Security update around WebP vulnerability

    • Security update around WebP vulnerability

      • Matthew James

      On Wednesday September 27, 2023, news of active exploitation of a zero-day vulnerability ( CVE-2023-4863 )(updated with CVE-2023-5129) in a common component of the webp image format, was announced.

      This vulnerability is known to potentially affect a wide range of browsers and popular applications.This includes (but is not limited to)Google ChromeMicrosoft EdgeMicrosoft TeamsAlong with a wide range of others.

      Read More
    • What is Office 365 Security?

      • Matthew James

      Office 365 and the Microsoft 365 Platform have some very good security features. Unfortunately, not all of the protection is available at some levels of licensing, and “out of the box” even the features that your licensing does give you access to may not be fully configured or set to your organisational needs. There is quite a bit of adjustment and ongoing tuning required to get the best out of the system, and keep it working to an appropriate level.

      Read More
    • How can I change IT Provider?

      • Matthew James

      How can I change IT Provider?  OK, so if you’re reading this blogpost, it’s quite likely that your IT provider isn’t up to scratch and so you’re trying to find out how easy it is for your business to change IT Support Providers or IT Company (or however else you want to term it!).  The honest answer to this question is that it depends on the IT providers that you are thinking of changing from and to.  That might sound like the process is going to be really difficult, horrible or stressful – it SHOULDN’T be.

      Read More
    • Lets Talk Contact Methods For Your Business…

      • Matthew James

      At ESP Projects in Sheffield, we constantly strive to improve our services and deliver exceptional customer experiences. As part of this commitment, we are exploring new ways to expand our contact methods beyond email, ticket, and phone support. In this blog post, we’ll discuss the potential benefits of additional support channels such as live chat and knowledge bases and seek your valuable input through a survey on the contact methods you would like us to provide. 

      Read More
    • Are your organisation’s signatures important to you? 

      • Matthew James

      In a recent post about security, I mentioned about setting up signature control software for an organisation in Sheffield, it wasn’t the core point of the article, more the introduction to a rambling discussion on security awareness of staff, but it also raised another question – What is signature control software? Other questions answered by this blog-post are; How do I set up my business email signature? How do I set up my email signature?

      Read More
    • Do you know who you are talking to?

      • Matthew James

      Today’s anecdote – always know who you are talking to… wait… hang on… isn’t this an IT article? Well yes it is, but even when you are sat at your computer you want to ensure you know “who” you are talking to, and that “they” should know the information you are typing in.

      This all starts with a recent installation of some signature control software at an office in Sheffield, you know the kind of thing, a platform to control all of your staff signatures centrally, to make sure all of them look the same, have the relevant information on them, update all of them with any current pertinent information, all very useful to keep on top of what is otherwise a long, dreary and often niggle filled process to achieve email appearance heaven.

      Read More
    • What are the best practices for password policies?

      • Matthew James

      What are the best practices for password policies? Security Policies – and the eventual demise of the password 

      I did something unusual (for me) the other day – I went out for a drink in Sheffield city centre. Why does that matter to you? And why would I write about it here?  Well it was while I was out mingling with actual real live people that a conversation arose about security and passwords (seriously, I’m an absolute blast when I am out on the town, honestly) and what the best policies are around passwords. It came to my attention that there are still a lot of people still following best practices from a decade ago… 

      Read More
    • ESP Projects are now hiring.

      • Matthew James
      An opportunity has arisen for a skilled engineer to join our team. The engineer will be working closely with other team members, to provide class leading support to our varied customers during the installation and configuration of IT systems.
      Read More
    • More Spam news, Threatening and Blackmail based extortion

      • Matthew James
      There has been another upturn in spam activity, this time a slightly different track to our recent reports where the aim has been to harvest your log on details or infect machines with Malware, this latest round of spam takes a less technological track and flat out blackmail and/or threaten the recipient.
      Read More
    • Office 365, Moving Beyond Email, Part 1 File Storage and Sharing

      • Matthew James
      Office 365 offers far more than just an industry leading email platform. In this series of articles, we seek to investigate other offerings on the platform and how they can benefit you and your organisation, starting with perhaps what is the second biggest business use behind emails – File Storage and Sharing.
      Read More
    • Email best practices.

      • Matthew James

      One of the weakest points in any security system, whether it be an IT system, or other system, is usually the human operators of that system. There is a whole subset of “hacking Techniques” dubbed “social engineering” where the goal is not to find weaknesses in the technological level of the system, it is to glean information from the end users to enable increased access, or to trick the end user into performing some task on their behalf, we have covered a couple of the methods used here and there.

      Read More
    • Phishing for Office 365 logon details

      • Matthew James

      Over the last week or so we have noticed an increase in Phishing Emails designed to illicit the Office 365 account details from unsuspecting end users. Unfortunately we have seen a couple of end users fall for these and have allowed access to their email system to an outside agent. with these details the Phisher can do anything that you would be able to do with your emails.

      Read More
    • Vulnerability found in WPA2 Wifi Encryption

      • Matthew James

      A recent discovery of a flaw in WPA2 encryption means that no wifi network is completely secure.

      TLDR:-

      1. WPA2 – Previously the only widely available wireless encryption protocol to not be hacked has been exploited
      2. The hack is not device specific
      3. Fixes are being released, and updates should plug this security hole.
      4. ESP is proactively pushing updates to hardware as they become available

      A Fuller rendition:-

      As widely published in the popular press, Monday 16th October saw the announcement of a flaw and proof of exploit on WPA2 Wifi networks. The original source for this was https://www.krackattacks.com of particular interest to you may be the FAQ section, I have copied a selection of the most relevant questions for our clients at the bottom of the page below.

      Read More
    • Microsoft Release Office 365 Training Centre

      • Matthew James

      As announced in a recent post on Microsofts Techcommunity There is now a dedicated  training center for use with  office 365.

      With the recent surge in migrations to the Office 365 platform we are sure that this is a resource that many of you out there will find very useful. Currently it houses a vast array of tutorials, information, tricks and tips and this can only be set to grow as Microsoft adds more features and applications to the quickly expanding online offering.

      Read More
    • Microsoft stopping support for Office 2007

      • Matthew James

      In there never ending march into the future there are always thresholds beyond which software applications cannot tread. Such a threshold has come for the venerable Office 2007 Office Suite as it quickly approaches the end of Microsofts support 

      As from October 10th, Microsoft will no longer be producing updates or bug fixes for Office 2007. Any vulnerabilities that are found in the suite of application from here forward will remain unpatched, which in itself is reason enough to update to one of the newer suites. Beyond this, Microsoft have also announced that from the 30th Office 2007 will no longer be able to connect to the Office 365 hosted email platform, providing even more of a spur for anyone still  operating the suite with the cloud service. If you do currently use office 2007 with hosted email you will find yourself to decide between 2 avenues with regards to accessing your email, either to upgrade, or fall back on accessing your email via the online portal at office.com

      Read More
    • Office 365 Log in Issues

      • Matthew James

      Possible Issues With Office 365 Portal today – we will continue to update this as news becomes available

      10:00am:- We are getting early indications that there is a wide spread issue with the Office 365 portal log in. When attempting log to log in, users are getting sent back to login screen even after inserting correct details. Microsoft is aware of the issue and are working on resolving this.

      Read More
    • What Is Ransomware?

      • Matthew James

      Due to the recent large-scale cyber attack on the NHS, a lot of people are asking the question ‘what is ransomware?’ So we felt it was best to update our post from last year with some more specific information.

      What is Ransomware?

      Ransomware is a type of computer software that blocks access to data using encryption technology and displays messages requesting actions (usually payment) to get it back, hence the name ‘ransom’.

      Read More
    • Ransomware – Locky, scourge of YOUR data.

      • Matthew James

      During your busy work day you receive an email with a word document attached, you open it to view the contents and accept the prompt to run macros. The contents of the file will be un-exciting, maybe even blank, but the damage has been done. Allowing the file to open and run its macros has already opened the door for Locky and the quite devastating results of its work.

      Read More
    • Phishing and Spam Emails

      • Matthew James

      A brief overview:-

      • Be aware or the re-emergence of Spam emails using spoofed sending address of a colleague/high ranking officer of your organisation/supplier.
      • Simple yet sophisticated in its operation
      • Utilises social engineering to trick you to send money, and no, there is no Nigerian prince involved.
      Read More