Category Archives: security

Beware of sneaky Microsoft Office malware

 

Beware of sneaky Microsoft Office malware

Microsoft Office malware

Cybersecurity systems are getting better at identifying and preventing attacks coming from all directions. At the same time, hackers are coming up with new ways to bypass these systems. While online scams are the most common ways to do this, cybercriminals have discovered a new attack method using Microsoft Office.

 

What’s the new Office threat?

The Office exploit takes advantage of Microsoft’s Dynamic Data Exchange (DDE), a protocol that sends messages and data between applications. For example, DDE can be used to automatically update a table in a Word document with data collected in an Excel spreadsheet.

The problem with this is hackers can create DDE-enabled documents that link to malicious sources rather than to other Office apps. Theoretically, this allows hackers to launch scripts that download Trojan viruses from the internet and execute it before the user is even aware of the attack.

And unlike most malware-embedded Office files, which are usually blocked by security protocols from Microsoft, DDE exploits are instant. Once a compromised Word file is opened, it automatically executes the hack.

 

Outlook at risk

What’s even more alarming are the DDE vulnerabilities in Outlook. Recent reports found that hackers can embed malicious code in the body of an email or calendar invite, allowing them to perform phishing scams without a file attachment.

Fortunately, Outlook DDE attacks are not as automated as Word or Excel DDE attacks. Two dialog boxes will usually appear when you open the email asking if you want to update a document with data from linked files and start a specific application. Simply clicking ‘No’ on either of these boxes will stop the attack from executing.

 

Defending against DDE attacks

Beyond saying no, you can protect yourself by following these security best practices:

  • Evaluate the authenticity of unsolicited emails before interacting with them and don’t open attachments from unfamiliar contacts.
  • View emails in plain text format to completely stop DDE attacks embedded directly in emails from running. Note that this will also disable all original formatting, colors, images, and buttons.
  • Use a strong email security system that prevents phishing emails, spam, and other unwanted messages from reaching your inbox.
  • Get in the habit of checking for Microsoft updates, as they’re usually quick to release patches after vulnerabilities have been discovered.

Last but not least, consider working with our team. We’re Microsoft Office experts who can keep you safe from the latest threats. Call us today to get started!

source: TechAdvisory.org

 

Top productivity hacks for computer users

     

We’re all obsessed with finding new ways to become more productive. Business gurus often emphasize the importance of time management and taking breaks to avoid burnout. But aside from motivating yourself to work more efficiently, there are plenty of tools that increase your daily output. If you use a computer all day, check out these productivity hacks.

Monitor productivity levels

Start by tracking how much work you complete on an average day. Google Chrome Extensions like RescueTime record your most frequently visited sites, and track how much time you spend away from your computer. Running the app will provide you with a productivity rating and a detailed log of how you spend an average day.

If you find out you’re wasting a huge portion of your time on social networking, you’re more likely to make conscious adjustments on how you manage your time.

Get rid of clutter

Another way to increase output is by deleting old files, uninstalling unused programs, and organizing documents into appropriately labeled folders. This makes your work easier to find and improves your computer’s performance.

As for the clutter in your email inbox, Gmail and Outlook both have features that filter out unimportant messages. Simply enable Priority Inbox on Gmail or Clutter in Outlook to get a clean, spam-free inbox.

Block time-wasting sites

Visiting non-work-related websites is a surefire way to hinder productivity. A quick, five-minute break to check your Facebook feed or watch a YouTube clip may not seem like much, but a few of those per day add up to a lot of time.

If you and your employees have trouble staying away from sites like Facebook, Instagram, and Twitter, it’s a good idea to block access to them using URL filters.

Of course, if you want your employees to take occasional breaks during the day, you could use apps like StayFocusd or Strict Workflow. These allow you to set a limit on how long and how many times users can visit non-work-related sites.

Stay on track with to-do lists

To-do lists help you break down large projects into manageable, bite-sized tasks. And perhaps the most satisfying aspect is crossing things off the list, giving you and your employees a sense of accomplishment and total visibility of your progress.

There are a wide variety of digital to-do lists available today like Google Tasks or Trello. These platforms allow you to set deadlines for small tasks and write clear instructions for each item on the list. What’s more, they’re incredibly easy to use and are great for keeping track of your workflow.

Use keyboard shortcuts

Last but not least, mastering keyboard shortcuts will make it easier to perform simple functions than if you’re stuck looking for them in the toolbar. There are more than a hundred useful shortcuts, but some that you should always keep in mind are:

    • Ctrl + C, Ctrl + V, Ctrl + X – to copy, paste, and cut selected items
    • Ctrl + Z – to undo changes
    • Ctrl + T – to open a new tab on your web browser
    • Alt + Tab – to switch between open windows
    • Alt + F4 – to close the program

For much more like these, take a look at Windows’ list of advanced shortcuts.

These are just some of the tips every user should know to stay productive.

source: TechAdvisory.org

 

Watch out for the huge KRACK in WiFi security!

A fundamental flaw with WiFi networks has recently been discovered by two security researchers. According to their reports, the KRACK vulnerability renders advanced encryption protocols useless and affects nearly every wireless device. Read on to find out more about KRACK hacks and how you can defend against them.

What is KRACK?

Simply put, KRACK, short for ‘key reinstallation attack,’ allows hackers to bypass WPA2 — a security protocol used by routers and devices to encrypt activity — and intercepts sensitive data passing between the mobile device and the wireless router, including login details, credit card numbers, private emails, and photos.

In extreme cases, KRACKed devices can be remotely controlled. For example, hackers can log in to your surveillance systems and shut them down.

What’s worse, Internet of Things devices — like smart thermostats and IP cameras — rarely receive security fixes, and even if some are available, applying patches are difficult, as these devices tend to have complex user interfaces.

The good news, however, is you can do several things to mitigate the risks.

Download patches immediately

According to recent reports, security patches have already been released for major platforms, including iOS, Windows, and Android. Router manufacturers such as Ubiquiti, Mikrotik, Meraki, and Fortinet have also issued firmware updates, so make sure to install them as soon as possible.

Although IoT patches are rare, consider getting your smart devices from reputable vendors that push out updates regularly. It’s also a good idea to contact a managed services provider to install the updates for you.

Use Ethernet connections

Some wireless routers don’t yet have a security patch, so while you’re waiting, use an Ethernet cable and disable your router’s wireless setting. Turn off the WiFi on your devices as well to make sure you’re not connecting to networks susceptible to KRACK.

Stay off public networks

Free public WiFi networks — even ones that are password-protected — in your local cafe should also be avoided because they usually don’t have holistic security measures in place, making them easy targets for cybercriminals.

Connect to HTTPS websites

If you do need to connect to a public WiFi hotspot, visit websites that start with “HTTPS,” and stay away from ones that are prefaced with “HTTP.” This is because HTTPS websites encrypt all traffic between your browser and the website, regardless of whether the connection is vulnerable to KRACK

Hop on a Virtual Private Network (VPN)

You can also use a VPN service to hide all network activity. Simply put, VPNs encrypt your internet connection so that all the data you’re transmitting is safe from prying eyes.

Although the potential impact of a KRACK hack is devastating, security awareness and top-notch support are the best ways to stay safe online. Want more security tips? Contact us today.

source: TechAdvisory.org

 

How to set up a secured Wi-Fi for your guests

• Never give guests access to your primary Wi-Fi

While giving guests password to your company’s main Wi-Fi might be the easiest way to get them connected, you should avoid this at all costs.
Anyone with a little technical know-how can potentially access everything on your company network, including confidential data. Not to mention, guests’ devices connected to your business network increase the risk of a malware infection or cyber attack since you can never be sure that they’re safe and secure.

• Ways to create secondary Wi-Fi for guests

If your router has built-in guest Wi-Fi support (you can check this feature through a quick web search) you could use it to create a separate “virtual” network. This means guests will have access to the internet without connecting to your main company network.
If your router doesn’t support multiple Wi-Fi networks, you can implement a separate wireless access point that bypasses the rest of your network and connects directly to your Internet service provider (ISP) connection.
Both options will keep your guests’ connectivity separate from your company network so you’ll never have to worry about unauthorized persons accessing your company data.
Keep in mind that guest Wi-Fi still uses your ISP connection so you should limit bandwidth usage on your guest network. The last thing you want is a guest streaming videos that slow down the Internet for your employees. With that in mind, you can even have your employees use guest Wi-Fi for their personal devices too. This minimizes the chance of employees hogging company bandwidth for personal use.
Your guest Wi-Fi should only provide outsiders with internet access, nothing more. While the proper setup isn’t rocket science, it can be a tedious process. Having said that, if you need a team of experts to take care of it all for you, or simply have questions about how else to leverage your hardware for better efficiency and security, just give us a call.

source: TechAdvisory.org