We’re still following some post patching issues that cropped up after the March patches were released. Some, like the interaction with CRM 2011, have been fixed. Others impacting Outlook 2016 searching need a rollback. March Office Click-to-Run Causing Issues For those with Outlook 2016 and click to run (retail)installations, you will probably note that searching in Outlook is broken after the March click to run release. At this time there is no other workaround other than to roll back to a prior version of Office click to run. As noted on the Microsoft forum this is a known issue as noted by a Microsoft staff. If you connect to a POP account or you are searching PSTs there is a bug in the latest updates. To roll back to a prior release do the following steps: Open a command prompt and run the following commands in order: cd %programfiles%\Common Files\Microsoft Shared\ClickToRun officec2rclient.exe /update user updatetoversion=16.0.7571.2109 Open Outlook and click File, Office Account and set Update Options to Disable Updates Add an appointment on your calendar for a month or more out to remind you to re-enable updates. What to do: Roll back to a prior release if you are impacted. … Read More
You can adjust and strengthen Windows 10 security settings through Group Policy. Here’s how. You want to tighten the security features and policies in Windows 10 but you’re not sure where to go. Well, there is a Settings screen where you can enable or disable several privacy settings. But if you want to manage and maintain the security settings in the OS, one method is through the Group Policy Editor. Using this tool, you can control settings for anyone who uses the same computer. You’ll find settings for password length and complexity, the account lockout policy, the Windows firewall, and the audit policies. Though Group Policy is typically used in an organization, it can also be recruited to tweak settings on an individual computer, whether that PC is used by one person or by multiple people in a home or small office. The local security policies for Windows 10 are contained in a Group Policy snap-in called secpol.msc. By opening this snap-in in your Group Policy Editor, you can tweak each individual setting. This gives you the power to set security policy for any Windows 10 computer in your home or office. Anyone who logs into a computer for which … Read More
Microsoft Edge already has some security tricks up its sleeve, but you can beef up the browser still further. Windows 10 users, you’re probably using Microsoft Edge to surf the web. But how secure is the newest browser on the block? And how can you tweak it to make it more secure? Edge already includes or takes advantage of several features that enhance your security. But it also offers several options that you can enable or disable to better protect your privacy on the web and ensure that you’re practicing safe surfing. You can make sure the SmartScreen filter is turned on to protect you from malicious websites. You can use InPrivate browsing so no cookies or other data are collected. You can opt to block cookies, especially ones from third-party websites. You can choose to clear your browsing history, especially whenever you shut down Edge. And you can remove your Bing search history. First, let’s go over the security features already built into or used by Edge. One item is SmartScreen. Initially developed for Internet Explorer 8, SmartScreen checks each webpage you visit and each file you download to make sure they don’t contain malware. The feature works by … Read More
Since we have been using computers, we have been looking for a way for each machine’s administrators to better control the machines and take care of them. This is how we got PowerShell: Microsoft gave admins a command line tool that would be able to automate more and more tasks, from scripting across a network to fully deploying and managing a server with no graphical user interface. Of course, with every good thing comes attackers that abuse it, and PowerShell is no exception. A recent attack that utilizes a malicious word attachment also used PowerShell commands to put a back door in the system, then used DNS TXT record queries and responses to create a bidirectional Command and Control (C2) channel. While this process is not new, the recent headline use of PowerShell has led to some question if one can block PowerShell on their machines. The first thing to know is that one truly cannot uninstall PowerShell from a system. Think of PowerShell like the DOS command line that is still hiding under the hood of the operating system: it’s a deep, embedded part of the operating system. However, that doesn’t mean you aren’t without options to better prevent the use of … Read More
Here’s a morsel of what I learned about Web security at this year’s RSA Conference in San Francisco. It’s just another tale of the good, the bad, and the ugly 1.Security in Windows 10 is better than any version before it. That’s because unlike previous versions which had user customizable settings to control how your PC received updates and patches, updates in Windows 10 are by default automatic. Ostensibly this means that Microsoft is staying one step ahead of malware hackers. There’s just one problem with this assumption. Unlike the dozens and dozens of anti-malware/virus software companies which update their malware definitions 24/7, Microsoft offers its updates just once a month on its Patch Tuesday which means any Windows 10 is vulnerable to new malware for possibly a month in between. So installing third party anti-malware/virus software is probably still advisable. 2.Nothing is necessarily safe on the Web even if you have anti-malware installed because the hackers are changing their sinister codes virtually every few seconds. You read that right: every few seconds in a lousy game of digital whack-a-mole. And the bad guys are ever finding new ways to infect your system. 3. Then there’s the increasing rise of … Read More
Recently a WordPress attack led to defaced web sites. WordPress is an easy web platform to use and one used in many attacks. Here’s why — and what you can do to protect a WordPress site. Why WordPress Is Attacked WordPress is a very powerful platform. It makes it easy for novices and non web developers to build their own customizable web sites that are easily updated and very social. But that ease of use can also mean ease of being used in attacks. The core of WordPress is augmented by any number of third party plug ins and thus to patch and maintain WordPress sites can be pretty tricky. Recently, several security issues caused many sites to be defaced. The update, released on January 26th, fixed several issues the worst of which caused an “unauthenticated privilege escalation vulnerability was discovered in a REST API endpoint.” The bottom line? Attackers could take control of a site and post whatever content they wanted. As soon as the patch was released, sites came under attack. So why didn’t all of us running WordPress sites immediately update? Well, for the same reason we don’t immediately update Windows patches – we fear new releases will … Read More
Not a day goes by that I don’t see some sort of scam or attack. Awareness of the latest scams it key to staying safe — here are some new scams you should be aware of. Ransomware’d Printers The latest in ransomware techniques is to target vulnerable printers inside networks. As noted in a recent article, the attack takes advantage of a network if port 9100 is open. While in a small network behind a router provided by your Internet Service provider, the chances are small that port 9100 will be open if you’d like to make sure you can perform the following steps. From a computer inside your network go to the ShieldsUP website. Click on proceed to begin the process In the box, enter 9100 Click on user specified custom port probe The test will indicate if the port is open or closed. Chances are very good that the port will be closed. If so, you will not be at risk to this attack from external sources. However, I have seen several firms impacted by this attack because the malware entered into the network into a workstation and was able to attack vulnerable printers. In one case it … Read More
Credit card numbers, Social Security Numbers, scanned passports, plans for world domination — these are only a few of the items that you may be tempted to send in an email. But unless you have encryption, you shouldn’t hit “send” on any of them. A message can pass through numerous servers on its journey and can be read on any of them. Encrypting a message can be much more complicated than encrypting a file or even a drive. There are other people involved. And they may not be as tech savvy or security conscious as you. So you need encryption that won’t confuse someone who panics at the thought of downloading a file. Another issue you need to consider: Just how much security do you need? It’s one thing to protect your information from run-of-the-mill cybercrooks. It’s another to keep your private words from the government. And remember that there is no perfect security. Even the best encryption algorithm can be cracked if someone uses a password like 123456. The goal is to find something both practical and sufficiently secure. The Weak Encryption You Probably Already Have Your messages probably already travel encrypted from your email client to your email provider’s server, … Read More
It’s a new era in terms of risk on the Web: from scams to spam to predatory practices, you have more reasons than ever to be proactive about protecting your kids while they’re surfing online.
Fortunately, Windows 7 gives you a robust set of built-in parental controls.
Keeping your personal financial information safe from cyber thieves doesn’t require a ban on online shopping and banking — it just requires care.
Follow these tips and you should be okay — even if you take the riskier path of banking by cell phone.