Tarte Cosmetics exposes data of 2 million customers

There’s yet another story in the endless cycle of companies who have exposed their customers to ID theft and today it’s popular makeup brand Tarte Cosmetics.

In September Tarte came under fire for exposing 1400 customers’ names, addresses, email addresses, shopping history, and partial credit card numbers in an email that linked its recipients to a visible part of the brand’s customer database.

Now the same database appears to have been facing the open internet all along. Data from about 2 million customers from 2008-2017 has been found to be visible on Tarte’s servers. Researchers from Kromtech Security Center confirmed that the customer information was exposed, but they weren’t the first to find the database. Members of the ransomware group “CRU3LTY” had left a warning file in the database, though they hadn’t deleted the information, which is standard for CRU3LTY.

It’s easy to make jokes about this breach in particular because it’s a bit silly. Tarte isn’t the sort of brand you picture when you think of security risks and the data lost isn’t especially serious. Though Tarte customers will want to replace their credit cards and be on the lookout for phishing scams in the next few years this kind of loss pales in comparison to the massive September Equifax breach. Which would be okay, if both breaches weren’t symptoms of the same problem: a lack of focus on security.

We’ve seen the targeting of large financial institutions, medical facilities, military organizations, but it’s important that all online consumers realize that they’re at risk for data breaches and thefts. It doesn’t matter if you’re just buying from a single brand or participating in the ACA healthcare exchange, your data is at risk and you need to hold companies accountable for it so that they get serious about protecting your information.

Where do we go from here?

If you own a business that stores customer data it’s time to get serious. Tarte didn’t take the risk seriously and their customers will suffer as a result. Tarte is a large company that didn’t believe it had to test its security because its customers were low-value targets. But in the current climate all targets are high value.

If your company keeps client records it’s time to take a good, long look at your practices. PMCS can help – give us a call for an assessment of your security protocols and data environment.

In the meantime practice good netiquette, make sure everyone in your office has macros disabled on their email programs, and make sure everyone has their antivirus up to date.

But more than that, take your customers’ privacy seriously. Never store your customers’ data in a way you wouldn’t want your own data stored.

KRACK Threatens your Wireless Devices and Security


On Monday a new vulnerability in WPA2 Wireless Security was revealed. The vulnerability doesn’t allow people to snoop on your encrypted traffic but makes unsecured traffic easy to see.

Major Service Vulnerabilities

This vulnerability, known as KRACK impacts the security of everything from wireless access points and routers to laptops to cell phones to smart refrigerators. Some companies have already released patches for their devices, including Microsoft, Apple, Ubiquiti, and Netgear.

If you are a PMCS customer who has a wireless network or wireless devices set up at your office please contact us as soon as possible so that we can secure your wireless environment. We are working with vendors and manufacturers to make sure that all of your office’s wireless devices can be patched and protected to keep you and your customers safe.

Until your devices are patched we do not recommend sharing any sensitive information over a wireless network; use cellular data for your phone or a physical Ethernet connection in your home or office. HTTPS communications are safe from this vulnerability, but all non-HTTPS interactions are at risk for traffic capture and observation.

Please call PMCS at (818)957-5647 as soon as possible to schedule patching so that we can ensure your business is not at risk and your data stays secure.

KRACK threatens “Smart” devices and the Internet of Things

If your office uses wireless security cameras, has a wireless “smart” device like a fridge, or if you use wireless baby monitors at home all someone needs to do to access the traffic from those devices is be within range of your wireless network. “Smart” devices like security cameras and baby monitors aren’t frequently patched and are therefore significant vulnerabilities in your network. You may not care that a hacker can see when your office fridge needs its filter changed, but you don’t want people watching the security footage inside of your building.

Again, please contact PMCS right away to secure your office Wireless Access Points, Routers, and Laptops; we can help you to secure those devices now and help you plan moving forward with your wireless smart devices. Give us a call at (818)957-5647 so we can start working with you to secure your office against KRACK attacks.

Enormous Equifax breach may impact most American adults

On Thursday the credit-monitoring giant Equifax announced that they had been breached in late July. The breach has impacted 143 million consumers, with Social Security Numbers, Addresses, Drivers Licenses, and over 200,000 credit card numbers as part of the data stolen.

Equifax is one of the four major credit bureaus and as such is one of the few major entities outside of banks, doctors, or the IRS that Americans share their most sensitive data with. Equifax has started a program for consumers to see if they were impacted, and if so to provide complimentary ID theft protection – visit their site and sign up to see if your data was part of the breach and to claim your ID theft protection.

The breach included many types of personally identifying information that aren’t standard in other data breaches. A medical office that has its records stolen won’t have a history of previous addresses, an IRS breach typically won’t include a drivers’ license number, but this type of information and more was part of the Equifax breach. Since this information is used to answer security questions for the other credit bureaus and with other creditors the Equifax breach poses a major threat to consumer security.

How to protect yourself:

Even if you don’t qualify for the Equifax ID theft protection it’s important to have a plan in place when your data is stolen. And always be careful to monitor applications for credit in your name through lenders you’re associated with, download your free credit report each year (go to AnnualCreditReport.Com to request your reports from each credit bureau), and be extremely cautious about who you share information with, don’t sign up for store cards or more credit cards than you absolutely need, don’t wire money to or share credit information with someone you met through email.

Breaches are happening frequently these days – if you have a business and want to provide better peace of mind and security to your customers contact PMCS at (818)957-5647 to discuss security options that will protect you from the vulnerabilities that cause these kinds of leaks.

If you find yourself getting hit by ID theft often or are just worried about the risk read up on how to freeze your credit – security writer Brian Krebs has put together a FAQ about freezing credit and minimizing credit risk that everyone should read.

Onliner Spambot dumps 711 million records

A spambot called Onliner been dumping batches of email addresses and passwords into text files on a server hosted in the Netherlands. The data appears to be at least partially related to LinkedIn breaches. The information has been collected by the Onliner Spambot as part of a campaign of social media phishing, data-collection malware, and responses to email spam.

How do Spambots collect data?

In addition to collecting and dumping records in plaintext Onliner is also sending banking malware to the email addresses it has collected, extending its reach and the amount of data it has amassed.

Onliner primarily works by scraping data from previous breaches or vulnerabilities, like Heartbleed in 2014, and then sending out test emails to the addresses it has collected. The test emails will appear to be legitimate but will have a hidden pixel-sized image that, when opened, will collect information such as your IP address, operating system, and device information and send that information back to its servers. Once it has that info Onliner will send phishing messages to attempt to collect more saleable data.

Why a Spambot? What’s the point?

The goal of spambots like Onliner is to perpetuate themselves and steal data. It uses stolen data to steal more data, then uses its new stolen data to generate “trusted” emails to install malware on desktops to steal further data. Onliner is like a perpetual motion machine dedicated to stealing your credentials and infecting your computer.

Even if your computer isn’t being infected by a spambot simply having phishing attacks levied against your business can be a risk – untrained employees, busy schedules, and hectic environments can create an opportunity for abuse from spammers and phishers. Someone with a data snapshot from Onliner’s hidden image emails might be enough to convince someone in your business (or one of your customers or one of your vendors) to share more information or pay money to a malicious attacker, a situation that recently cost a Canadian university 10 million dollars.

Am I at risk?

If you use social media, have a LinkedIn account, have ever used the same password across multiple accounts, let your antivirus expire, or just have an email address there’s probably a chance that your data has been scraped from the internet at some point. You can find out by checking out a wonderful tool called Have I Been Pwned? that was put together by malware researcher Troy Hunt. Hunt’s website also includes a list of websites that have had their data pulled. For major breaches Hunt has organized a short summary of how the breach occurred and its history to help users decide if it’s secure to create accounts with those sites.

If you want to know if your email address has been picked up or if your data is at risk check out Hunt’s page and take a look around; at the very least it will let you know if perhaps it’s time to change your email address or password.

Moving Forward

So how do we go on when this kind of thing is becoming more and more common? Aside from practicing good internet hygiene like logging out of accounts, not using unprotected wireless access, and changing passwords frequently PMCS recommends a strong spam filter to keep you safe. We offer Spam Filtering in the form of Nuked Spam, a service that passes your email through our secure servers before it goes to your inboxes, insuring that anything potentially harmful stays out of your server environment. Because we work with industry leaders in spam identification and tagging we are able to keep bots like Onliner off of your system, so that they’re never able to collect data about your users or infect their desktops. In addition to strong spam filtering the protection of a good firewall will go a long way toward protecting your network and keeping your business up and running.

If you’re interested in improving your spam filter or would like to talk to us about security in the era of spambots like Onliner please give us a call at 818-957-5647 and we’ll create a solution perfectly tailored to your needs.

Microsoft Security – a state of the system

2017 has been a year of security updates. If you feel like you’ve been hearing more about breaches, vulnerabilities, code injection, and problems with computers across the map in the first half of 2017 than you did in all of 2016, well, you’re right.

In early 2017 a group of hackers calling themselves the Shadow Brokers started releasing documentation of vulnerabilities in Windows Operating systems and other commonly used programs. The vulnerabilities themselves are NSA software weapons; backdoors and code meant to enable the NSA to observe computer users was released online free for the taking of anyone who wanted to attempt to use the programs maliciously.

Microsoft and other large software companies like Adobe have been quick to respond to the leaking of the exploits, though Microsoft has come under fire from the public for allowing the vulnerabilities to go un-repaired for years in some cases. But the tech giant has deployed hundreds of patches since the leaks,  even going so far as to update its end-of-lifed Windows XP operating system to prevent attacks on users.

The methods of attack are insidious and frustratingly novel – it’s difficult for antiviruses or careful net hygiene to prevent attacks or infections that have never been seen before. One attack used Microsoft’s built-in Antivirus program, Microsoft Defender, to install malware through the program that was supposed to prevent the installation of malware. The devastating Wanna Cry Malware that spread so rapidly in early May was a result of the Shadow Broker leaks.

Nearly every week since the revelation of the vulnerabilities there has been a new targeted attack taking advantage of known openings in software, leading to dozens of patches being released from major software vendors to fix the bugs in their code.

Microsoft traditionally releases security updates and patches for its myriad operating systems on the second Tuesday of each month, sometimes leading to an influx of problems on the second Wednesday. On Tuesday June 13th a Microsoft Security Update for Windows 7, 8.1, and 10 caused several documented problems with commonly used programs.

There are seven major issues documented in Outlook alone that are causing problems for a number of PMCS clients. You can read further about the problems at Microsoft’s website and reach out to us here if you need help with the workarounds for your Outlook issues.

So where does that leave us?

There are threats that Microsoft is working hard to protect its customers from but the protection from those threats comes at the cost of impaired functionality – it’s a difficult choice to make, between security and convenience, but one with a clear answer.

Your Microsoft systems should have automatic updates enabled to ensure that any patches for known vulnerabilities are applied as soon as possible. It’s not worth the risk to your company’s data, privacy, and security to allow your systems to go without updates. Occasionally you may experience a loss of performance but that loss of performance, or few minutes without email, or difficulty opening attachments is a very small price to pay to protect yourself and your business from all of the threats currently operating online. It’s better to work through a minor fix in the settings of your email than it is to pay a ransom to someone who has locked down your server and is selling your data.

If you’re unsure about how to proceed with automatic updates for your desktop or your server please reach out to PMCS. We can patch and update your servers, configure your devices for automatic security updates. We can also provide you top-of-the-line antivirus protection against the less-exceptional threats out on the world wide web; a strong third-party antivirus is a must since Windows Defender has been compromised and used to spread malware, and PMCS can walk you through all the steps to choosing an antivirus that suits your environment.

The internet is a changing landscape, but you don’t have to walk it alone. Ask for help if you need it, that’s what we’re here for.

What the record-breaking heat wave has to do with your server

American Airlines is in the news this June because it has had to cancel 40 flights out of Phoenix Arizona due to high temperatures. The cancelled flights were all scheduled on Bombadier CRJ airplanes, which have a maximum operating temperature of 118 degrees Fahrenheit, one degree below today’s projected high as the Southwest experiences a record-breaking heatwave.

Airplanes need lift to get off of the ground, and while some planes can make up the difference with a longer runway, the CRJ can’t because of its mass. High temperature can impact the amount of lift a plane can generate because the heat can change the density of the air.

So what does this have to do with you and your server?

Servers also have a maximum operating temperature, but it’s nothing to do with lift.

Your server is full of processors, hard drives, lights, and RAM, all of which generate some amount of heat while they are operating. If your server gets too hot several things could happen as a result of the temperature. First your processors can fail because of overheating – the delicate electronics can slow down or completely malfunction if they overheat. The next concern is your hard drives, which may start generating read/write errors or which may fail entirely as a result of the metal components expanding in the heat.

Temperature sensitivity is why servers are frequently kept in dedicated server rooms with careful climate control. Many server rooms have their own dedicated air conditioning, insulation, and exhaust systems to keep server temperatures stable.

PMCS sells HP Proliant servers, the maximum safe operating temperature for a Gen 9 HP Proliant is 95 degrees Fahrenheit.

With temperatures across the Southwest expected to hit record highs and excessive heat warnings in place in California, Nevada, and Arizona it’s worthwhile to check and see if your sever can handle the heat.

If you aren’t sure your server is up to the challenge call PMCS for a consultation – we can offer a variety of solutions to keep your business running as cool as a cucumber.

Google Spearphishing attack installs malicious app

On Tuesday May 3rd a massive spearphishing campaign targeted Google users by sending a link to a fake “Google Docs” app that downloads a malicious app to your device.

The links are spread through an email that comes addressed to you and “” The link looks legitimate and asks you to allow it permission to access your Google account.

The spam message not only accesses your Google account, it also sends itself to anyone you have as a contact. In addition it bypasses Google’s login alerts and Two Factor Authentication, granting access without setting off any alarms if you approve installation.

If you have received the email that looks like the image above, delete it immediately. If you clicked on it and gave it permissions on your device you need to immediately revoke permissions from the fake app and start changing passwords for anything associated with the email the phishing attack was sent to.

Redditor JakeStream has provided an excellent step-by-step explanation of what the infection process looks like and how to minimize the impact of the attack if you’ve been hit.

Since so many people have been compromised by this attack and since the malicious link is so hard to distinguish from a legitimate link to Google it is safest to refrain from clicking on shared Google documents in the near future.

Google has stated that the malicious page has been disabled and that they are investigating the attack. If you believe that your account has been compromised you can go to the Google Security Checkup page and follow the instructions there to secure your account.

Again if you clicked on the phishing email or if you believe that you were compromised you need to change the passwords for any accounts associated with the email that was attacked. At the moment no one is sure what, specifically, this spearphishing attack was targeting but it likely collected a tremendous number of emails, contact lists, and gained unprecedented access to Google accounts.

If you are concerned that you may have been compromised in this attack and want help to ensure that your computer is clean and secure, please give PMCS a call at (818)957-5647 and we can help you clear your computer of any viruses and recover from an attack.

Infection Risk – Microsoft Word Zeroday Vulnerability a Threat to Your Computer

Exploits take advantage of the vagaries of code.

On April 8th 2017 a zeroday exploitable vulnerability was identified in Microsoft Office as a campaign of infected Word documents targeted users worldwide. The documents were sent out by a group known as Dridex, who are known for abusing Office Macros to install malware, but who have found a route that bypasses macros for this attack.

The Proofpoint Analysis is as follows:

Emails in this campaign used an attached Microsoft Word RTF (Rich Text Format) document. Messages purported to be from “”. [device] may be “copier”, “documents”, “noreply”, “no-reply”, or “scanner”. The subject line in all cases read “Scan Data” and included attachments named “Scan_123456.doc” or “Scan_123456.pdf”, where “123456” was replaced with random digits. Note that while this campaign does not rely on sophisticated social engineering, the spoofed email domains and common practice of emailing digitized versions of documents make the lures fairly convincing.

While this particular email campaign was specifically targeted by a group that regularly attacks banking information it should be a concern for everyone who uses Microsoft Office because it reveals an exploit that others might make use of to send malicious files in the future.

The April 8th attack is disconcerting for several reasons:

  • It is fairly sophisticated and infected files look like a file sent from a hardware in the target’s office.
  • It avoids the most common routes of detection from antiviruses and security protocols by exploiting a new Microsoft vulnerability.
  • Microsoft waited and unusually long time to disclose this vulnerability, which is surprising considering the scope of the attack and exploitation of Microsoft software.
  • Zeroday attacks more commonly target individuals in high-security positions. Seeing an attack of this type launched against a wide base of users is unusual.

A patch for the vulnerability was released by Microsoft on Tuesday, April 11th. Regardless of whether or not your device is patched PMCS recommends the following protocols to protect yourself from infection:

  • Never open emails or documents from unknown sources.
  • Don’t open documents unless you know the sender and know the sender meant to send a file to you.
  • Disable macros on your devices.
  • If you open a file in protected view and cannot understand the document do not disable Protected View.

Protected view is enabled by default on Microsoft Word, but in case you want to ensure that you have the extra protection offered by Protected View, follow the instructions below to make sure Protected View is enabled:

  1. Click the File tab in the upper left corner.
  2. Select Options.
  3. Select Trust Center in the left pane.
  4. Click Trust Center Settings.
  5. Select Protected View.
  6. Check all three options under Protected View and Click Ok.

Zeroday attacks are relatively uncommon but pose a large threat because they are difficult to protect against. Antivirus programs can’t protect against threats that are undefined, so zerodays often meet no resistance from your computer. The best way to avoid being harmed by zeroday attacks is to implement good safety protocols and follow them regardless of whether a new threat has been identified.

If you are concerned that you may be infected or would like to plan to prevent infections in the future please give us a call at (818)957-5647. PMCS has decades of experience preventing infections and repairing the damage done by malware and viruses. We are here to help if you are concerned about this new threat.


How to take down the internet with one DDoS attack

On October 21st the US lost access to a large part of the internet. Here’s how that happens.

If someone wants to take down your website they can orchestrate what’s called a Denial of Service (DoS) attack, which involves sending thousands and thousands of requests to your website’s server. The server can’t respond to the volume of requests and in its attempts to fill them slows your server’s response time, making it impossible for legitimate users to access your site or for you to make changes. If all of these requests are coming from a small number of computers you can block the attacker’s IP address on your router and free up your server’s resources for legitimate use.

The attack on the 21st was much grander in scale. A Distributed Denial of Service (DDoS) attack doesn’t use only one or two computers to generate attacks but tens of thousands, most of which are likely botnet computers owned by casual computer users who aren’t aware that their devices have been repurposed by a virus or malware into a node on a botnet. This alone makes it hard enough to block attacking IP addresses but DDoS attacks also frequently involve proxy services and packet anonymization to disguise the original IP addresses and make them impossible to block. Sometimes you’ll hear of a large company or a government agency being taken down, but it is rare to lose access to whole sections of the internet as the result of an attack.

So how did it happen?

Whether you know it or not your computer relies on Domain Name Servers (DNSs) to find their way around the internet. The website you know as is known to computers as DNSs are the servers that check how to route your computer to and make sure that you aren’t getting sent to instead, or that isn’t pretending to be There are millions of DNSs constantly checking that sites are what they say they are and allowing your computer to access them. Some are small and private, some are clusters at large server farms. The attack on the 21st was a series of massive DDoS attacks aimed at a company in New Hampshire called Dyn, which happens to be a major DNS provider for a lot of what we use online every day. The attack disabled Dyn’s DNS servers and as a result DNS went down for some major services, effectively barring the door to users whose computers were trying to find a location without a map.

Post-incident reports indicate that the attack was the result of a Mirai botnet, largely made up of web-enabled devices such as CCTV cameras. The fact that these cameras were so easily hijacked and have so little in-built security raises a lot of questions about the direction the tech industry has taken in supporting the internet of things, and the fact that large portions of the internet went dark on the 21st has raised valid concerns about the viability of cloud software in a world where access to your business infrastructure can be taken down by a smart refrigerator.

Solid security and physical redundancy can do a great deal to protect your business productivity. If you’re interested in an assessment of your security standards or curious to learn more about what a physical server can do for your office give PMCS a call for a consultation at (818)957-5647

Why do cellphones and speakers keep blowing up?


A selection of AA batteries

Lithium-ion (LI) batteries have become a major part of daily life in the last decade. They’re in your camera, your phone, your computer, and maybe even in your car. There are tremendous advantages to LI batteries over other types of batteries; they are much lighter weight and a lower rate of energy loss, but there’s a fine line that has to be walked to keep the more energetic LI composition safe.

A battery is a chemical reaction that you can keep in your pocket. LI batteries use a lithium electrolyte to create the chemical reaction that allows you to power your phone; lithium salt gel is wrapped in a thin, non-reactive envelope and connected to a positive and a negative electrodes which are separated so they can’t touch. When phone batteries explode it’s because one way or another the lithium electrolyte gel has come into contact with other metals in your phone and caused a reaction.

Sometimes this contact is caused by “thermal runaway” – overheating that causes the volatile electrolyte to continue reacting even if it isn’t connected to a power source. Thermal runaway can be caused by overcharging (as a result of the battery’s self-limiting computer failing) or from leaving it in a very hot location. As electricity causes a reaction inside your phone the Lithium batteries warm up and as they warm they expand. Normally this isn’t a problem – manufacturers are aware of heat causing expansion and leave space inside your phone for that expansion to occur safely and include limits to prevent anything that might cause a thermal reaction (like including a battery computer to prevent it from overcharging). When thermal runaway happens the battery expands past the intended limits and cracks its casing, reacts to other parts of your phone, and can catch on fire if it expands out enough to come into contact with air.

See a video of it happening: This person removed the safeguards that prevent a phone battery from overcharging.

Something similar but much faster can happen as a result of a short in the battery. Shorts in the battery can be caused by a leak in the envelope holding the electrolyte gel or by a conductive material accidentally connecting the positive and negative electrodes. Shorts can be caused by mechanical damage (a puncture or tear in the electrolyte envelope) if it causes the electrolyte gel to leak.

See a video of it happening: This person created a short circuit by connecting the negative and positive electrodes on a small battery.

If you have a device with LI batteries, whether it’s a cell phone or a hoverboard, make sure to store it at appropriate temperatures, avoid overcharging it, and take precautions to avoid puncturing or significantly cracking the casing. LI battery explosions are incredibly uncommon, which is why they dominate the news cycle when they do happen. Statistically these batteries are very safe and have a very low failure rate but there are risks that arise as a result of the continuing pursuit of a long-lasting, light-weight battery.