Adobe has issued a urgent warning to users of its Acrobat and Acrobat Reader PDF editors following the discovery of a zero-day vulnerability of critical severity.

The software company has released a security update for Windows and macOS users, urging them to apply the patch as soon as possible in order to reduce the risk of an attack.

In a statement, the firm said: “Adobe is aware that CVE-2023-26369 has been exploited in the wild in limited attacks targeting Adobe Acrobat and Reader.”

Adobe Acrobat and Reader patch

Details about the vulnerability remain scarce given the fresh nature of the discovery, however the software maker did confirm that: “Successful exploitation could lead to arbitrary code execution.”

Acrobat DC and Acrobat Reader DC versions 23.003.20284 and earlier have been confirmed to be affected, as have 2020 versions of both software running build 20.005.30516 and earlier for macOS and 20.005.30514 and earlier for Windows.

Adobe’s latest software updates for its PDF programs, which became available on September 12, address a series of security issues. They also introduce some feature changes and enhancements, including the ability to reposition quick tools, new undo and redo options in the top menu bar, drag-and-drop support for combining files, and more.

The San Jose-based company also issued further updates across its range of products, including Adobe Connect and Adobe Experience Manager software, which allowed attackers to gain arbitrary code execution on unpatched devices.

The discovery of vulnerabilities in Adobe’s software is not ideal, but nor is it alarming. Companies release security fixes for their software on a regular basis in order to iron out vulnerabilities and protect users, and the fact that the company responded with speed is admirable.

Adobe or not, anybody using any digital service should keep an eye on software and firmware updates that become available, installing them as soon as possible.

If you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment

Published with consideration from TechRadar SOURCE

The digital realm is teeming with risks that can compromise business data. Thankfully, a variety of tools and technologies are available for your company to fortify its cybersecurity. Two-factor authentication (2FA) and two-step verification (2SV) are among the most effective methods for bolstering your defenses against attackers.

2FA and 2SV are often used interchangeably, but they are, in fact, two distinct approaches to security. Let’s take a look at the differences between them and explore how they can benefit your business.

Two-factor authentication

2FA is a security measure that requires users to provide two different types of credentials in order to log into their accounts. Typically, the first factor consists of something that the user knows, such as a password. The second factor could be something like a one-time passcode sent via text message or email or a biometric identifier, such as a fingerprint.

With 2FA enabled on your business accounts, cybercriminals will have a harder time gaining access to these. Even if they somehow manage to obtain the first factor (e.g., by guessing your password), they still won’t be able to log in without the second piece of information, which only you can have.

Two-step verification

2SV is similar to 2FA in that it requires two pieces of information to gain access to an account. However, the difference between the two lies in the number of authentication steps involved. As the name suggests, 2SV requires two authentication steps: one where the user provides their first factor (e.g., a password) and another where they provide additional information that proves they are who they say they are.

For example, with 2SV enabled on your business accounts, users may be asked to provide a second form of authentication when they attempt to log in from an unfamiliar device or IP address. This could be in the form of another password, a one-time passcode generated by an authentication app on their phone, or some other type of verification.

Benefits of 2FA and 2SV for businesses

Enabling 2FA and/or 2SV on your business accounts can provide a variety of benefits, including:

  • Improved security – By adding an extra layer of authentication, you can reduce the risk of unauthorized access to your accounts.
  • Enhanced compliance – By using advanced authentication, such as 2FA and 2SV, you can ensure that your business is meeting industry and government standards for data security.
  • Reduced costs – Fewer unauthorized access attempts means fewer chances of fraud and data theft, which can lead to significant cost savings over time.

Which is best for your business?

The decision of whether to use 2FA or 2SV depends on a number of factors, such as the size and complexity of your business, the type of data you are storing, and the level of security you require.

For example, if your business is storing sensitive data, such as customer credit card information, then a multifactor authentication system that includes both 2FA and 2SV may be the most appropriate choice. On the other hand, if you are simply looking to add an extra layer of protection to your email accounts, then a 2FA system may be all that is needed.

Ultimately, the best authentication solution for your business will depend on its individual needs and requirements. It is always a good idea to consult with an experienced security professional to ensure that you are making the right decision.

Our team of experts is here to help you make the best choice for your business. Get in touch with us today to learn more about 2FA and 2SV and how they can improve your security.

If you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment

Published with consideration from TechAdvisory.org SOURCE

Some consumers don’t know what the padlock in the browser means

Most consumers in the UK wouldn’t be able to spot a phishing website if they ever landed on one, a new report from NordVPN claims.

The VPN provider recently ran its National Privacy Test, a global survey on cybersecurity and the public’s awareness of online privacy. More than 26,000 people from 175 countries around the world participated in the poll. 

The results showed that almost two-thirds of Brits (63%) couldn’t correctly identify a phishing website, as they were looking in all the wrong places and mistaking certain features as signs of safety. 

Looking for SSL

For example, 85% of Brits wrongly believe a padlock in the web browser’s address bar means the website is trusted. Furthermore, a quarter (22%) of UK respondents said they’d be suspicious of a website that didn’t have a copyright symbol at the bottom of the page, which would make absolutely no difference regarding their online safety.

On the other hand, some red flags were properly identified by many. For example, three-quarters (72%) said that if a website’s SSL showed a random individual or company name, they would be suspicious. Furthermore, four in five (81%) would be suspicious of a website with poor visuals and copy, and 86% would be wary of the site’s address.

Phishing is a cybercriminal practice in which hackers try to trick people into giving away sensitive information such as login credentials or payment information. 

Sometimes, they distribute emails pretending to come from trusted brands, and sometimes they set up malicious landing pages where people would try to log in, or make a purchase. 

There are more than a million unique phishing websites live right now, with “several” new ones being generated every minute, NordVPN concluded. To stay safe, users are generally advised to deploy common sense and never rush to download a file or open a link they receive in an email or a social media message. 

Cybersecurity is an ongoing process, and staying informed about the latest threats and solutions is essential to keep your business safe in the digital age. Protect your assets, safeguard your customers, and maintain your reputation by talking to our cybersecurity experts today.

If you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment

Published with consideration from TechRadar SOURCE

Phishing is still by far the most popular attack vector out there. Not only that, but its popularity among the cybercriminal community is growing by the day.

This is according to “Phishing threats report”, a new paper just published by Cloudflare. After analyzing more than 279 million detected email threats, 250 million malicious messages, and more than a billion of brand impersonations, Cloudflare found that phishing is the initial attack vector for nine in ten cyberattacks.

As a result, businesses lose more than $50 billion every year.

Two key objectives

When it comes to phishing, cybercriminals are focused on two objectives: to achieve authenticity, and to get victims to click. The goal to achieve authenticity was underscored by the uptick in identity deception threats, which saw an increase from 10.3% to 14.2% year-on-year. That equals 39.6 million total detections.

Furthermore, Cloudflare’s researchers witnessed attackers impersonating over 1,000 different organizations, in more than a billion brand spoofing attempts. Most of the time (63.3%), the attackers tried to ape the same brands. The researchers identified the top 30 most popular brands, which included big names like Microsoft, Google, and Salesforce (all highly trusted organizations). 

Finally, almost all (89%) unwanted messages squeezed through SPF, DKIM, or DMARC authentication checks. “Attackers’ efforts to achieve legitimacy in the eyes of their victims have proven successful, as we have seen email authentication failing to stop threats,” the researchers concluded.

When it comes to the second goal, Cloudflare says users are more susceptible to the click “as an authentic form of communications.” Apparently, hackers know it’s easier for victims to click a link, rather than download a file. Hence, malicious links were the number one threat category, taking up more than a third (35.6%) of all detected threats. 

In almost all phishing attacks, the email will have a sense of urgency to it, forcing victims to react before taking the time to think their actions through. Given that most firms will not require urgent action in the majority of cases, a company asking for something to be done immediately can be considered a red flag.

Cybersecurity is an ongoing process, and staying informed about the latest threats and solutions is essential to keep your business safe in the digital age. Protect your assets, safeguard your customers, and maintain your reputation by talking to our cybersecurity experts today.

If you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment

Published with consideration from TechRadar SOURCE

As technology continues to advance, small- and medium-sized businesses (SMBs) face increasing cybersecurity risks. Protecting sensitive data and maintaining a secure online environment is crucial for the success and longevity of SMBs, but without the right resources and expertise, this task can be daunting. Managed IT services providers (MSPs) offer a cost-effective and comprehensive solution to these challenges, helping SMBs bolster their cybersecurity defenses. Here’s how.

Enhanced security expertise and resources

Cybersecurity can be challenging for SMBs because it requires specialized expertise and solutions. Luckily, top MSPs employ teams of dedicated cybersecurity experts who have seen it all, from malware attacks to sophisticated network intrusions to online scams. These experts possess a wealth of knowledge on the latest cyberthreats and security best practices, so they can help SMBs develop a solid security strategy and framework. They’ll even facilitate the implementation of the security protocols and solutions, which can save SMBs time and money.

Comprehensive security assessment

To understand an SMB’s risk profile and security posture, an MSP will perform a thorough security assessment. This helps the MSP identify any existing vulnerabilities and develop solutions to correct them before they can be exploited. They will also review the SMB’s current security protocols and provide recommendations for improving them. By taking advantage of these assessments, SMBs can protect themselves from the newest threats.

Proactive monitoring

Managed IT services providers employ advanced threat intelligence databases and monitoring software to watch over networks, systems, and data. With these tools, MSPs can check network traffic for any suspicious activities that may indicate a potential cyberattack and promptly warn the SMB. This proactive monitoring can help SMBs detect, contain, and eliminate potential threats before they cause any serious damage.

Regular security updates

Maintaining a secure IT infrastructure requires constant updates and patch management. Patch management is a core service of many MSPs. It involves keeping track of all software patch releases, testing the patches for compatibility, and deploying them to client networks. By regularly updating and patching vulnerabilities, SMBs can significantly enhance their overall cybersecurity posture and reduce the likelihood of successful attacks.

Security awareness training

Beyond the technical security measures, MSPs also offer security awareness training programs for SMBs. These programs educate employees on the process of identifying potential threats, safe online practices, good password hygiene, and the importance of protection. Through ongoing training sessions and workshops, employees can develop a security-conscious mindset and contribute to maintaining a strong cybersecurity posture within the organization.

Incident response

If a security breach occurs, SMBs must be prepared to respond swiftly and effectively. MSPs can help SMBs develop comprehensive incident response plans to ensure they are well equipped to handle any cyberthreats. With an incident response plan, SMBs will be able to quickly identify potential breaches and take remedial actions with minimal disruption to their operations. MSPs can also assist SMBs in preserving evidence, restoring systems to their pre-breach state, and communicating with stakeholders regarding the incident.

Cybersecurity is a multifaceted endeavor that requires the right resources and expertise, but you don’t have to handle all of it by yourself. MSPs can lighten the load and provide your SMB with powerful security solutions and services. Contact us now to learn more about how managed IT services can help you protect your SMB.

Cybersecurity is a crucial component of managing a successful company and understanding different cybersecurity terms is essential to protecting your company’s sensitive information, data, and assets can be deleted. Here’s a guide to key cybersecurity terms every business owner should know.

Malware

Malware is short for malicious software and encompasses various harmful programs designed to disrupt computer systems, steal data, or gain unauthorized access to a network. Types of malware include viruses, ransomwareTrojans, and spyware. Employing robust antivirus and anti-malware solutions is crucial to detect and mitigate these threats.

Phishing

Phishing is a cyberattack where malicious actors attempt to trick individuals into revealing sensitive information, such as passwords, credit card details, or login credentials. Phishing attacks often come through deceptive emails, spam messages, or websites that appear legitimate. Business owners must educate their employees about the dangers of phishing and promote a culture of vigilance when dealing with suspicious communications.

Firewall

A firewall is a network security solution that acts as a barrier between a company’s internal network and external networks such as the internet. It constantly scans and controls traffic coming in and out of a network using predetermined rules. These security rules help prevent unauthorized access to a system and keep potential cyberthreats at bay.

Encryption

Encryption is a method of converting plain, readable data into an unreadable format called ciphertext. It is used to protect sensitive information and maintain confidentiality during data transmission or storage. Even if the data is intercepted, the information will be unreadable without the correct decryption key.

Multifactor authentication (MFA)

MFA is a security mechanism that enhances the protection of user accounts and sensitive information by requiring users to provide multiple forms of identification or “factors” such as passwords, biometrics, and one-time codes to verify their identity. The goal of MFA is to add an extra layer of security beyond just a username and password.

Patch management

Hackers often exploit vulnerabilities in networks and applications to gain unauthorized access to an organization’s system. Patch management involves regularly updating and applying security patches to software, operating systems, and applications to close these vulnerabilities and protect businesses from potential breaches.

Data breach

A data breach occurs when unauthorized individuals gain access to sensitive information, such as customer data, financial records, or intellectual property. Data breaches can have severe consequences, including financial losses, legal repercussions, and reputational damage. Implementing robust security measures can help minimize the risk of data breaches.

Security awareness training

Security awareness training educates employees about potential cybersecurity threats and best practices to help them recognize and respond to such threats effectively.

Virtual private network (VPN)

A VPN is a software or platform that helps establish a secure and encrypted connection between a user’s device and a remote server. Using a VPN especially when connected to public Wi-Fi networks will ensure privacy and data protection.

Insider threat

An insider threat is a current or former employee, contractor, or business partner who intentionally or accidentally misuses their authorized access to compromise data security.

Security audit

A security audit is a systematic evaluation of an organization’s security policies, practices, and controls to identify potential vulnerabilities and improve overall security.

Cybersecurity is an ongoing process, and staying informed about the latest threats and solutions is essential to keep your business safe in the digital age. Protect your assets, safeguard your customers, and maintain your reputation by talking to our cybersecurity experts today.

If you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment

Published with consideration from TechAdvisory.org SOURCE

Bring your own device (BYOD) is a trend that has grown in popularity because of the convenience it offers employees, but it also presents a serious security risk. If an employee’s personal device is not appropriately secured, it can become a potential entry point for attackers to gain access to sensitive corporate information. Therefore, it is imperative to take steps to strengthen BYOD security. Here’s how you can do just that.

Establish a BYOD policy

The first step in securing personal devices used for work is to establish a clear BYOD policy. This policy should include guidelines for acceptable use of personal devices and security protocols such as device encryption, password policies, and data backup requirements. It should also define the types of data that can be accessed on personal devices and the consequences of policy violations.

Use mobile device management (MDM) software

MDM software allows companies to manage mobile devices from a centralized console. It provides administrators with control over the configuration, application installation, and security settings of mobile devices. With MDM software, administrators can establish company-wide security policies as well as monitor and wipe data from compromised devices.

Implement two-factor authentication (2FA)

Two-factor authentication is a security process that requires users to provide two forms of identification to access company data. This typically includes a combination of passwords and one-time verification codes generated by a third-party authenticator app. By implementing 2FA, the security of a device doesn’t solely depend on the strength of its user’s passwords. Hackers will need to gain access to both authentication factors to hack company devices, which can be incredibly difficult.

Conduct regular security training

Educating employees on security best practices is crucial for any organization. Employees need to be aware of the risks associated with using personal devices for work-related tasks. Companies should conduct regular security training sessions to help employees understand their roles and responsibilities in maintaining the security of company data.

Monitor and enforce compliance

It’s essential to monitor the use of personal devices and ensure compliance with the company’s BYOD policy. This can be done through regular audits, periodic security assessments, and the use of security tools to detect unauthorized access attempts.

Establishing a robust security framework for BYOD is essential for any organization. Companies can work with a managed service provider to ensure that their BYOD security measures are up to date and effective. Call us today and let us help you strengthen your BYOD security.

If you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment

Published with consideration from TechAdvisory.org SOURCE

Many see security as a barrier, not a business enabler

Despite news of devastating cyberattacks breaking almost daily, many business leaders still fail to see the full value a strong cybersecurity posture brings to their organization, new research has found

This is according to Risky Rewards, a new report published by cybersecurity experts Trend Micro polling more than 2,700 business decision-makers in companies with 250+ employees across 26 countries, finding that around half (51%) see cybersecurity is a “necessary cost but not a revenue contributor”.

At the same, a somewhat similar percentage – 48% – claim cybersecurity’s value is “limited” to attack and threat prevention. For nearly two-fifths (38%) cybersecurity is a barrier, not a business enabler.

Winning new clients

“If organizations want to make the most of their security investments, business leaders must reframe their view of cybersecurity – to think more broadly about how it can positively impact the enterprise,” commented Jon Clay, VP of threat intelligence at Trend Micro.

“This research shows it’s clearly a critical component of winning new business and talent. At a time when every dollar/penny counts, it’s concerning to see stereotyped views of security persist at the very top.”

Further in the report, Trend Micro claims 81% worry that a poor cybersecurity posture could hurt their ability to close new clients. In fact, for 19% this already happened. What’s more, 71% of business decision-makers are being asked about their cybersecurity posture in negotiations with potential customers and suppliers, with 78% admitting the questions are getting more frequent.

Cybersecurity has also become pivotal for talent acquisition. Almost three-quarters (71%) said remote and hybrid working offerings are now essential for talent acquisition. For 83%, current security policies affect remote employees’ ability to do their jobs, with 43% saying current security policies prevent employees from working remotely. Also, 54% said their policies restrict what devices and platforms employees can use for work.

Finally, two-thirds (64%) of business decision-makers confirmed they’re planning on increasing their security budgets this year.

If you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment

Published with consideration from TechRadar SOURCE

Password fatigue is a real problem for businesses. Here’s what they can do while they await passwordless authentication.

Does the term “password fatigue” sound familiar? It’s ironic that increased security measures put in place to keep us safe may sometimes do the exact opposite. Mandatory password changes, lengthy password requirements and security questions, while well intentioned, can lead some people to backslide with their digital hygiene.

With the average person reusing the same password 14 times across their portfolio of digital accounts, it’s no wonder the FBI received a record number of cybercrime complaints from the American public last year, with potential losses exceeding $6.9 billion.

How To Prevent Password Fatigue

Password fatigue is a reaction to the fact that safety and functionality are often seen as in opposition to each other. Our days are filled with a series of different programs and platforms, each requiring its own login credentials.

The average adult has at least 100 passwords to keep track of, and the majority of Americans say they’re locked out of an average of 10 accounts per month. It’s impossible to remember all the passwords that safeguard our daily lives. The seemingly endless need to remember or reset passwords can wear people down, resulting in risky behavior.

One study revealed that 92 percent of people are aware of the security risk associated with reusing passwords, but 65 percent reuse them anyway. The password has stuck around so long despite its flaws precisely because it is not easy to replace.

Passwordless authentication is available for use today; however, most organizations have not yet deployed the technologies to support it. For now, they rely on multi-factor authentication to mitigate the risk of passwords being hacked. That’s a good intermediate step, but it doesn’t do anything to solve password fatigue.

Resetting Passwords: What You Need to Know

In addition to multi-factor authentication, businesses can help employees by deploying password management technology that acts as a digital logbook — a compilation of passwords to various accounts that can be accessed through a single master password.

Password managers can automatically monitor your password strength and help you create strong, unique passwords for every account.

Take the following factors into consideration when deciding which password manager is best for your needs:

  • Will it protect your organization against a cyberattack? You are best served by a manager that cr­eates high-strength, random passwords for each website, application and service that you use. Ensure you have alerts and dark web monitoring engaged so you can take immediate action if your credentials are leaked in a public data breach.
  • Does it enable multi-factor authentication? An additional PIN sent to employees’ digital devices, or one that works in tandem with an authentication app, is one element that separates a dedicated password manager from a browser-based manager, which saves and auto-fills passwords, giving anyone using your computer access to your online accounts.
  • How flexible is it? Some password managers can only be used with one device type, or with specific software systems. Make sure you’re protected on every platform, with a manager that securely syncs across all your devices.
  • Is it easy to use? Safely storing passwords should make employees’ lives simpler. Ensure your password manager can auto-fill user IDs and passwords, and consider additional features, such as the ability to add payment cards for faster checkouts.

Custom fields can help securely save important information such as your driver’s license or passport number, or even sensitive files, documents, photos and videos. Most experts agree that the ongoing use of passwords represents a security risk for organizations. Until passwords are a thing of the past, however, businesses should do all they can to reduce that risk.

If you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment

Published with consideration from BizTech  SOURCE

Protecting your business printers from malicious cyberattacks may be the last thing on your mind, but it should definitely not be. Hackers are always looking for new vulnerabilities to exploit, and, if left unprotected, printer systems can offer a trouble-free gateway into vast troves of sensitive data. To help safeguard against unforeseen risks, take these key steps to secure your company’s printers now.

Vulnerabilities of business printers

Printers are considered indispensable business tools, but their core functions can make them irresistible targets for cybercriminals. These devices process a plethora of valuable data such as tax forms, employee information, financial statements, medical records, and the like. And did you know? Even if you cancel print jobs, these data are still stored within printer hard drives. Without proper security measures, valuable data can fall into the wrong hands.

Organizations also need to take a closer look at their network printers since these are connected to the web. With the right tools and opportunities, hackers can easily intercept sensitive data traveling through open network ports. Printer vulnerabilities can open unknown backdoors that can give criminals an opportunity to launch far-reaching cyberattacks from within your network. Such attacks are difficult to stop once they’ve been launched.

Ways to protect your business printers

Keeping business printers secure should be an essential step when developing a comprehensive cybersecurity strategy. To ensure your print devices aren’t vulnerable to attacks, following these best practices will safeguard them from potential threats.

  1. Keep an eye on your network and make sure to install printer software updates and patches right away.
  2. Update printers with web management capabilities by modifying their default passwords and administrator login credentials.
  3. Only company-owned devices should be permitted to connect to your printing network.
  4. Always use secure connections and avoid accessing your printer through a public internet connection.
  5. Maximize your network security by using a firewall to limit printer access.
  6. For improved security and to prevent unauthorized access, activate the PIN/password feature of your wireless printer to ensure that only authorized users are able to print documents on your device.
  7. Disconnect the printer from its main network and turn off out-of-network printing if you don’t use it for faxing or email purposes.
  8. Protect classified data by connecting printers directly to computers or using a thumb drive.
  9. Use your printer’s manual feed settings. This feature allows you to feed paper into printers manually, making sure that printed materials don’t end up in the wrong hands or left lying around for anyone to see.

Furthermore, working with an IT specialist can provide peace of mind when it comes to managing your printers. Trusted IT experts can make sure that any potential attack vectors are closed off while also helping you lower management costs and keep your devices at peak performance.

If you have any questions about securing your business printers, don’t hesitate to contact us.

If you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment

Published with consideration from TechAdvisory.org SOURCE