Hackers exploit vulnerable Office feature

As the world’s most popular productivity suite, Microsoft Office tends to receive much attention from cybercriminals. Generally, hackers embed malware in authentic Office files to trick users into unleashing it onto their machines. However, the most recent exploit proves to be much more dangerous than any Office hack we’ve seen.

What’s the new Office threat?
The Office exploit takes advantage of Microsoft’s Dynamic Data Exchange (DDE), a protocol that sends messages and data between applications. For example, DDE can be used to automatically update a table in a Word document with data collected in an Excel spreadsheet.

The problem with this is hackers can create DDE-enabled documents that link to malicious sources rather than to other Office apps. Theoretically, this allows hackers to launch scripts that download Trojan viruses from the internet and execute it before the user is even aware of the attack.

And unlike most malware-embedded Office files, which are usually blocked by security protocols from Microsoft, DDE exploits are instant. Once a compromised Word file is opened, it automatically executes the hack.

Outlook at risk
What’s even more alarming are the DDE vulnerabilities in Outlook. Recent reports found that hackers can embed malicious code in the body of an email or calendar invite, allowing them to perform phishing scams without a file attachment.

Fortunately, Outlook DDE attacks are not as automated as Word or Excel DDE attacks. Two dialog boxes will usually appear when you open the email asking if you want to update a document with data from linked files and start a specific application. Simply clicking ‘No’ on either of these boxes will stop the attack from executing.

Defending against DDE attacks
Beyond saying no, you can protect yourself by following these security best practices:

  • Evaluate the authenticity of unsolicited emails before interacting with them and don’t open attachments from unfamiliar contacts.
  • View emails in plain text format to completely stop DDE attacks embedded directly in emails from running. Note that this will also disable all original formatting, colors, images, and buttons.
  • Use a strong email security system that prevents phishing emails, spam, and other unwanted messages from reaching your inbox.
  • Get in the habit of checking for Microsoft updates, as they’re usually quick to release patches after vulnerabilities have been discovered.

Last but not least, consider working with our team. We’re Microsoft Office experts who can keep you safe from the latest threats. Call us today to get started!

Advertisements
Posted in Uncategorized | Leave a comment

Useful Business Features in Windows 10

The Windows Fall Creators Update released in April introduced many useful and interesting features, including a decluttered Start menu, more control over Windows updates, and an enhanced Microsoft Edge browser. Five months later, Microsoft follows up on all those enhancements with a new set of features. Here’s everything business users should get excited about.

Files on-demand in OneDrive

‘OneDrive Files On-Demand’ solves syncing problems often encountered by those who don’t want all their files synced to all their devices. This feature will give users the option to choose the folders that will be downloaded to the device they’re using, which helps save storage space and bandwidth, and gives users more flexibility.

Greater protection from ransomware

Microsoft beefs up Windows 10 security by introducing ‘Controlled folder access,’ a welcome feature in an era of rampant ransomware outbreaks such as WannaCry and Petya. This security enhancement enables users to assign a ‘switch’ to applications. When the switch is turned on, users are alerted any time unauthorized applications attempt to access or modify files in protected Desktop, My Documents, My Music, My Pictures, and My Videos folders.

Enterprise-level threat prevention

The Fall Creators update will also feature ‘Windows Defender Exploit Guard,’ a threat prevention system that, in Microsoft’s own words, ‘helps make vulnerabilities dramatically more difficult to exploit.’ The platform is primarily intended to recognize and safeguard against brand new malware that has not been cataloged or analyzed by security professionals.

Microsoft will also introduce ‘Windows Defender Application Guard,’ a program that protects Windows 10 users by isolating and containing threats and malware within the Edge browser. For now, it will be available only to Windows 10 Enterprise Edition and Hyper-V users.

Both ‘guards’ will complement firewalls and antivirus software to provide comprehensive protection to data, programs, devices, and networks.

Easier to reach contacts

Windows 10 subscribers will also benefit from the ‘My People’ feature, which will enhance collaboration. This new feature will let users pin contacts from their contact list to the Start Bar for quick access to email, instant messaging, or video calling. To activate, launch the People program and click on the icon found in the taskbar’s notifications area. Contacts can be pinned only if they have the Windows 10 App open in their system.

Other essential enhancements

The Fall Creators Update will also introduce small yet essential enhancements that will prove highly advantageous to businesses, one of which is a bandwidth limiting capability. Using this feature, network administrators can limit the amount of bandwidth allocated for Windows updates, allowing them to manage the updates for all devices across an entire network.

To do this:

  • Go to Deliver Optimization > Advanced options
  • Tick any of the three sliders
  • Adjust download and upload settings: limiting bandwidth for downloading updates; uploading updates to other PCS on the internet; and adjusting monthly upload limit

A battery-saving function will also be introduced to the new Windows 10 via ‘Power Throttling,’ which determines the activities that the system should prioritize based on a user’s activity. For example, if a user has multiple apps open but is actively using only a photo-editing tool, the system will allot greater power resources to the most actively used app and minimal resources to inactive ones.

Are you maximizing your Windows-powered computers’ features and capabilities? Get in touch with our experts to explore what Microsoft products can do for your business.

Posted in Uncategorized | Leave a comment

Here comes Firefox Quantum

Google Chrome wasn’t always the browser of choice for internet users. Before 2008, people turned to Safari, Opera, and even Internet Explorer. But all of that changed with the arrival of Firefox, the reigning champ of its time. And now, we think it deserves your attention once again.

What is it?

Firefox Quantum, AKA Firefox 57, is Mozilla’s newest and fastest web browser, a culmination of years of Mozilla engineer’s hard work if you will.

What has changed?

Most of the updates in Firefox Quantum comes from Mozilla’s experimental web browser layout engine called Servo. It has been the testing platform for all of Firefox’s new features, including a new programming language called Rust that Mozilla had developed.

Rust is important because it allows Firefox Quantum to take full advantage of multiple CPU cores, a functionality that no previous versions of Firefox have. This gives the web browser a substantial speed boost. It also means that Firefox now uses 30% less RAM, possibly even less than Chrome.

Apart from speed, Firefox Quantum comes with a simple, streamlined interface that can be customized based on your preferences.

Mozilla has also made sure that the web browser’s display has clearer definitions on high-DPI screens and work better on laptops with touchscreens.

Firefox Quantum still comes with Pocket, a feature which lets you save articles, videos, pages, and other files to an easily accessible folder. It also has screenshot functionality and a reading mode that hides anything other than the page’s contents to remove any distractions.

All in all, Firefox Quantum seems to have tackled all the gripes that led many users to Chrome: speed and resource usage. The final version is scheduled to launch on November 14th, 2017.

Until then, you can test its features in the current beta or developer release. And as always, if you have any questions or would love to know more about how the web might benefit your business, just give us a call.

Posted in Uncategorized | Leave a comment

The ABC’s of Cyber Security part 1

Posted in Uncategorized | Leave a comment

Keep your business safe with backup and disaster recovery

It’s essential to have the right IT backup and disaster recovery (DR) systems in place if you want to safeguard your company’s digital assets.

From cyberattacks and malware to hardware failures and natural catastrophes, having the right plan in place is essential. It can test your system, prevent loss and recover vital data in the event of a disaster.

The right strategy and solution

As an IT manager, you want an IT backup and stress test that can determine how well your system can withstand critical situations while at the same time operating at optimal capacity.

A good backup and DR strategy should include off-site/cloud storage of important information, regular data saving and backup, fireproofing, and protection against malware and viruses. It should also perform regular audits of your stress-testing recovery plan to ensure your data, servers, intranets and LANs are protected in an emergency.

A stress-testing recovery plan can identify weaknesses in your system and alert you to where improvements in your network’s defenses are required. This may then require data-loss-prevention and spam-filtering devices, mobile device management hardware, and firewalls for websites and applications.

Business processes and security applications

Before deciding on the best backup solution, consider your business processes and how a loss of computing capability could affect them.

It’s also vitally important to keep your antivirus software current on all workstations and servers within your internal LAN, and to ensure they are able to isolate an affected machine before the contagion spreads.

Keep all production servers/network devices up to date with the latest patches, and scan for vulnerabilities on a consistent basis. The best DR plans include regular backups of all production-critical devices, secure and accessible recovery of those backups and a step-by-step recovery procedure that relevant personnel can understand clearly and initiate in an emergency.

The good news for CIOs, CTOs and others responsible for ensuring IT infrastructure is up to date and resilient is that backup and DR systems have been converging for some years now.

Today’s data backup software and hardware are more tightly integrated – and there are converged hardware products that can back up and replicate applications, eliminating the need for separate software. As a result, backup and DR are moving closer to becoming one all-inclusive process.

Posted in Uncategorized | Leave a comment

Some ransomware strains are free to decrypt

Ransomware is everywhere. Over the last couple years, dozens of unique versions of the malware have sprung up with a singular purpose: Extorting money from your business. Before you even consider paying for the release of your data, the first thing you must always check is whether your ransomware infection already has a free cure.

The state of ransomware in 2017

It’s been almost 30 years since malware was first created that could encrypt locally-stored data and demand money in exchange for its safe return. Known as ransomware, this type of malware has gone through multiple periods of popularity. 2006 and 2013 saw brief spikes in infections, but they’ve never been as bad as they are now.

In 2015, the FBI estimated that ransomware attacks cost victims $24 million, but in the first three months of 2016 it had already racked up more than $209 million. At the beginning of 2017, more than 10% of all malware infections were some version of ransomware.

Zombie ransomware is easy to defeat

Not every type of infection is targeted to individual organizations. Some infections may happen as a result of self-propagating ransomware strains, while others might come from cyber attackers who are hoping targets are so scared that they pay up before doing any research on how dated the strain is.

No matter what the circumstances of your infection are, always check the following lists to see whether free decryption tools have been released to save you a world of hurt:

Prevention

But even when you can get your data back for free, getting hit with malware is no walk in the park. There are essentially three basic approaches to preventing ransomware. First, train your employees about what they should and shouldn’t be opening when browsing the web and checking email.

Second, back up your data as often as possible to quarantined storage. As long as access to your backed-up data is extremely limited and not directly connected to your network, you should be able to restore everything in case of an infection.

Finally, regularly update all your software solutions (operating systems, productivity software, and antivirus). Most big-name vendors are quick to patch vulnerabilities, and you’ll prevent a large portion of infections just by staying up to date.

Whether it’s dealing with an infection or preventing one, the best option is to always seek professional advice from seasoned IT technicians. It’s possible that you could decrypt your data with the tools listed above, but most ransomware strains destroy your data after a set time limit, and you may not be able to beat the clock. If you do, you probably won’t have the expertise to discern where your security was penetrated.

Don’t waste time fighting against a never-ending stream of cyber attacks — hand it over to us and be done with it. Call today to find out more.

Posted in Uncategorized | Leave a comment

Reasons to back up your mobile devices

It makes a lot of sense for electronics firms to pack a variety of functions into mobile devices and expand their usefulness. Instead of confining their use to communications, companies such as Apple, Samsung, and others have turned mobile phones into mini-computers that can serve as a substitute for your laptop, or as a storage device. If you’re using mobile phones as a communications and storage device, backing up now would be a wise move.

Malware on mobile

More than 50% of the world’s adult population use a mobile phone with internet connection, so dangers in these handy devices are to be expected. Scarier than the thought of being offline is being online and exposed to malware.

If you use your mobile devices as an extension of your work computers, backing up is a must. Mobile phones have become as vulnerable to malware as laptops and desktops have, especially if you consider the fact that many professionals and business owners use them for emailing confidential documents and storing business-critical files.

Device disasters

Other than malware, other types of disasters can happen on your device. Because you carry it wherever your go, your device can easily be stolen, misplaced, or damaged. They may be easily replaceable, but the data contained in them may not. Having completely backed up data on your devices helps prevent a minor inconvenience from turning into a disastrous situation.

Backup options

Performing backups in iPhone and Android devices is a seamless process. Their operating systems require only minimal effort from users, and backing up entails nothing more than logging into their Apple or Google account. However, other users have different devices with different operating systems, slightly complicating the process.

Mobile devices’ safety is essential to business continuity plans. So whether your office users are tied to a single operating system or prefer different devices, there are options to back up all your organization’s mobile devices. There are cloud backup services that enable syncing of all devices and that back up files, contacts, photos, videos, and other critical files in one neat backup system. These mobile backup tools are offered on monthly or lifetime subscription schemes, which provides small businesses with enough flexibility to ensure protection.

Mobile phones have become so ubiquitous to how people function that many feel the need to have two or more phones, mostly to have one for personal use and another for business. With all these options on hand, there’s no excuse for not backing up data on your mobile devices.

Our experts can provide practical advice on security for your business’s computers and mobile devices. Call us for mobile backup and other security solutions today.

Posted in Uncategorized | Leave a comment