What is the Risk?

The vulnerability (tracked as CVE-2025-55177) exploits how WhatsApp handles media files in group chats. Attackers can create a group, add users, and send a specially crafted media file. If your settings are set to “auto-download,” the malicious file lands on your phone instantly, potentially allowing remote code execution or the installation of spyware.

While Meta (WhatsApp’s parent company) has issued server-side updates, security experts—including those at Google and Malwarebytes—note that these fixes may only partially mitigate the risk. Manual intervention is currently the most effective way to ensure your data remains secure.

Action Required: Disable Auto-Downloads

To protect your device, we recommend immediately disabling automatic media downloads. This ensures that no file is saved to your device unless you specifically choose to download it.

How to update your settings (Android & iOS):

1. Open WhatsApp Settings: Tap the three dots (Android) or the “Settings” gear (iOS).
2. Navigate to Storage and Data: Locate the “Media auto-download” section.
3. Deselect All Media: You will see three categories: When using mobile data, When connected on Wi-Fi, and When roaming.
4. Turn Off Everything: Open each category and uncheck Photos, Audio, Videos, and Documents. Each should now display “No media” or “Off“.

Enhanced Privacy Steps

For those seeking a higher level of security, we suggest two additional configurations:

• Restrict Group Invites: Go to Settings > Privacy > Groups and change the setting to “My Contacts”. This prevents unknown actors from adding you to malicious groups.
• Enable Advanced Privacy: Under Settings > Privacy > Advanced, you can enable “Protect IP Address in Calls” and check for the new “Strict Account Settings” (if available on your version), which further restricts how the app processes data from unknown senders.

As your IT partners, we strongly advise all clients to verify these settings today. Staying proactive with these minor adjustments is a vital step in defending against increasingly sophisticated mobile threats.

A lot of the preparation for Christmas now happens online – from buying gifts and decorations to ordering festive food, sending digital cards, and catching up with friends and family. While this makes life easier, it can also make us more vulnerable, especially when we’re busy, distracted, or rushing to get things done.

Cyber criminals know this. The festive period often sees a rise in scams, phishing emails, and fake websites. Increasingly, these threats are being enhanced using AI, making them look more convincing and harder to spot than ever before.

Christmas is also an ideal time to pause and check your digital security. Reviewing the settings on your devices, apps, and social media accounts now can help protect you well into the new year. Simple steps such as updating software, checking privacy settings, and using strong, unique passwords can make a real difference.

Get Safe Online has produced a helpful Christmas checklist that clearly explains what to look out for and how to stay protected during the festive season. You can access their advice here:
👉 https://www.getsafeonline.org/christmaschecklist/.

A few minutes spent checking your online safety now can help ensure the only surprises this Christmas are the good ones.

What Happened

In December 2025 the UK Information Commissioner’s Office (ICO) announced a £1.2 million fine against LastPass UK Ltd after a 2022 data breach that affected the personal information of up to 1.6 million UK users.

The breach occurred through two linked security incidents in August 2022. Attackers first compromised an employee’s corporate laptop and gained access to LastPass’ internal development environment. Encrypted company credentials were taken in that incident. Shortly afterwards, the attacker then breached a senior employee’s personal device using malware and captured their master password. This second breach gave the attacker access to LastPass’ backup database containing customer data such as names, email addresses, phone numbers and stored website URLs.

The ICO found that LastPass did not have sufficiently robust technical and organisational security measures in place to prevent this unauthorised access, leading to the data compromise.

What Was Exposed and What Wasn’t

Importantly, the ICO’s investigation found no evidence that hackers were able to decrypt customer passwords or other highly sensitive credential data stored in users’ vaults. This is because LastPass uses a “zero knowledge” encryption system, meaning master passwords and vault contents are encrypted and stored on customers’ devices, not on LastPass’ servers.

Nonetheless, the breach still exposed personal information, and the ICO has confirmed that the fine reflects a failure to implement appropriate security controls under UK GDPR.

Key Lessons for Businesses

The ICO’s action serves as a reminder that even technology vendors with a security focus must maintain strong internal security practices. Key points for organisations to consider include:

• Ensuring strict access controls for internal systems and sensitive environments.
• Avoiding the use of personal devices for work systems whenever possible and enforcing separation between personal and corporate access.
• Regularly reviewing and testing security policies and technical safeguards to protect against malware and credential compromise.

The ICO continues to encourage businesses to use guidance from the ICO and the National Cyber Security Centre to assess and strengthen their security posture.

Strengthen Your Own IT Security

A fine of this size highlights that even established providers can fall short when internal controls are not fully effective. We recommend that local businesses review their own technology and security arrangements to make sure they are not exposed to similar risks.

If you would like assistance assessing your IT security, identifying vulnerabilities, or improving your data protection measures, please contact us for expert advice and support.

Source:
https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2025/12/password-manager-provider-fined/

For UK businesses that rely on newsletters, customer updates, appointment reminders, or any form of outbound email marketing, these changes require immediate attention to avoid rejections and spam filtering.

Why This Change Matters

Microsoft’s updated policies aim to reduce spam, spoofing, and fraudulent email. While this strengthens the email ecosystem, it also means:

• Messages without proper authentication may be blocked or sent to Junk.
• Poor list-hygiene practices could damage your sending reputation.
• Organisations using outdated or poorly configured systems may find their emails failing silently, resulting in missed communication with clients and customers.

Key Requirements for Bulk Email to Outlook.com

1. Mandatory Email Authentication: SPF, DKIM & DMARC

Your outbound email must pass:

• SPF – verifies your authorised sending servers
• DKIM – cryptographically signs messages to protect integrity
• DMARC – enforces identity alignment and monitors authentication failures

Microsoft is now rejecting or degrading delivery for bulk senders who fail these checks.

Callout:
If you use platforms like Mailchimp, SendGrid, HubSpot, CRM systems, ticketing platforms or VoIP software, your DNS records must be updated to include their SPF and DKIM settings.

2. Stronger Bulk Email Compliance

Microsoft now requires:

• A working unsubscribe link, ideally one-click
• All unsubscribe requests honoured within 48 hours
• A valid, monitored From/Reply-To address
• No spoofing or misleading domain usage
• Clear identification of your organisation within every email

3. List Hygiene, Bounce Management & Complaint Reduction

Maintaining clean, compliant mailing lists is now essential.

• Remove addresses that bounce repeatedly
• Remove subscribers who remain inactive over time
• Stop sending to anyone who flags your messages as spam
• Avoid purchased or low-quality third-party lists

Callout:
Poor list hygiene is now one of the fastest ways to damage your domain’s reputation at Outlook.com.

The Risks of Non-Compliance

Failing to meet these requirements can lead to:

• Hard bounces or outright rejections by Outlook.com
• Placement in the Junk Email folder
• Long-term reputation issues affecting all outbound mail
• Delivery failures for important transactional messages (invoices, notifications, password resets)
• Wasted time and reduced engagement

For organisations with clients or customers using Outlook/Hotmail addresses, the impact can be especially significant.

Real-World Checklists for UK Businesses

These practical checklists help ensure compliance and maintain strong email deliverability.

Technical Checklist: Email Authentication & Infrastructure

• SPF record exists and includes all sending platforms
• DKIM signing enabled for every system that sends email
• DMARC record configured (at minimum: p=none)
• Marketing and transactional emails use separate domains/subdomains
• “From” address is valid and belongs to your controlled domain
• DNS updated to match all external tools (Mailchimp, CRM, VoIP, portals, etc.)
• Regular monitoring of DMARC reports
• Email provider not sending from shared/untrusted IPs

Bulk Email Checklist: Marketing & Newsletter Campaigns

• Clear, functional unsubscribe link in every email
• Unsubscribe requests processed within 48 hours
• Reply-To address monitored daily
• All recipients opted-in and properly segmented
• Campaign frequency controlled to avoid complaints
• Consistent branding and sender identity
• Content designed to minimise spam triggers

List Hygiene Checklist: Protect Your Sender Reputation

• Immediate removal of hard bounces
• Removal of long-term inactive users
• Removal of repeated soft-bounces
• No sending to anyone who marks you as spam
• No use of purchased or unverified email lists
• Double-opt-in used for new sign-ups

Best Practice Recommendations

1. Separate Marketing and Transactional Email

Use dedicated subdomains for campaigns (e.g., updates.yourdomain.co.uk).
This protects your main domain’s reputation.

2. Apply a Robust Email Policy

Define who sends what, using which domain, via which platform.

3. Monitor Deliverability

Review DMARC reports and keep track of domain and IP reputation trends.

4. Review Third-Party Integrations

Ensure all platforms sending on your behalf are authenticated correctly.

Final Thoughts

Outlook.com’s new requirements represent a major shift in how bulk email is assessed.
Properly implemented authentication, unsubscribe management, and list hygiene are no longer optional — they are essential for ensuring outbound communications reach your customers’ inboxes.

Businesses that invest time now in strengthening their email infrastructure will benefit from:

• Higher delivery rates
• Fewer spam complaints
• Improved trust and domain reputation
• More successful customer communication overall

Need help implementing this?

If you want to ensure full compliance with these new Outlook.com requirements — including SPF, DKIM, DMARC configuration, DNS changes, list hygiene strategy, or platform integration — contact RLS Computer Services for assistance.

At RLS Computer Services, we understand that data protection is not just a legal obligation – it’s also a matter of trust between your organisation and the people you serve. Whether you are a local authority, a parish council, or a small business, compliance with the UK GDPR is essential. Two of the most important areas we support our clients with are Article 25 – Data Protection by Design and by Default and Article 32 – Security of Processing.

Article 25: Data Protection by Design and by Default

This article requires organisations to embed data protection into the way they design and use systems. At RLS, we ensure that every deployment – whether it’s a new computer for a single user, a Microsoft 365 setup for remote working, or a full network infrastructure upgrade – has security built in from the outset.

For example:

• When we configure Microsoft 365, we enable multi-factor authentication (MFA) as a default setting, so users have a higher level of protection against unauthorised access.
• When setting up new computers, we configure them with BitLocker encryption to ensure data is secure even if a device is lost or stolen.
• For councils and public bodies handling sensitive citizen data, we implement role-based access controls, ensuring that staff only have access to the data necessary for their role.

This approach ensures compliance with Article 25 by designing systems with privacy and security at their core, rather than as an afterthought.

Article 32: Security of Processing

Article 32 focuses on the technical and organisational measures organisations must take to secure personal data. At RLS, we take a “security from the ground up” approach for all our clients, ensuring that risks are minimised and systems are resilient.

Examples include:

• Regular patching and updates to keep software protected against known vulnerabilities.
• Endpoint protection and firewall management to safeguard against malware and external threats.
• Secure backup solutions, ensuring that even in the event of a ransomware attack, critical data can be recovered quickly and safely.
• Staff training and awareness sessions, as human error is often the weakest link in data security. By raising awareness, we help organisations maintain compliance in day-to-day operations.

For UK organisations, particularly local authorities and small businesses, these measures provide assurance that personal data is handled securely, meeting both GDPR requirements and the expectations of the public.

How RLS Supports You

Compliance doesn’t have to be complex. With RLS Computer Services, you have a partner who makes sure GDPR principles are built into your IT systems by default and reinforced through strong security practices. From one-off device setups to fully managed IT support contracts, we ensure that your organisation remains compliant, secure, and trusted.

If you would like to discuss how we can help strengthen your GDPR compliance, get in touch with us today.

As part of our managed services we apply updates, upgrades, patches and maintenance to our clients devices on a specified date and time of the week. This is so we can keep to tight schedule on workloads and all devices are managed to the same level.

The task of updating a client’s device (computer, laptop, tablet or mobile) isn’t easy and we follow a strict timetable to make sure that nothing slips through the net, however we need our clients to adhere to the schedule for it to take place.

What Work Do We Carry Out?

Although the work can vary from client to client the majority have these mandatory processes implemented.

Software Updates (Mac & Windows)

• Microsoft Office
• VLC Media Player
• Adobe Acrobat Reader
• 7-Zip
• Google Chrome
• Microsoft Edge
• Mozilla Firefox
• Thunderbird
• Microsoft Teams
• Brother iPrint & Scan
• and many others..

Operating System Patching & Updates

• Windows Updates (Critical & Important)
• Windows Service Packs (if applicable)
• Microsoft Office Service Packs (if applicable)
• Includes Mac OS recommended software, security, and stability updates

Maintenance

• Full System Virus Scan
• System Clean Up
• Empty Temporary Files

When Do You Carry It Out?

We carry out the work overnight as to not disturb your working day, however sometimes Windows devices may need to reboot the next day.

What Do I Need To Do?

• Leave your computer, laptop, tablet or mobile switched on
• Make sure your device is connected to the internet either via WIFI or LAN connection
• If using a mobile device make sure it is plugged into the mains supply
• Make sure all files are saved & applications are closed.
• There is NO need to be logged in.

If you work from home then these updates can be done there as long as you have a fast Internet connection, just follow the procedure above.

How Will I Know It’s Completed?

If you don’t hear from us assume everything is alright, however in some cases we might need to access your device to complete a task (i.e. installing drivers for printers, graphics cards, IOS updates, etc.). In these cases we will make a separate arrangement to complete the work.

What Happens If I Miss The Deadline?

If you forget to leave your device on, don’t worry it will get completed either the next day or the next weekly cycle depending on the urgency of the update, patch or upgrade. However, we have no control over the time and cannot guarantee it won’t disrupt your working day.

In London, the problem is especially severe, where around 70% of thefts involve mobile phones. Criminal gangs target unsuspecting pedestrians, stealing devices that are quickly sold on, often overseas, creating a black market worth tens of millions of pounds. Despite this, less than 1% of these cases result in a charge.

How Do Snatch Thieves Operate?

Snatch theft is usually fast and opportunistic. Thieves typically work in pairs or alone using e-bikes, mopeds, or scooters—some capable of reaching 70 mph. They target people walking on pavements or sitting in public spaces with their phones out, especially when distracted.

Other tactics include:

• Distraction thefts: where one person engages you in conversation while another grabs your phone.
• Pickpocketing: lifting phones from back pockets or handbags in crowded places.
• Drive-bys: scooters or bikes zoom past and grab the phone right from your hand.

The whole act can take just seconds.

How to Avoid Becoming a Victim

While no method is foolproof, here are some practical habits to help reduce your risk:

• Stay aware when using your phone in public, especially near roads or cycle paths.
• Keep your phone out of sight in busy areas or when walking near traffic.
• Use earphones or smartwatches for calls and navigation to avoid holding your phone.
• Avoid placing your phone on café tables or resting it in open bags or pockets.

Top 6 Practical Tips if Your Phone Is Stolen

1. Note your IMEI number
   Dial *#06# on your phone to display its unique IMEI numbers. Write it down or screen grab and store it safely. You’ll need it if you report the theft or ask your network to block the device.
2. Enable tracking and locking features
   Set up tools like Find My iPhone or Google Find My Device. These let you locate, lock, or even erase your phone remotely if it’s stolen.
3. Use trusted support if unsure
   If you’re not confident using tracking tools yourself, professional IT support providers can help you track, lock or wipe your device remotely.
4. Change your passwords
   Use another device to log into your Apple ID, Google account, or banking apps and change your passwords immediately. This helps prevent fraud.
5. Contact your network provider
   Ask them to block your SIM and blacklist your IMEI numbers. This stops the thief from using the device on any UK network.
6. Report the theft to the police
   If the theft just happened or is ongoing, call 999. Otherwise, call 101 or report it online at www.police.uk. Give them your IMEI number and any tracking details to aid recovery.

In Summary

Phone theft is on the rise, but there are simple steps you can take to reduce your risk and respond quickly if your device is stolen. Stay alert in public, avoid displaying your phone unnecessarily, and prepare now by activating tracking tools and storing your IMEI number. And remember—support is available if you need help managing your device remotely. A little preparation today could save a lot of stress tomorrow.

In the ever-evolving landscape of cybersecurity, businesses must remain vigilant against potential threats that could disrupt operations. Recently, a significant issue emerged involving CrowdStrike, a renowned security firm, and Microsoft’s Windows operating system. A corrupted software update from CrowdStrike has triggered a Blue Screen of Death (BSOD) in numerous Windows PCs, leading to widespread disruptions. This incident has only affected Windows systems, leaving other operating systems unscathed. In this article, we will delve into the details of this glitch, its impact on small and medium businesses, and provide guidance on how to navigate this alarming situation effectively.

Understanding the BSOD Issue

What is BSOD?

The Blue Screen of Death (BSOD) is a critical error screen displayed by Microsoft’s Windows operating system following a fatal system error. This error is usually caused by hardware issues, driver conflicts, or more commonly, software bugs. When a BSOD occurs, the operating system halts, preventing further damage to the system. The screen typically displays an error code and a message indicating the cause of the crash. In the recent issue involving CrowdStrike, the BSOD was triggered by a corrupted software update. This specific incident highlights the potential vulnerabilities even trusted security software can introduce. For businesses relying on Windows PCs, understanding BSOD is crucial, as it helps diagnose and resolve system failures quickly, ensuring minimal downtime and maintaining operational efficiency.

Impact on Windows PCs

The impact of the CrowdStrike issue on Windows PCs has been substantial. The corrupted update has caused widespread occurrences of the Blue Screen of Death (BSOD), leading to significant disruptions in business operations. For small and medium businesses, this means interrupted workflows, potential data loss, and delayed projects. The BSOD effectively renders affected Windows PCs unusable until the underlying issue is resolved. This can be particularly challenging for IT departments already stretched thin. With the need for manual reboots in safe mode and the application of fixes on a device-by-device basis, the resolution process is intensive and time-consuming. Moreover, the downtime not only affects productivity but can also lead to financial losses. Understanding the full extent of this impact is critical for businesses to implement effective contingency plans and minimise operational disruptions.

CrowdStrike’s Role in the Glitch

CrowdStrike, a leading cybersecurity firm, found itself at the centre of this BSOD issue due to a flawed update to its antivirus software. Designed to protect Microsoft Windows devices from malicious attacks, the update inadvertently contained a defect that triggered the Blue Screen of Death (BSOD) on numerous Windows PCs. This incident underscores the complexities and challenges associated with software updates, even from reputable security providers. CrowdStrike’s CEO, George Kurtz, has acknowledged the mistake, stating that the issue has been identified, isolated, and a fix has been deployed. However, the process of applying this fix is arduous, requiring manual intervention on each affected device. This situation highlights the critical need for thorough testing and quality assurance in software development, particularly for applications that play a pivotal role in cybersecurity. Businesses relying on CrowdStrike’s services must stay informed and follow recommended steps to mitigate the impact of such glitches.

]]> 3545 https://rlscomputers.co.uk/2024/05/20/what-is-the-difference-from-the-internet-and-an-intranet/ Mon, 20 May 2024 16:09:16 +0000 https://rlscomputers.co.uk/2024/05/20/what-is-the-difference-from-the-internet-and-an-intranet/ Read More]]> Unlocking the Power of Intranets: Practical Applications for Small Businesses, Charities, and Local Authorities

In the fast-paced digital landscape, understanding the distinction between an Intranet and the Internet is crucial for small businesses, charities, and local authorities looking to enhance their internal communications and operations. While the Internet serves as a global platform accessible to all, an Intranet provides a private network exclusive to authorised users within an organisation. Harnessing the power of Intranets, organisations can bolster security measures through robust authentication methods like MFA, ensuring data protection and secure information sharing. By delving into practical applications and the significance of strong passwords and authentication apps like Microsoft and Google Authenticator, this piece aims to illuminate the transformative potential of Intranets in fostering seamless collaboration and productivity within diverse organisational settings.

Demystifying Intranet and Internet

Intranet vs Internet: Clearing the Confusion

Many people confuse the Internet with an Intranet, but they serve very different functions. The Internet is a vast, public network that connects millions of computers globally, allowing users to access and share information widely. An Intranet, on the other hand, is a private network specific to an organisation. It’s used to securely share company information and computing resources among employees. Think of an Intranet as a private version of the Internet, a secure and controlled space where only authorised individuals can operate. This exclusivity protects sensitive data and facilitates communication and collaboration within the organisation. Employees can find everything they need within this network, from HR documents to project collaboration tools, without the risk of external threats. This clear boundary between the two networks is fundamental for maintaining internal security and efficiency.

Core Benefits of Intranets

Intranets bring a multitude of benefits to an organisation. Primarily, they enhance internal communication, allowing for instant messaging and updates which keep everyone on the same page. Document management becomes streamlined as well, as employees can access the latest versions of files without confusion, reducing errors and saving time. Customisation is another key advantage; an Intranet can be tailored to the specific needs of an organisation, displaying relevant information such as news, dashboards, and analytics that drive informed decision-making. Moreover, Intranets support collaboration, making it easier for teams to work together on projects, share ideas, and solve problems, irrespective of their physical locations. With security as a cornerstone, Intranets provide a safer environment for handling sensitive information, bolstered by measures like MFA and strong passwords. Overall, Intranets act as a central hub for all organisational operations, enhancing efficiency, security, and unity.

Enhancing Security within Intranets

Strong Passwords: The First Line of Defence

The security of an Intranet is paramount, and it begins with strong passwords. Passwords act as the first line of defence against unauthorised access to an organisation’s private network. A strong password is complex and difficult to guess; it combines letters, numbers, and special characters to create a barrier that protects valuable data from external threats. Regularly updating passwords and avoiding the use of common words or easily accessible personal information further reinforce this barrier. Educating employees on the importance of strong passwords is essential, as human error often leads to security breaches. Encouraging the use of password managers can help staff maintain a unique and robust password for their accounts. In addition, implementing organisation-wide policies on password creation and updates ensures consistent practices in safeguarding the Intranet. With diligent attention to password security, organisations can significantly reduce their vulnerability to cyber attacks.

Two-Factor Authentication: Doubling Down on Security

In addition to strong passwords, two-factor authentication (2FA) provides an extra layer of security for Intranets. It requires users to provide two distinct forms of identification before gaining access to the network. Typically, this involves something the user knows, like a password, paired with something the user has, such as a code from an authentication app like Microsoft or Google Authenticator. This dual-verification system makes it significantly harder for unauthorised individuals to breach the network because even if a password is compromised, they still need the second factor to proceed. 2FA is particularly beneficial for protecting sensitive areas of the Intranet, such as financial records or personal employee information. By implementing 2FA, organisations demonstrate a commitment to robust security practices, providing peace of mind for both the management and the staff and ensuring that their private network remains just that—private.

Practical Intranet Applications

Internal Collaboration and Knowledge Sharing

Intranets excel in facilitating internal collaboration and knowledge sharing within an organisation. They provide a centralised platform where employees can access shared resources, such as templates, manuals, and internal policies. This central repository of information ensures that everyone has access to the latest, most accurate information. Collaboration tools integrated within Intranets, like forums, wikis, or project management systems, allow team members to communicate effectively, share insights, and track progress on collective projects. This is particularly useful for small businesses and local authorities where resources may be limited, and efficient knowledge sharing can drive significant improvements in service delivery. Charities can also benefit from such streamlined communication, as it allows them to coordinate volunteer efforts and manage fundraising activities more effectively. By breaking down silos, Intranets enable a culture of openness, fostering an environment where knowledge is a shared asset.

Streamlining Organisational Processes

An Intranet can significantly streamline organisational processes by automating routine tasks and centralising essential functions. For example, small businesses can use Intranet platforms to manage leave requests, expense claims, and even onboarding processes, reducing the administrative burden on staff. Charities can benefit by coordinating event planning and donor management through their Intranet, enabling them to focus more on their core mission rather than on paperwork. Local authorities can utilise Intranets to handle internal requests, distribute public information to staff effectively, and manage community initiatives through a single portal. These streamlined processes lead to increased productivity as employees spend less time on manual tasks and more on strategic activities. Furthermore, centralising processes reduces the likelihood of errors and ensures a consistent approach to task management, which is crucial for maintaining quality control across the organisation.

Useful Links:

Microsoft Authentication App: https://www.microsoft.com/en-gb/security/mobile-authenticator-app

To make sure your emails keep going through without any problems, all websites hosted with us will have the necessary information added to your website within the next 21 days. This will allow our email servers to send messages on your behalf, and Gmail will recognise them as safe.

Why is this important?

Making sure your emails reach their intended recipients is really important to us. One way we can do this is by setting up your domain’s SPF record correctly. This helps build trust between your domain and Gmail, increasing the likelihood that your emails will end up in people’s inboxes. By doing this, we can avoid any issues that might prevent your emails from getting through and protect your professional reputation by making sure they don’t get marked as spam by mistake.

Your email account is like a doorway to your other online accounts. If a criminal manages to get into your email, they can use the “forgot password” feature to request emails that give them access to your other accounts, like your social media profiles. So, it’s crucial to keep your email secure to prevent any unauthorized access to your other important accounts.

How to secure your email account

Password

To create strong and secure passwords, try combining three random words. Make sure to avoid using easily guessable words such as your pet’s name or birth month. To enhance the strength of your password, consider adding numbers and symbols. This will make it even more difficult for others to guess or crack your password.

Turn on 2-Step Verification (2SV) for your email

2-Step Verification (2SV) also known as 2-Factor Authentication (2FA), provides an extra layer of security to keep your email safe. Even if someone manages to get hold of your password, they won’t be able to access your account. How does it work? Well, when you sign in on a new device or make important changes like updating your password, 2SV will ask for additional information to verify your identity. This could be a code sent to your phone. Don’t worry, though, you won’t have to go through this process every time you want to check your email. It’s a simple way to add an extra level of protection to your account.

Check to see if your accounts have been compromised.

You can utilize services like www.haveibeenpwned.com to determine whether your personal information or any of your account passwords have been exposed in a significant data breach.

Further information

If you have been affected by a data breach, you can find some useful information here https://www.ncsc.gov.uk/guidance/data-breaches from the National Cyber Security Centre on how to protect yourself from the impact of data breaches.

For more advice on how to stay secure online, please visit www.cyberaware.gov.uk

How to turn on 2-Step Verification

• For Outlook – https://support.microsoft.com/en-us/account-billing/how-to-use-two-step-verification-with-your-microsoft-account-c7910146-672f-01e9-50a0-93b4585e7eb4
• For Gmail – https://myaccount.google.com/signinoptions/two-step-verification/enroll-welcome?pli=1
• For iCloud – https://support.apple.com/en-il/HT204915

Other Articles

• How to Spot a Phishing Email
• 5 Simple ways to reduce junk emails
• Beware Cold Calling IT Scams
• Cyber Security Training

The following article has been released by Microsoft after they discovered a critical vulnerability in Microsoft Outlook for Windows:

Summary

Microsoft Threat Intelligence discovered limited, targeted abuse of a vulnerability in Microsoft Outlook for Windows that allows for new technology LAN manager (NTLM) credential theft. Microsoft has released CVE-2023-23397 to address the critical elevation of privilege (EoP) vulnerability affecting Microsoft Outlook for Windows. We strongly recommend all customers update Microsoft Outlook for Windows to remain secure.

Impacted Products

All supported versions of Microsoft Outlook for Windows are affected. Other versions of Microsoft Outlook such as Android, iOS, Mac, as well as Outlook on the web and other M365 services are not affected.

Technical Details

CVE-2023-23397 is a critical EoP vulnerability in Microsoft Outlook that is triggered when an attacker sends a message with an extended MAPI property with a UNC path to an SMB (TCP 445) share on a threat actor-controlled server. No user interaction is required.

The connection to the remote SMB server sends the user’s NTLM negotiation message, which the attacker can then relay for authentication against other systems that support NTLM authentication. Online services such as Microsoft 365 do not support NTLM authentication and are not vulnerable to being attacked by these messages.

Fix

Please refer to CVE-2023-23397 Outlook updates to address this vulnerability, read FAQs, and additional mitigation details.

Impact Assessment

To determine if your organization was targeted by actors attempting to use this vulnerability, you should contact use.

Acknowledgement

The Microsoft Incident Response team and Microsoft Threat Intelligence community appreciate the opportunity to investigate the findings reported by CERT-UA.

Through joint efforts, Microsoft is aware of limited targeted attacks using this vulnerability and initiated communication with the affected customers. Microsoft Threat Intelligence assesses that a Russia-based threat actor used the exploit patched in CVE-2023-23397 in targeted attacks against a limited number of organizations in government, transportation, energy, and military sectors in Europe.

We often receive report from residents who have had cold callers at their door despite displaying a sticker, with some reporting that the callers can be difficult to turn away and, in some cases, verbally aggressive when the presence of the sticker is pointed out.

We are asking residents to report all doorstep cold calling incidents to us, especially if their property is displaying a No Cold Calling door sticker of any type. We are also offering the following advice:

• If someone cold calls at your property remember it is your doorstep so your decision whether you even answer the door, if you can check through a spy hole or look from a window to see who is there
• Think about your home security, make sure other doors to your property are locked before answering the front door
• If the person is offering services or trying to sell something politely but confidently say you are not interested and close the door
• If the person is claiming to represent an authority, organisation or charity ask to see ID. If ID is offered, ask if you can take it to check its validity. If you are given the ID close the door and contact the company or organisation on the ID by a number you find online or in the phone book, DO NOT use information on the ID, it could be fake
• If no ID is offered, the caller refuses to let you check it, or you can not verify it is genuine politely but confidently say you are not interested and close the door
• As the cold caller leaves, if you can safely from inside your property watch and see: Do they go to call at neighbouring properties?
• Do they return to a vehicle, is it sign written, can you see the make, model, colour and registration plate?
• Are they alone or working with others?
• Note down a description of the cold caller, why they were calling and who they say they were representing – all of this information is very useful to Trading Standards and the Police when looking at Cold Calling incidents

You can report doorstep cold calling incidents to us via our partners the Citizens Advice consumer helpline on freephone 0808 223 1133 or to Norfolk Constabulary on 101. If you feel threatened or have concerns for vulnerable neighbours always dial 999.

If you would like one of our No Cold Calling door stickers call the Norfolk County Council customer service centre on 0344 800 8020.

Why not consider setting up a No Cold Calling Zone in your community? You can find out more about our scheme at www.norfolk.gov.uk/nccz

Before getting into the comparisons, there are a few technical words that you need to be aware of.

• 2 factor authentication (2FA)– This is quite a new concept but has taken off very quickly and your more than likely already using it. 2FA is the process of typing in your password and then still having to do something else on another device or account, the most common one is entering a code you got as a text.

• Biometric login– This one is pretty simple, this is using your fingerprint and facial recognition to login, most smartphone have this built in nowadays.

Now below are some of the best password managers for the web, that we have evaluated and are available to the public. These are the first ones you come across if you’re looking for password managers, so they have been broken down and tested so you don’t have to.

Dashlane

If you are looking for password managers, then Dashlane is one you will come across straight away. Overall, it is a very good option with few setbacks, If you pay for the premium experience then you will have unlimited access to all the features but the free version is definitely not to be over looked.

Pros

• 2FA
• Biometrics login
• compatible across all devices and browsers.
• Bulk password changer to enforce regular changes.
• Easy to use
• Importing of old passwords
• Dark web monitor to check if any details have been involved in a breach (premium)
• Ability to save bank cards, IDs and notes as well, all securely.

Cons

• Free version can only be used on one device.
• Premium is $3.99 (£3.46) per month per person or $5.99 (£5.19) for 6 users
• Had issues receiving 2FA email

Summary:

After using Dashlane for a little while, I can see its uses. However, it can be a bit over the top with wanting to save details. The prompt to save passwords will come up quite a lot, even when you haven’t logged into anything, and I have also had it make some mistakes saving details with the 2FA number I put into the website. Despite this I could see Dashlane as a password manager I use permanently in the future.

1 Password

1 password is another safe bet when it comes to password managers. There is no free version, however there is a 14-day trial so this isn’t the end of the world as the premium is still at a very reasonable price compared to its competitors’. With costs being $2.99 (£2.60) per month per user or $4.99 (£4.34) for 5 users. It has a few more features than Dashlane as well, which are listed below.

Pros

• 2FA
• Lots of security features
• 1GB of secure document storage
• Compatible across all devices and browsers.
• Unlimited devices
• Password Sharing

Cons

• No free version
• User interface not as easy to use compared to other password managers

Summary:

After some use of 1 Password, I have found it is not as easy to use as other password managers, the user interface in the site dashboard is a lot harder to use and navigate to find your passwords. It also has no free version, so a 14-day free trial is all I got. The prompts for entering and saving passwords are nowhere near as big and in your face which I like, however I wouldn’t say this makes up for its outdated look.

LastPass:

LastPass is another good option despite its recent security concerns, where no passwords were compromised according to the verge. It is easy to use and has complete sync across mobile and desktop devices.

Pros

• 2FA
• 1GB of file storage
• 1-to-1 sharing
• Unlimited passwords
• Compatible across all devices and browsers

Cons

• Security reputation
• Only available on one device on free version
• Premium $2.60 (£2.23) per month per person or $3.40 (£2.91) for 6 accounts

Summary:

LastPass was relatively easy to use, it had a better user interface than 1 Password, however I did have some issues using the links to websites from in Lastpass. Some wouldn’t work and some took me to the wrong websites. This isn’t the conventional way of getting to websites so I wouldn’t worry too much but it may be an issue when it’s trying to find passwords for certain websites.

Browser Managers

Browser Managers are ones that you will be using every day without realising. When you sign into a new site on the internet you sometime get a box come up asking if you’d like to save the password, this is your password manager.

Pros

• Completely free to use
• Most modern browsers have them built in
• Can be used in that browser no matter the device, as long as your logged in
• 2FA (depending on browser)

Cons

• Passwords saved in one browser can’t easily be used in another
• Not as secure as actual password managers

Summary:

I have been using browser managers for years now and have never had a problem with them however they are very simple. You get no special features that tell you if your password needs changing or if it has been compromised but if you’re looking for something quick, simple and free, they are the way to go.

Overall Summary:

In summary all the password mangers have pretty much the same features, what is comes down to is the price and the ease of use. I have used them all to find the one I prefer, and I would suggest you do too, all have some kind of free trial so you are able to find the one you find easiest to use.

Hopefully, this has helped you understand password mangers and how to get the most out of your IT. If you need any further advice, please get in touch. 01553 776937 or email support@rlscomputers.co.uk

*Prices correct at the time of publishing

Software Links

https://www.dashlane.com/ – Dashlane

https://www.lastpass.com/ – Lastpass

https://1password.com/sign-up/ – 1 Password

https://support.google.com/chrome/answer/95606?hl=en-GB&co=GENIE.Platform%3DDesktop – How to find and mange passwords in Chrome

https://support.mozilla.org/en-US/kb/password-manager-remember-delete-edit-logins – How to find and mange passwords in Firefox

We know that these tools in the wrong hands can be very dangerous and can compromise your privacy and data security. However, in the right hands these are tools that help you with tech support and getting you quickly and securely out of a jam.

Do You Need This?
This is a good question, should your use of the Internet be restricted by your ISP or should you have the freedom to choose what is safe or not (hence, complex in resolution)? This author personally does not believe they should and instead follow our simple principle, which is “educate to facilitate…”.

We are all taught that drinking dirty water is going to make you sick, but the water companies do not turn off your water supply on the chance that might happen.

With good anti-virus software, a firewall router, and some good education you can get on using your Internet devices without issues and compromise. Safety and security are kept intact and you don’t have to wonder why certain websites and applications don’t work.

Can I Turn it Off?
Simple answer, yes. You need to head over and log into to your MyAccount in your TalkTalk portal, then:
• Select My Services section
• Select View HomeSafe Settings
• Select Off and confirm that you want this service switched off.
It’s as simple as that!

If you have questions about your Internet security or how to best protect yourself from scams and fraud then please email us at support@rlscomputers.co.uk or if you have been a victim of cybercrime report it to Action Fraud, the UK’s national reporting centre for fraud and cybercrime

Web Links

• TalkTalk HomeSafe – https://community.talktalk.co.uk/t5/Articles/How-to-use-TalkTalk-HomeSafe/ta-p/2205196
• Action Fraud – https://www.actionfraud.police.uk
• Take Five to Stop Fraud – https://takefive-stopfraud.org.uk
• Get Safe Online – https://www.getsafeonline.org

There has been some changes in the security protocols that run a lot of our online and offline lives. Such services as online banking, secure connectivity, applications and emails will be affected. The changes relates to the Transport Layer Security protocol (TLS) and the retirement of versions 1.0 and 1.1 and the migration to 1.2+. TLS provides the encryption between devices and services (that Secure Socket Layer – SSL stuff) and is critical in providing best-in-class encryption, and to ensure our data is more secure by default.

What Specifically is Transport Layer Security (TLS)?

TLS is a protocol that provides end-to-end communications security over networks and the Internet. It is used with online services, communications and online transactions. It’s job is to prevent communication tampering and message forgery.

If you want to know more about security protocols or check to see if your systems are up to date and running the correct settings please get in touch at support@rlscomputers.co.uk

Microsoft is officially dropping extended support for all of these on January 14th 2020. So you need to get a action plan in place in plenty of time so your business is prepared and to reduce downtime in your business workflow.

We would also like to add that Microsoft Office 2010 is also End of Life come October 13th 2020, this not only has the same outcome as the Operating Systems but also new features are now available in Office 365 upgrades.

Does this mean my Windows computers & servers will stop working?

Solutions

When Windows Operating System reaches end of support, your computers and servers will still work. However, Microsoft will no longer provide security patches and updates. Whilst you could continue to use your unsupported computers and servers, this puts your business at a greater risk of viruses, vulnerabilities and compliance.

The answer is simple, upgrade to Windows 10 Pro and Windows Server 2019. There are many paths to this solution, one of which includes being under our Enterprise Managed Services and let us roll-out your upgrade. Move some of your infrastructure to the “Cloud” with Azure & SharePoint. We can move your legacy Exchange 2008 Server into the cloud and provide you a Managed Hosted Exchange platform including a migration plan so you will have little to no downtime, rather than investing in a new server.

Microsoft Office 365 subscription offers the latest version of the office suite and is updated on a regular basis. You still can purchase the office suite as a one-time purchase per licence however this limits you to that version.

Compare Office 365 subscription with Office 2019

If you prefer, we can also provide new computing solutions and on-premise servers running the latest Windows OS from Fujitsu, that are energy efficient lowering the cost to run them and are cost effective. Or a combination of both, it really depends on your needs.

To learn more or arrange a evaluation of your IT, please contact Rob Lucas on 01553 776937 or email info@rlscomputers.co.uk.

This time last year saw the introduction to the new Data Protection law in the UK titled the General Data Protection Regulations. The new regulations introduced severe penalties to companies who have broken the law, where they can be fined 20 million euros (£17.6m) or 4% of their annual global turnover – whichever is larger.

The new law is now a year old and organisations are asking, so what has happened with it all? This article hopes to answer that question.

Last year, we have seen the UK adopt the GDPR into UK law. As GDPR is an EU law there needed to be provisions for how it applies in the UK. So in 2018 we saw the old Data Protection Act 1998 be upgraded to the Data Protection Act 2018 or DPA 2018 as it has been dubbed.

So, who has been hit with the new fines since the new law? The answer is no one in the UK, even thou according to a BBC Technology post “More than 14,000 data breaches have been logged since the introduction of tough new data laws…”, further more the posts states that “Complaints from the public have also doubled, from around 21,000 to 41,000”.

Other than the new stiff penalties, the ICO has also implemented fines for non-payment of their fees. The message here is that those who didn’t pay risked a fine. This was further addressed this year when the ICO produced a trend report to show which sectors had been issued with fines.

However, what we have seen is a different trend which is more worrying than not paying a fee at all. This trend is those who pay a fee and don’t know why they are even paying it or even worse not understanding the legal framework or how to comply with it. In my opinion, this is where the system has failed organisations in not informing or promoting the new law to organisations.

So what’s next? I predict that you will probably see some of those data breaches resulting in large penalty fines in the next year and that as they do more organisations will take a moment to get to grips with the new law.

Organisations wanting to know where they stand with DPA 2018 can get in touch for more advice or they can read the guide on the ICO website https://ico.org.uk/for-organisations/guide-to-data-protection/.

This is not necessarily a new scam but more cleverly designed and worded.

Click for fullscreen view

The email is urging the recipient to act FAST and sign-in with their email credentials with limited time to react, it stresses that your email account will be DISABLED if you don’t react. Note, it is sent with a level of urgency by using UPPERCASE subject line and noting you have until the NEXT DAY. These are all techniques used by cyber-criminals to get you to react to the message. Furthermore, you note that the email is signed by the EMAIL ADMINISTRATOR and refers to MICROSOFT to further strengthen the trustworthiness of the message and encourage users to accept the email is real.

This is a targeted scam to businesses to gain access to users email accounts by using a strategy that not only targets the individual but an entire department. By sending an email to say sales@ or info@ the cyber-criminal is targeting multiple people at the same time knowing that someone in that department may actually open and react to the email.

In the past cyber-criminals would target an individual with these kinds of scams by emailing an individuals name (say tom@, dick@ or harry@), but by targeting departmental email accounts, the cyber-criminal has a greater chance of someone within that department opening the email and clicking the links or opening the attachments.

By training staff to identify scam emails like this, would dramatically reduce the threat landscape for these emails and stop your IT infrastructure from being exploited. RLS Computer Services Ltd. can deploy systems to reduce scam emails, install malware detection systems on your PC and install countermeasures and procedures to reduce any impact if a threat was executed by an employee.

The current climate in cybercrime isn’t going to change, so stop taking unnecessary risks with your data & let us keep it safe.

We have received many reports from customers who have received emails claiming that a cyber criminal has hacked their PC and gained footage from their webcam of explicit sexual acts. They threaten that unless they pay $xxxx (usually in Bitcoin currency) that they will leak this video onto the Internet and activate malware that they have installed on their PC.

Furthermore, In the email subject line you may also note that they have included a previously used password from a website that the user has accessed, this is to further strengthen your belief that this is real and solidify their attack on you.

First, we want to reassure everyone these are hoax, Phishing emails, designed to get you to part with your cash and create fear to make you engage in a knee-jerk reaction to what seems to be a terrifying attack on your privacy.

How to stay safe

Here are a few tips on what to do:

• Never pay anyone in Bitcoin or react (or interact) with a scammer.
• Never click a link or open an attachment to scam emails demanding a ransom.
• Always use complex passwords for the sites you use, especially ones with personal identifiable and sensitive information (i.e. Social Media, Banks, Shopping Sites, etc.)
• Only access sites that are secure (with the padlock and starting with https://)
• Never reply to a scam email.
• If you think your password has been compromised in anyway, change it.
• If you have gone too far and divulged your bank or card details to a scam email or rogue website, then you must inform the bank immediately.

If you want to know more about how to stay safe online please visit https://takefive-stopfraud.org.uk/

If you have been a victim of fraud then report it to Action Fraud by calling 0300 123 2040 or visit https://www.actionfraud.police.uk/reporting-fraud-and-cyber-crime

Protecting our customers’ data is a high priority for us here at RLS Computer Services. With the General Data Protection Regulation (GDPR) coming into effect in May 2018, we see this as an opportunity to strengthen our commitment in the area of data security.

What is the GDPR?

In the UK, the Data Protection Act 1998 (DPA) is a law introduced to protect personal data stored on computers or in an organisation filing systems. Its purpose was to control the way information is handled and gave people “Data Subjects” legal rights over the purpose, lawfulness, accuracy, period and what information was held about them.

Since the birth of the DPA, technology has moved on dramatically. Social media, Internet presence, mobile technology and CCTV have all emerged and grown and the act is long overdue an overhaul.

Enter, The General Data Protection Regulation (GDPR), which comes into force 25 May 2018, the new law applies to data processing carried out by organisations operating within the European Union (EU), It also applies to organisations outside the EU that offer goods or services to individuals in the EU. The government has already decided that “Brexit”, will not affect the commencement of the new law, in fact we “may” also see introduced on the same day the UK’s Data Protection Bill, as the Data Protection Act 2018, effectively implementing the GDPR into UK law.

So simply put, GDPR, and the forthcoming Data Protection Act 2018, expand the privacy rights granted to data subjects (EU/EEA individuals) and place greater obligations on organisations who handle personal data of those individuals (data controllers and processors), wherever those organisations are based.

What we’re doing to comply with GDPR?

The task of compliance can be long and complex, so we have taken steps to make changes to our policies, procedures and systems to ensure that we comply with the Regulation and continue to put data protection first.

Some of the steps we have taken and are taking include:

• mapping all data handled by us and our suppliers
• analysing GDPR requirements against our current processes and policies
• making changes to our policies and procedures in line with requirements
• making appropriate changes to our software tools and services
• making sure our suppliers (“Processors”) are also compliant
• reviewing and updating contracts, as and where appropriate
• training all staff on the requirements of GDPR and our data privacy procedures.

But be assured, Organisations must ensure that they are compliant with the provisions of the new regulations when it comes into force, however the requirement to be compliant doesn’t end on 25 May. While there are a tick list of things to be done, our approach is not only to become compliant, but also reach beyond and gain certification in cyber security which will in turn assure our customers of compliance with our implementation to “Privacy by design and default”. This means we will implement technical and organisational measures to provide customers assurance of our security standards .

We hope to have all our policies and procedures in place before the 25 May and will keep you posted on our developments.

We at RLS Computer Services take cyber-security very seriously and don’t wish our customers to be a victim of fraud.

To help keep yourself safe from fraudsters by reducing their chances of getting hold of your information, we have put together some top tips for you.

• When using Internet banking or any online service, never share  One Time Passcode (OTP), passwords, security codes or any other form of security information with another person. Not even an employee of that company.
• Never download software or let anyone log on to your computer or other devices remotely following or during a cold call.
• Never enter your Internet banking details after clicking on a link in an email or text message.
• Never follow a telephone instruction asking you to press keys on your keyboard, or run any programmes from a cold caller.
• Never visit a website given to you by a cold caller, it might contain malware.
• If you are ever unsure, we urge you to take your time, don’t be rushed. A genuine organisation will never rush you to take action on your account.

To illustrate the point of security and fraud please take the time to watch this witty but to the point video.

Cyber-attacks are on the rise; so, what can we do to protect our identity and keep our information safe? Read my action To-Do-List to keep yourself safe online and out and about.

it was only last week when Northern Lincolnshire and Goole NHS Foundation Trust suffered a major incident after systems were infected by a computer virus and now this week Tesco Bank suffered a sophisticated attack which saw monies taken from 20,000 of its customers’ accounts.

Here are my recommendations to keeping you safe online and out and about.

General Rules

• Use a quality anti-virus solution and keep it up to date. There is no point scrimping on security here, an anti-virus application will provide several security benefits including malware protection, firewall and browsing protection.
• Always use a strong password, which is a critical factor of preventing access to your  information. It doesn’t have to be overly complicated either, simply take this famous pangram “The quick brown fox jumps over the lazy dog” and ask yourself how many ways can you write just part of this sentence (i.e. “TheQuickBrownFox”, “Th3Qu1ckBr0wnF0x”, or “Th3QBF0x”)? You can use your own sentence and create your own short versions to create your password, there is literally endless possibilities and combinations.
• Password protect your PC and lock it when you step away, even if you are just visiting the loo.

Safe Browsing

One of the biggest concerns most people have is with safe browsing, but what does that mean? I define it as visiting known websites or searching for information on the Internet. To safely surf the Internet you should follow these simple rules:

• Never search for a website that you know the address for, always type the fully URL of the website instead of just the name. For example when visiting the BBC website don’t just type “bbc” into a search engine as you are then presented with a mountain of responses to choose from and the first one isn’t always the correct one, instead type “www.bbc.co.uk” which will take you straight to the site.
• Always use bookmarks for regularly visited websites (i.e. Bank, shopping sites, etc.)
• Never install browser add-ons, toolbars and extentions when you don’t know what they do, this is one of the major causes of browser hijacking to date.
• Turn on Pop-up blocker to stop ads and unwanted browser activity and selectively allow only those sites who need them (i.e. your bank might sometimes pop-up a window to present your latest bank statement).

Out and About

Cyber security isn’t just about what you do at home and work on your computers, it is also about what you do when you are out shopping, visiting friends and using your mobile devices. Here are my recommendations to reducing your chances of being cyber attacked when you’re out and about.

• Check that cash machines haven’t been tampered with, credit card fraud can happen if a criminal has skimmed your card directly from a machine that has been altered to read your card and capture your PIN.
• Always make sure no one can see your PIN number when typing it in, this should always be observed in shops and cash machines. Don’t be afraid to ask people to step back if they are too close.
• Lock you mobile devices with a PIN in case you loose it and enable track and trace.
• Don’t keep PIN numbers written down and if you absolutely have to don’t keep them in the same place as your cards.
• Never let your card out of your sight, even at your friendly supermarket
• If someone asks to use your mobile phone in an emergency just ask for the name of the person they want to call and the number and call it yourself, only handover the handset once you are assured you are dialling a legitimate number and talking to real person.

My last piece of advice I want to share with you is this, DATA is KING, after all cyber crimes are not just about stealing your money, it’s about stealing your information and the more detailed the information the better. So we must back it up and back it up with a quality backup solution. It is admiral to watch someone backup their data to a USB pen drive or external hard drive only to then loose it or break it. If you get hit with ransomware, lose your mobile device or simply delete your data (accidentally or by malware) the chances of recovery has been increased significantly when correctly backing up your data.

Further Reading

• Rogue Virus Warnings
• How to Spot a Phishing Email
• Cryptolocker Ransomware: Your Data’s Worse Nightmare
• Beware Cold Calling IT Scams

For more help with securing your IT systems, why don’t you give us a call on 0844 334 2020 or email support@rlscomputers.co.uk

To my absolute amazement it turns out that this is linked to a Microsoft Update (KB3035583) released 24/25th March 2015 (read more here https://support.microsoft.com/en-us/kb/3035583), which is actually a Windows 10 ad / downloader that will probably produce pop-up messages to end users about upgrading to Windows 10. Microsoft are not confirming or denying or saying too much about the truth behind KB3035583 update however, many anti-virus websites and other bloggers have stated that GWX aka. Get Windows X (10) will sit dormant until Microsoft feel they are ready to release the “FREE” upgrade later this year (Summer 2015) and when they do, this clever application will download and install it AUTOMATICALLY – (Yikes!!!)

Description of KB3035583 Update

Further investigations have shown that on many anti-virus providers websites reports show that some if not all of the following files are being blocked / quarantined as they are seen as malicious files or PuPs (Potentially unwanted Programs).

Config.xml
Gwxgc.exe
Gwx.exe
Gwxconfigmanager.exe
Gwxui.dll
Gwxux.exe
Gwxuxworker.exe

This in turn will produce error messages as the update will not been classified as being installed correctly and you might get repeated prompts to download and install it.

What is Windows 10?

Windows 10 is the next release of Microsoft’s Operating System (OS) and is designed to produce a better user experience for Desktop, Laptop and Tablet users with a bunch of other cool stuff, the plan is to release it later in the year (2015).

Microsoft will offer a direct “FREE” upgrade for qualified Windows 7, Windows 8.1 and Windows 8.1 Phone devices as long as you upgrade in the first year. You can read more here http://windows.microsoft.com/en-us/windows-10/about.

What Does This Mean & What Should I Do?

Well that is up to you personally or your IT Administrator, IF this is all true and if you want to have Microsoft reminding you or your staff with banners and pop-ups about upgrading to Windows 10 and then automatically install it then let it be. However this WILL put a strain on your computer / network especially if you have several (or several 100) Windows devices. Also as we always advise as you have no idea what will happen to your computer(s) when they upgrade automatically (for example, will your software applications cease to work) our advice would be DON’T DO IT until you are happy that it won’t destroy your computer and worse still potentially loose your data.

for more help or advice about what to do about this issue you can contact support by emailing support@rlscomuters.co.uk.

We advise that you DO NOT RESTART YOUR COMPUTER until you have checked with us first.

This information applies to the following products:
• Panda Cloud Office Protection
• Panda Cloud Office Protection Advanced
• Panda Antivirus Pro 2015
• Panda Internet Security 2015
• Panda Global Protection 2015
• Panda Gold Protection

The Issue:
An automated update published yesterday unexpectedly resulted in Panda protection detecting and neutralising several files on some systems, these files varied from the windows system, and applications including panda files. These files were quarantined rendering the applications unusable. The issue was quickly detected and a corrected signature file released. Pandalabs and the development teams immediately began working on a process and tools that will help rectify any system issues. However, in certain environments it is possible for the incident to persist. To verify if this is the case of your computer, please follow the steps below.

What do I Need To Do?
1. Check to see if your applications are running OK
2. You might also experience messages on screen stating GDI, PSUAmain, missing DLL or similar error messages
3. If any of the above please contact us via remote session (RLS Desktop Support) so we can deploy the fix.

If you have any questions regarding the problem or any other technical questions, please don’t hesitate in contacting me through the usual channels. Email support@rlscomputers.co.uk or call 0844 334 2020.

RLS Support Team

Recently and after our previous blog “http://www.rlscomputers.co.uk/news/?p=300“ we have been asked “Can I Trust Emails From HMRC?“

The answer is not as simple as it might seem, we have already highlighted the root cause of Phishing emails and why fraudsters send them. Therefore it is highly probable using the guides in my previous blogs that someone will attempt to defraud you at some point claiming they are from HMRC.

Okay, so what to look out for:

• If the email is from a legitimate source they would normally point you to the web address both visually and as a hyperlink. For example see my link above “http://www.rlscomputers.co.uk/news/?p=300″ instead of using just “How to Spot a Phishing Email” as the link. This gives you the choice to type the link in opposed to only clicking the link.
• Language, if the email is written responsibly then the language would make sense. You woodn’t find bad landwich and granma from the hmrc (exaggerated example, but you get the point).
• Fake images, alot of HMRC Phishing uses fake or forged images, normally grabbed from Google images. This is NOT a sign of genuine origins so ignore it.
•  Greed, we all like money and want more of it, however don’t succumb to emails from HMRC telling you that you have received a TAX refund / rebate. HMRC will never contact you about these via email.

These are a few of the key notes you should remember before opening, clicking, acknowledging emails from HMRC, if you follow them it will keep you safe and in the know that the emails they do send you are quite safe to open and deal with.

Other Useful Links

HMRC Phishing Email Examples: http://www.hmrc.gov.uk/security/examples.htm

Geniune HMRC Contacts: http://www.hmrc.gov.uk/security/contacts.htm

Phishing Emails – Your choice Blog: http://www.rlscomputers.co.uk/news/?p=43

Norfolk County Council Business Scams: http://www.norfolk.gov.uk/Business/Trading_standards/Business_scams/index.htm

Norfolk County Council Consumer Scams: http://www.norfolk.gov.uk/Community_and_living/Consumer_advice_and_protection/Scams/NCC051378