By Shawn Morrison

On Friday afternoon, The Register published an article reporting a leak of 32TB of Windows builds and source code. This is a significant breach and could cause security concerns for Windows 10 users in the coming months.

All large software systems contain bugs – small mistakes made by the humans who programmed them. Some may only cause minor annoyances, such as text being the wrong color. Others can be dangerous, leaving users’ data exposed. It’s no surprise then that attackers who write malware are always on the lookout for such bugs.

Usually the hardest task for a hacker is finding them. That’s because Windows operating system code is compiled into assembly code designed to be read by processors. As a result, it is a slow, tedious process for humans to read through it all.

It may take hours or days to look over even a few hundred lines of code after they are compiled – and the Windows 10 codebase contains tens of millions of them. Given that volume, it is entirely possible Windows 10 contains vulnerabilities that have not yet been found and patched.

That’s a serious security issue because, unlike assembly code, the source code that was leaked is designed to be read by humans. Now that it’s available, more attackers can study its contents and write malicious programs to exploit it.

That’s the bad news. The good news is that Microsoft will surely be working even harder to find any bugs before the bad guys do. So, it’s a good idea (always, but especially now) to install any software updates immediately. They will contain the patches to any vulnerabilities Microsoft identifies.

In addition, this is a good time to review your company’s overall security posture and make sure you don’t have any gaps. If you’d like more information on how to build layered security, visit our website and download our free whitepaper.

Office 365’s user numbers are expected to surpass 100 million in 2017. With the vast amount of data shared via email in the Office 365 Suite, a critical question IT admins should be asking is: How secure is it?

While Office 365 comes equipped with native security features, the suite doesn’t offer the layered security protection businesses need to safeguard data. You can reduce risks by implementing a layered security approach. The key layers include Policies & Training, Filtering & Encryption Services and Security Software.


Read More

Every smart device owner has most likely experienced one moment where they reached for their device and it wasn’t there.

After a short, frantic search with no results, the dreaded thought enters the mind: “What if I lost it?”

Because of the small size and portability of these devices, they are easily misplaced.

Their size sometimes makes it easy to forget the huge treasure trove of information these smart devices contain. Text messages from friends, work email accounts, pictures of loved one, apps to access bank accounts and social media, location history, and more.

If you lost your smart device, how would you mitigate the potential damage that could be caused if it fell into the wrong hands?

Fortunately, there a few proactive measures that can be taken to ease the mind, should this situation occur.

Read More


Every so often another data breach makes the headlines. Some big name company discloses the loss of user data including credentials. Here is a list of the major breaches that have occurred in 2017. Within days if not hours, that data becomes available for purchase on the dark web and eventually on the open web for anyone to download. Over time, security analysts reviewing this data overwhelmingly draw one conclusion from the data – users love to use insecure passwords and reuse those same passwords across multiple accounts.

So how do these analysts come to this conclusion? By simply correlating usernames across services and comparing passwords. Remember, usernames are typically an email address, first initial and last name or some other easy to guess or infer combination. A username in itself is nothing more than an identifier and has no inherent security. The password component of a login is the security component of a typical login.

All username / password combinations are a form of Type I authentication (AKA something you know) and are the least secure method of authentication. Many providers now offer a second layer of authentication based upon Type II authentication (AKA something you have). This is typically the delivery of a unique code to a device that you possess like a cell phone or tablet.

When this is combined with the existing login authentication, the result is called “Two Factor Authentication” or “2FA.” This type of authentication dramatically reduces the likelihood that some else can log in using your Type I credentials without your knowledge.

Unfortunately, many users don’t enable 2FA for sites that support it. The other common habit is password reuse – using the same password for more than one site or service. The danger comes from breach data dumps that get posted publicly. All that is necessary then is for a malicious actor to try that username / password combination on other high value sites – an attack called a Password Reuse Attack. If the password has been re-used by the user across more than one site, the result could range from a minor inconvenience to devastating.


So how does one reduce risk while maintaining convenience for the end user? Here are a few action items:

  1. Enable Two Factor Authentication (2FA) for all applications that support it
  2. Use a password manager to manage logins across applications like
    • LastPass
    • Intel True Key
    • Dashlane
    • RoboForm
    • KeePass (Local vault)
  3. Consider adding 2FA using something like Duo to all your applications.
  4. Require users use a password generator along with a password manager
  5. Force users to change passwords immediately when a breach or compromise is reported
  6. Set a policy for minimum password requirements (Length, complexity, etc)
  7. Require that users NOT reuse passwords. This is hard to enforce but make the policy anyway

Users will complain initially but once they learn new habits, your risk profile will be lower and you will rest easier. I personally don’t believe that resetting passwords on a regular basis has any redeeming value if your initial passwords are sufficiently complex and passwords are not reused. When users do change passwords on a regular basis, they usually make a minor change to their existing password and end up with a  bunch of similar passwords across accounts.  Users are also forced to re-authorize any account that changes on connected devices. Password managers and 2FA virtually eliminate this behavior. The better approach is to change passwords only when a compromise is suspected.


The key to successful security is ongoing user awareness training along with providing the tools and procedures that make it easier for users to implement security.

If your users suspect they have been compromised, they can check using the site Have I Been Pwned. This site is maintained by Troy Hunt, a Microsoft Regional Director. Users simply enter their email address and get a list of sites that include their username. If they get any hits, the results will indicate whether or not password data was included. If they find a password compromise, they should reset their password at ALL SITES where that password was used. Then they should change it to something different at every site. Stay secure out there!

This morning a unique campaign targeting Macs has caught our attention. This attempt contained a .zip file carrying a Mac (OSX) trojan known as Aptordoc (OSX.Dok).

All of these emails contained the OSX Aptordoc trojan, however, some also had a Windows trojan downloader known as W97M.Dropper (Mal/DocLnk-B) attached, also like the example pictured below.  These messages were destined to our Switzerland clients with the .ch domain extension.

Mac can be susceptible to malicious attacks

There is a common misconception that Macs cannot be infected.

While we see less attempts targeting Macs, they are definitely susceptible to malicious attacks such as this.  Below is and example of the current malicious email that is making the rounds. Under the example image is a rough unedited Google Translation to English.

At AppRiver, our SecureTide spam and virus filtering team works 24/7/365 to protect our customers from these types of threats as they emerge.

OSX trojan aptordoc

Unedited Google Translation:

Display Name: Canton Police Zurich

Subject: Unsuccessful contact attempt

Good day.
My name is Walter Seeholzer, I am an inspector from the Zurich Criminal Investigation Department.
We have tried to get in touch with you to ask you some questions, but unfortunately we have been unsuccessful.
This document contains a list of questions as well as my telephone number.
Best regards,
Walter Seeholzer

Your personal data will not be shared with third parties outside the Group without your express consent.
All these data-receiving agencies ensure compliance with data protection and data security.

For the online ordering or the purchase of certain services and products, the registration and registration of your personal data is indispensable.
This is the only way you can access your MCC or estv can provide you with the invoices.