Microsoft released on March 14, 2023, a security update that fixes at least 74 bugs in Windows and other software. Hackers are already attacking two flaws, including a very serious one in Microsoft Outlook.

Microsoft Outlook Vulnerability

The Outlook bug, CVE-2023-23397, affects all versions of Microsoft Outlook from 2013 to the most recent one.

Microsoft said that threat actors are taking advantage of this bug. It starts working automatically when a malicious email goes to an email server, even before it appears in the Preview Pane.

CVE-2023-23397 is an NTLM relay exploit that enables an attacker to gain a user’s Windows account password and use it in a “Pass The Hash” attack.
The flaw makes it possible for a threat actor to pose as a trustworthy person. This is the same as an attacker having a valid password and getting into an organization’s systems.

Windows SmartScreen Vulnerability

The second exploited flaw, CVE-2023-24880, is a “Security Feature Bypass” in Windows
SmartScreen. The flaw can let malicious code run without SmartScreen checks.
CVE-2023-24880 lets threat actors create files that get around Mark of the Web (MOTW)
defenses. By bypassing the MOTW, hackers can spread malware through documents and other infected files that SmartScreen normally blocks.

Microsoft also fixed seven other security flaws this week with a “critical” rating. The rating
means that a threat actor could take complete remote control of a Windows host without the user having to do much.

Action Plan for Business Owners

Windows is a staple in many businesses. Owners should take the following precautions to protect their clients and make sure their systems are safe:

• Install security updates quickly. Once there’s a new patch, you should update your
  software to stop exploitation.
• Establish a regular update schedule. Check for and apply updates for your operating
  system, apps, and security programs on a regular basis.
• Get people to use strong passwords. Encourage employees to use strong, unique
  passwords and consider using a password manager.
• Enable multi-factor authentication. This provides an added layer of security.
• Train your workers about security. Teach your employees best practices, like spotting suspicious emails and what to do when a cyberattack happens.
• Always have a backup plan. Back up your data regularly and keep it in several places for quick recovery.
• Monitor network activity. Use tools for network monitoring to find strange behavior and possible threats.
• Develop an incident response plan. Plan for handling cybersecurity issues, including ways to deal with threats.
• Review policies on security. Regularly review and update security policies to adapt to new threats and technology.

Final Word

Organizations need to be always aware of cyber dangers. By regularly reviewing and updating security rules, you can keep your digital environment safe from threats.

Used with permission from Article Aggregator

Essendant, a Staples-owned wholesale distributor of office supplies and stationery, paused its operations recently because of a multi-day, network-wide outage. The system disruption has prevented customers from placing orders online or contacting the company’s customer care unit.

While Essendant has yet to disclose the reason behind the outage, many think someone had hacked into the company’s system. Customers are expressing their frustration over the company’s lack of transparency.

Essendant’s Outage Is Preventing Fulfillment of Orders

The network-wide outage started on the night of March 6, 2023. Essendant then began notifying customers about it the following day. Because of the disruption, the company can’t accommodate new online orders or fulfill existing ones. Aside from customers and suppliers, the incident also affects freight carriers. The company has told them to postpone pickups for now.

Essendant carries more than 160,000 items and caters to around 30,000 resellers. The disruption has a significant impact on its supply chain.

What Is Essendant Doing to Address the Issue?

Since March 20, 2023, Essendant has taken significant steps to recover its operations.
The company has restored at least a hundred systems and performed end-to-end testing. It is currently in the pilot stages of its pick, pack, and ship efforts.

Here’s what customers can expect from Essendant at this point of its recovery:

Empower users now have new login credentials and can place orders through the
portal.

Aside from Empower, customers can access other Solution Central applications. That
includes List Assistant, ICAPS, Essendant Marketing Studio, and Market Xpert.

Essendant’s customer care team is only accessible through email. Request volumes are high, and turnaround time will be longer.

There will be longer shipment times because of higher order volumes.

The Bottom Line

The Essendant outage highlights the importance of data backups. Losing large amounts of
information, whether employee, customer, or systems data, can cripple a business. But with a data backup strategy, you have a duplicate of your systems and can recover faster.

Secondly, it’s a reminder for business owners to have a contingency plan. If your supplier can’t deliver for whatever reason, having a backup plan will save your business.

Used with permission from Article Aggregator

The purpose of password managers is to safeguard our login credentials and online accounts. However, a popular password manager recently made headlines for its major security flaw. Bitwarden is under scrutiny because its autofill feature gives hackers easy access to sensitive information. The company has known about the vulnerability for years but left the issue unaddressed.

If your company uses Bitwarden, here’s everything you need to know about the issue. That way, you can take the necessary steps to secure your login credentials and other private data.

Why Is Bitwarden’s Iframe Flaw Dangerous?

Cyber security firm Flashpoint recently discovered something unusual about Bitwarden. The password manager’s browser extension auto-fills all forms, including those within an iframe.

Why is that dangerous? Inline frames, or iframes, host third-party content on a parent page. They are usually for advertisements, interactive content, and embedded videos. Unfortunately, hackers can also use them to steal sensitive information. They can place a login form in the iframe, wait for inputs, and send the data to a remote router.

That is why Bitwarden’s auto-fill feature for iframes is problematic. It is essentially serving login credentials to hackers on a silver platter. The good news is that Flashpoint hasn’t found many websites that place iframes on their login page.

Why the Vulnerability Issue Remains

After discovering the security flaw, Flashpoint notified Bitwarden. In response, Bitwarden sent a Security Assessment Report dated Nov. 8, 2018. That meant the company was aware of the problem. The document describes the iframe issue and why the company decided not to fix it.

These are the reasons for not addressing it:

Users should be able to log in to all websites, even those with embedded iframes.
If there’s a malicious iframe embedded on a site, it’s safe to assume that data has already been compromised even without Bitwarden’s inputs.

Bitwarden doesn’t autofill login credentials without users’ consent. Users can always turn the feature off.

To encourage Bitwarden to tighten its security, Flashpoint explained various attack vectors that hackers could use to steal information. Bitwarden has decided to retain its iframe functionality but agreed to exclude the hosting environments the cyber security firm discussed. To prevent exploitation, Bitwarden users can disable the “auto-fill on page” feature.

Business owners must exercise due diligence in choosing security tools and platforms. You may not realize that the services that promise to protect data can be the first entry point for hackers. Lack of research and foresight can ruin your brand’s reputation, cost you millions and break your customers’ trust.

Used with permission from Article Aggregator

Microsoft has finally released a fix to address slow file transfer issues that plagued some Windows 11 users after an update. The slowdown has caused frustration for those who need to move large files or data quickly.

The Problem

Users who upgraded to Windows 11 2022 have complained about slow file transfer speeds. The issue was related to the Server Message Block (SMB) protocol. It allows computers on a network to share files and communicate. It allows programs to open files, read and write to them, and request help from other computers on the web.

A Windows 11 2022 update has affected file transfers via SMB. Copying large files from a
remote computer to a Windows 11 computer or within a local drive became slower than usual. Microsoft has explained the problem in an advisory for OS Build 22621.1344.

The Fix

The good news is that there’s now a fix for the bug. This comes with the release of the
KB5022913 February 2023 update.

Released last Feb. 28, 2023, the fix is optional and does not contain security updates. Users can download and install it from the Windows Update settings manually.

How Businesses Can Address Slowdowns

Slow file transfer speeds in Windows 11 can be a problem for business owners. It can waste time, cause missed deadlines, and result in lost revenue.

To address slowdowns, business owners can update their Windows 11 devices with the latest patch or version that includes the new fix.

They can also consider upgrading their hardware to boost file transfer speeds even further.

To protect their data, business owners should implement backup and recovery solutions. This will help lessen the risk of data loss if there is a system failure or disaster.

Finally, business owners should train employees to use the updated Windows 11 operating
system effectively.

Final Thoughts

The slow file transfer issue in Windows 11 has been a source of frustration for many users,
particularly business owners, who rely on efficient data transfer to improve productivity and profitability. As a business owner, keeping your Windows 11 devices updated with the latest patches is essential. Also, consider upgrading hardware to enhance transfer speeds and backup and recovery solutions.

By taking these steps, you can ensure that your business operations run smoothly and efficiently without unnecessary delays.

Used with permission from Article Aggregator

As a business owner, time is your most valuable resource. Every minute counts and any inefficiencies or bottlenecks can cost you dearly in terms of lost productivity, missed opportunities, and reduced profits. Fortunately, technology provides numerous tools and solutions that can help streamline operations while saving you time. Here are five ways technology can make running your company smoother:

Automate Your Repetitive Tasks: Sending emails, scheduling social media posts and generating reports can all be automated using tools like Zapier, IFTTT or Hootsuite. By automating these repetitive activities you free up time for more strategic activities that need your focus.

Utilize Cloud-Based Services: Cloud-based services such as Google Drive, Dropbox and Microsoft OneDrive enable you to store and access your files securely, access them from anywhere and collaborate with your team in real-time. This eliminates the need for email attachments, physical storage or time-consuming backups, streamlining your workflow.

Adopt Project Management Software: Project management software such as Asana, Trello or Basecamp can help you stay organized and on track with tasks, deadlines and team members. With these applications, assign tasks, set priorities, monitor progress and communicate with your team all from one place – saving you time and reducing confusion in the process.

Take Digital Payments: Digital payment solutions such as PayPal, Stripe or Square can simplify billing and payment processes, reduce paperwork and expedite cash flow. With these programs you can send and receive payments online, set up recurring payments automatically and track transactions – saving time while improving customer experience.

Implement Customer Relationship Management (CRM) Software: CRM software such as Salesforce, HubSpot or Zoho can help manage customer interactions, automate sales processes and enhance customer satisfaction. You’ll be able to track leads, deals and customer feedback while personalizing communication with them – saving time while increasing sales!

By adopting these five technology solutions, you can simplify your business operations, save time, and boost productivity. There are countless other tools and solutions out there; select those which meet your individual needs and goals. Time is money; every minute saved allows for growth within your business. Want to learn more about how technology can streamline your business operations and save you time? Call us today to schedule a free consultation.

Used with permission from Article Aggregator