Thank you to everyone who stopped by to see us on Saturday, it was great to meet you!
Congratulations to Beth, Chris, and Osvaldo! You’ve won an Amazon Fire 7 Tablet.
Happy holidays from PMCS.
Thank you to everyone who stopped by to see us on Saturday, it was great to meet you!
Congratulations to Beth, Chris, and Osvaldo! You’ve won an Amazon Fire 7 Tablet.
Happy holidays from PMCS.
The folks behind all sorts of online threats know that the holiday season is their most wonderful time of the year. As people are participating in unprecedented e-commerce, introducing new hardware into their environments, and rushing around with easily-skimmed cards it can be hard to defend yourself from all angles of attack.
Online shopping can be a huge time-saver but it’s also a big risk. Amazon has done a pretty good job of securing customer data, but big firms like Target and Home Depot have been the victims of cyber attacks. Here are a couple of easy tips to keep yourself safer while shopping:
New kinds of tech get introduced around the holidays, but they aren’t always the safest things to bring into your ecosystem. Google Home and Echo Dot are cool toys, but they can store your searches. Web-connected devices like cameras or robots can be hacked to turn your device into part of a botnet. Even gifts like backup drives or a new phone for the office can pose a threat. Here are some things to keep you new hardware from becoming a headache:
There are all kinds of threats out in the world, but you can lower your personal risk by taking simple steps like updating programs and changing passwords frequently. Everyone should be running a strong, regularly-updated antivirus (we recommend ESET and you can call us if you’d like to purchase a license), and everyone should learn how to identify and avoid phishing attacks.
But what do you do to protect your business? What do you do to keep your work devices safe?
Maybe more people are accessing your site this time of year, maybe your employees are handling heavier loads. There are a million things that can go wrong during this busy season and at PMCS we pride ourselves on preventing those problems. We take security very seriously and are proud of the ways that we can minimize risks to your business. PMCS relies on a suite of tools we can use to help you keep your business safe, including:
Don’t let yourself or your business be brought down by online threats this holiday season – call PMCS at (818)957-5647 for a free system assessment to identify any security risks. We’ll make sure your network is secure, your backups are stable, and that no downtime will plague you during this busy season.
Most businesses think their IT companies have done a great job of securing them, but when we come in with our tools we find gaps in coverage and all the flaws from previous systems. Give us a chance to explore your network and you’ll be shocked by the ways we can improve your security and protect your business and your customers.
Call to schedule your free assessment today!
There’s yet another story in the endless cycle of companies who have exposed their customers to ID theft and today it’s popular makeup brand Tarte Cosmetics.
In September Tarte came under fire for exposing 1400 customers’ names, addresses, email addresses, shopping history, and partial credit card numbers in an email that linked its recipients to a visible part of the brand’s customer database.
Now the same database appears to have been facing the open internet all along. Data from about 2 million customers from 2008-2017 has been found to be visible on Tarte’s servers. Researchers from Kromtech Security Center confirmed that the customer information was exposed, but they weren’t the first to find the database. Members of the ransomware group “CRU3LTY” had left a warning file in the database, though they hadn’t deleted the information, which is standard for CRU3LTY.
It’s easy to make jokes about this breach in particular because it’s a bit silly. Tarte isn’t the sort of brand you picture when you think of security risks and the data lost isn’t especially serious. Though Tarte customers will want to replace their credit cards and be on the lookout for phishing scams in the next few years this kind of loss pales in comparison to the massive September Equifax breach. Which would be okay, if both breaches weren’t symptoms of the same problem: a lack of focus on security.
We’ve seen the targeting of large financial institutions, medical facilities, military organizations, but it’s important that all online consumers realize that they’re at risk for data breaches and thefts. It doesn’t matter if you’re just buying from a single brand or participating in the ACA healthcare exchange, your data is at risk and you need to hold companies accountable for it so that they get serious about protecting your information.
If you own a business that stores customer data it’s time to get serious. Tarte didn’t take the risk seriously and their customers will suffer as a result. Tarte is a large company that didn’t believe it had to test its security because its customers were low-value targets. But in the current climate all targets are high value.
If your company keeps client records it’s time to take a good, long look at your practices. PMCS can help – give us a call for an assessment of your security protocols and data environment.
In the meantime practice good netiquette, make sure everyone in your office has macros disabled on their email programs, and make sure everyone has their antivirus up to date.
But more than that, take your customers’ privacy seriously. Never store your customers’ data in a way you wouldn’t want your own data stored.
On Monday a new vulnerability in WPA2 Wireless Security was revealed. The vulnerability doesn’t allow people to snoop on your encrypted traffic but makes unsecured traffic easy to see.
This vulnerability, known as KRACK impacts the security of everything from wireless access points and routers to laptops to cell phones to smart refrigerators. Some companies have already released patches for their devices, including Microsoft, Apple, Ubiquiti, and Netgear.
If you are a PMCS customer who has a wireless network or wireless devices set up at your office please contact us as soon as possible so that we can secure your wireless environment. We are working with vendors and manufacturers to make sure that all of your office’s wireless devices can be patched and protected to keep you and your customers safe.
Until your devices are patched we do not recommend sharing any sensitive information over a wireless network; use cellular data for your phone or a physical Ethernet connection in your home or office. HTTPS communications are safe from this vulnerability, but all non-HTTPS interactions are at risk for traffic capture and observation.
Please call PMCS at (818)957-5647 as soon as possible to schedule patching so that we can ensure your business is not at risk and your data stays secure.
If your office uses wireless security cameras, has a wireless “smart” device like a fridge, or if you use wireless baby monitors at home all someone needs to do to access the traffic from those devices is be within range of your wireless network. “Smart” devices like security cameras and baby monitors aren’t frequently patched and are therefore significant vulnerabilities in your network. You may not care that a hacker can see when your office fridge needs its filter changed, but you don’t want people watching the security footage inside of your building.
Again, please contact PMCS right away to secure your office Wireless Access Points, Routers, and Laptops; we can help you to secure those devices now and help you plan moving forward with your wireless smart devices. Give us a call at (818)957-5647 so we can start working with you to secure your office against KRACK attacks.
On Thursday the credit-monitoring giant Equifax announced that they had been breached in late July. The breach has impacted 143 million consumers, with Social Security Numbers, Addresses, Drivers Licenses, and over 200,000 credit card numbers as part of the data stolen.
Equifax is one of the four major credit bureaus and as such is one of the few major entities outside of banks, doctors, or the IRS that Americans share their most sensitive data with. Equifax has started a program for consumers to see if they were impacted, and if so to provide complimentary ID theft protection – visit their site and sign up to see if your data was part of the breach and to claim your ID theft protection.
The breach included many types of personally identifying information that aren’t standard in other data breaches. A medical office that has its records stolen won’t have a history of previous addresses, an IRS breach typically won’t include a drivers’ license number, but this type of information and more was part of the Equifax breach. Since this information is used to answer security questions for the other credit bureaus and with other creditors the Equifax breach poses a major threat to consumer security.
Even if you don’t qualify for the Equifax ID theft protection it’s important to have a plan in place when your data is stolen. And always be careful to monitor applications for credit in your name through lenders you’re associated with, download your free credit report each year (go to AnnualCreditReport.Com to request your reports from each credit bureau), and be extremely cautious about who you share information with, don’t sign up for store cards or more credit cards than you absolutely need, don’t wire money to or share credit information with someone you met through email.
Breaches are happening frequently these days – if you have a business and want to provide better peace of mind and security to your customers contact PMCS at (818)957-5647 to discuss security options that will protect you from the vulnerabilities that cause these kinds of leaks.
If you find yourself getting hit by ID theft often or are just worried about the risk read up on how to freeze your credit – security writer Brian Krebs has put together a FAQ about freezing credit and minimizing credit risk that everyone should read.
A spambot called Onliner been dumping batches of email addresses and passwords into text files on a server hosted in the Netherlands. The data appears to be at least partially related to LinkedIn breaches. The information has been collected by the Onliner Spambot as part of a campaign of social media phishing, data-collection malware, and responses to email spam.
In addition to collecting and dumping records in plaintext Onliner is also sending banking malware to the email addresses it has collected, extending its reach and the amount of data it has amassed.
Onliner primarily works by scraping data from previous breaches or vulnerabilities, like Heartbleed in 2014, and then sending out test emails to the addresses it has collected. The test emails will appear to be legitimate but will have a hidden pixel-sized image that, when opened, will collect information such as your IP address, operating system, and device information and send that information back to its servers. Once it has that info Onliner will send phishing messages to attempt to collect more saleable data.
The goal of spambots like Onliner is to perpetuate themselves and steal data. It uses stolen data to steal more data, then uses its new stolen data to generate “trusted” emails to install malware on desktops to steal further data. Onliner is like a perpetual motion machine dedicated to stealing your credentials and infecting your computer.
Even if your computer isn’t being infected by a spambot simply having phishing attacks levied against your business can be a risk – untrained employees, busy schedules, and hectic environments can create an opportunity for abuse from spammers and phishers. Someone with a data snapshot from Onliner’s hidden image emails might be enough to convince someone in your business (or one of your customers or one of your vendors) to share more information or pay money to a malicious attacker, a situation that recently cost a Canadian university 10 million dollars.
If you use social media, have a LinkedIn account, have ever used the same password across multiple accounts, let your antivirus expire, or just have an email address there’s probably a chance that your data has been scraped from the internet at some point. You can find out by checking out a wonderful tool called Have I Been Pwned? that was put together by malware researcher Troy Hunt. Hunt’s website also includes a list of websites that have had their data pulled. For major breaches Hunt has organized a short summary of how the breach occurred and its history to help users decide if it’s secure to create accounts with those sites.
If you want to know if your email address has been picked up or if your data is at risk check out Hunt’s page and take a look around; at the very least it will let you know if perhaps it’s time to change your email address or password.
So how do we go on when this kind of thing is becoming more and more common? Aside from practicing good internet hygiene like logging out of accounts, not using unprotected wireless access, and changing passwords frequently PMCS recommends a strong spam filter to keep you safe. We offer Spam Filtering in the form of Nuked Spam, a service that passes your email through our secure servers before it goes to your inboxes, insuring that anything potentially harmful stays out of your server environment. Because we work with industry leaders in spam identification and tagging we are able to keep bots like Onliner off of your system, so that they’re never able to collect data about your users or infect their desktops. In addition to strong spam filtering the protection of a good firewall will go a long way toward protecting your network and keeping your business up and running.
If you’re interested in improving your spam filter or would like to talk to us about security in the era of spambots like Onliner please give us a call at 818-957-5647 and we’ll create a solution perfectly tailored to your needs.
2017 has been a year of security updates. If you feel like you’ve been hearing more about breaches, vulnerabilities, code injection, and problems with computers across the map in the first half of 2017 than you did in all of 2016, well, you’re right.
In early 2017 a group of hackers calling themselves the Shadow Brokers started releasing documentation of vulnerabilities in Windows Operating systems and other commonly used programs. The vulnerabilities themselves are NSA software weapons; backdoors and code meant to enable the NSA to observe computer users was released online free for the taking of anyone who wanted to attempt to use the programs maliciously.
Microsoft and other large software companies like Adobe have been quick to respond to the leaking of the exploits, though Microsoft has come under fire from the public for allowing the vulnerabilities to go un-repaired for years in some cases. But the tech giant has deployed hundreds of patches since the leaks, even going so far as to update its end-of-lifed Windows XP operating system to prevent attacks on users.
The methods of attack are insidious and frustratingly novel – it’s difficult for antiviruses or careful net hygiene to prevent attacks or infections that have never been seen before. One attack used Microsoft’s built-in Antivirus program, Microsoft Defender, to install malware through the program that was supposed to prevent the installation of malware. The devastating Wanna Cry Malware that spread so rapidly in early May was a result of the Shadow Broker leaks.
Nearly every week since the revelation of the vulnerabilities there has been a new targeted attack taking advantage of known openings in software, leading to dozens of patches being released from major software vendors to fix the bugs in their code.
Microsoft traditionally releases security updates and patches for its myriad operating systems on the second Tuesday of each month, sometimes leading to an influx of problems on the second Wednesday. On Tuesday June 13th a Microsoft Security Update for Windows 7, 8.1, and 10 caused several documented problems with commonly used programs.
There are seven major issues documented in Outlook alone that are causing problems for a number of PMCS clients. You can read further about the problems at Microsoft’s website and reach out to us here if you need help with the workarounds for your Outlook issues.
There are threats that Microsoft is working hard to protect its customers from but the protection from those threats comes at the cost of impaired functionality – it’s a difficult choice to make, between security and convenience, but one with a clear answer.
Your Microsoft systems should have automatic updates enabled to ensure that any patches for known vulnerabilities are applied as soon as possible. It’s not worth the risk to your company’s data, privacy, and security to allow your systems to go without updates. Occasionally you may experience a loss of performance but that loss of performance, or few minutes without email, or difficulty opening attachments is a very small price to pay to protect yourself and your business from all of the threats currently operating online. It’s better to work through a minor fix in the settings of your email than it is to pay a ransom to someone who has locked down your server and is selling your data.
If you’re unsure about how to proceed with automatic updates for your desktop or your server please reach out to PMCS. We can patch and update your servers, configure your devices for automatic security updates. We can also provide you top-of-the-line antivirus protection against the less-exceptional threats out on the world wide web; a strong third-party antivirus is a must since Windows Defender has been compromised and used to spread malware, and PMCS can walk you through all the steps to choosing an antivirus that suits your environment.
The internet is a changing landscape, but you don’t have to walk it alone. Ask for help if you need it, that’s what we’re here for.
American Airlines is in the news this June because it has had to cancel 40 flights out of Phoenix Arizona due to high temperatures. The cancelled flights were all scheduled on Bombadier CRJ airplanes, which have a maximum operating temperature of 118 degrees Fahrenheit, one degree below today’s projected high as the Southwest experiences a record-breaking heatwave.
Airplanes need lift to get off of the ground, and while some planes can make up the difference with a longer runway, the CRJ can’t because of its mass. High temperature can impact the amount of lift a plane can generate because the heat can change the density of the air.
So what does this have to do with you and your server?
Servers also have a maximum operating temperature, but it’s nothing to do with lift.
Your server is full of processors, hard drives, lights, and RAM, all of which generate some amount of heat while they are operating. If your server gets too hot several things could happen as a result of the temperature. First your processors can fail because of overheating – the delicate electronics can slow down or completely malfunction if they overheat. The next concern is your hard drives, which may start generating read/write errors or which may fail entirely as a result of the metal components expanding in the heat.
Temperature sensitivity is why servers are frequently kept in dedicated server rooms with careful climate control. Many server rooms have their own dedicated air conditioning, insulation, and exhaust systems to keep server temperatures stable.
PMCS sells HP Proliant servers, the maximum safe operating temperature for a Gen 9 HP Proliant is 95 degrees Fahrenheit.
With temperatures across the Southwest expected to hit record highs and excessive heat warnings in place in California, Nevada, and Arizona it’s worthwhile to check and see if your sever can handle the heat.
If you aren’t sure your server is up to the challenge call PMCS for a consultation – we can offer a variety of solutions to keep your business running as cool as a cucumber.
On Tuesday May 3rd a massive spearphishing campaign targeted Google users by sending a link to a fake “Google Docs” app that downloads a malicious app to your device.
The links are spread through an email that comes addressed to you and “email@example.com.” The link looks legitimate and asks you to allow it permission to access your Google account.
The spam message not only accesses your Google account, it also sends itself to anyone you have as a contact. In addition it bypasses Google’s login alerts and Two Factor Authentication, granting access without setting off any alarms if you approve installation.
If you have received the email that looks like the image above, delete it immediately. If you clicked on it and gave it permissions on your device you need to immediately revoke permissions from the fake app and start changing passwords for anything associated with the email the phishing attack was sent to.
Since so many people have been compromised by this attack and since the malicious link is so hard to distinguish from a legitimate link to Google it is safest to refrain from clicking on shared Google documents in the near future.
Google has stated that the malicious page has been disabled and that they are investigating the attack. If you believe that your account has been compromised you can go to the Google Security Checkup page and follow the instructions there to secure your account.
Again if you clicked on the phishing email or if you believe that you were compromised you need to change the passwords for any accounts associated with the email that was attacked. At the moment no one is sure what, specifically, this spearphishing attack was targeting but it likely collected a tremendous number of emails, contact lists, and gained unprecedented access to Google accounts.
If you are concerned that you may have been compromised in this attack and want help to ensure that your computer is clean and secure, please give PMCS a call at (818)957-5647 and we can help you clear your computer of any viruses and recover from an attack.
On April 8th 2017 a zeroday exploitable vulnerability was identified in Microsoft Office as a campaign of infected Word documents targeted users worldwide. The documents were sent out by a group known as Dridex, who are known for abusing Office Macros to install malware, but who have found a route that bypasses macros for this attack.
The Proofpoint Analysis is as follows:
Emails in this campaign used an attached Microsoft Word RTF (Rich Text Format) document. Messages purported to be from “”. [device] may be “copier”, “documents”, “noreply”, “no-reply”, or “scanner”. The subject line in all cases read “Scan Data” and included attachments named “Scan_123456.doc” or “Scan_123456.pdf”, where “123456” was replaced with random digits. Note that while this campaign does not rely on sophisticated social engineering, the spoofed email domains and common practice of emailing digitized versions of documents make the lures fairly convincing.
While this particular email campaign was specifically targeted by a group that regularly attacks banking information it should be a concern for everyone who uses Microsoft Office because it reveals an exploit that others might make use of to send malicious files in the future.
The April 8th attack is disconcerting for several reasons:
A patch for the vulnerability was released by Microsoft on Tuesday, April 11th. Regardless of whether or not your device is patched PMCS recommends the following protocols to protect yourself from infection:
Protected view is enabled by default on Microsoft Word, but in case you want to ensure that you have the extra protection offered by Protected View, follow the instructions below to make sure Protected View is enabled:
Zeroday attacks are relatively uncommon but pose a large threat because they are difficult to protect against. Antivirus programs can’t protect against threats that are undefined, so zerodays often meet no resistance from your computer. The best way to avoid being harmed by zeroday attacks is to implement good safety protocols and follow them regardless of whether a new threat has been identified.
If you are concerned that you may be infected or would like to plan to prevent infections in the future please give us a call at (818)957-5647. PMCS has decades of experience preventing infections and repairing the damage done by malware and viruses. We are here to help if you are concerned about this new threat.
On October 21st the US lost access to a large part of the internet. Here’s how that happens.
If someone wants to take down your website they can orchestrate what’s called a Denial of Service (DoS) attack, which involves sending thousands and thousands of requests to your website’s server. The server can’t respond to the volume of requests and in its attempts to fill them slows your server’s response time, making it impossible for legitimate users to access your site or for you to make changes. If all of these requests are coming from a small number of computers you can block the attacker’s IP address on your router and free up your server’s resources for legitimate use.
The attack on the 21st was much grander in scale. A Distributed Denial of Service (DDoS) attack doesn’t use only one or two computers to generate attacks but tens of thousands, most of which are likely botnet computers owned by casual computer users who aren’t aware that their devices have been repurposed by a virus or malware into a node on a botnet. This alone makes it hard enough to block attacking IP addresses but DDoS attacks also frequently involve proxy services and packet anonymization to disguise the original IP addresses and make them impossible to block. Sometimes you’ll hear of a large company or a government agency being taken down, but it is rare to lose access to whole sections of the internet as the result of an attack.
So how did it happen?
Whether you know it or not your computer relies on Domain Name Servers (DNSs) to find their way around the internet. The website you know as google.com is known to computers as 126.96.36.199. DNSs are the servers that check how to route your computer to 188.8.131.52 and make sure that you aren’t getting sent to 184.108.40.206 instead, or that 220.127.116.11 isn’t pretending to be 18.104.22.168. There are millions of DNSs constantly checking that sites are what they say they are and allowing your computer to access them. Some are small and private, some are clusters at large server farms. The attack on the 21st was a series of massive DDoS attacks aimed at a company in New Hampshire called Dyn, which happens to be a major DNS provider for a lot of what we use online every day. The attack disabled Dyn’s DNS servers and as a result DNS went down for some major services, effectively barring the door to users whose computers were trying to find a location without a map.
Post-incident reports indicate that the attack was the result of a Mirai botnet, largely made up of web-enabled devices such as CCTV cameras. The fact that these cameras were so easily hijacked and have so little in-built security raises a lot of questions about the direction the tech industry has taken in supporting the internet of things, and the fact that large portions of the internet went dark on the 21st has raised valid concerns about the viability of cloud software in a world where access to your business infrastructure can be taken down by a smart refrigerator.
Solid security and physical redundancy can do a great deal to protect your business productivity. If you’re interested in an assessment of your security standards or curious to learn more about what a physical server can do for your office give PMCS a call for a consultation at (818)957-5647
Lithium-ion (LI) batteries have become a major part of daily life in the last decade. They’re in your camera, your phone, your computer, and maybe even in your car. There are tremendous advantages to LI batteries over other types of batteries; they are much lighter weight and a lower rate of energy loss, but there’s a fine line that has to be walked to keep the more energetic LI composition safe.
A battery is a chemical reaction that you can keep in your pocket. LI batteries use a lithium electrolyte to create the chemical reaction that allows you to power your phone; lithium salt gel is wrapped in a thin, non-reactive envelope and connected to a positive and a negative electrodes which are separated so they can’t touch. When phone batteries explode it’s because one way or another the lithium electrolyte gel has come into contact with other metals in your phone and caused a reaction.
Sometimes this contact is caused by “thermal runaway” – overheating that causes the volatile electrolyte to continue reacting even if it isn’t connected to a power source. Thermal runaway can be caused by overcharging (as a result of the battery’s self-limiting computer failing) or from leaving it in a very hot location. As electricity causes a reaction inside your phone the Lithium batteries warm up and as they warm they expand. Normally this isn’t a problem – manufacturers are aware of heat causing expansion and leave space inside your phone for that expansion to occur safely and include limits to prevent anything that might cause a thermal reaction (like including a battery computer to prevent it from overcharging). When thermal runaway happens the battery expands past the intended limits and cracks its casing, reacts to other parts of your phone, and can catch on fire if it expands out enough to come into contact with air.
See a video of it happening: This person removed the safeguards that prevent a phone battery from overcharging.
Something similar but much faster can happen as a result of a short in the battery. Shorts in the battery can be caused by a leak in the envelope holding the electrolyte gel or by a conductive material accidentally connecting the positive and negative electrodes. Shorts can be caused by mechanical damage (a puncture or tear in the electrolyte envelope) if it causes the electrolyte gel to leak.
See a video of it happening: This person created a short circuit by connecting the negative and positive electrodes on a small battery.
If you have a device with LI batteries, whether it’s a cell phone or a hoverboard, make sure to store it at appropriate temperatures, avoid overcharging it, and take precautions to avoid puncturing or significantly cracking the casing. LI battery explosions are incredibly uncommon, which is why they dominate the news cycle when they do happen. Statistically these batteries are very safe and have a very low failure rate but there are risks that arise as a result of the continuing pursuit of a long-lasting, light-weight battery.
People are frequently frustrated by the need to update software. “I paid for Adobe already” or “I bought a Microsoft license years ago, why do I need to pay again for a new one” is a refrain we hear frequently. Ransomware is the perfect example of why using up-to-date software is vital. It perfectly illustrates the risks of relying exclusively on your antivirus for security.
Ransomware can take advantage of macros in outdated versions of programs to encrypt all the files on your computer. It can even encrypt your entire network if your computer is connected to a network. In particular Locky Ransomware is an example that attacks outdated copies of Microsoft Word. It appears as a Word Document in an email, posing as an invoice. Once the document is opened installs malware on your computer if macros are enabled. If macros aren’t enabled the ransomware asks you to enable macros. Here are the simple steps you can take to prevent yourself from being infected:
If you aren’t sure if your Microsoft Office is up-to-date or if you need an antivirus license for your individual desktop or for an office-wide network please give us a call.
If you think you might have been infected with Ransomware or any other viruses or malicious software please also give us a call and we will do what we can to save your data and protect you in the future.
Reach out to us a (818)957-5647 or through our contact page.