Microsoft

Layered Security with Q-Stack

Our CEO, Jack walks through the layered security steps Quanexus uses to protect your data.

 

Posted by Jack Gerbs in Cybersecurity, Information Security, Physical Security, Recent Posts, Small Business, Wireless

New Phishing Campaign Using Microsoft’s Azure Blob Storage

Two, new email phishing campaigns have been identified with a unique twist.  The first is an email, notifying users of Office 365 that their account is out of date, and the information associated with the account needs to be updated.  This phishing email also threatens users that their subscription will be terminated unless they log in and update their account.

The second phishing email appeared to come from the business-oriented side of Facebook, called Workplace, and tried to trick users into clicking a “View More Posts” link.  Strangely, this link also went to a fake Office 365 login page instead of a fake Facebook page.

The twist on this phishing campaign that makes it stand out from others, is it used Microsoft’s Azure Blob Storage to host the campaign.  This extra creative step gave the attackers two advantages over what we normally tell users to look for, when they are inspecting suspicious emails.  Using Azure Blob Storage adds legitimacy to the phishing campaign because content hosted on the Microsoft service are given a windows.net URL.  To even discerning users, this windows.net address makes the content look as if it is actually coming from Microsoft.  The second advantage this service gave the attackers is that URLs hosted on Azure Blob Storage are given a wildcard SSL certificate.  This means the site had the familiar lock icon next to the URL that we associate with secure web pages.

What Can You and Your Business Do to Avoid These Advanced Traps?

Your users are still your biggest asset in avoiding these scams.  Continued education and reminders about what they should and should not be clicking on, need to be an ongoing process.  Even with these advanced tactics, there are still red flags in this campaign that should have stopped you from clicking.  In the first email, there was a threatening tone that your subscription will be terminated unless you click.  These phishing campaigns are written to create urgency and play on emotions.  The second email was seemingly for a Facebook Workplace page, but then landed users on an Office 365 page.  This is the level of attention needed to navigate these phishing campaigns.

As always, the best advice is to go straight to the source if you question an email.  In this example, instead of clicking the link in the email, type office.com into your web browser, log into your account as you normally would, and see if your account information needs updated.  The same goes for Facebook or Amazon.  If you get a suspicious email, instead of clicking the link, go directly to the site as you normally would, log in, and see if there is an issue.

Educating your users is the best defense against phishing campaigns like these.

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Cybersecurity, Information Security, Recent Posts, Small Business

Windows 10 to Uninstall Buggy Updates

For those of you who have been following the challenges with Microsoft’s Windows 10 updates, there is help on the horizon. For those of you who weren’t following the issues, simply put, some of the updates broke hardware drivers. The hardware driver issues only affected certain accessories in the computer. The range of problems created are from sound cards not working to computers not booting (fully turning on).

While the Microsoft updates created the issues, the problems were not entirely Microsoft’s fault. Microsoft was supplied with updated drivers from major vendors, and it was these drivers that created the incompatibility issues.

With Microsoft’s next update (1903), which should be released in the next few months, they have included a roll-back feature. At this point, the roll-back feature is limited to systems that won’t complete their boot cycle. If the operating system determines that there is an issue and the boot cycle terminates, it will automatically roll back the last update making the computer usable again. This new feature will also stop the automated update process for 30 days to protect itself from re-downloading the same update.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Jack Gerbs in Recent Posts

Windows 7, Windows Server 2008R2 and Office 2010 are Reaching End of Extended Support

The time is quickly approaching when Windows 7, Windows Server 2008 and 2008R2 will no longer be supported. Technically these products are reaching the end of their extended support. Microsoft gradually ends support on their products. There is an official date for end of main stream support and another date for end of extended support. Extended support ends on January 13th, 2020 for Windows 7 and Server 2008. Extended support will end on October 13th, 2020 for Office 2010.

End of main stream support means that there will be no feature enhancements added to the product. Microsoft will continue to release patches that fix stability and vulnerability issues as they are found. End of extended support is defined as Microsoft will not issue stability or vulnerability updates.

Running software that is no longer supported represents a great risk to organizations and the end user. When criminals know that security patches will no longer be developed, they begin to work very hard at finding new vulnerabilities and will continue to do so. The new exploits that are discovered, near the end of support date, won’t likely be released immediately. The criminals will release them after the end of support date, because the vendor will no longer be supporting the product. These new exploits will be used to target Windows 7 systems, fully knowing that the systems are vulnerable.

Businesses, if you must run Windows 7 or Server 2008 after the end of extended support, there are a few things you can do to keep these older systems protected.  If you already have a good security stack installed, like our Q-Stack, the likelihood of a successful attack is reduced, but that is still not good enough. An additional firewall will need to be installed to separate the Windows 7 and Server 2008 devices. This firewall will require very tight rules that limit the device’s access to the internal network and the Internet. Depending on the type of firewall you have, it may be possible to create a virtual firewall on your existing device to create this additional layer of protection.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Jack Gerbs in Recent Posts