Blogs

Exchange Online down: Microsoft 365 outage affects email delivery

A Microsoft 365 outage is preventing Exchange Online users from sending and receiving emails, with messages being stuck in transit and not reaching the recipients’ inboxes. “We’re investigating a potential issue with Exchange Online mailflow in North America,” Microsoft shared on the company’s Microsoft 365 Status Twitter account. “Further information can be found under EX252124 in the admin center,” the company added, with the last update saying that Redmond is monitoring telemetry to find the source of this ongoing issue. The Microsoft 365 Service health status page is currently directing customers to the Microsoft 365 Status Twitter account for more insight regarding this incident. Office 365 users report seeing “Temporary server error. Please try again later” MX errors and experiencing SMTP issues across Microsoft 365 tenants. Exchange Online was also knocked down by a widespread authentication outage last month blocking users from logging into their accounts and caused by an Azure Active Directory (Azure AD) configuration issue. Last month’s massive outage impacted multiple other Microsoft services at the time besides Exchange Online, including Microsoft Teams, Forms, Xbox Live, Intune, Outlook.com, Office Web, SharePoint Online, OneDrive for Business, Yammer, and more. In September, Microsoft customers experienced another worldwide outage showing “transient” errors and knocking down Office 365 and related services, including Microsoft Teams, Office.com, Power Platform, and Dynamics365. Update 1: Microsoft says that the outage is caused by a load balancing configuration issue. “Our preliminary investigation has determined impact is being caused by a load balancing configuration issue,” Microsoft said. “This occurs when a call to validate inbound mail is received. This call is being duplicated, creating a spike in utilization.” “We’re working to restore the underlying database infrastructure to remediate impact. Emails were queued for delivery and the service will automatically retry deliveries once the underlying database infrastructure has recovered. Users will not need to resend the impacted emails.” Update 2: Exchange Online mailflow has been restored. NOTE:: This article is copyright by bleepingcomputer.com and we are using it for educational or Information purpose only The Best Internet & e-Mail Security Suite 2021  
Read more
23 Apr, 21

Air Ticketing (ERP) for Kashmirwala Group

[vc_row disable_element=”yes”][vc_column][vc_column_text] Kashmirwala Group YISolutions, an Managed IT Services & Cyber Security Solution company based in Karachi, Pakistan, is proud to announce that with past 7 Years Kashmirwala Group have using YISolutions services. This is the First Time, in 2015 our ERP Development Services Selected by the Kashmirwala Group in continuation of our services as we are providing & Managing Cloud Servers along with  Website Designing and Maintenance.
Read more

Mandatory Windows 10 update causing DNS and shared folder issues

Some Windows 10 users have issues with DNS resolution after installing the latest Windows 10 cumulative updates released this week. As part of this week’s April 2021 Patch Tuesday, Microsoft released the Windows 10 KB5001330 & KB5001337 cumulative updates to fix various security vulnerabilities and bugs discovered in the operating system. Since installing the updates, some corporate users have reported having issues with DNS resolution that prevent access to shared folders on servers when trying to access them by the server’s name. If attempting to access the shared folder via the server’s IP address, users can properly connect to the shared folders. To access shared folders again, admins had to uninstall the cumulative update, which is not a good solution as it removes security fixes. After users began reporting the issue on forum, users determined that many affected users are using the Dentrix Dental Practice Management software in their offices. A longstanding support recommendation for Dentrix customers to reduce network lag has been to disable multicase name resolution (LLMNR) on Windows workstations.  This is done by enabling the ‘Turn off multicast name resolution’ group policy under Computer Configuration > Administrative Templates > Network > DNS Client. However, since installing the latest cumulative updates, this policy prevents users from accessing their shared server folders.  Dentrix has acknowledged the issue and stated that after coordinating with Microsoft, disabling this group policy is the recommended way to resolve this issue. “After working with Microsoft, we believe that we have found a solution that allows you to keep the critical Microsoft Security Update installed. It appears that this issue can be resolved by enabling “Link Layer Multi-cast Name Resolution” (LLMNR). This is a Windows Group Policy that many users have disabled over the years. Re-enabling it seems to restore proper IP Address resolution which in turn restores connectivity to the Dentrix Database. To enable LLMNR, follow the steps below.” To disable the policy (enable LLMNR) and fix the DNS resolution issues, the recommended steps are: Go to Start>Run and type GPEdit.msc      This should open the Local Group Policy Editor. Use the Group Policy Editor to navigate to Local Computer Policy>Computer Configuration>Administrative Template>Network>DNS Client. Double-Click “Turn Off Multicast Name Resolution.”  Mark the radio button labeled “Disabled.” Click Apply and OK.  Open a Windows Command Prompt Window (Start>Cmd.exe) and enter the command ipconfig /flushdns . Dentrix customers do not see this as an adequate solution as LLMNR could cause lag while using the software. Instead, they recommend users add the affected server’s name and IP address to the HOSTS file, which seems to fix the issue. “Enabling Multicast is definitely not an option for Dentrix due to slowness. Microsoft needs to release a fix asap. Best resolution we have found so far is the host file fix, the DNS service fix hasn’t fixed any of them yet for us but was reported by someone else as a fix.” – a Dentrix customer posted to our forums. This bug is not related solely to Dentrix users but instead to whoever has LLMNR disabled, which for the most part, has been Dentrix customers who were told to disable it.  While it is unknown what caused this bug, Microsoft fixed two DNS vulnerabilities [1, 2] this month that may have contributed to this abnormal behavior. NOTE:: This article is copyright by bleepingcomputer.com and we are using it for educational or Information purpose only  
Read more
08 Apr, 21

Managed Cloud Server & SSL Certificate for National Bank of Pakistan Exchange Company Limited

  YISolutions, an Managed IT Services & Cyber Security Solution company based in Karachi, Pakistan, is proud to announce that once again NBP Exchange Company Limited has selected YISolutions as their  Cloud Server & SSL Certificate Solution. This is the Fourth Consecutive Year, our Managed Cloud Server & SSL Solution Selected by the National Bank of Pakistan Exchange Company Limited.   Services provided to NBPECL; Managed Cloud Server Managed MS Exchange  Managed Cloud MailChannels Services SSL Certificate Services      NBP Exchange Company Limited is a leading exchange company in Pakistan. NBP Exchange is the first Bank owned company to start currency exchange business in the country NBP Exchange Company Limited is a wholly owned subsidiary of National Bank of Pakistan and was incorporated on September 24, 2002 as an unlisted public limited company under the Companies Ordinance, 1984. YISolutions is a key player in IT Consultancy, Cyber Security and  Managed IT Services. YISolutions was established in 2002-2003 and our Pakistan Registered Office is located in Karachi at Clifton. And our Principle Registered office is located in the US at Herndon. For more information please email us at  support@yi.com.pk  
Read more

WooCommerce vs Shopify: Who Comes Out On Top?

WooCommerce vs Shopify is a showdown between two ecommerce giants. Shopify powers over 800,000 online stores, while WooCommerce claims it’s the web’s most popular ecommerce platform. But which is right for you? Shopify is powerful, reliable, and easy to use, offering lovely templates and brilliant customer support. With Shopify, you’re paying a monthly premium for a solid platform – in fact, Shopify goes on to win today’s battle (spoiler alert!). WooCommerce is the ecommerce plugin that turns any WordPress site into a powerful online store. It’s an open-source platform, and therefore free to install, making it ideal for cost-conscious users, but you’ll need to pay for things like hosting and security, however. With WooCommerce, you can create a truly bespoke, enormous online store if you know how to code (or can hire someone who does).  In this article, we’ll be discussing WooCommerce powered by Bluehost, our top-rated hosting provider for all WordPress sites. This article will tell you which of these platforms will best suit your business. We’ve conducted extensive research on over 50 platforms, so we know all the ins and outs, and we’ve pitched WooCommerce and Shopify against each other in categories such as ease of use, pricing, sales features, customer support, and more. WooCommerce vs Shopify: Pros and Cons Ease of Use Build Time Design and Themes Sales Features Plugins and Integrations Marketing Tools Payment Options and Transaction Fees SEO Security Customer Support Pricing. Shopify vs WooCommerce: Conclusion   1 : WooCommerce vs Shopify: Pros and Cons Shopify Pros and Cons Shopify Pros Shopify Cons Hosted software – Shopify includes hosting and security, plus you don’t need to use any code to build a brilliant online store Transaction fees – Shopify is the only platform to enforce its own transaction fee, unless you use its own gateway, Shopify Payments 24/7 support – have your issues resolved around the clock to keep your customers and sales figures happy Costly apps – it’s easy to rack up an expensive yearly bill for your apps Multichannel integration -sell on other channels like Amazon, Facebook, eBay and Pinterest as a built-in feature   WooCommerce Pros and Cons WooCommerce Pros WooCommerce Cons Limitless customization – as an open-source platform, you can use code to customize your store to your heart’s content Not beginner-friendly – unless you have some coding knowledge, you’ll struggle to build the online store you want on WooCommerce, unlike on Shopify Scalable – WooCommerce and its fantastic flexibility allow you to achieve your ecommerce dreams   Excellent value for money – it’s free to install, plus the extensions are mostly reasonably priced, helping you add greater functionality to your store at a low cost   2 : Ease of Use There’s little doubt that WooCommerce has a steeper learning curve than Shopify, and from our testing, Shopify is definitely easier to get to grips with for a ‘regular’ user. In our testing, Shopify scored 4.1/5 and WooCommerce scored 3.5/5, which tells you all you need to know – but let’s dive into more detail. And don’t just take our word for it. We got regular, everyday people to try out Shopify, and here are some of their thoughts: “Using Shopify, I was able to create a far cleaner website than I thought I could, which has really made my products stand out. “I really liked how you supplied the information and the products you wanted to display, and then Shopify more or less just created a website for you.” Shopify is a hosted ecommerce platform. That means it takes care of a lot of the technical side of operating a store. From your domain name and hosting (where your site lives online) to any security (SSL) certificates, Shopify has you covered. On top of that, with Shopify, you don’t have to install, manage, or update any software. No need to worry about security or backups, either. In contrast, with WooCommerce, you need to do a little more legwork, like sourcing your own web hosting and security – but that’s really easy to do. We recommend using Bluehost to power your WooCommerce store. Bluehost’s dedicated WooCommerce plans come with handy features such as WooCommerce auto-install, as well as a free domain name and SSL certificate. How cool is that? Good to know…   We’d recommend powering your WooCommerce store with Bluehost. It’s our top-rated web hosting provider and it’s been endorsed by WooCommerce itself. What’s even better, prices for new customers start at just $6.95 per month (usually $13.99). By using Bluehost, you get access to: WooCommerce auto-install Free domain name and SSL certificate Storefront theme pre-installed 24/7 support from in-house WordPress experts Shopify vs WooCommerce – Ease of Use: The Verdict Shopify is the winner. WooCommerce is a far more technical platform that will require a certain level of knowledge to use, or a willingness to spend some time learning. In contrast, Shopify is accessible to the everyday person, and you don’t need to know how to code to get the most out of it. Further Information Make sure you’re picking a quality builder for your quality business – find details in our chart of the Best Ecommerce Website Builders of 2019 Not sure which ecommerce builder is best for you? Read our review of the Best Ecommerce Platforms to find out. 3 : Build Time Are you looking to build a powerful store, but want to get the ball rolling quickly? Or are you willing to invest a bit of time to have greater control? In a nutshell: Shopify will let you get your store live quicker than WooCommerce. If you’re starting from scratch or have limited technical skills, Shopify is the best option. Getting your store ‘live’ is far quicker and easier. You have your hand held as you set up your store, and can give it a look and feel by choosing and editing themes. Unlike setting up a store with WordPress, the process is not manual, while Shopify stores everything you need in one place. WooCommerce is more suited to users that aren’t looking to gain masses of sales immediately. Building stores on this platform is more of a creative project than it is on Shopify – you’ll have lots of creative control, and you can make the
Read more

How to Add HTTP Security Headers in WordPress (Beginner’s Guide)

Do you want to add HTTP security headers in WordPress? HTTP security headers allow you to add an extra layer of security to your WordPress website. They can help block common malicious activity from affecting your website performance. In this beginner’s guide, we’ll show you how to easily add HTTP security headers in WordPress. What are HTTP Security Headers? HTTP security headers are a security measure that allows your website’s server to prevent some common security threats before it affects your website. Basically, when a user visits your website, your web server sends an HTTP header response back to their browser. This response tells browsers about error codes, cache control, and other statuses. The normal header response issues a status called HTTP 200. After which your website loads in the user’s browser. However, if your website is having difficulty then your web server may send a different HTTP header. For example, it may send a 500 internal server error, or a not found 404 error code. HTTP security headers are a subset of these headers and are used to prevent websites from common threats like click-jacking, cross-site scripting, brute force attacks, and more. Let’s have a quick glance at what HTTP security headers look like and what they do to protect your website. HTTP Strict Transport Security (HSTS) HTTP Strict Transport Security (HSTS) header tells web browsers that your website uses HTTPs and should not be loaded using insecure protocol like HTTP. If you have moved your WordPress website from HTTP to HTTPs, then this security header allows you to stop browsers from loading your website on HTTP. X-XSS Protection X-XSS Protection header allows you to block cross-site scripting from loading on your WordPress website. X-Frame-Options X-Frame-Options security header prevents cross-domain iframes or click-jacking. X-Content-Type-Options X-Content-Type-Options blocks content mime-type sniffing. That being said, let’s take a look at how to easily add HTTP security headers in WordPress. Adding HTTP Security Headers in WordPress HTTP security headers work best when they are set at the web server level (i.e your WordPress hosting account). This allows them to be triggered early on during a typical HTTP request and provides maximum benefit. They work even better if you are using a DNS-level website application firewall like Sucuri or Cloudflare. We’ll show you each method, and you can choose one that works best for you. Here are quick links to different methods, you can jump to the one that suits you. Adding HTTP security headers using Sucuri Adding HTTP security headers using Cloudflare Adding HTTP security headers using .htaccess Adding HTTP security headers using WordPress Plugin Testing HTTP security headers 1. Adding HTTP Security Headers in WordPress using Sucuri Sucuri is the best WordPress security plugin on the market. If you are using their website firewall service too, then you can set HTTP security headers without writing any code. First, you will need to sign up for a Sucuri account. It is a paid service that comes with a sever level website firewall, security plugin, CDN, and malware removal guarantee. During sign up, you will answer simple questions, and Sucuri documentation will help you set up the website application firewall on your website. After signing up, you need to install and activate the free Sucuri plugin. For more details, see our step by step guide on how to install a WordPress plugin. Upon activation, go to Sucuri Security » Firewall (WAF) page and enter your Firewall API key. You can find this information under your account on Sucuri website. Click on the Save button to store your changes. Next, you need to switch to your Sucuri account dashboard. From here, click on the Settings menu on top and then switch to the Security tab. From here you can choose three sets of rules. The default protection, HSTS, and HSTS Full. You will see which HTTP security headers will be applied for each set of rules. Click on the ‘Save Changes in The Additional Headers’ button to apply your changes. That’s all, Sucuri will now add your selected HTTP security headers in WordPress. Since it is a DNS level WAF, your website traffic is protected from hackers even before they reach your website. 2. Adding HTTP Security Headers in WordPress using Cloudflare Cloudflare offers a basic free website firewall and CDN service. It lacks advanced security features in their free plan, so you will need to upgrade to their Pro plan which are more expensive. To add Cloudflare on your site, see our tutorial on how to add Cloudflare free CDN in WordPress. Once Cloudflare is active on your website, go to the SSL/TLS page under your Cloudflare account dashboard and then switch to the Edge Certificates tab. Now, scroll down to the HTTP Strict Transport Security (HSTS) section and click on the ‘Enable HSTS’ button. This will bring up a popup with instructions telling you that you must have HTTPS enabled on your WordPress blog before using this feature. Click on the Next button to continue, and you will see the options to add HTTP security headers. From here, you can enable HSTS, no-sniff header, apply HSTS to subdomains (if they are using HTTPS), and preload HSTS. This method provides basic protection using HTTP security headers. However, it does not let you add X-Frame-Options and Cloudflare doesn’t have a user interface to do that. You can still do that by creating a script using the Workers feature. However, creating an HTTPS security header script may cause unexpected issues for beginners which is why we wouldn’t recommend it. 3. Adding HTTP Security Headers in WordPress using .htaccess This method allows you to set the HTTP security headers in WordPress at the server level. It requires you to edit the .htaccess file on your website. It is a server configuration file used by the most commonly used Apache webserver software. Simply connect to your website using an FTP client, or the file manager app in your hosting control panel. In the root folder of your website, you need to locate the .htaccess file and edit it. This will open the file in a plain text editor. At the bottom of the file,
Read more

Google Chrome will use HTTPS as default navigation protocol

Google Chrome will switch to choosing HTTPS as the default protocol for all URLs typed in the address bar, starting with the web browser’s next stable version. This feature entered testing last month, and it rolled out as part of a limited experiment for users of Chrome Canary, Dev, or Beta. The change will be rolling out to Chrome Desktop and Chrome for Android stable versions after updating to version 90 (to be released on  April 13), with an iOS rollout scheduled for later this year.  This move is part of a larger effort to defend users from attackers attempting to intercept their unencrypted web traffic and speed up the loading of websites served over HTTPS.   “Chrome will now default to HTTPS for most typed navigations that don’t specify a protocol,” Chrome team’s Shweta Panditrao and Mustafa Emre Acer said. “In addition to being a clear security and privacy improvement, this change improves the initial loading speed of sites that support HTTPS, since Chrome will connect directly to the HTTPS endpoint without needing to be redirected from http:// to https://. “For sites that don’t yet support HTTPS, Chrome will fall back to HTTP when the HTTPS attempt fails (including when there are certificate errors, such as name mismatch or untrusted self-signed certificate, or connection errors, such as DNS resolution failure).” How to test it right now Google Chrome users who want to test this new feature before it reaches the stable channel can do so by enabling an experimental flag. To do that, you will have to go to chrome://flags/#omnibox-default-typed-navigations-to-https and enable HTTPS as the default navigation protocol. You also have the option to choose a 3 or 10-second timeout to give the browser enough time to determine the availability of the HTTPS URL. If Chrome cannot find an HTTPS version for the website you entered in the address bar, it will automatically fall back to the HTTP URL. “For sites that don’t yet support HTTPS, Chrome will fall back to HTTP when the HTTPS attempt fails (including when there are certificate errors, such as name mismatch or untrusted self-signed certificate, or connection errors, such as DNS resolution failure),” they said. “HTTPS protects users by encrypting traffic sent over the network, so that sensitive information users enter on websites cannot be intercepted or modified by attackers or eavesdroppers,” Panditrao and Acer added. “Chrome is invested in ensuring that HTTPS is the default protocol for the web, and this change is one more step towards ensuring Chrome always uses secure connections by default.” NOTE:: This article is copyright by bleepingcomputer.com and we are using it for educational or Information purpose only Comparison b/w SSL Brands at Glance  
Read more

Google My Business Review Removal Request Status Tool

Google My Business has launched a new tool where you can not only see the reviews for your business, but also quickly report those reviews for policy violations and even better, check the status or reviews you already reported. Plus, if that review was not removed, you can quickly submit an appeal. The new tool is accessible over here and while it does not seem to work well for businesses that manage many locations and may reviews, it is still a useful tool. Joy Hawkins first reported this and said “This feature seems to only work for Google My Business accounts that have a small number of listings in them.” Here is how it works: Step 1: Select your business: Step 2: Select if you want to check the status of a review you previously reported or if you want to report a new review for takedown. If you select to check the status, Google will show you the recently reported reviews: If you click continue, Google will not only show you a bit more information but also let you submit an appear: Going back up, if you selected to report a new review for takedown, Google will show you your reviews (some of them), with links to see them on Google Maps and a link to report the review: Then you click continue: NOTE:: This article is copyright byseroundtable.com and we are using it for educational or Information purpose only  
Read more

Why Cached Credentials Can Cause Account Lockouts and How to Stop it

When a user account becomes locked out, the cause is often attributed to a user who has simply entered an old or incorrect password too many times. However, this is far from being the only thing that can cause an account to become locked. Another common cause, for example, is an application or script that is configured to log into the system using an old password. Perhaps the most easily overlooked cause of account lockouts, however, is the use of cached credentials. Before I explain why cached credentials can be problematic, let’s first consider what the Windows cached credentials do and why they are necessary. Cached and stored credentials Cached credentials are a mechanism that is used to ensure that users have a way of logging into their device in the event that the device is unable to access the Active Directory. Suppose for a moment that a user is working from a domain-joined laptop and is connected to the corporate network. In that type of situation, the Active Directory would authenticate the user’s credentials when the user logs on. If, on the other hand, the user is working from home using the same laptop but has no connection to the corporate network, then the Active Directory cannot process the user’s logon request. This is where cached credentials come into play. If it were not for cached credentials, then the user would be unable to log on to their device because there is no domain controller available to process the logon request. Because Windows supports the use of cached credentials, however, the cached credentials residing within the user’s device can process the authentication request. The user will not be able to access any of the resources on the corporate network because no connection to the network exists and the user’s authentication was not processed by a domain controller. Even so, the user will at least have the ability to log into their laptop and use any applications that are installed locally on the device. Even though cached credentials are primarily used as a mechanism for allowing users to login locally when they are working from outside of the office, cached credentials have another important use. If an organization were to suffer a catastrophic failure that resulted in an Active Directory outage, then the IT staff could use cached credentials as a means of logging into their devices so that they can begin diagnosing and repairing the Active Directory problems. All of this is to say that Windows cached credentials do have a valid use case. As such, they are not the sort of thing that you would want to disable. As previously noted however, the use of cached credentials can cause confusion and even cause accounts to become locked out under certain circumstances. Cached credentials causing account lockouts Imagine for a moment that a user works from two domain joined devices: a corporate desktop, and a laptop. Now suppose that the user is working from their desktop and changes their Windows password. Assuming that the laptop is powered off at that point, the laptop is unaware of the password change. It still has the user’s old credentials stored in the password cache. With that in mind, consider what would happen the next time that the user attempts to logon from their laptop. If the user is not connected to the corporate network, then their new password will not work because the old password is still stored in the cache. However, the user can still log into the device using their old password. Once the user connects to the corporate network, however, the password will be updated. This means that if the user repeatedly attempts to log on to their laptop using their old password, then the authentication process will fail, and the user will eventually be locked out of their account. Updating user cached credentials Specops uReset can help with this problem. Users are able to reset their Windows passwords directly from the Windows logon screen. More importantly, when a user changes or resets their password, the Specops uReset software automatically synchronizes the new password across the user’s devices, updating the local cache in the process. This means that a user should never run into a situation in which some devices have been updated with their new password while other devices continue to use the old password. From an IT standpoint, this means fewer password-related service calls to your helpdesk. NOTE:: This article is copyright bythehackernews.com and we are using it for educational or Information purpose only
Read more
18 Mar, 21

Managed Cloud Hosting & Web Security for Aman Tech Foundation

  YISolutions, an IT Managed Services & Cyber Security Solution company based in Karachi, Pakistan, is pleased to announce our new working relationship with   Aman Tech Foundation. Aman Tech has selected YISolutions as their Managed Cloud Hosting & Web Security Services.    Services provided to Aman Tech; Migration Services  Managed Cloud Hosting Services Managed Cloud eMail Services Managed Cloud MailChannels Services Web Security Services   Aman Institute for Vocational Training (AmanTech) is a section 42 organization incorporated in Pakistan under SECP. It’s an independent organization with a Board of Directors inducted in 2019 and one of the most qualified faculty in TVET sector. YISolutions is a key player in IT Consultancy, Cyber Security and IT Managed Services. YISolutions was established in 2002-2003 and our Pakistan Registered Office is located in Karachi at Clifton. And our Principle Registered office is located in the US at Herndon. For more information please email us at  support@yi.com.pk  
Read more
Cart

No products in the cart.