Blog

Keep yourself and your network healthy during Coronavirus

The recent Bitcoin hack on Twitter teaches us an important lesson: even the biggest companies can be attacked and have their security compromised.

As more people than ever are working from home and outside of the protections of a corporate firewall we offer you these ten tips to help keep your business safe.

If you’d like to learn more or perhaps begin security trainings to ensure that your staff knows how to avoid phishing attacks please give us a call at (818)957-5647 to set up a free security assessment.

Introduction to Passportal Transcript

Welcome to PassPortal’s demonstration of how to activate a user account.

You would have received an email already from PMCS Administrator, which would have created the first account for you guys already.

As a sample we’ve created a user and we sent it to the email and within the email you will receive a message indicating to login and activate the new account. So I’ve opened the email and this is what the email would look like. It would be coming from PMCS and would say “activate account.”

You activate the account and you will receive this screen and because this is the first user it’s set up as an administrator and we have to come up with the organization key at the bottom also.

So I generally create all of this prior to sending the email so you don’t have to worry about it but this is pretty much what everybody’s going to run into.

So as soon as you click on “activate account” you’ll get this screen, you have to select a password so I’m going to use a complex password, and because I have Passportal already installed on mine I have the extension right here. I’m just going to come up here, I’m going to say “generate a password,” copy, oh, “generate a password,” copy, and I’m going to come over here and put it, Ctrl+V, and then I’m going to answer some of the security questions that it’s asking for.

The phone number should always be your cell phone number because the cell phone number, later on when we turn on two-factor authentication we want to be able to utilize a phone number to do it.

And it’ll ask you a whole bunch of questions, “what is the last name of your first grade teacher,” or whatever else, just select one of these and answer it. For now I’m just going to put something irrelevant because this is an account I’m going to delete later anyway so I’m just going to give it an answer of “one” and I’m just going to say “one,” “one,” but you, obviously for security reasons you should answer them correctly. And then it’s going to ask you an organization key. The organization key is where you would come up with a passphrase or something that is meaningful to your organization.

This is not a password so it doesn’t have to be secret but the passphrase is something that will be given uniquely to your organization so just come up with something creative. PMCS will work with you prior to this happening and will give you an idea what it is.

The key thing about the passphrase is if you forget the passphrase – everything in the back end we will lose it. So we will definitely document the passphrase properly so that doesn’t happen.

The organization key I’m just going to come up with something silly, and it’s going to say “help me.” So obviously I didn’t type it in correctly.

Alright, so it went green so we’re all good. I created an organization key, this is permanent, you can’t change it once it’s done.

So we’ll say activate account – says please fill out a field.

Just because it says 5-5-5 there that doesn’t mean it filled it out so let’s do that then activate account.

Okay!

So once we activate the account it logs us in automatically and we’re here.

So right on top right here is basically you have the user that was logged on is the PMCSEZE account, we click on that you have the profile, user preferences – these are some things you can change from there. The bell is if there is any kind of alerts they want you to be aware of. This is your favorites and this is basically recent items. You can also have the search area right up here.

Then we have a whole bunch of shortcuts in here those can all be looked into at a later date.
On the left side you’ll see “my vault,” “company vault,” “user management,” “access control,” “reports,” and “settings.”

So the administrator will get “user management,” “access control,” “reports,” and “settings” – I believe the settings will be there for other users, but non-administrators are not going to see these. They’re basically going to have “my vault,” “company vault,” and I believe just the settings end of it.

So “my vault” is basically your own vault. This is where you have your own personal passwords that you’re not sharing with anybody where “company vault” is where you would put in passwords that you want to share with other members of your company.

As you can see there is an option in here that says “new folder” and “new password.” If we just want to create a password that we want to share with the company it would just be “create a password,” then “folders” if it’s available – we have not created any new folders – so it would just be the username – let’s say it’s an “Admin” account and then if we know the password we can enter it, if we want to generate a new password we can just click on that and it creates a new password and this is what the password’s going to be so it’s pretty complex, there’s no way you’re going to remember it. And the description – what the description is for is, let’s say this is to log in to your computer, so this is a – let’s say this is a user account to log in to your computer and your Login name is PMCS, that’s your username. So the description would be “PMCS User Login.”

And then you can select from here “credential type” – you’ve got all these pre-populated credential types that you can select from, so this is an active directory user account, this is to log in to our system so select that. But if this is a website that we’re going go with we can make it a website but since this is an active directory account we’re going to say it’s an active directory user account.

And then of course if this was a website we would put in the URL and that’s where it would be and you can also put in notes here if you want to.

Then say “create” and it creates it right there.

This is how you would basically create passwords within the system.

Let’s say you’re still under the company heading and you want to, for organizational purposes and/or controlling security, so you can control who can access that information in your company and who can not, so the folder basically serves two folds, one is for security reasons, the other is for organization.

So let’s say I want to create a folder that I want to put in my user – well – this is actually a personal user account, probably I should not have put this here in the company folder, it should have been in the “my vault” because I don’t want my user login in the company vault but that was just an explanation of simply creating a password.

So to create a new folder is just click on that and then it’ll come up on the side, “create a folder” so you give it a name, I want to call this a “test folder” or you know, just call it “test,” and then if we had other users or other groups assigned, which I have not created yet, I could click this and say “everybody in this group can access this test folder.” Since I don’t have any groups I’ll just create the test folder and it’s going to be basically accessed it’s organization. So right now, as you can see, my password disappeared from here because I’m no longer in the root folder.

In order for me to go to the root folder where that one password relies I have to click on APC and now it’s in the root folder and in the root folder there’s also a “test” folder.

Let’s say I want to organize my password; I click on this and then I can go into “edit” – let’s see here – or with selected, we can go in there and say “move passwords” and where do you want to move the passwords to, we want to move it to “test” and you say “save” so now it’s not in the root anymore but my password is in the folder right there.

So that’s how you can organize your passwords so you can have as many folders as you want then you can move your password within these folders to organize them.

And of course the access control is, like I said, because I’m the administrator it comes up and this will not be available to all users, only for administrative users.

Access control has basically two things, “security groups” and “permission levels.”

“Security groups” the way I look at it is are things that you can see and the groups you can see; the permissions are what you can do.

So that’s how you can get around it.

We can go back to all of these at a later date per individual basis because it can get a little bit more in depth and I don’t want to take too much of this time to show all of this to every user. But, at the same time, you can create groups and you can add your users to the groups and then once you’ve got your groups created you can go under permission levels and say “I want this group to have access to this folder” that you would give to them, so let’s say that I only want to give certain groups access to this folder and nobody else can that’s where you would do it.

And of course under “Reports” we have a lot of things we can do under “reports,” and we can show complexity, credentials within your organization and select password complexity levels, if they’re meeting the complexity levels, “Known by user,” “Unchanged Passwords,” – who has not changed their passwords and how long have they not changed, so you have a lot of reports you can get out of here. Pretty powerful stuff to keep you compliant and keep you safe because you don’t need one employee to not follow the rules and not change passwords and next thing you know you’re in trouble.

So we have a lot of abilities.

Under “Settings” we have other things that we can do, so since we’re here I’m going to show you quickly under “credential types” are where there the pre-loaded credentials are, and some of these are not what you want, you can say “new credential” and you can create a new credential type over there and it’ll just show up.
So let’s say I want to create a credential type of “WiFi” so it’s going to show up down here as “WiFi” as a credential type.

And I’ll show you how that is used in a few minutes and where it’s worthwhile so it doesn’t show off everything that you want or your don’t want to show off.

So under “downloads” basically is where you would see all your extensions that you can download to install on your browser, like I have the Chrome extension here on top and it just makes things much easier for me to use. So once I download and install the Chrome extension I can pretty much run a lot of these things from my extension, I don’t have to be logged in to this portal, so the Chrome extension is one of them.
And also we have the “Import Templates” so the import templates are if you decide that you already have a current password manager or if you want to export out your passwords through your Chromebook or your Chrome browser or any other browser you can download them and then the templates in here, when you download them – “Password Import Download Templates” – once you download them gives you an excel spreadsheet of what the template should look like and how your data should be coming in to upload them so you can pre-populate all your passwords in your vault so you don’t have to do a lot of them manually if you already have them.

So “Downloads” is where it is under “Import/Export” once you download them you can import them into the system and be able to do all that.

Under “general” there are a lot of functions in here, we don’t need immediately turn on two factor authentication for our customers as soon as we put it in but we certainly want to turn that on because the last thing we want is somehow somebody figured out your one-time password or your one password that you’re supposed to remember and they were able to get in but having 2FA turned on will give us the ability to authenticate on a secondary device before it lets you in.

We use Duo ourselves, and Duo is a paid service, but there are other services in here; Google, Microsoft authenticator is free, they work well. Text messaging we prefer not to do it, we prefer the authenticator for Duo. We can force all users to use 2FA, allow users to change method of 2FA communication – we generally don’t turn that on, and “User use your existing Duo integration” that we would do and then we would set all this up, but because we’re not turning this on right now we’re going to move on without that.

Under “advanced options” so remember earlier on I created the credential type “WiFi” and basically if I just want to see the credential type that I created, I don’t care about anything else, I can say “show only custom credential types” then turn that on it will only show us credential types that we want to see, like let’s say we select that, credential types, and it’s not cooperating, oh – because I didn’t turn it on. Save. So now it saved it. Go to “Credential types” and it’s only going to show the credential type that I created, not the rest of the credentials within the system.

So I’m going to turn that back off because we really want to see everything so we’re going to do that.
And “Hide unassigned folders from users” so if we had created folders but we didn’t assign in the company vault we didn’t assign any users we don’t want everybody to see this in your company basically by saying under “general” “hide unassigned folders” the test folder will not show up to anybody else, only the people it’s been assigned to.

So it’s pretty powerful.

So having said that, that’s one way of getting things done.

We’re going to remove that.

I want to quickly talk about the extension.

Once we download the extension, you go in here and download it, or you can go to the Chrome store, chrome web store, then you can from there search for “solarwinds passportal” and then you can download this and because I have it already installed it’s asking me to remove it, which I’m not. So you just download it and install it and once it’s installed you can basically log in and it will come up such as this; this is the screen that will come up.

You’ll put in your email address, your one password that we ask you to remember, that has got to be at least 20 characters long, but it’s got to be something that you guys want to use.

Then you’d put in your organization key, and the country’s united states, and then you would say “login.”

I’m going to quickly log in, so as you can see, mine is at least 20 characters long, I’m going to log in, and of course it’s going to ask me to 2FA because we have Duo set up on our system, and we are going to authenticate two factor authentication.

I’m logged in at this point so I’m ready to go.

And I do have a lot of passwords that have been created in here so, you know, I can easily do searches and be able to figure it out if I want to do Godaddy account – so I can search that and I can launch it from here and the username and passwords are right there, I can do it.

I do, since we are a MSP, have many other clients that we do things on and our credentials and I can have all my other accounts pop up but right now this is the only one coming up from here.

If I want to launch it I can say “launch” it will take me there, it’ll automatically put in all the credentials that I want and log me in, but obviously I don’t want to do that right now so I’m going to close that out.
So quickly if we want to create a password through the extension we can just do this; and it’s a password generator, it comes up, we generate that, we copy that right there and then let’s say we want to go to anywhere else if we want to go to Microsoft.Com or Office.Com – well – I want to go somewhere that it’s not going to automatically populate, but, in any case, it will automatically populate you can put it in and get it done.
So right here you can create on plus key, your user name, whatever the username is, PMCSeze at gmail.com and of course that’s not our real password or user account, that’s just a fake account that I’ve created.
So let’s say that I will go there, generate that password, and description is where the system is going to use to locate this so let’s say if I wanted to go to Solarwinds Passportal, the description is a website, it’s going to put in to “my vault” so it’s my password and if there was a folder that was created it’s going to go there and it’s automatically going to try to get as much of the URL as is available from there, put it there, then we’re going to say save and then it’s going to save it for us at that point. So we can easily search and of course because I’m using different accounts right there it came up finally because it took a few minutes to synchronize, but this is how you would create passwords.

And be able to launch and then put them in and get it done.

I hope that was a good amount of information and I’ll do my best to create more videos to present to you.

This is Passportal, thank you for watching.

NukedSpam Tutorial Transcript

Welcome to PMCS’s Nukedspam.com Demonstration.

Nukedspam is the antispam/antivirus service that we offer to our clients

First go to Nukedspam.Com – I have it preloaded already on my password manager so it will automatically fill in my username and password.

Nukedspam.com is what you need to type and it will bring you to this; enter in your email address and password and hit “login.” Your email address and password are the same email address and password as if you were logging in to your outlook account.

We do not host anybody’s passwords, all passwords that you enter online are verified by the mail server that your email is hosted on and only the passwords that are verified by the mail server will be allowed to log on to Nukedspam.com.

So Nukedspam basically is up-to-date email trap capabilities so let’s say someone sends you an email just a few minutes ago and it will trap it and you’ll be able to see it up to date.

So right now the last time it looks like someone sent me junk email was at 2:49pm and it’s 4:02 so I guess I haven’t received any junk email for a couple hours.

If I wanted to release this email because it might be something that I want I can just click on that and say “release mail” or if I never want emails from this individual to get trapped I can click “release and trust.”

“Delete and block” is something I generally don’t use because if it’s already in here in fifteen days the system’s automatically going to delete it or I’m going to clear it out after I review the whole thing and I generally don’t block people because most spam emails are spoofed emails that are using fake email addresses so blocking an email address is sometimes unnecessary. The only time to block email is if you know that individual’s email address to be accurate and you don’t want emails from that person so you’d say “block” – otherwise there’s no point.

There are three icons up above, one is “Check Mail,” “Blocklist,” and “Trusted List.” The Trusted List is where “release and trust” emails are sorted so the next time someone sends you an email it’ll look in the trusted list first and if that address is in the trusted list it will allow it to go through.

However you don’t want to just trust anybody and everybody and you want to be very careful when you say “trust” because you’re building a list to make sure that your emails flow cleanly and you don’t want to trust email that you shouldn’t receive. Also do not trust your own company’s email because your own company’s email should not go through this. If your own company’s email is in here chances are that it isn’t your company’s email, it’s been spoofed, so you don’t want that, the system knew what it was doing, it trapped it, just let it go.

In any case, you can release it, release and trust, and you can also block. That’s the functionality of Nukedspam. You can also see your emails that are trapped in here in a safe manner.

So if I wanted to see this email in here without having it go to my mailbox that’s what I would do.

So right now if I wanted to see this email I can take a look at it and see if there’s anything in there that I want. Obviously I don’t want any of this. And “continue reading” you see how it’s blue there, that’s a link and if it came to your mailbox the links are deactivated so it’s no longer going to allow you to somewhere that you didn’t want to go to unless you release it and you tell it to go to your mailbox. At that point you can see it in your mailbox.

In one day I received 137 messages. I am thrilled  that I don’t have to see 137 messages in my inbox on any given day and I can delete them all at the same time right here by saying “clear all” and it’ll get rid of everything in my mailbox.

I don’t want to do that, I’ll let it go right now, but at the end of the day after I’m done reviewing it it’s better to clear it out so you don’t have to deal with it the following day and again and again because this could very easily grow to be a huge number. In fifteen days at 130 a day we’re talking about over fifteen hundred junk emails the system stopped in fifteen days and I don’t want to read these 1500 emails all at the same time. On a daily basis it’s worthwhile.

In any case, I hope this was useful. This is Nukedspam.com, thank you for watching.

COVID-19 Scams: How to Protect Yourself

The FTC is warning consumers to beware of spam and phishing attacks centered around COVID-19 fears.

Scammers will always try to take advantage of times of confusion and this crisis is no exception. Standard scam-avoidance advice still applies: don’t open attachments from unknown sources, don’t share your sensitive information with unknown actors, and verify information before acting on it.

Some COVID-19 scams you might see include:

  • Someone claiming to be a government official who needs your information to issue a relief check.
  • Sellers claiming to have large stocks of hard-to-find supplies available at suspiciously low prices.
  • A charity asking for donations to be wired to them, paid in cash, or paid in gift cards.

The FCC recommends that you hang up on all robocalls and ignore any email or text messages about COVID-19 that come from unknown sources.

Aside from the standard, common-sense advice of not clicking strange links or answering strange calls you can protect yourself by doing the following:

  • Secure your online identity; setting up multi-factor authentication on your online accounts can protect you from illegitimate access.
  • Use a password manager or at least use strong usernames and passwords and don’t re-use passwords across accounts.
  • Make sure your antivirus and operating system are up-to-date. If you need help with upgrading your operating system or installing an antivirus PMCS can help.

To get good, up-to-date information on COVID-19 check the CDC Website or visit your county information page.

To see what a COVID-19 phishing email looks like so you know what to avoid see the examples on Norton.Com.

Stay safe!

COVID-19 Update and Schedule

PMCS will continue to be open for business to ensure that you receive the support and service you need to stay functional in this difficult time. We understand that this event is unprecedented and we will do all that we can to ensure that your business is safe and fully operational in the trials of the coming weeks and months.

In an effort to keep our employees and customers safe our office will be taking calls and our technicians will be taking tickets remotely. We will be as available to you as we ever are, and reachable via phone and email during standard PMCS business from 8:00 AM to 5:30 PM.

Our Office location will remain open during normal business hours with minimal staff. We will only accept office visits by appointment, but we will still be taking in and repairing hardware and offering pick-up appointments for any devices we’ve repaired or hardware that you may have ordered through us.

For the health and safety of our customers and staff we will minimize onsite-visits and will only make on-site calls on an emergency basis.

We do ask that whether it is an emergency visit to your site or a walk-in appointment to drop off hardware that social distancing is observed to keep our employees safe.

If your office is not yet set up to work remotely we stridently recommend that you contact us to discuss your options to keep your business running smoothly and safely. We’ve been helping our customers to maintain remote offices for over a decade and are experts in maintaining professional, efficient remote work environments.

Please understand that while we are deeply invested in ensuring that your business stays functional that this crisis has had a significant global impact on the availability of the technological solutions we rely on. Please be prepared for delayed delivery and extended wait times on new orders of computers, firewalls, and other IT infrastructure.

In addition we urge you to be cautious and circumspect as you interact with new technologies and applications – many scammers are already attempting to capitalize on this tremendous human tragedy by injecting malware into COVID-19 tracking apps and sending targeted phishing attacks preying on people’s fears. If you are uncertain about an app or believe that you are being scammed please contact PMCS so that we can help you maintain your security.

We thank you for your business and your patience, and we are here to support all your computer needs.

Wish you the best of health through this trying time.

Sextortion Scam threatens you with passwords lost in Data Breaches

There is a new kind of e-mail based scam that is targeting internet users. It’s called the Sextortion Scam and it works like this: you get an email from someone claiming to have logged into your account and installed malware, they say that they have recorded you or the programs you are using and will share that information with your contacts unless you pay them a ransom. The scammers also usually show you that they have your password to prove that they’re serious.

The good news is that you haven’t been hacked, the bad news is that they might have your password.

There have been dozens of data breaches over the last three years, most notably the massive Equifax breach in September 2017. Millions and millions of people have had their data exposed online by this kind of breach. What this means is that bad actors are able to purchase lists of the exposed data in order to extort money from unsuspecting internet users. With the purchased data these scammers email users their own passwords to “show” that they’ve been hacked, assuming that most people will keep their passwords even after they’ve been informed of a big data breach.

You can see if your email has been exposed in a breach by entering it into this website: https://haveibeenpwned.com/
And you can see if your passwords have been posted online by checking this page: https://haveibeenpwned.com/Passwords

If your email or password shows up in those searches please immediately change your password. For better security in the future, and to mitigate the risks of data exposure, please call PMCS at (818)957-5647 and ask for information about setting up a strong password policy for your business.

VPNFilter Router Malware a threat to Small Businesses

 

On May 23rd various tech companies started reporting on a router-based virus called VPNFilter, which had infected as many as half a million devices worldwide. The devices effected are primarily home and small business routers, including TP-Link, Netgear, Linksys, and Ubiquiti routers.

As of the first week of June various security concerns had expanded their definitions of VPNFilter and explored the damage that it can cause, which is much greater than initially understood.

How Does This Happen?

Routers are infected with the malware as a result of relying on default credentials (usernames and passwords) so infection can be totally avoided by ensuring that your devices are set up with unique usernames and passwords, something that is nearly universally recommended as a basic security measure for tech-users at all levels.

What Does It Do?

VPNFilter is capable of tracking your web traffic, performing Javascript injection man-in-the-middle attacks which can collect secure or private information, and of destroying your device if the person in control of your unit decides to execute a particular command.  The malware is a significant threat to privacy, security, and the functionality of your network. Because the malware relies on known vulnerabilities in the impacted devices there are some relatively simple fixes available.

How You Can Prevent Or Repair Infection

  • First – You should ensure that you never use a device with a default username and password. Whether you’re discussing a business server, a home router, or a Smart Baby Monitor it is a vital part of security protocol to ensure that your login credentials are unique and hard to guess.
  • Second – Keep your software up-to-date by applying patches, upgrading firmware, and maintaining support services. Ensuring a regular maintenance schedule for your connected devices will help to protect you against threats based on known vulnerabilities – as soon as a bug is revealed most companies hurry to create patches for it, but they only work if you keep your system up-to-date and install those patches. (For assistance with a maintenance plan explore PMCS’s Service Plan options on our Business Services page).
  • Third – Call your trusted technicians when you suspect there might be a problem. If you call PMCS as soon as you think something might be wrong we can go to work minimizing the impact of an infection or attack right away. Having an IT provider on speed-dial can save your business thousands of dollars per indecent – we do what we do best to get you back to what you do best with minimal time lost to server outages or long recovery processes.

If you are concerned that your router may be impacted by VPNFilter please call PMCS at (818)957-5647 for an assessment of your system and to see whether or not you need to update your firmware or activate services through the manufacturer. Fully infected routers will require the complete reinstallation of firmware to protect from VPNFilter; reinstallation should be undertaken carefully to prevent destruction of your device, so please call us if you believe you might be fully infected.

Holiday Season brings Security Risks – how to stay safe

The folks behind all sorts of online threats know that the holiday season is their most wonderful time of the year. As people are participating in unprecedented e-commerce, introducing new hardware into their environments, and rushing around with easily-skimmed cards it can be hard to defend yourself from all angles of attack.

 

Security Risks while Shopping

Online shopping can be a huge time-saver but it’s also a big risk. Amazon has done a pretty good job of securing customer data, but big firms like Target and Home Depot have been the victims of cyber attacks. Here are a couple of easy tips to keep yourself safer while shopping:

  • Use strong passwords and change them often
  • Don’t use the same password across multiple accounts
  • Pay in cash when shopping in person
  • Only order over a secure connection (when you can see the little lock in the URL bar)
  • Don’t shop on open wireless networks (like those at a college or a coffee shop)

 

Changing Hardware Environments

New kinds of tech get introduced around the holidays, but they aren’t always the safest things to bring into your ecosystem. Google Home and Echo Dot are cool toys, but they can store your searches. Web-connected devices like cameras or robots can be hacked to turn your device into part of a botnet. Even gifts like backup drives or a new phone for the office can pose a threat. Here are some things to keep you new hardware from becoming a headache:

  • Manage the settings on your home assistant devices to prevent them from collecting data
  • Change the default passwords on your IoT devices to prevent them from being hijacked by botnets
  • Keep an up-to-date antivirus to prevent infections from new hardware like hard drives or flash drives
  • Be cautious about downloading new apps for you phone – many of them are phishing scams or keyloggers

 

Defending Yourself can be difficult

There are all kinds of threats out in the world, but you can lower your personal risk by taking simple steps like updating programs and changing passwords frequently. Everyone should be running a strong, regularly-updated antivirus (we recommend ESET and you can call us if you’d like to purchase a license), and everyone should learn how to identify and avoid phishing attacks.

But what do you do to protect your business? What do you do to keep your work devices safe?

 

Business Protection is Priority One

Maybe more people are accessing your site this time of year, maybe your employees are handling heavier loads. There are a million things that can go wrong during this busy season and at PMCS we pride ourselves on preventing those problems. We take security very seriously and are proud of the ways that we can minimize risks to your business. PMCS relies on a suite of tools we can use to help you keep your business safe, including:

  • Enterprise-grade SonicWall Firewall devices
  • ESET Endpoint Protection Advanced – Antivirus for five or more users with an up-to-date threat console and remote monitoring
  • Proactive Maintenance Plans that check your systems for security risks
  • Backup Assist to keep your data safe and protect you from downtime in the event of an attack.

Don’t let yourself or your business be brought down by online threats this holiday season – call PMCS at (818)957-5647 for a free system assessment to identify any security risks. We’ll make sure your network is secure, your backups are stable, and that no downtime will plague you during this busy season.

Most businesses think their IT companies have done a great job of securing them, but when we come in with our tools we find gaps in coverage and all the flaws from previous systems. Give us a chance to explore your network and you’ll be shocked by the ways we can improve your security and protect your business and your customers.

Call to schedule your free assessment today!

(818)957-5647

Tarte Cosmetics exposes data of 2 million customers

There’s yet another story in the endless cycle of companies who have exposed their customers to ID theft and today it’s popular makeup brand Tarte Cosmetics.

In September Tarte came under fire for exposing 1400 customers’ names, addresses, email addresses, shopping history, and partial credit card numbers in an email that linked its recipients to a visible part of the brand’s customer database.

Now the same database appears to have been facing the open internet all along. Data from about 2 million customers from 2008-2017 has been found to be visible on Tarte’s servers. Researchers from Kromtech Security Center confirmed that the customer information was exposed, but they weren’t the first to find the database. Members of the ransomware group “CRU3LTY” had left a warning file in the database, though they hadn’t deleted the information, which is standard for CRU3LTY.

It’s easy to make jokes about this breach in particular because it’s a bit silly. Tarte isn’t the sort of brand you picture when you think of security risks and the data lost isn’t especially serious. Though Tarte customers will want to replace their credit cards and be on the lookout for phishing scams in the next few years this kind of loss pales in comparison to the massive September Equifax breach. Which would be okay, if both breaches weren’t symptoms of the same problem: a lack of focus on security.

We’ve seen the targeting of large financial institutions, medical facilities, military organizations, but it’s important that all online consumers realize that they’re at risk for data breaches and thefts. It doesn’t matter if you’re just buying from a single brand or participating in the ACA healthcare exchange, your data is at risk and you need to hold companies accountable for it so that they get serious about protecting your information.

Where do we go from here?

If you own a business that stores customer data it’s time to get serious. Tarte didn’t take the risk seriously and their customers will suffer as a result. Tarte is a large company that didn’t believe it had to test its security because its customers were low-value targets. But in the current climate all targets are high value.

If your company keeps client records it’s time to take a good, long look at your practices. PMCS can help – give us a call for an assessment of your security protocols and data environment.

In the meantime practice good netiquette, make sure everyone in your office has macros disabled on their email programs, and make sure everyone has their antivirus up to date.

But more than that, take your customers’ privacy seriously. Never store your customers’ data in a way you wouldn’t want your own data stored.

KRACK Threatens your Wireless Devices and Security

 

On Monday a new vulnerability in WPA2 Wireless Security was revealed. The vulnerability doesn’t allow people to snoop on your encrypted traffic but makes unsecured traffic easy to see.

Major Service Vulnerabilities

This vulnerability, known as KRACK impacts the security of everything from wireless access points and routers to laptops to cell phones to smart refrigerators. Some companies have already released patches for their devices, including Microsoft, Apple, Ubiquiti, and Netgear.

If you are a PMCS customer who has a wireless network or wireless devices set up at your office please contact us as soon as possible so that we can secure your wireless environment. We are working with vendors and manufacturers to make sure that all of your office’s wireless devices can be patched and protected to keep you and your customers safe.

Until your devices are patched we do not recommend sharing any sensitive information over a wireless network; use cellular data for your phone or a physical Ethernet connection in your home or office. HTTPS communications are safe from this vulnerability, but all non-HTTPS interactions are at risk for traffic capture and observation.

Please call PMCS at (818)957-5647 as soon as possible to schedule patching so that we can ensure your business is not at risk and your data stays secure.

KRACK threatens “Smart” devices and the Internet of Things

If your office uses wireless security cameras, has a wireless “smart” device like a fridge, or if you use wireless baby monitors at home all someone needs to do to access the traffic from those devices is be within range of your wireless network. “Smart” devices like security cameras and baby monitors aren’t frequently patched and are therefore significant vulnerabilities in your network. You may not care that a hacker can see when your office fridge needs its filter changed, but you don’t want people watching the security footage inside of your building.

Again, please contact PMCS right away to secure your office Wireless Access Points, Routers, and Laptops; we can help you to secure those devices now and help you plan moving forward with your wireless smart devices. Give us a call at (818)957-5647 so we can start working with you to secure your office against KRACK attacks.

Enormous Equifax breach may impact most American adults

On Thursday the credit-monitoring giant Equifax announced that they had been breached in late July. The breach has impacted 143 million consumers, with Social Security Numbers, Addresses, Drivers Licenses, and over 200,000 credit card numbers as part of the data stolen.

Equifax is one of the four major credit bureaus and as such is one of the few major entities outside of banks, doctors, or the IRS that Americans share their most sensitive data with. Equifax has started a program for consumers to see if they were impacted, and if so to provide complimentary ID theft protection – visit their site and sign up to see if your data was part of the breach and to claim your ID theft protection.

The breach included many types of personally identifying information that aren’t standard in other data breaches. A medical office that has its records stolen won’t have a history of previous addresses, an IRS breach typically won’t include a drivers’ license number, but this type of information and more was part of the Equifax breach. Since this information is used to answer security questions for the other credit bureaus and with other creditors the Equifax breach poses a major threat to consumer security.

How to protect yourself:

Even if you don’t qualify for the Equifax ID theft protection it’s important to have a plan in place when your data is stolen. And always be careful to monitor applications for credit in your name through lenders you’re associated with, download your free credit report each year (go to AnnualCreditReport.Com to request your reports from each credit bureau), and be extremely cautious about who you share information with, don’t sign up for store cards or more credit cards than you absolutely need, don’t wire money to or share credit information with someone you met through email.

Breaches are happening frequently these days – if you have a business and want to provide better peace of mind and security to your customers contact PMCS at (818)957-5647 to discuss security options that will protect you from the vulnerabilities that cause these kinds of leaks.

If you find yourself getting hit by ID theft often or are just worried about the risk read up on how to freeze your credit – security writer Brian Krebs has put together a FAQ about freezing credit and minimizing credit risk that everyone should read.

Onliner Spambot dumps 711 million records

A spambot called Onliner been dumping batches of email addresses and passwords into text files on a server hosted in the Netherlands. The data appears to be at least partially related to LinkedIn breaches. The information has been collected by the Onliner Spambot as part of a campaign of social media phishing, data-collection malware, and responses to email spam.

How do Spambots collect data?

In addition to collecting and dumping records in plaintext Onliner is also sending banking malware to the email addresses it has collected, extending its reach and the amount of data it has amassed.

Onliner primarily works by scraping data from previous breaches or vulnerabilities, like Heartbleed in 2014, and then sending out test emails to the addresses it has collected. The test emails will appear to be legitimate but will have a hidden pixel-sized image that, when opened, will collect information such as your IP address, operating system, and device information and send that information back to its servers. Once it has that info Onliner will send phishing messages to attempt to collect more saleable data.

Why a Spambot? What’s the point?

The goal of spambots like Onliner is to perpetuate themselves and steal data. It uses stolen data to steal more data, then uses its new stolen data to generate “trusted” emails to install malware on desktops to steal further data. Onliner is like a perpetual motion machine dedicated to stealing your credentials and infecting your computer.

Even if your computer isn’t being infected by a spambot simply having phishing attacks levied against your business can be a risk – untrained employees, busy schedules, and hectic environments can create an opportunity for abuse from spammers and phishers. Someone with a data snapshot from Onliner’s hidden image emails might be enough to convince someone in your business (or one of your customers or one of your vendors) to share more information or pay money to a malicious attacker, a situation that recently cost a Canadian university 10 million dollars.

Am I at risk?

If you use social media, have a LinkedIn account, have ever used the same password across multiple accounts, let your antivirus expire, or just have an email address there’s probably a chance that your data has been scraped from the internet at some point. You can find out by checking out a wonderful tool called Have I Been Pwned? that was put together by malware researcher Troy Hunt. Hunt’s website also includes a list of websites that have had their data pulled. For major breaches Hunt has organized a short summary of how the breach occurred and its history to help users decide if it’s secure to create accounts with those sites.

If you want to know if your email address has been picked up or if your data is at risk check out Hunt’s page and take a look around; at the very least it will let you know if perhaps it’s time to change your email address or password.

Moving Forward

So how do we go on when this kind of thing is becoming more and more common? Aside from practicing good internet hygiene like logging out of accounts, not using unprotected wireless access, and changing passwords frequently PMCS recommends a strong spam filter to keep you safe. We offer Spam Filtering in the form of Nuked Spam, a service that passes your email through our secure servers before it goes to your inboxes, insuring that anything potentially harmful stays out of your server environment. Because we work with industry leaders in spam identification and tagging we are able to keep bots like Onliner off of your system, so that they’re never able to collect data about your users or infect their desktops. In addition to strong spam filtering the protection of a good firewall will go a long way toward protecting your network and keeping your business up and running.

If you’re interested in improving your spam filter or would like to talk to us about security in the era of spambots like Onliner please give us a call at 818-957-5647 and we’ll create a solution perfectly tailored to your needs.

Microsoft Security – a state of the system

2017 has been a year of security updates. If you feel like you’ve been hearing more about breaches, vulnerabilities, code injection, and problems with computers across the map in the first half of 2017 than you did in all of 2016, well, you’re right.

In early 2017 a group of hackers calling themselves the Shadow Brokers started releasing documentation of vulnerabilities in Windows Operating systems and other commonly used programs. The vulnerabilities themselves are NSA software weapons; backdoors and code meant to enable the NSA to observe computer users was released online free for the taking of anyone who wanted to attempt to use the programs maliciously.

Microsoft and other large software companies like Adobe have been quick to respond to the leaking of the exploits, though Microsoft has come under fire from the public for allowing the vulnerabilities to go un-repaired for years in some cases. But the tech giant has deployed hundreds of patches since the leaks,  even going so far as to update its end-of-lifed Windows XP operating system to prevent attacks on users.

The methods of attack are insidious and frustratingly novel – it’s difficult for antiviruses or careful net hygiene to prevent attacks or infections that have never been seen before. One attack used Microsoft’s built-in Antivirus program, Microsoft Defender, to install malware through the program that was supposed to prevent the installation of malware. The devastating Wanna Cry Malware that spread so rapidly in early May was a result of the Shadow Broker leaks.

Nearly every week since the revelation of the vulnerabilities there has been a new targeted attack taking advantage of known openings in software, leading to dozens of patches being released from major software vendors to fix the bugs in their code.

Microsoft traditionally releases security updates and patches for its myriad operating systems on the second Tuesday of each month, sometimes leading to an influx of problems on the second Wednesday. On Tuesday June 13th a Microsoft Security Update for Windows 7, 8.1, and 10 caused several documented problems with commonly used programs.

There are seven major issues documented in Outlook alone that are causing problems for a number of PMCS clients. You can read further about the problems at Microsoft’s website and reach out to us here if you need help with the workarounds for your Outlook issues.

So where does that leave us?

There are threats that Microsoft is working hard to protect its customers from but the protection from those threats comes at the cost of impaired functionality – it’s a difficult choice to make, between security and convenience, but one with a clear answer.

Your Microsoft systems should have automatic updates enabled to ensure that any patches for known vulnerabilities are applied as soon as possible. It’s not worth the risk to your company’s data, privacy, and security to allow your systems to go without updates. Occasionally you may experience a loss of performance but that loss of performance, or few minutes without email, or difficulty opening attachments is a very small price to pay to protect yourself and your business from all of the threats currently operating online. It’s better to work through a minor fix in the settings of your email than it is to pay a ransom to someone who has locked down your server and is selling your data.

If you’re unsure about how to proceed with automatic updates for your desktop or your server please reach out to PMCS. We can patch and update your servers, configure your devices for automatic security updates. We can also provide you top-of-the-line antivirus protection against the less-exceptional threats out on the world wide web; a strong third-party antivirus is a must since Windows Defender has been compromised and used to spread malware, and PMCS can walk you through all the steps to choosing an antivirus that suits your environment.

The internet is a changing landscape, but you don’t have to walk it alone. Ask for help if you need it, that’s what we’re here for.

What the record-breaking heat wave has to do with your server

American Airlines is in the news this June because it has had to cancel 40 flights out of Phoenix Arizona due to high temperatures. The cancelled flights were all scheduled on Bombadier CRJ airplanes, which have a maximum operating temperature of 118 degrees Fahrenheit, one degree below today’s projected high as the Southwest experiences a record-breaking heatwave.

Airplanes need lift to get off of the ground, and while some planes can make up the difference with a longer runway, the CRJ can’t because of its mass. High temperature can impact the amount of lift a plane can generate because the heat can change the density of the air.

So what does this have to do with you and your server?

Servers also have a maximum operating temperature, but it’s nothing to do with lift.

Your server is full of processors, hard drives, lights, and RAM, all of which generate some amount of heat while they are operating. If your server gets too hot several things could happen as a result of the temperature. First your processors can fail because of overheating – the delicate electronics can slow down or completely malfunction if they overheat. The next concern is your hard drives, which may start generating read/write errors or which may fail entirely as a result of the metal components expanding in the heat.

Temperature sensitivity is why servers are frequently kept in dedicated server rooms with careful climate control. Many server rooms have their own dedicated air conditioning, insulation, and exhaust systems to keep server temperatures stable.

PMCS sells HP Proliant servers, the maximum safe operating temperature for a Gen 9 HP Proliant is 95 degrees Fahrenheit.

With temperatures across the Southwest expected to hit record highs and excessive heat warnings in place in California, Nevada, and Arizona it’s worthwhile to check and see if your sever can handle the heat.

If you aren’t sure your server is up to the challenge call PMCS for a consultation – we can offer a variety of solutions to keep your business running as cool as a cucumber.