some mistakes that may have been prevented just by slowing down and assessing the situation at hand with a clear head.
Google Docs is a popular word processor that allows for easy sharing and editing, and can be a great business tool when used for its intended purpose. Unfortunately, the widely used service has become the latest mask over a major phishing scam that’s sweeping the internet today.
Haven’t heard about the Fake “Google Docs” Phishing Scam? Here’s the rundown. Users are receiving an email that appears to be a Google Doc shared with them by an email contact they know. The email recipient will then be asked to click the link on the shared “Google Docs” file, and ultimately are asked to grant the fraudulant “Google” account full access to your emails, contacts, password resets, and more. Once clicked, your information is no longer secure, and may become compromised, as the cycle continues on using your contact list and other information you’ve now granted access to believing it to be a standard permissions checkpoint from the legitimate Google company.
While phishing scams are becoming more sophisticated, they can be avoided if you’re vigilant of the warning signs. This article from WIRED offers some great tips for how to protect yourself from phishing scams, like the latest one, now and in the future: https://www.wired.com/2017/05/dont-open-google-doc-unless-youre-positive-legit/
Have you found yourself the victim of the latest “Google Docs” Phishing Scam? Give ABS a call. We can help get you back on the right track to securing your account and sensitive data.