Did Microsoft commit a security breach?

In case you didn’t know, Microsoft provides Office 365 users with a free document-sharing platform called docs.com. It’s a great new tool for publishing files intended for public viewing. The downside is, sensitive documents are published without the file owners’ permission. These include hundreds of users who might be unaware that their private files can be viewed by the public.

What’s the damage?

Usernames and passwords for various devices and applications; personal information such as home and email addresses, bank account details, social security numbers, and phone numbers; and medical info comprising patient treatment data and health insurance numbers -- all these were some of the supposedly leaked documents, which were clearly meant to be private. A security researcher discovered that these sensitive files were accessible using docs.com’s search function.

After being alerted to the ‘leak,’ Microsoft responded by removing the search bar. However, most of the documents were already indexed by search engines, Google and Bing, which is how these docs remained available to the public despite disabling the search function.

Read More


Is the government really spying on you?

Wikileaks, the website that anonymously publishes leaked information, recently released a number of documents alleging widespread surveillance by the US government. The released documents claim that the vast majority of these efforts took place via smartphones, messaging apps and...TVs? Let’s see just how worrisome they really are.

What devices and apps are supposedly vulnerable?

Wikileaks labeled its ongoing release of 8,761 classified CIA documents “Year Zero.” Nestled among those files are tools and correspondence that explain how operatives could snoop on communications, downloads, and browsing history. Here is a list of the “affected” applications and hardware:

  • Windows operating systems
  • iOS
  • Android
  • Samsung Smart TVs
  • WhatsApp
  • Signal
  • Telegram
  • Confide

Read More


Some ransomware strains are free to decrypt

Ransomware is everywhere. Over the last couple years, dozens of unique versions of the malware have sprung up with a singular purpose: Extorting money from your business. Before you even consider paying for the release of your data, the first thing you must always check is whether your ransomware infection already has a free cure.

The state of ransomware in 2017

It’s been almost 30 years since malware was first created that could encrypt locally-stored data and demand money in exchange for its safe return. Known as ransomware, this type of malware has gone through multiple periods of popularity. 2006 and 2013 saw brief spikes in infections, but they’ve never been as bad as they are now.

In 2015, the FBI estimated that ransomware attacks cost victims $24 million, but in the first three months of 2016 it had already racked up more than $209 million. At the beginning of 2017, more than 10% of all malware infections were some version of ransomware.

Read More



Firmware: the threat most users overlook

For decades, one of the most foundational principles of cyber security has remained the same: Always update and patch your software. But for most people, hardware is exempt from this process. They think of hardware as nothing more than a vessel for software to occupy -- and that’s totally incorrect. Read on to learn more about this oft-neglected aspect of IT security.

What is firmware?

Firmware is a very basic type of software that is embedded into every piece of hardware. It cannot be uninstalled or removed, and is only compatible with the make and model of the hardware it is installed on. Think of it like a translator between your stiff and unchanging hardware and your fluid and evolving software.

For example, Windows can be installed on almost any computer, and it helps users surf the internet and watch YouTube videos. But how does Windows know how to communicate and connect with your hardware router to do all that? Firmware on your router allows you to update and modify settings so other, more high-level, pieces of software can interact with it.

Read More



Ransomware traps Skype users with fake ads

Skype has made many improvements to become the go-to audio and video communication tool. But as more people turn to Skype to conduct their business, hackers are sure to follow. Recently, Skype has been plagued with fake Flash ads, which if triggered, lead to devastating ransomware infections. Read on below to find out how you can stay safe from this attack.

Initial reports found that the fake Skype ad was disguised as a critical Flash update. Clicking on the ad triggers a download of a seemingly innocuous HTML application named “FlashPlayer.hta”. If opened, the app would download malicious code that encrypts the victim’s files and holds them hostage until a ransom is paid.

According to security experts, hackers were obfuscating malicious code in the fake ads, which helped the ransomware evade detection from common antivirus tools. Many other users in the past have encountered similar Skype ads, but this is one of the first few scams that delivers ransomware.

To protect yourself against this ransomware you need to do the following:

Read More


Three Steps to Help Prevent Workplace Crime

Protecting your business from crime – both internal and external – takes effort. But with criminals looking to take advantage of you on every front, it's an effort you need to make. But where do you start? To non-security professionals, knowing what to do can be difficult. To make your challenge a little easier, we've boiled down business security to three basic, more manageable steps.

CLICK HERE FOR FULL VERSION



Heritage specializes in the convergence of the four key pillars of technology - the integration of IT, security, communications and print solutions - giving our clients one complete source and a trusted business partner for all their needs.

Heritage – the latest technology solutions with a tradition of quality craftsmanship and values