WiFi Calling Services are Insecure

Researchers at Michigan State University and National Chiao Tung University in Taiwan have published a paper documenting that WiFi calling services from T-Mobile, AT&T, and Verizon suffer from 4 security flaws that can be exploited to attack mobile phone users, leaking private information, harassing them, or interfering with service.

The 8 computer scientists who contributed to the paper basically claim that existing security measures fall short because of “design defects of Wi-Fi calling standards, implementation issues of Wi-Fi calling devices, and operational slips of cellular networks.” 

The significance of this problem is underscored by the researchers claiming that WiFi calling volume is expected to surpass Voice over LTE and Skype calling next year.

What should you do if your users make WiFi calls? We suggest either using a VPN service on the mobile device or switching to regular cellular service.

Everyone stay safe out there!

Half of Small Businesses Were Cyber-Attacked in the Last Year

Recent news has been full of high-profile IT security breaches such as the theft of customer data from British Airways, but I have to remind smaller businesses that they are not ‘flying under the radar’ of attackers when it comes to being vulnerable.

According to a recent study from the insurance firm Hiscox, 47% of small businesses surveyed in the US, UK, and Europe, had suffered at least one cyber attack during the past 12 months. Contrast this with the fact that 51% of SMBs don’t see themselves as a target (Switchfast survey). Does anyone else see the problem?

Switchfast’s conclusion is “the actions of small business employees and leaders reveal little is actually being done to address the lax attitude toward security. Negligent employees are the number one cause of data breaches at small businesses.”

What sort of negligence is Switchfast referring to? Firewall vendor Fortinet put their finger on it when they reported their monitoring shows that cybercriminals are only exploiting 5.7% of known vulnerabilities. So the conclusion is that SMBs simply aren’t applying published fixes and updates in a timely fashion. By taking this fundamental step, SMBs could go a long way toward protecting themselves from a cyber attack.

So why don’t SMBs do a better job with updates and patches? Those that manage this themselves tend to forget about it or perhaps only try to ‘do something’ on a 6-month or yearly basis. Or they miss less obvious updates such as those needed for firewalls, routers, switches, and wireless access points.

What’s a good strategy? Find an IT partner with the automation tools to handle this for you. Regardless of whether you have in internal IT resource or you do-it-yourself, modern automation tools such as those provided by MicroData’s Managed Services can eliminate concerns about patching, monitoring, and many cyber security threats – and for pennies a day.


And the Most Disliked Companies in America are…

…Internet Service Providers (ISPs). According to a recently released study by the American Customer Satisfaction Index, ISPs are even more disliked than airlines. ISPs get a score of 62 with airlines coming in at 73. And in case you’re wondering, Breweries top the list with a score of 85.

So why are ISPs so disliked? Everyone knows they are pseudo-monopolies and horrendous ISP service is legendary, but why has service gone so far down hill? I think the real problem is that most ISPs have morphed from delivering a single-product (Internet bandwidth) into providers of phones, television broadcasting, security services, email, and a host of other services. And now with the Internet-of-Things becoming a reality, we’re not far from a typical home having literally hundreds of devices becoming inoperable if the ISP isn’t doing their job.

Quite frankly, many ISPs aren’t even close in keeping up with the substantial support needs that accompany all these applications.

And some ISPs argue that it isn’t their responsibility anyway. For example, some ISPs believe that just because you purchased phone service from them doesn’t mean they are responsible for phone hardware or software. This hair-splitting philosophy may technically make some sense but it drives end-users crazy.

But there’s relief coming and it’s called 5G. This new wireless technology is currently being built-out by wireless network providers like AT&T, Verizon, and the soon-to-be-merged T-Mobile and Sprint. It’s about 100 times faster than 4G wireless networks so will be able about five times faster than the average ISP speed of 60 Mbps. This means real competition for traditional ISPs and they will need to step up their service and adjust their pricing.


British Airways Breach: Over 500,000 Customer Accounts Compromised

The details are continuing to emerge – and get worse – about the hack of British Airways. In September it was revealed that for over two weeks, hackers stole over 385,000 customer data records which included full name and address info and complete credit card data including CCV numbers (for 77,000 of the users) from the BA website and Mobile app.

A follow up notice published by BA’s parent International Airlines Group, on Thursday last week admitted that passengers who made bookings between April and July using rewards points were also snooped on by the cybercriminals.

What’s the takeaway? As usual, we recommend that it’s important to have  Dark Web monitoring in place for your entire organization so that you can watch for these stolen credentials to appear for sale. Personal monitoring is also important so make sure you’re using a reputable product like our Spotlight ID.

And if you’ve flown British Airways recently make sure you change those account credentials, get a replacement for whatever card you used for reservations, and if you used the same credentials at any other site, make sure you change all those passwords, too.

Everyone stay safe out there!






California’s New IoT Password Law. A Nice Try but…

California governor Jerry Brown recently signed a bill into law called the ‘Security of Connected Devices,’ or SB-327. Starting in 2020, the new law requires any California manufacturer of Internet-connected devices to equip every new device with a unique password or have a setup procedure that requires users to change the default password as part of the setup procedure.

The law is an effort to address a geometrically growing problem – customers that simply take their latest Internet-of-Things device, plug it in or connect it to their wifi, and then forget about it leaving default and hard-coded service passwords in place. This is how automated malware like NotPetya and WannaCrypt recently wreaked havoc around the world.

Like many government initiatives, there are good intentions but while the new law may provide some help it unfortunately misses the much larger problem; failure to update software. There are many ways to access an IoT device and a username/password is just one of them.

New security holes are discovered all the time and they usually take advantage of elements of the device whose operation is invisible to users.

It’s hard enough for Apple and Microsoft to get users to update their main computer systems, so imagine the difficulty in getting users to update a smart light bulb socket, a security camera, or a smart refrigerator? Or how about hundreds or thousands of devices in a home or business?

So what’s the takeaway? First, don’t rely on manufacturers to supply perfect products or products that update themselves. In fact, many self-updates create more problems than they fix (hey – some of this stuff is complicated!). And don’t look for a government magic wand to solve the problem. The new California law makes nice press and allows legislators to claim that they ‘did something about the problem,’ but understand that you have to take responsibility for what you connect to your network.

Especially at work, be extra careful. In addition to thinking twice about whether you really need that IoT device, we recommend deploying a system like our Ransomware Guardian that can restrict unknown and rogue IoT devices from functioning on your network.

Everyone stay safe out there!


Have a Netgear Router? Heads up on a Massive IOT Attack

Over the weekend a massive IOT attack on unpatched Netgear DGN series routers was observed so if you have one or more of these devices and you haven’t updated it recently, you need to act ASAP.

The attacks have been primarily observed in the United States and India but has been reported in 75 other countries, too.

The attacks are completely automated and scan the Internet for the devices and if found, exploit a vulnerability to take over control of the routers and use them as Bots or as Crypto Coin Mining Zombies.

Netgear has released firmware updates that fix the vulnerability for all affected products but user action is required to apply the fixes. Specifically, you need to upgrade the Netgear software to DGN1000 / DGN2200 v3 or higher. Updates are available at the Netgear download center.

Need a hand with network security? Give us a call at 978.921.0990 or visit us on the web.

Everyone stay safe out there!



Facebook Accounts Compromised – Again

Stop me if you’ve heard this one before. Facebook today announced that 50 million user accounts were ‘impacted’ by a security breach that potentially allows an attacker to take over an account.

Apparently the issue was caused by a flaw in Facebook’s ‘View As’ feature that lets you see what your profile looks like from the perspective of other users in the system.

Facebook has reported that they have fixed the flaw and deleted access tokens that allow users to access Facebook without logging in each time from the same machine. This means about 90 million users will be prompted to log in from any device they use at their next access.

And while you don’t have to change your password as it wasn’t directly exposed, it might not be a bad idea – especially if you haven’t changed it lately.

Everyone stay safe out there!



Running Adware Doctor on Your Mac? Remove it Now

Malwarebytes on Friday noted that this app and several others on the macOS App Store have been spotted siphoning off user data including browsing history (Chrome, Safari, and Firefox), a list of running processes, and a list of all software you’ve downloaded and from where, and sending it to a remote server in China.

What’s extra disturbing is that this app is reported as the 4th highest grossing app in the ‘Paid Utilities’ category in the App Store. And it’s been there for a while. This clearly flies in the face of Apple’s own App Store rules and any reasonable user’s privacy expectations. Apple has removed the app. If it’s on your Mac I’d suggest you do the same.

Thomas Reed, the director of Mac and mobile security at Malwarebytes, also mentions similar behavior at other apps doing similar data harvesting including Open Any Files, Dr. Antivirus, and Dr. Cleaner.

I’d agree with Reed that you should treat the Mac App Store with caution. Just because an app is there doesn’t mean it’s safe.

Everyone stay safe out there!




Which Countries are the Top 5 Hackers? You May be Surprised

As I’ve mentioned before, hacking is big business. Whether to steal intellectual property, extort companies for a ransom, infecting systems to be used for spam or covert mining, or just outright stealing of cash, cybercriminals want what you’ve got.

Here at MicroData we manage many systems and I wanted to share some specs on a server we manage that readers may find interesting. The server in question hosts websites and in addition to the usual security measures we put into place on any Internet-facing server, we also install software that monitors login attempts and if too many failed attempts are made within a given time period, the IP address trying to login gets blocked. The address – and its general  geographic location – also gets logged.

So over the past 30 days, here’s the Top-5 list of countries where those hack attempts originated:

  • China (792)
  • USA (766)
  • Brazil (480)
  • India (355)
  • Russian Federation (205)

Seeing China and Russia on the list probably doesn’t surprise anyone, but having almost as many hack attempts from within the U.S. as from China usually does cause an eyebrow to rise. And most people are surprised that Brazil and India are so active in trying to access systems. They are almost never mentioned in popular press.

There are a couple of takeaways.

First, understand that these are automated attempts. It’s not personal so don’t think about it in that way. There is no human sitting at a keyboard trying different password combinations. The defenses your organization needs to have in place must protect against continuous, 24×7 attempts to get at your systems, data, and users.

Second, you need to be extra concerned if any of your user’s  credentials are on the Dark Web where they can be simply purchased. Hackers and their automated systems will endlessly try those credentials and thousands of variations. So a password change from ‘lollipop1’ to ‘lollipop2’ is almost useless – but it’s still what most users do. This is why even if hackers get an old password, they will be often successful in gaining access to a network or system.

Make sure you have a Dark Web monitoring solution in place like MicroData’s Dark Web Guardian. We now offer a small business package for organizations with up to 15 users for just $49.

Everyone stay safe out there!



Galaxy Phone Meltdown

If you’ve been following the saga this year of vulnerabilities discovered in CPUs used in most computers and smart devices, then you recognize the term ‘Meltdown’. It was coined to identify one of the vulnerabilities attributed to design flaws internal to many popular microprocessors. Now we can add a wildly popular smartphone to the list of affected devices – the Samsung Galaxy S7.

In a story from Reuters, it’s now been determined that the microprocessor used in the tens of millions of S7s sold worldwide also contains the Meltdown vulnerability and therefore can expose user data or trick applications into revealing confidential information.

Samsung said it introduced patches in January and July to protect S7 phones against Meltdown.

Is it a safe guess that other smartphones may also have the same problem? It’s not yet known but in the meantime make sure you keep your phone up to date – just in case.

Everyone stay safe out there!


Your Website Still Accessed via HTTP? Trouble in 24hrs

If your website’s default access is still HTTP instead of being secured with an SSL certificate, starting tomorrow Google Chrome browsers – which represent about 60% of the browsers used out there – will start reporting your site as ‘Not Secure’ in the Chrome address bar.

Obviously this will cause many users to not trust your site – even if you don’t conduct financial transactions or store data. Not good.

Google’s motivation for this move was explained in an online memo they released in February. Basically, when accessing sites secured by HTTPS encryption, interactions between the site and the end-user’s browser are fully encrypted. And as a positive benefit, most bots and browsers favor HTTPS sites. This means more traffic and better placing in search results.

If you’re website isn’t fully encrypted, it’s scramble time. In addition to purchasing, configuring, and installing a SSL certificate, you’ll also need to make sure that any plug-ins used on your site are configured to access content securely.

Note that 90-day SSL certificates are available for free but then you’ll need to renew the certificate every 3 months. Certificates are available to purchase for 1 and 2-year terms from most of the Domain Registrars including GoDaddy, Web.com, and Network Solutions. If you have a hosted site, get in touch with your hosting provider – but expect them to be busy.


Scam Alert: Hackers Don’t Actually Have Video of You Watching P0rn

A new scam making the rounds has cybercriminals trying to extort money from netizens by threatening to leak a video to friends and family of their marks watching X-rated videos. Here’s how it works.

A user gets an email from a crook who claims to have obtained, through hacking their computer, compromising webcam footage of them watching an adult website.  In reality, the user’s computer wasn’t hacked but rather the cybercriminal has simply purchased some passwords and email addresses on the Dark Web that likely originated on a hacked forum or site that the individual may frequent. Think a hobby or club-type forum.

The attacker’s message includes a reference that they have obtained all the user’s contacts including co-workers, friends, and family. And the clincher is that the extortion message shows the user’s actual password in an attempt to convince the reader that they need to pay up – or else.

The cybercriminal is banking on the target reusing their leaked password for other more important websites and being convinced that those accounts have been compromised as well. In reality, the attacker probably only has the one compromised password and is hoping for a quick payout.

If you receive this email, don’t panic and don’t send them any Bitcoin. There most likely isn’t any video. Change your password, don’t reuse any passwords that you use for important sites, and consider using two-factor authentication and a password manager to keep your accounts secure going forward.

And if you’re a company exec or IT pro, make sure your organization is monitoring the Dark Web for ID account compromises. That’s where cybercriminals are purchasing credentials for scams like this. Check out our Dark Web Guardian service that provides 24×7 monitoring for these types of compromises – 50% off a new 1-year subscription when purchased by August 31.

Everyone stay safe out there!


MicroData is Hiring!

MicroData has an immediate opening for a part-time Bookkeeper and Administrative Assistant. Flexible schedule and a great, stress free work environment in our Beverly Office.

See all the details and apply on our website.


What Are 51% Attacks and How to Stop Them

I was pleased to contribute to a story by bonpay’s Jegor Nagel on cryptocurrency 51% attacks and the risks they present. If you hold any crypto it’s worth understanding what a 51% attack is and why the blockchain is so inherently secure.

Read the entire story at bonpay.com


Worried About a 51% Attack on Bitcoin?

I’ve had several people as me what I think about the possibility of a 51% attack on popular cryptocurrencies like Bitcoin, Ethereum and Litecoin? Since there’s a lot of interest in this topic right now, I thought I’d put the answer out for everyone to see.

A 51% attack is when malicious actors take over more than 50% of the mining network to make fraudulent transactions. To do this they need to hack or take over more than 50% of all systems mining the cryptocurrency in question and do it within the time period in which a block is mined.

So using Bitcoin as an example, to successfully hack the blockchain you’d need to hack the majority of computers mining the network simultaneously. This would be a massive undertaking for Bitcoin. Gobitcoin estimates that hardware costs alone for hacking the Bitcoin blockchain would be almost $7 billion dollars and the electricity needed for all that hardware would be the equivalent of 10 days’ worth of New York City’s energy consumption – about $10 million.

But even if you got past the above, the hack would have to happen within a 10-minute time interval as that’s how often a new block is mined.

So the point is that to be successful, a hacker would have to compromise more than half the computers in the network at the same time…and do it all in under 10 minutes. So you can see that while technically possible, it’s impractical to hack a large blockchain like Bitcoin.

The 51% attacks that have been successful have targeted small networks for altcoins where the practicality of amassing the computing horsepower necessary is possible – assuming that success offers enough of a reward to make it worthwhile. In recent weeks Zencash, Verge, Bitcoin Gold, and Electronium have seen 51% attacks.

So while there are many things to worry about with crypto investing, hacking the blockchain of a major player like Bitcoin or Ethereum isn’t something you have to lose sleep over. Instead, spend a lot more energy making sure your wallets and exchange login credentials are secure.


Don’t Let This Happen to Your Company

Employees come and go – but in this case a departing employee took thousands of confidential supplier and customer records from the sports-apparel firm Fanatics when he left to join a rival company.

How did he do it? It wasn’t an elaborate hack. He simply grabbed one of Fanatics’ own flash drives and copied the data from his password protected company laptop. He planned to share the data with his new employer. And because Fanatics is a $3 billion company, the stolen data was worth a lot.

This type of employee behavior is difficult to monitor and control – unless you have a MicroData Managed Service Plan. Every MicroData MSP includes our exclusive Ransomware Guardian toolset that lets you implement a variety of user controls including the ability restrict the use of Flash drives on a company, group, or individual basis. And yes, it also includes the ability to restrict the use of web-based file sharing services like DropBox™ and OneDrive™.

If your current provider or IT system doesn’t have these types of security tools, give us a call and enjoy the peace of mind that comes with the latest in IT protection .



“My Login Info/PII Isn’t on the Dark Web.” Let’s Find Out…

Unfortunately, most people that say this have little basis for the belief. The reality is that without monitoring it’s almost certain that some of your employees credentials are available for sale – or for free – out on the Dark Web and you’ll not know it. In 2017 we found 92% of organizations tested had compromises.

Here’s an example. I recently ran a quick scan on our local school system. I stopped the report after the first 190 compromises were found. And the report showed concerning details like failure to have implemented a complex password policy, setting a reasonable password depth, exposed Personally Identifiable Information (PII), etc.

Having the best firewalls and monitoring solutions in the world are useless if a cybercriminal has someone’s account info and password and just logs in.

I’m offering to help you find out at no cost or obligation. Visit this link and fill in your information and we’ll run a Dark Web scan for your domain at no cost and with no obligation. We’ll even give you a copy of our MicroData Dark Web Scan Action Guide that provides detailed recommendations on what to do if compromises are found.


82% of User Have Never Changed Router’s Default Administrator Password

A recent poll by Broadband Genie, a UK Internet Service provider (ISP), found that the vast majority of users – including some small businesses – have never changed the default administrator password on their router, thereby leaving themselves wide open for all sorts of cybercrime mayhem.

The survey also found that 52% had never changed the network name, updated the firmware, or checked to see what devices are on their network.

And 48% said they didn’t understand why they would need to make these changes.

If your small business is simply using the router/modem supplied by your ISP (not a good idea), make sure you get these items taken care of ASAP. And regularly review your router’s logs for suspicious activity. And if you don’t know how or why, contact us for some help.

Everyone stay safe out there!


IBM Bans all Removable Storage

If you’re looking for good examples of safe cyber security policy, take note of IBM’s recent actions.

In an advisory to employees, IBM Global Chief Information Security Office Shamla Naidoo said that the company is “expanding the practice of prohibiting data transfer to all removable portable storage devices.” This will include USB, SD cards, flash drives, etc.

Why are they taking this step? According to Naidoo, “the possible financial and reputational damage from misplaced, lost or misused removable portable storage devices must be minimised.” Or in other words, it’s just not worth the risk.

IBM will have employees use it’s own synchronization application service for moving data around.

The takeaway for your business? Only let your employees use approved removable storage devices that are trackable and managed, and don’t permit use of non-secure and unmanageable Cloud storage services.

Every MicroData Managed Service Plan includes our exclusive Ransomware Guardian – a suite of cybersecurity tools with functionality that includes limiting and managing removable storage and restricting the use of Cloud-based file sharing services. And our SecureCloud Sync service provides Cloud-based file sharing but without the risks inherent in consumer-grade solutions like DropBox™ or OneDrive™.


Equifax Breach: It’s Worse than You Thought

Equifax has released more info about the data stolen by the hacks in 2017 and it’s pretty grim. According to a letter Equifax submitted to the SEC on Monday, here are the numbers of actual compromises:

  • 146.6  million names
  • 146.6 million D.O.B.
  • 145.5 million Social Security Numbers
  • 99 million addresses
  • 27.3 million gender
  • 20.3 million phone numbers
  • 17.6 million driver’s license numbers
  • 1.8 million email addresses (without credentials)
  • 209,000 credit card numbers and expiration dates
  • 97,500 tax ID numbers

And the following government issued IDs:

  • 38,000 Driver’s license numbers
  • 12,000 Social Security or Taxpayer ID Card
  • 3,200 passport or passport card

What’s the takeaway? You really need to be monitoring your personal credit info. And we don’t recommend LifeLock™ as ironically they use Equifax for monitoring. Take a look at SpotLight ID which I personally use and we recommend to our customers. SpotLight ID provides more comprehensive protection plus it’s about 1/3 less expensive than LifeLock.

Everyone stay safe out there!


Windows Defender Anti-Phishing Plug-in Now Available for Chrome

Google’s Chrome does have some built-in security protection, but you can now add the well regarded (and well behaved) Microsoft Windows Defender anti-phishing product to the browser on your PC.

The Windows Defender plug-in doesn’t disable any of the Chrome security components but adds an additional layer of defense.

If you’re not familiar with how the plug-in works, it alerts you about known malicious links and sites before you actually visit the site.

And remember, while plug-in tools like these are helpful in protecting your network and users from malware and ransomware, they are only a part of a Unified Threat Management System you should have in place at your company.

You can find the plug-in at the Chrome Web Store or directly at Microsoft.


Thinking about LifeLock? There’s a Better Solution

We already assist our clients with monitoring for cyber breaches and mis-use of corporate data. But we’re also frequently asked about ID Monitoring for individuals.

While LifeLock™ has been around for a long time, we really lost interest in the service after the Equifax data breach. LifeLock™ offers to protect you from the Equifax data breach – by selling you credit monitoring and reporting services provided by Equifax. Yeah, maybe not…

We’re pleased to now offer a much better solution, SpotLightID from our partner ID Agent. ID Agent  has been around for quite a while providing threat intelligence and identity monitoring solutions to the public-sector. We’re delighted that they are now doing the same for private business and individuals.

SpotLightID is much more comprehensive than LifeLock™ and costs about 1/3 less. In particular I like that SpotLightID offers a single plan that covers 2 adults and up to 10 children – all for the same cost as the individual LifeLock™ Ultimate Plus plan.

You can learn more and sign up here.


“Your computer has a virus’ cold call scams on the rise

Microsoft has recently reported that complaints are up 24% for tech support scams. And freshly released stats show 15% of complainants losing cash to the scam.

If you’re not familiar with how it works, a user will get a call from someone usually claiming to be from Microsoft who will talk the victim through a number of steps on their computer that will cause something technical or scary to appear on the user’s screen. At that point the scammer will declare the information showing is ‘evidence of a serious problem’. An offer to fix the problem for somewhere between $200 and $400 is then presented.

This scam is indiscriminate, targeting both businesses and individuals. It’s  particularly frustrating in that individuals over the age of 55 seem to be particularly targeted.

This is one of those IT areas where no software or network gizmo will protect the user. Only training can help and is one of the reasons why MicroData always includes End User Security Awareness Training as part of any IT system design. Contact us if you’d like some help with locating these sorts of resources.

And remind your users and friends that if they get a unsolicited call from anyone about a ‘problem’ with your computer and the individual claims to be with Microsoft (or anyone else), just put the phone down. Microsoft and other reputable vendors never make unsolicited calls to users.



Panera Bread *finally* acknowledges data compromise

A vulnerability was discovered at Panera Bread in August of 2017 and was finally acknowledged by the company on April 3 of this year. Compromised data includes names, emails, physical addresses, birthdays and the last four digits of the customer’s credit card number. “There is no evidence of payment card information nor a large number of records being accessed or retrieved,” Panera Chief Information Officer John Meister wrote in an emailed statement.

The data was obtained through a website vulnerability that has now been reported as corrected.

The bad news here is that data was leaked for 8 months after a security researcher contacted Panera in August 2017 with details of the exploit.

The actual fix was a patch to the website that took 1 hour to deploy.

While Panera has talked about “[not] a large number of records” being affected, they have apparently identified 10,000 customers who likely did have their information exposed. Other reports suggest as many as 37 million accounts may have been exposed.

This is another good reason why your company should have a Dark Web monitoring solution like MicroData’s Dark Web Guardian in place. You may never know exactly what credentials and PII have been compromised in any given breach. And some compromises may never be reported, so your business needs to aggressively be checking for compromises.

And tell your users that if they previously set up and used an online Panera Bread account, to be safe they should change their password at the site and any other place where they may have used the same email/password credentials.

And of course, remind your employees to never use their corporate email address and password for account registration with other businesses/social media sites/entities.


Orbitz Data Breach: What You Need to Know.

If you’ve ever used Orbitz you’ll want to pay attention.

As reported by The Hacker News, it took Orbitz almost 3 months to discover that attackers exploited a legacy version of their travel booking platform

between October 1, 2017 and December 22, 2017. Users of Amextravel.com may also be affected.

Compromised data includes full names of customers, credit card numbers, birth dates, phone numbers, mailing addresses, billing addresses and email addresses. More than 880,000 individuals are affected.

Orbitz is currently working to notify the thousands of affected customers and plans to offer one year of free credit monitoring and identity protection service. Affected individuals should proactively monitor their personal data for misuse.


Windows 7 and Server 2008 R2 Critical Patches

If you have any computers running Windows 7 or Server 2008 R2, heads up! The previously released patches for Meltdown actually opened up another vulnerability – much worse than what was exposed by Meltdown.

According to researcher Ulf Frisk who previously found glaring shortcomings in Apple’s FileVault disk encryption system, the early Microsoft patches left a crucial kernel memory table readable and writable for normal user processes. Or in non-technical speak, the vulnerability allows any program or application of any logged in user to manipulate the operating system and extract and modify any information in memory.


The regular batch of March patches from Microsoft contained a fix but Microsoft has released a subsequent special emergency fix for this issue. So if your Windows 7 and 2008 R2 machines aren’t set for performing regular updates for critical patches, you should apply that special emergency fix as soon as practical. You can download that patch here. Other versions of Windows aren’t affected.

If you’re a MicroData customer with any of our Managed Service or Security service plans, this issue has already been automatically taken care of for you.

Everyone stay safe out there!


Your Private Info Harvested from Facebook – Here’s how to Stop it

If you’ve been following the news stories about Cambridge Analytica obtaining private user data from Facebook, you might be wondering how that happened and assuming it’s a breach of trust by Facebook – or someone.

The reality is that you’ve done it to yourself. Remember being in a rush that time and allowing some wacky application to access to your Facebook profile? Well, that’s how the application creators harvested accounts’ private info. They access the info and then typically sell it to anyone that wants to buy it. Which is exactly how  Cambridge Analytica and hundreds of other companies legitimately purchase the data.

In the ‘old days’ this was how you got paper junk mail. Each magazine or record club you subscribed to readily sold their subscriber list on the market. So the next thing you know you’re getting 8 flower and seed catalogs every spring. It’s just much worse with computer data as there is so much more of it.

OK, so how do you turn off access in Facebook? Fortunately it’s easy.

To stop applications and websites accessing your profile, consider turning off Facebook Platform, which connects accounts to services. Click the down arrow in the top-right of FB and select Settings. Click Apps in the left side menu. Go to Apps, Website and Plugins, click Edit and then Disable Platform.

Bear in mind you may then be unable to log into sites that you use FB for access and some linked apps won’t work.

And the bigger takeaway is that you should be honest with yourself and acknowledge that you won’t read all the fine-print legalese that’s available from every app and site. Deep in those documents you’ll find that by installing the application you are granting access to all your data on that site – in this case Facebook. So maybe it’s a good idea not to put any personal info there.

Everyone be careful out there!


Less Than Half Paying Ransomware Actually Get Their Data Back

As it turns out, paying the ransom on a ransomware attack is a great way to end up losing both your data and your money.

According to a study by Cyberedge, less than 50% of people hit by a ransomware attack who pay the ransom actually are able to recover their files. Of those who caved to the demand and paid the ransom, 49.4 per cent said they could recover their data, while 50.6 ended up losing it anyway. The not-so-shocking conclusion is that criminals don’t always stay true to their word.

So what’s the takeaway? Further reading of the study confirms what we’ve advised our clients for years; make sure you have good backups regardless of whether you use the Cloud or store data locally. And in the event of a ransomware infection, restore to the last backup.

If you’re not 100% sure of your data backups – whether you have Cloud data, premises data, or a combination – contact us and we’ll be glad to assist you. MicroData offers a full Managed Backup service as well as 1-click rollback restore solutions. You can also learn more on our website.

Everyone stay safe out there!


CIA: These Phones Will Steal Your Info

There are many factors to consider when buying a cell phone and now we can add espionage to the lists of risks to consider before making a purchase.

Chinese-based Huawei has been trying to make inroads to the U.S. market for a while now and has been selling unlocked phones online and through some retail outlets such as Walmart, Amazon, and Best Buy. They were also recently about close to an agreement with AT&T stores for selling their phones, but the deal fell apart at the 11th hour.

Now the heads of six U.S. intelligence agencies have warned consumers to avoid the brand due to what are considered security threats. Heads of the FBI, CIA, and NSA are telling Americans that the phones can “maliciously modify or steal information” and also “conduct undetected espionage”.

But with the Huawei flagship Mate 10 selling around $600, there are plenty of other choices out there without the risk. A favorite of mine which is still available is the Samsung S7.

Does your company need help with Mobile technology and security? Contact us for immediate assistance.

Everyone stay safe out there!



5 of the Best Business Travel Tech Accessories

Many of our clients travel for business – some travel a lot. If you have to be on the road for business, having the right pieces of tech can really help make the trip more productive and less stressful. Here are 5 great business travel accessories.

Bluesmart Cabin 22 Carry On. For the business traveler, a good carry-on is a must, but the latest version from Bluesmart gives more than a tough case that you can throw into an overhead bin.

The polycarbonate Cabin 22 includes a worldwide GPS tracker if your case ever disappears, a built-in charger energized by a 10K mAh built-in battery, and Bluetooth connectivity (weight, locking, etc). 9lbs, $599 www.bluesmart.com

Don’t want to spring for a new carry-on? Or maybe you’ve got a classic Zero case and don’t want to part with it. Then check out the Trakdot Luggage Tracker. Throw it in your bag and find it anywhere with your smartphone. $39.99 www.trakdot.com

If you have to do some serious computing work while traveling you know that a real mouse is very helpful. Pick up a Microsoft Bluetooth Mobile Mouse 3600. Small but fully functional – works with PCs or Macs. Black, Blue, & Red. $29.95, microsoft.com


How often have we been stuck in an airport and needed to charge portable equipment? Make sure you have a USB Wall Charger like this one from Power-7. No cords to deal with and you can easily charge two USB devices simultaneously from any outlet. $9.99/2 from Amazon.


And our 5th favorite is actually an application. Download the free AwardWallet app. It lets you track all frequent flyer miles, hotels, and credit card points in one location. You can even check your balances if you’re not online. Free, Android and iOS.


Are You Being Stalked via Your Fitness Monitor?

In our October 2017 MicroOutlook, I wrote about the risks of the Internet of Things (IoT) and the accompanying management challenges to keep your organization safe. Here’s a fresh example.

This week news came out about an unexpected side effect of many popular Strava-enabled fitness trackers. These devices interface to your smartphone and compile activity data and give you all sorts of reporting. Sounds good, right? Except the latest version includes a heat map which gets uploaded to the manufacturer who makes it available on the Internet. And it shows the aggregated routes of all its users. Social media users quickly realized that this info could be used to figure out where Western military camps in the Middle East are located. Fitness conscious soldiers jogging about the bases’ perimeters were building up nice neat traces on the heat maps over time.

Remember, IoT presents many security challenges. You can’t simply say ‘It’s just a temperature sensor’ or ‘it’s just a fitness tracker’. Any device that gathers data and connects to either the Internet or a network has to be scrutinized before it’s deployed. And you have to monitor your network to make sure employees aren’t bringing in their own devices and attaching them to computers or data jacks.

If your organization needs help with managing IoT or security, contact us for assistance.

Everyone stay safe out there!


Free MicroData Newsletter

Did you know that MicroData publishes a print newsletter every month? Called MicroOutlook, the MicroData newsletter is written for business leaders and owners and is filled with stories about the latest IT technology and opportunities, business management information, and tech tips.

You can subscribe for FREE by contacting us. And to get you started, you can download the January issue in PDF format here. The main story, Cyber Security Guide for Small Business has some great tips for keeping your company safe from cyber crime.

W2 Phishing Season is Here. Alert your Accounting Department

For the past several tax seasons, cyber criminals have used sophisticated social engineering tactics to dupe hundreds of payroll and HR departments into providing W-2 data on their employees, which results in the filing of fraudulent tax returns, other identity theft cases, and even class-action lawsuits against the company.

The typical W-2 phishing email is spoofed to look like it is from a  high-level executive and asks the employee to provide W-2 or other tax-related information either by replying to the phishing email, by sending the information to another email address, or to upload it to a server owned by the bad guys.

In many instances, the request for the information appears to be urgent, which forces the employee to act quickly. These spoofed messages can be very convincing. The emails have the email address and often contain the actual signature block of the executive that makes the employee believe that the email is authentic.

So remind your employees to think before they click. And consider some Security Awareness Training for your business. It’s the proven, effective way to significantly reduce employee susceptibility to phishing attacks. Contact us if you’re looking for help in improving IT Security at your business.

Everyone stay safe out there!


Meltdown & Spectre Vulnerabilities: Important Update

A few days ago I wrote about the Spectre and Meltdown CPU vulnerabilities and immediate recommended steps to take to mitigate the security problems created by these hardware bugs. Microsoft has already released some updates for the vulnerabilities along with their regular group of monthly patches, but some actions on your part may be required in order to successfully deploy these fixes.

Specifically, Microsoft is changing how they release updates. They will now check for a setting on each computer that will verify compatibility of the installed antivirus software with the operating system and to-be-installed patch. This is necessary because without this setting the antivirus software will block needed updates causing them to fail. Because the update is being blocked by the antivirus software, it’s up to the AV manufacturer to make sure this setting is present and correct.

Actions to Take: Expect antivirus manufacturers to start releasing updates to their products to take care of this issue. Trend Micro has just released a critical update to address this issue and more information is available on the Trend website.

For users running the current version of Webroot (9.0.19.x), no updates are required.

If your organization runs any other antivirus software applications, please check with the manufacturer or contact us for assistance.

And remember, these fixes I’m talking about today are only associated with Microsoft’s operating systems. For Apple, Linux, and other operating systems, contact your respective manufacturer for assistance. And also be sure to check with your hardware manufacturer for almost certain-to-be-released firmware updates and other important related news.

Note: For MicroData clients with Complete, Select, and Business Care service agreements, no action is required on your part. MicroData has already taken all necessary steps for you.

Everyone stay safe out there!


Meltdown & Spectre Vulnerabilities. What You Need to Know

Meltdown and Spectre are recently discovered hardware design flaws in the main processing chip – the CPU – in most modern computers. It turns out this design flaw has actually been present for years but has only recently been identified. These vulnerabilities affect PCs, Macs, desktops, notebooks, tablets, and even smartphones. And if you’re running applications in the Cloud, Cloud Providers that use Intel CPUs are also affected.

This is a big deal because it affects almost every computer and server on your network – Mac or PC. The design flaw, if exploited by specially crafted software, allows stealing of data that is being processed in your computer’s memory. Normally this couldn’t happen as applications and their data are kept isolated from each other, but this hardware bug breaks that isolation.

So if cyber criminals are able to get malicious software running on your computer either via malware or an infected website, they can gain access to your passwords stored in a password manager or browser, your emails, instant messages, and even business-critical documents.

So what to do?

First, if you are a MicroData Complete CareSelect Care, or Private Cloud  customer, we’ve already implemented a remediation plan and there’s nothing you will need to do. Taking care of Meltdown and Spectre involves  patching and updating all machines on your network and in many cases making modifications to the underlying operating system. These fixes will take some time as some patches won’t be released for several days.

If you’re managing your own security you’ll need to obtain the relevant patches for your operating systems, examine your antivirus software to make sure it will work properly with the patches and modify/update if not, and then apply the updates to all systems.

MicroData has tools that permit company-wide implementation of these patches and required changes, so if you need assistance contact us at 800.924.8167 or at microdata.com.

As always, but particularly until you get these updates applied, be extra vigilant of email links you click on and websites you visit.

Everyone stay safe out there!

Your 1st IT Security Resolution for 2018

Happy New Year! As your Resolution #1, make this the year that you increase the security of Information Technology both at work and at home. And start with your own PC. If you haven’t updated your version of Windows 10 in a while, make sure you do soon. Microsoft recently ended support for early versions of Windows 10 which means you won’t get important security updates and fixes.

To find out which version of Windows 10 you have, enter Settings into the search bar and hit Enter.  Select System > About. The version will be listed under Windows Specifications. If you don’t see Version 1709, you need to update your version of Windows.

Microsoft provides a free tool called the Windows 10 Update Assistant that will double check your installed version and take care of any needed upgrades.

If you have any questions or need a hand, contact us and we’ll be glad to assist you.


End of Year Patching Deserves Your Attention

2017 is finishing with large groups of patches from almost all manufacturers. These bug fixes, if not applied, leaves systems vulnerable for exploitation. Unpatched system is how Wannacry ransomware spread this summer, so take some time to be sure that all your computers, networking peripherals, and Internet-connected devices are patched and updated.

Here’s a few highlights:

  • Linux ‘systemd’ flaw
  • MacOS High Sierra (quite a few vulnerabilities that Apple has been rushing to fix including an emergency patch for the vulnerability that allowed the bad guys to log in to Macs as administrators without passwords and let any app gain root privileges). If you’re running High Sierra, don’t wait for an automatic update – initiate a check now.
  • Intel Management Engine (used in many servers and desktops)
  • A mass of updates from Adobe including Flash and Acrobat and Reader
  • A large grouping (50+) of updates from Microsoft for its various products

If you’re not already using some sort of automated patch management solution from an IT partner with the security expertise to make it work, it’s time to take a look. Manually trying to keep up with all the vendors and issues is pretty much impossible. And if you’re just not sure what to do, contact us and we’ll be glad to give you a hand.

Everyone stay safe out there!


MicroData Offices Closed for Thanksgiving Holiday

From all of us at MicroData, we want to extend our warmest wishes to you and your family for a Happy Thanksgiving.

The MicroData offices will be closed Thursday, November 23rd and Friday the 24th in observance of the holiday.

Normal office operations will resume on Monday the 27th. Emergency services and the MicroData support portal will continue to operate 24×7 as usual.

Glenn Mores & the MicroData Team


Meet MicroData, Explore the Dark Web, and Pickup $10,000 (maybe?)

If you’re in the Eastern Massachusetts area, you’re invited to stop by the main lobby of 100 Cummings Center in Beverly Wednesday, December 6th  from 11:30 – 1:30 and meet some of the MicroData team including MicroData’s President, Glenn Mores.

You can get a free, on-the-spot Dark Web scan to see if your company’s sensitive data is for sale, learn how to get a Hewlett Packard Enterprise Server with Microsoft Server 2016 for $249, and pick up a little Christmas gift for yourself: a Massachusetts Lottery Holiday Bonus scratch ticket for the first 100 people to sign up for the MicroData Blog at the event!

See you there!


Netflix Phishing Scam – Pass the Word!

Heads-up! Bad guys are emailing you that your Netflix account has been suspended, and it looks just like the real thing. They are trying to get your login information and your credit card data.

Don’t fall for this type of scam. If you want to change the settings of subscription services like this, never click on links in any email and just type the name of the site in your browser or use a bookmark that you set.

Everyone stay safe out there!



Bad Rabbit Ransomware Outbreak. Here’s What You Need to Know

A new strain of Ransomware called Bad Rabbit is spreading around the world. Bad Rabbit spreads via Social Engineering so here’s what to warn your users to look for.

Users receive a pop up in their browsers telling them that an update to Adobe’s Flash Player is available. There are two buttons to click; Install and Remind Later. Both do the same thing – install the malware payload on the system. Bad Rabbit then uses a list of known weak passwords and tries to access all found servers and workstations using common accounts such as Administrator, Guest, root, etc. If it gets a match, the ransomware proceeds to encrypt the files on the computer and then replaces the Master Boot Record – effectively bricking the computer. So recovery forces you to purchase two decryption keys. Price is .05 Bitcoin or about $275.

There are two takeaways. First, train and remind your users to use complex passwords and change them often. Second, have your users undergo Social Engineering security training.

Contact us if you’d like more information or assistance in keeping your network and data secure.

Everyone stay safe out there!



Mac Users, Heads up! Elmedia Player & Folx Infection

Late last week Eltima admitted that their servers had been hacked and their Folx and Elmedia Player DMG applications had been distributed with  the nasty OSX.Proton Malware.

Their advice? If you only performed an update you’re likely OK but if you downloaded the entire application Thursday the 19th, you may have a problem. We recommend anyone with these apps do a scan for the following files/directories:


If any of those exist, your system is likely infected.

Unfortunately, since this malware affects the administrator account, a total system OS reinstall is the only guaranteed way to get rid of the malware.

Proton is a remote-control trojan designed specifically for Mac systems. It opens a backdoor granting root-level command line access to commandeer the computer. It can steal passwords, encryption and VPN keys, and crypto-currencies from infected systems. It can gain access to a victim’s iCloud account, even if two-factor authentication is used. Bad stuff.

If you’re concerned about cybersecurity at your business give us a call today at 800-924-8167


Las Vegas Shooting Scams


Heads-up! It’s sickening, but cyber criminals are already exploiting the Las Vegas shooting. There are fake Facebook pages, tweets are going out with fake charity websites, and phishing emails being sent out asking for donations to bogus Vegas Charities.

Don’t fall for any scams. If you want to make a donation, you can go to http://www.charitynavigator.org before you consider giving to any charity. This free website will let you know if the charity is legitimate or a scam. It will also tell you how much of what it collects actually goes toward its charitable work and how much it spends on salaries and administration expenses.

Do not click on any links in emails or text you might get. Whatever you see in the coming weeks about Las Vegas disaster relief… THINK BEFORE YOU CLICK.

Everyone stay safe out there!


Equifax Data Breach Affects Half of U.S. Population. Here’s What to Do.

Equifax, one of the nations largest credit reporting companies, recently admitted that it had suffered a massive data breach and the personal information of 143 million U.S. residents was stolen.

The breach was detected on July 29 and data was compromised from mid-May through July. Compromised data includes:

  • Names
  • Social Security numbers
  • Birth dates
  • Addresses
  • Driver’s license numbers (in some cases)

As you can imagine this is major bad news as in many cases the above is all that’s required to open credit card accounts, take out loans, etc. And it’s even worse for small business owners because personal credit information is typically the base for business creditworthiness.

So what do you do? As an individual, we suggest the following:

  1.  Consider putting a Credit Freeze on your credit report. This will prevent potential creditors from accessing your credit report therefore making it much harder for someone to open a new credit-based account. You will need to contact Experian, Equifax, and TransUnion directly to request this action and note that there may be a modest charge to apply or lift the freeze.
  2. Contact any one of the above credit agenecies and request a Fraud Alert. When anyone applies for credit in your name a fraud alert requires the creditor to take additional steps to verify that the individual seeking the new credit card or loan is actually you. There’s typically no cost for a Fraud Alert.
  3. Set up Credit Monitoring. Credit Monitoring tracks changes to your credit report and can alert you immediately to any activity. With most requests for new credit, there is a 24-48 hour period in which you can revoke the credit request so getting a quick alert is helpful.
  4. Get Identity Theft Protection. ITP is more comprehensive than just monitoring and often includes monitoring of bank and credit card accounts for suspicious activity.

If you’re a business, you need to take additional steps to protect your network, data, and bank accounts. You can learn more by attending our next free Executive Cyber Security webinar. Register here.


Beware of Bogus ‘Voicemail’ Email Messages

This is an old scam but has been updated to be more dangerous so remind your users to be on the lookout. The old version ‘just’ installed a keylogger but this new version installs ransomware on your system.

You receive an email message from ‘Voicemail Service’ with subject like ‘New voice message from <some number>. There’s a bit of standardized-looking text in the body of the message which tells you that ‘you might want to check it when you get a chance.’

There’s a compressed attachment which if you click on it will play an audio file with embedded code that will encrypt files to [original file name].crypted.

Send a reminder to all your users: Do not click on links in “voice mail” emails from someone you do not know, and certainly do not open any attachments!

And if you have an IT department, in addition to good firewall and endpoint security management, make sure they are stripping compressed attachments from all incoming email messages from whatever email vendor you use.

Everyone stay safe out there!



Hurricane Harvey Charity Scams

Hurricane Harvey was (and still is) a bad one and people in Southern Texas and Southwest Louisiana are experiencing some severe flooding.  Unfortunately, low-life cyber-criminals are already exploiting this disaster. Here’s what to tell your users to watch for.

Links are already appearing on Facebook and Twitter and phishing email messages are hitting mailboxes trying to solicit donations for the flood victims. Most often these links take you to bogus websites that infect your computer with malware or try and get credit card info.

Be very very cautious of anything online looking for your ‘help’ in the coming weeks. If you’d like to assist, go yourself to a relief agency’s website. A couple of suggestions are www.redcross.org or www.salvationarmyusa.org/

Everyone stay safe out there!


Social Media Gotcha

You need to exercise a new degree of care with social media posts – both personal and corporate. Specifically, you have to watch that you and your users don’t make posts that can enable criminal activity. Let me explain.

You have probably already heard the good advice about not letting newspapers pile up on your front steps when you’re away, but in this era of instant electronic communications, criminals aren’t interested in driving around neighborhoods any longer. They now routinely cruise social media looking for opportunities. Today, an estimated 75% of burglars use social media to find potential targets. So posting those pictures while you’re on vacation or out for the evening isn’t a good idea. Either is providing details online about that expensive new piece of equipment the company just purchased. Aside from potentially having property stolen, there’s now a new gotcha; insurance companies are now actively using online activity to decide coverage and claims. What’s the basis for doing this? It’s a clause in the insurance contracts known as ‘reasonable care.’ Reasonable care means not doing anything reckless that would make you or your company a target.

So here are some simple guidelines for both personal and corporate social media usage:

  • Turn off your location. Disable electronic’s GPS unless you’re actively using it and also turn off location tagging.
  • Don’t post real-time. Put up pictures after a vacation or the details of the CEO’s Asian trip after they get back.
  • Don’t display high value items. Why make it easier for the bad guys?
  • Never post identifiable info online. This includes addresses, your auto’s license plate, etc.
  • Check privacy settings. Take some time to investigate what the settings are on your social media accounts. Facebook in particular updates its privacy settings on occasion and many of the defaults are quite open.

Everyone stay safe out there!


Chester Bennington & O.J. Email Scams – Heads Up!

Cyber criminals are already exploiting some recent celebrity news. Warn your users to be on the lookout for a couple of ransomware-loaded email messages that are spreading through the Internet.

The first has a subject line claiming Chester Bennington’s Suicide Note Released (or similar). And the other is O.J. Admits Guilt in Murder of Ron and Nicole. Both messages contain a link which if clicked, activates the payload.

Remind your users to stop and think before they act. And if you don’t already have a security training program in place for your users, why not? The investment is trivial compared to what a ransomware attack can cost your organization. Contact us for more information.

Everyone stay safe out there!


Business Process Compromise

All businesses have unique operational processes they rely upon to handle distinct needs. Even common tasks like shipping are handled differently from company to company. But in general, the larger a business is, the more complex its processes.

Business Process Compromise is a new type of cyber attack that recently has come into focus. It specifically targets unique systems and processes and manipulates them for the attacker’s benefit. And rather than a brash warning such as is received with ransomware, BPC attacks are typically silent and have a goal of stealthily appropriating goods and/or funds over extended periods of time.

Many BPC attacks go unnoticed because employees largely ignore the workings of these processes treating them as almost automatic.

Defending against BPC requires a multi-pronged approach.

  • File Integrity Monitoring should be considered for critical systems
  • Regularly check system operations and compare normal activity from abnormal and possibly malicious actions.
  • Regularly audit long-established processes looking for vulnerabilities as well as proper results from test data
  • Ensure that your organization has implemented cybersecurity measures to protect against identified malware exploits

Everyone stay safe out there!


MicroData’s Hiring!

MicroData has an opening for a full-time Operations Manager at our Beverly location! If you or someone you know might be interested, you can get more information and apply online on our website.


“Revoke your license” Email Scam

A new scam has appeared where users receive an email claiming they have unpaid traffic tickets which, if not paid or disputed by clicking a link within 48 hours, will cause the individual’s drivers license to be revoked.

Clicking the links provided does one of two things. Either malware gets installed onto the user’s comptuter to track web pages visited, or more serious, the user is taken to a fake RMV website where they are prompted to reveal personal information including names, Social Security numbers, date of birth, and credit card info.

Remind your users to stop and think before responding to unusual email messages. Or even better, consider training your users to recognize and avoid phishing attacks like this. Our partner, KnowBe4, offers a free phishing test you can safely send to your users to learn how prepared they are for these sorts of attacks. Contact us to learn more.


WanaCry Ransomware: Did You Listen When We Told You?

If you’ve been following the news from last Friday and over the weekend, you’ve head about the latest Ransomware that’s spreading like wildfire around the world. The ransomware’s name is WCry, but is also referenced online under various names, such as WannaCry, WannaCrypt0r, WannaCrypt, or Wana Decrypt0r. Whatever you call it, according to Avast security researcher Jakub Kroustek, it racked up over 57,000 victims in just a few hours last Friday.

Targets have included 40 hospital organizations across the UK and Spanish telecommunications firm Telefonica.

The ransomware targets unpatched computers and once inside an organization, it quickly spreads to other systems.

But getting infected by this ransomware was 100% avoidable if organizations did the right things – the things we keep pounding the table about in our blog and newsletters.

Back on January 3rd we blogged the following advice:

  • Make sure you have a good and up-to-date antivirus/anti-malware product installed
  • Be sure your Windows firewall is working and up to date
  • Don’t run old, out-of-date software. It often contains known vulnerabilities that cyber-criminals exploit

WanaCry specifically takes advantage of organizations that aren’t doing these things. But for MicroData customers with a Managed Service Plan like Business Care, Select Care, or even our value-priced Essential Care, this ransomware is a non-event. All our service plans include our ARIES Expert System that automatically applies critical patches and updates to all systems. A fix for this issue was released in March 2017.

And we always remind our customers not to continue using old, out-dated software like Windows XP which is no longer supported or updated by Microsoft.

If you’re affected by WanaCry or just aren’t sure your organization is protected, give us a call today and we’ll schedule a no-obligation assessment of your organization’s IT security profile.

Everyone stay safe out there!


1971 Disruptive Technology Event That Changed History

In October 1971, a programmer working on a secret government project called ARPANET did something new. He sent the first-ever email message.

The programmer was Ray Tomlinson and according to later interviews, nobody asked him to do it and he didn’t think much of it at the time. He just thought it was neat.

It took over 2 years for people to grasp the fundamental paradigm change represented by Tomlinson’s vision. By that time, more than 70% of all ARPANET traffic was email.

Today, 2.5 million email messages per second are sent on ARPANET’s successor – the Internet.

What’s so powerful about email is that it offers a highly efficient and effectively zero cost means of communication to anywhere in the world that has an Internet connection. Today, any business or organization needs email to work effectively so it’s important that you have a robust and highly reliable email system that is secure, capable of being backed up, manageable, and able to handle a variety of message and attachment types. This would rule out free email services – although those are fine for personal use. But organizations need a professional, commercial solution. At MicroData we recommend Microsoft’s Exchange – either in it’s Cloud form, Office 365, or as a local server solution.

Through the end of April, we’ve got a special offer for Office 365 email. Activate a new O365 email subscription with us and your first month of service is free. With prices as low as $4 per user/month, there’s no reason for any organization not to have a secure, flexible, and full-featured email solution.

Contact us at www.microdata.com for more information or to get started with your own Office 365 solution.


60% of SMBs Go Out of Business After This Happens

A survey just published by The Business Journals has some sobering statistics. Only 28 percent of owners of small and mid sized businesses responded that they are very concerned about ‘the safety and security of their firm’s technology, email and documents.’

What makes that particularly concerning is that it runs directly counter to the potential impact for small companies should they suffer a data breach. The Insights report said 60 percent of U.S. businesses with between 1 and 499 employees that suffer a data breach shut down within six months.

As a business owner or manager, if IT security isn’t one of your highest priorities, change your thinking and get some help. Proper IT security usually isn’t hugely expensive but it does require an understanding of the issues, threats and environment, and then implementing a comprehensive plan.

If you’re not sure where to start MicroData is offering a free, no-obligation IT assessment of your business. You’ll get detailed, specific information about the security of your IT environment along with recommendations for corrective actions. And of course we can handle all aspect of implementing and managing IT security for your business. Click here to learn more.


CEO W2 Request Scam

Cyber criminals want access to sensitive data. But rather than a brute-force attack to get it, they’ve figured out its much easier to simply go after users that already have access to the data. One scheme that’s popping up everywhere in the last few weeks is the CEO W2 Request Scam.

This appears as a phishing attack directed at someone in HR or Finance that has already access to this information. The individual receives an email with a spoofed sender address of the CEO (faked address) asking if they would ‘kindly forward PDF copies of all W2s’. It might even be followed up with a text message or another email and sometimes an additional request to have money wired somewhere.

W2s are selling for between $4 and $20 out on the Dark Web. The information on the W2s is used to file bogus tax returns, open financial accounts, apply for loans and credit cards, etc. And once this information is out, there’s no getting it back. It’s a major, long-term headache for anyone affected. And small and large companies are being hit, so no one is immune.

So tell your users to be careful and remember to not send personal or financial information via email and if they are ever unsure, stop and pick up the phone and verify any requests for information that are unusual or uncharacteristic.



5% of Amazon Purchases to Charity!

Today only, Amazon is celebrating its #1 ranking in the American Customer Satisfaction Index. And as a ‘thank you’, they are donating 5% of your purchase price of eligible products when you buy through the Amazon Smile link.

If you’re not familiar with Smile, it’s a special portal URL for accessing Amazon that let’s you designate a charity of your choice to receive 1% of your purchase price. But today only it’s 5%.

So if you had something you were going to purchase soon from Amazon anyway, why not do it today and send 5% to your favorite charity? Shop at smile.amazon.com


The Cloud Domino Effect

Yesterday around lunchtime, Amazon’s eastern web services went down and stayed down until about 4:15 in the afternoon.

Many users learned that their Cloud services utilized Amazon’s web services. Netflix, Reddit, Slack, Pinterest, and many other major companies were affected by this outage. This is what I call the domino effect of the Cloud – most Cloud services utilize other Cloud services as part of their solution.

From a user perspective, if you make use of a Cloud-based service and it goes down, you can break out a deck of cards. There are no workarounds and nothing that you can do to fix it.

Are there options that can keep you working? The answer is ‘Yes’. And you might be surprised to learn that these options can often cost quite a bit less and offer greater flexibility than the Cloud in some circumstances. Learn more about Hybrid-Cloud or other premises services at www.microdata.com


Windows 10 PC in Your Pocket

Sirius B Windows 10 PC

Everyone likes portable electronics and computers which is why cell phones are so popular. But so are tablets and notebooks which can give you full processing power but without the cord.

Manufacturers keep pushing miniaturization and the latest is the Sirius B from Ockel. Smaller than many cell phones, the Sirius B is a full-fledged Windows 10 computer complete with HDMI video output, USB, wireless, Bluetooth, 2GB of RAM, 32GB of flash storage, an SD card slot, and a quad-core Intel CPU.

And at $189, it might just replace your desktop PC.


Verizon Wireless Offering Unlimited Data Again

Five years ago Verizon ended its unlimited wireless data plan and as recently as last month, company officials said they had no plans for re-introducing it. But thanks to Sprint who just recently announced an unlimited data plan, Verizon has done a 180 and is now offering unlimited data for smartphones and tablets on its 4G LTE network.

Verizon’s new unlimited plan is $80 per month for unlimited data, talk and text for the first line and an additional $45 per line up to four lines. We found that by hunting around on the Verizon website other combinations are available, too.

More info is available at www.verizonwireless.com


400,000 Cyber Attacks a Day?

Sun Tzu, the famous 5th century BC Chinese general and philosopher has been credited with the statement ‘know yourself, know your enemy and you shall win a hundred battles without loss.’ This applies to cyber-criminals, too. A critical part of your organization’s defense is understanding the extent and nature of the threat. Here’s an example of what I mean.

We recently installed a server for a client which communicates directly to and from the Internet. While it’s a given that adequate security needs to be in place, many business people don’t realize the extent to which the bad guys will go to gain access to a system like this. Cybercriminals deploy automated systems to silently scan for computers, routers, and other IT-related devices which are connected to the Internet and once found, automatically and continuously attempt to exploit configuration mistakes, default or ‘easy’ passwords, and unpatched vulnerabilities.

After only 1 day, here’s a summary of the individual attempts to hack this single system:

USA (106)
Russian Federation (18)
India (17)
China (14)
France (13)

Note that because of the software we installed, after an attack was attempted 3 times that address was blocked from further access. So the above total of 168 individual attempts in 24 hours – if not stopped by the software we had installed – would have likely been continuous attempts every few seconds by each attacker. This would likely have put the daily total at close to 300,000 – 400,000 attempts.

The takeaway? Don’t underestimate the enemy. They have resources to find your systems, exploit vulnerabilities, and make your life miserable.

Invest in good quality security, keep systems and hardware up to date, and monitor everything.

Everyone stay safe out there!


‘Can you hear me?’ Phone Scam – Heads Up!

Another nasty scam making the rounds is the so called ‘can you hear me?’ phone scam. This one is low-tech – no computer required – and has already targeted residents in Virginia, Florida, and Pennsylvania this year according to WNEP. Here’s what you need to know.

You receive a call from a number you don’t recognize although it’s usually a local area code. When you answer the phone you hear a simple question – ‘Can you hear me?’ If you answer ‘yes,’ it gets recorded. From that point there are a couple of ways the scam can go.

In one variant you are later charged for a variety of services or products and if you contest the charges, the scammers will play back your verbal confirmation ‘yes’ and threaten you with legal action if you don’t pay.

Another option is for the cybercriminals to try and use the recording to trick an automated system into authorizing charges on a stolen credit card or to give additional personal information.

So what should you do? While it seems impolite, if you get this call just hang up the phone. And for phone calls in general, follow this advice:

  1. Don’t answer the phone from numbers you don’t recognize
  2. Never give out personal information over the phone unless you initiated the call
  3. Don’t confirm your phone number over the phone unless you initiated the call
  4. Don’t answer questions over the phone unless you initiated the call

Spread the word especially to seniors you know. Everyone stay safe out there!


MicroData Re-appointed as Microsoft Educational Partner

I’m pleased to announce MicroData’s re-appointment for the 19th straight year as a Microsoft Education Partner.

To be a MEP requires that an organization demonstrate technical expertise in Microsoft technologies by appointment as a Microsoft Partner and then testing backed up by customer references demonstrating expertise in Microsoft Academic products and licensing.

For any organization that isn’t aware of the advantages of Microsoft Academic licensing, the program offers extremely generous discounts to both Primary and Secondary academic institutions – public and private.

I had the privilege of teaching as a Senior Lecturer in Management Information Systems at Boston’s Northeastern University for many years and I continue to enjoy helping educational institutions of any size and type with their important mission. If you know of a school that could use assistance with any facet of information technology, please have them contact me directly.



Fake Windows Update is Actually Ransomware

A new strain of ransomware is making its way around the Internet and what’s so nefarious about this version is that it disguises itself as a Windows update.

What happens is that an attachment in a phishing email, when clicked, actually launches a process that brings up a prompt advising the user that an important Windows update is available. People go along with it thinking that they are doing the right thing by keeping their computer up to date.

The ransomware itself is called “Fantom” and the actual executable that starts the process is “CriticalUpdate01.exe.” Once executed it extracts “WindowsUpdate.exe,” and the screen that displays as it begins to encrypt your files looks very much like the modern blue screen that Windows 8, 8.1 and 10 users are familiar with.

But what’s actually happening is that your files are being encrypted. The next thing you’ll see is a screen telling you all your data has been encrypted:

Fantom ransom screen

At this point your only options will be to restore all data from a backup or pay the ransom.

So what can you do to stay safe? Here are 5 basic steps to take.

  • Remind all your users never to open or click on links in messages they are unsure of
  • Don’t run Windows in Administrative mode
  • Make sure you have a good and up-to-date antivirus/anti-malware product installed
  • Be sure your Windows firewall is working and up to date
  • Don’t run old, out-of-date software. It often contains known vulnerabilities that cyber-criminals exploit

Everyone stay safe out there!


“Your Office 365 statement is ready” Scam – Heads up!

The popular Microsoft Office 365 online service is now being used in a phishing scam to try and steal your personal data and information. Here’s what to look for.

You receive an email that appears to come from the ‘Microsoft Online Services Team’ with a subject of ‘Office 365 billing statement’. The body of the message looks good – there’s an Office 365 logo, no typos or obvious mistakes, and even the Microsoft logo at the bottom of the message. There’s a hyperlink inviting you to ‘Click here to view your statement’. If you do you actually download malware onto your computer.

Advise your users just to delete the message without clicking anything. And remember, with any message about an account you might have somewhere, never access it from a link in a message. Always go to the actual website by entering the address yourself, login, and then review any messages or account details. And if you’re still in doubt, pick up the phone and call the company’s customer service.

Everyone stay safe out there!


SecureCloud Backup – 50% off Through Dec. 31

MicroData is celebrating the holidays and over the next 2 weeks I’ll announce some special offers for our customers and friends.

Special #1: If you’re looking for a secure business-grade Cloud backup solution, a 1-year subscription to MicroData’s SecureCloud Backup is 50% off through December 31. And we’re even throwing in free setup.

SecureCloud Backup works with any PC, Mac, or Server and requires no user intervention or maintenance. Fully HIPAA compliant with military-grade encryption.

And at 50% off, you can start with 250GB of de-duplicated storage for just $34.50/month (new SecureCloud Backup customers only).

This offer ends December 31, so don’t wait to lock in a full year of savings.

Contact us at 800.924.8167 or online to learn more or get started.



MicroData is Hiring!

As we approach the end of 2016, I’m pleased to report that MicroData is growing – and we’re hiring! We’re currently looking for both an Engineer II and Engineer I. We also have a technical and a marketing internship open for the winter/spring.

If you know of anyone that might be interested, please point them to our website or have them contact us today.


RingCentral Spoof – Heads up!

Cybercriminals are now using references to the popular VoIP/efax service RingCentral in an attempt to trick users into taking actions that will infect their computers with malware.

Users receive an email message displaying the sending address ‘RingCentral’, a subject line that contains their name and the text ‘you have a new fax from 314-521-2722’ (or some other number), and the message body telling the user they can view the new fax message ‘on our website.’ Clicking the hyperlink will take the user to a web page that will infect the computer with a Trojan.

Make sure you just delete the message without clicking on any links.

Remind your users to stop and think before they act.

Everyone stay safe out there!



IRS Form 6642 Email Scam

Tell your users to be on the lookout for a new email scam – the subject line is “RE: IRS Form 6642” and the apparent reply address is from a law firm.

The body simply contains Can you print this? and a link labelled “IRS Portal.” Click the link and you download and install malware on your computer that looks for and steals financial account information and passwords.

What makes this scam somewhat different is that it doesn’t threaten or attempt to scare the user to action but instead asks a simple, innocent sounding question.

Just delete the message without clicking on the link or interacting with it in any way. And remind your users to stop and think before acting.


412 Million FriendFinder Accounts Hacked

LeakedSource Sunday reported that 412 million accounts on the FriendFinder network had been exposed, making this one of the largest hacks in 2016. And worse, this is the second time that the FriendFinder network has been breached. The first time was in May 2015.

If you have an account on any of the FriendFinder sites you’ll want to change your passwords and check any credit card info you may have stored with your profile.

Everyone stay safe out there!


What Last Friday’s Denial-of-Service Attack Teaches Us

Most likely you were affected by last Friday’s DDoS attack. Everyone awoke and found many popular Internet sites slow or unresponsive. This was due to a multi-pronged attack against Domain Name Service (DNS) provider DynDNS and on Amazon Web Services. Affected sites included Twitter, Spotify, Soundcloud, and many others.

Without getting into too much technical detail, a DDoS attack utilizes thousands of compromised systems to flood a service – in this case Dyn and AWS – with so much traffic that its servers are overwhelmed trying to respond to it. It took Amazon and Dyn a couple of hours to restore normal operations.

The exact cause and ultimate size of Friday’s attack hasn’t been pinpointed yet, but other recent attacks were conducted by compromised Internet-of-Things (IoT) devices – think toasters and refrigerators with built in connectivity. I’ve been amused by the predictions of how IoT will take over the world without any problems when as yet we can’t even effectively manage security on the much smaller number of devices we already use. IoT devices use very simple embedded operating systems – most with minimal security – and many with undocumented embedded backdoor access mechanisms from their manufacturers.

So what can be learned? A couple of things.

First, a reminder. If you are 100% reliant on Cloud services, you have to be prepared for downtime and have a plan for how you’ll respond.

Second, be very careful with IoT devices on your business network. Heck, be careful with them on your home network. Most offer no option to monitor or manage what they are doing or what information they are collecting. If you have IoT devices that you want to leverage at your business, plan to deploy them securely on an isolated network.

Finally, consider updating your employee policies to cover bringing these devices into your organization. This is similar to employees bringing in their own wireless notebooks/tablets/etc., but now there can be many more varieties of devices.

Check What Facebook Knows About You

Most people are at least vaguely aware that Facebook tracks information about how you interact and use the service. Likes, ads you click on, things you comment on and things you don’t comment on, etc. It’s all data to build a profile about you that can be used for directed advertising.

If this makes you uncomfortable, you want to get rid of some directed ads, or if you are simply curious, here’s how to check on what FB has on you – and clean out items you don’t like.

In Facebook, go to ‘Ad Preferences‘. At the top you’ll see tiles that identify Interests. These are grouped by sports, news, entertainment, etc. If you see something that isn’t an interest, just click the ‘x’ that appears in the upper right-hand corner when you hover your mouse over the tile.

Go through all the categories; People, Lifestyle and Culture, Business and Industry, Hobbies and Activities, Travel/Places, Food & Drink, Education, and Sports & Outdoors. I found quite a few preferences that I couldn’t explain (North Pole?) plus some that were just wrong. Getting rid of these helps reduce ads you’ll see.

Now scroll down to the Advertisers section. You’ll see a list of advertisers that already have your info. Remove any of these and Facebook claims you won’t see their ads any longer in Facebook.


Galaxy Note 7 is Dead

On the heels of the announcement yesterday that they are recalling all Galaxy Note 7’s including the re-engineered replacements for the original models, Samsung has announced they are suspending production of the model entirely. “Taking our customer’s safety as our highest priority, we have decided to halt sales and production of the Galaxy Note 7,” said Samsung in a statement.

So what do you do if you have a Galaxy Note 7? Bring it back to the location you purchased it for a refund/replacement or if that might not be feasible, contact whatever service provider you’re using and they should be able to help you out.

For replacements take a look at the ‘regular’ Galaxy S7. Very nice and no charging issues. And yes, it has a headphone jack.

Here’s How to Do a Deep (and free) Malware Cleaning on your PC

Everyone should already have a good antivirus application on their computer/notebook/tablet. And there should also be some application installed to help protect against malware. But what do you do when you have a system that’s really loaded with spyware, malware, and adware and your software tools don’t seem to be able to get it all off? You should do an Offline Cleaning. Microsoft gives you the tools for free but almost no one knows how to use them. Here’s exactly how to do it.

Windows 10

The tool is Windows Defender Offline. Close all your open files and then in Windows 10, Go to Settings Update & security > Windows Defender > Select Scan Offline. Your system will reboot and the scan takes about 15 minutes to run.

To see what was found select Start, Settings > Update and Security > Windows Defender. Open the History tab, select All detected items, then select View Details. Any items found by Windows Defender Offline will be listed as Offline Detection source.

Windows 7

Windows 7 is a bit more work but not difficult. First, get a blank CD or a USB drive that’s at least 512MB in capacity. Now – on a computer that you’re pretty sure isn’t infected with malware/spyware – download the Windows Defender Offline application. Select either 32-bit or 64-bit depending upon whether your PC is running a 32 or 64-bit version of Windows.

Link to 32-bit version

Link to 64-bit version

Now run the downloaded file.

Windows Defender Offline Setup

It will ask you if you’d like to create either a USB startup device or a bootable CD. Usually a USB drive is easiest but work with whatever you have.

Windows Defender Offline Setup

Let the setup finish then remove your newly created USB drive. Go to the machine you want to clean but don’t install your USB drive yet. Power the machine down normally and once it’s off, insert the USB drive and turn on the power. The computer will boot to the USB drive and Defender Offline will run – usually for about 15-20 minutes. When it’s finished you’ll be prompted to restart the computer. Remove the USB drive and restart normally. Your deep malware cleaning is done!

UPS Phone Scam – Alert Your Users

Not content to rely on just phishing emails, now cyber criminals are using a clever pre-recorded phone call to try and steal your credit card info. Here’s how it works.

You receive a phone call – often on a cell phone – with a very professional sounding recorded message claiming to be from UPS stating that your account (some account number is given but the bad guys are hoping you don’t remember your actual UPS account number and notice it’s different) is seriously past-due. You’re politely asked to call a provided 800-number. If you do you speak to a fake representative who offers to help you by taking your credit card info to ‘take care of’ the past due bill for you. Of course once you give them your credit card info your day is ruined.

Remind your users that cyber criminals are trying to get to them using any technology available – including the telephone.


Still Using IE 7, 8, 9 or 10? Time to Upgrade

Microsoft released its monthly set of patches and updates this Tuesday and of particular note is the fact that over half of the ‘critical’ fixes (those related to security) are not being released for Internet Explorer 7, 8, 9 or 10.

So what this means is that if you’re an Internet Explorer user this is a really good time to upgrade your browser if you’re still using one of those older versions. How do you check? Open up a browser window and pull down the ‘Help’ menu and choose ‘About Internet Explorer’.

If you find you need to upgrade Internet Explorer visit Microsoft’s Download Center for the free update.


Beware New Tech Support Scam

Here’s a new one you should alert your users to be on the lookout for. Over the last few years we’ve all become accustomed to receiving legitimate email alerts from providers such as Google, Yahoo, and Facebook when there was the possibility of a security risk such as a logon to your account from an unknown computer.

While cybercriminals have copied these emails in the past hoping to lure users into clicking on links taking them to infected sites, there’s now a new twist. Now the fake security email includes an 800 phone number that you’re told you need to call.

If you do you’ll either get to talk to a real cybercriminal – usually with a foreign accent – or you’ll bounce around voicemail for a while. But with either, you eventually end up being told that there’s something wrong with your computer and that they’ll fix it for you but need a credit card.

Remind your users to stop and think.

Everyone stay safe out there!


Pokemon Go Ransomware

My wife and I were out on the back roads this past weekend and saw a man with what was clearly his 6 year old daughter stopped beside the road. When we saw him holding up his iPad for the little girl we turned to each other and said ‘Pokemon Go!’

It was cute, but like every popular trend cybercriminals have found a way to use it to try and extort money from you. In this scam, you receive an email with a Pokemon Go game icon as an attachment. If you click on the attachment it installs two pieces of malware that encrypt your files and then demands (in an arabic text file it leaves on your desktop) that you respond to an email address to receive instructions for paying a ransom to decrypt your files.

We haven’t seen any confirmation as to whether or not it will encrypt network files across a LAN or VPN connection but you should assume it will. Yet another good reason not to mix personal computing with work resources!

So spread the word that if anyone receives an email messages that’s Pokemon Go related, they should just delete it.

Everyone stay safe out there!


Why Ransomware Pays

I’ve had many frustrated people as me why cybercriminals create and distribute ransomware. The answer is money, of course. But some new data from a report by Check Point software’s researchers is helpful because it shows just how much money we’re talking about.

Check Point focused on just one product: Cerber. The Cerber platform is software created specifically to be resold to create ransomware. Aspiring cybercriminal affiliates create their own ransomware campaign using Cerber and the deal is that Cerber gets to keep 40% of whatever their customers make with their ransomware attack.

Check Point was able to determine that Cerber had more than 160 participants at current count and that the combined direct sales plus affiliate revenue was almost $200,000 just in July – and this despite a victim payment rate of only 0.3%.

Doing the math means that Cerber is on track to net 2.4 million dollars this year.

So what’s the takeaway for businesses? Ransomware is a highly profitable criminal activity and you should expect to see increases in attacks on your business.

And that means that if you haven’t yet, you should get your organization up to speed both in terms of hardware/software preparedness, but also user training.

If you’d like to learn more, download our Executive Report: Ransomware Prevention Checklist for Your Organization or give us a call at 978.921.0990

Everyone stay safe out there!



Unbelievable Deal on a High End Multifunction Printer from Lexmark

I don’t often write about hardware deals. Quite frankly, there’s almost no money to be made on any of it so we leave it to the large national distributors, but once in a while I see something that actually impresses me enough to put the word out.

Lexmark has an unbelievable deal on their MX511de black and white multifunction printer. Regularly $999 and the best Internet price we’ve seen was $620 at Amazon, as a partner we’ve been offered a very limited number of these workhorses at $349 each (plus shipping). That’s brand new with a 1-year on-site warranty.

So if you’re sick of buying inkjet cartridges, complete the brief form below and we’ll have someone give you a call right back.


How the Chinese Stole the Secret F35 Fighter Plans – and Why it Matters to You

U.S. F-35 Fighter
U.S. F-35 Fighter

Starting in 2011, a Chinese citizen named Su Bin who lived in Canada orchestrated an elaborate hacking operation that stole over 50TB of classified data about the F35, B2, and other highly classified U.S. weapon systems. How did he do it?

It wasn’t elaborate technical penetration of firewalls or middle-of-the-night Mission Impossible-style burglary. It was simple email phishing.

With email phishing, a message is sent to employees appearing to be from a colleague or friend. The message contains a link and when the recipient clicks on the link, they are taken to a bogus website which then infected their computers with malware to harvest passwords and data.

While your company may not have top-secret information, you are almost 100% certain to be targeted in this same way by ransomware – software that encrypts your data – both local and Cloud – and you won’t get it back unless you pay a ransom to the cybercriminals.

The takeaway? Of course you need to implement all the best-practice technical safeguards and monitoring for your network, but equally important is that you need to train your employees to recognize phishing email messages so they don’t act on them.

If you’d like to learn more, click here to download our free Executive Report; Ransomware Prevention Checklist for your Business.


What Notebook Would You Take Into Space?

Think about it for a minute. There’s no FedEx for a quick delivery of replacement parts, so you want the absolute highest reliability and ruggedness in a notebook. So which do you choose? For the International Space Station, NASA selected Hewlett Packard’s ZBook 15 Mobile Workstation.

HP ZBook 15 in Zero Gravity

On April 8 SpaceX delivered (5) HP ZBook 15’s to the ISS aboard their Falcon 9 rocket. Here’s how they perform in space (and on earth):

  • Rugged. Not every computer can handle the demands of space. The ZBook 15 went through lots of tests—including getting blasted with radiation—to make sure it could still function optimally onboard the space station. It also withstood a rigorous battery of Military-Standard 810G testing including drop, shock and extreme temperatures, plus 10 years’ worth of radiation exposure.
  • Powerful processors. The ZBook uses new 6th generation Intel® Core™ processors.
  • Lightweight design. The ZBook 15 weighs in at a svelte 4.18 pounds, which makes rocketing them 240 nautical miles off the planet just a little easier.
  • A massive memory. ZBooks can handle up to 1 TB internal memory that lets astronauts save and organize their valuable research.

Curious about how they use them? According to HP and NASA, the notebooks are used for:

  • Command and control. The ZBooks will interface with the systems to provide command and telemetry functions which support vehicle control, life support and critical maintenance operations.
  • Mission support. The workstations will be used to support more than 500 experiments conducted each year.
  • Physical and mental health. HP ZBooks will be used to monitor and support the health of astronauts enduring the rigors of space. This includes everything from retina eye exams to video conferencing and IP Phone calls to support connectivity with family and friends to support mental well-being.

MicroData customers don’t take their notebooks and tablets into space, but they get some pretty tough use. That’s why MicroData recommends HP products and the ZBook series of notebooks is one of our favorites. If you’d like more info about HP products, please contact us.


Mac Users Beware ‘Easy Doc Converter’

Cybercriminals are increasingly targeting Mac users and the latest is a backdoor malware app which has been identified as ‘Eleanor’ by Bitdefender. This malware installs a backdoor that gives the bad guys almost complete access to the infected machine including all data and control of the built-in webcam.

Mac’s running OS X 10.6 or later can be affected – that’s would be circa 2007 or later.

This malware installs itself disguised as a fake file converter called ‘Easy Doc Converter’ and available on MacUpdate although not at the Mac App Store according to Apple.

Apple says they’ll be releasing an update to Xprotect to block the app but they haven’t detailed how they will patch the underlying vulnerability that permits Eleanor to do its mischief (execution of a script registered to system startup that allows an anonymous attack of the system). But in the meantime if you’ve already installed this app, the free Malwarebytes scanner has already been updated to remove it.

Everyone stay safe out there!


Glenn Mores Interviewed on CBS Pulse

Interested in learning about what the Cloud can cost and how secure it is? Check our Part 2 of my interview with Gillian Burdett on CBS Pulse.

And if you missed Part 1 where I talked about the benefits of Hybrid Cloud deployments, you can find it here.


Use GoToMyPC? Read this

If you are a user of GoToMyPC it’s time to change your password. In their blog this Sunday Citrix said that the service was hit by a “very sophisticated password attack.” Citrix is requiring all users to reset their passwords using the ‘Forgot Password‘ link.

Citrix didn’t go into detail but the implication is that a substantial number of accounts were compromised.

And of course if you used the same account/password at other sites you should change it at those sites as well.

Attacks against websites continue to grow as cybercriminals exploit security flaws. If you haven’t already, start taking a look at enabling two-step verification which many sites are now offering. With two-step verification, you receive a unique code to your cell phone or email each time you want to sign on.


Your TV Can Now Get Held for Ransom?

The concept of the Internet of Things is appealing in many ways. It allows connectivity and interaction with devices which were not capable of being managed/monitored in the past. And when there one platform to link them all together, it gives a nice, consistent user interface and experience. But like most things in life, there’s a dark side to consider.

Consider FLocker – an Android based lock-screen ransomware. This one has been out there for a while but it’s being continuously being updated by the cybercriminals that produced it to keep it one step ahead of the firewall and antivirus companies. The latest version pretends to be from some law enforcement agency and accuses potential victims of crimes they didn’t commit. It now will also infect Smart TV’s that run the Android OS – effectively locking you out of your TV.

Consider a fully ‘smart home’ of connected devices and you can immediately see the possibility of them all getting infected and operation disrupted. Vendors haven’t thought this through yet, but they’ll need to – and soon.

Everyone stay safe out there!


Google’s New Free Website Tester

Everyone wants their website to be friendlier for users and rank better in searches. Now you can quickly see exactly what Google is looking for in terms of how your site delivers pages, both on desktops and on mobile devices.

The neat part is that after running the test (which only takes about 30 seconds for an average business site), Google gives you a report of findings and exactly what you should work on. Just forward that off to your web developer and have them get to work!

You can access the Tester here.


eBay Scam: Alert Your Users

With phishing email messages, the key for cybercriminals tricking you into divulging passwords and account information is to make a plausible-looking message that gets you to click on a link. Then you’re taken to a bogus website where you are asked to ‘log in’ and boom, they have full access to your account.

The latest is a fake eBay message supposedly from a user demanding to know why you haven’t sent them info about something they allegedly purchased from you. They threaten to contact the police and PayPal if you don’t respond.


Remind your users to stop and think. Note that the message isn’t personally addressed to you. A threat in a message is another giveaway as is poor grammar. Tell your users just to delete the message without clicking on anything.

Everyone stay safe out there!


MicroData on CBS Small Business Pulse

Heard about Hybrid-Cloud and wonder what all the hype is about? Check out the Part 1 of the interview I did on May 20 with Michelle Guilbeau of CBS Small Business Pulse.


Just What is a Strong Password?

Most websites now require/encourage you to create a strong password when you set up an account. But what exactly is a strong password? What one site considers a strong password another site will tell you is moderate or weak.

Regardless of what any specific site tells you, a strong password should have the following characteristics:

  • at least 8 characters
  • doesn’t contain your actual name, your user name, or your company name
  • doesn’t contain a complete real word
  • is significantly different than previous passwords
  • contains an upper case, lower case, numerical, and symbol character


Android Phishing Trojan Cleans Out Your Bank Account

From our friends at KnowBe4 comes an alert about a really nasty piece of malware which goes after Android phone users and targeted smartphone banking apps.

It works by inserting a fake login screen over the actual login screen in the app. When you log in you’ve actually just given the cyber criminals full access to your account and they promptly transfer all funds to an overseas account.

Android devices get infected by either installing an app outside of the Google Play Store (called a sideload), or by downloading a ‘Required Flash Update’ needed to view video – usually at an adult site.

So for your smartphone – iPhone or Android – follow these tips:

  1. Don’t sideload
  2. Don’t click on text messages you don’t recognize or expect
  3. Keep your device updated – both the OS and apps you use
  4. Don’t surf adult and inappropriate sites. Risk of infection is very high

If you’re concerned about malware and ransomware threats at your business or organization, check out our FREE download: Ransomware Prevention Checklist for Your Business

Everyone stay safe out there!


Why Using that Old Version of Office Puts You at Risk

I was born in Maine and had parents that clearly remembered the effects of the Great Depression. They weren’t yet born during the actual Depression but growing up, their parents who had lived through it, taught them valuable life lessons from those difficult years. And I got many of the same lessons although as the next generation, less poignantly. One central concept was Yankee-thrift, a big part of which means you don’t waste things and you don’t throw stuff away that could be re-purposed or re-used. Good advice – in most cases.

The problem is that this belief can get you into trouble with information technology. For example, we have many organizations we’ve worked with that use older versions of Microsoft Office. I’ve repeatedly heard over the years, “it works just fine and does what I need it to.” The problem is that it does some things you really don’t want it to do.

One of the biggest problems is the file format. Have you noticed how newer versions of Word save files with a .docx extension rather than the older .doc? There are many improvements that Microsoft built into the new file format, but one huge area of improvement was file security. In the new .docx format, Microsoft removed the ability for users to embed macros into the document. A macro is basically a set of self-executing instructions. Today, many variants of ransomware are being spread by macros in infected .doc and .xls files. With the older version of Word, you can just click and boom, you’ll find all your files encrypted and be looking at a ransom message and the prospect of paying hundreds or thousands of dollars to get your data decrypted.

So Yankee-thrift is a great concept, but not in business where you share files all the time. Keep your software versions current and if you’re not sure how old is ‘too old’, ask your IT professional who can guide you.

Everyone keep safe out there!


Angie’s List Scam – Heads up!

Alert your users to be on the lookout for a phishing email allegedly from Angie’s List. The subject line is ‘Invoice xxxxx from Angie’s List, Inc.’ and the message body looks like a QuickBooks generated invoice for $216.64 or some similar amount. The message body starts with ‘Dear Valued Customer’ which should be your tip-off that it’s a bogus message – legitimate email messages will have your personal info.

There’s a ‘View Invoice’ button which, if clicked, takes you to a website that will infect your computer with malware. Just delete the message without clicking on anything.

Want to train your users to better recognize phishing scams like this? Contact us to learn about online Security Awareness Training. The cost to train and educate your entire company for a whole year is less than $750 for an organization with fewer than 50 employees.

Everyone stay safe out there!


Have QuickTime on Widows? Uninstall it Now

QuickTime on Windows is an Apple product that has been widely used for years to play movie trailers and many Internet media clips.

Last week, Apple announced that it was no longer going to support the product and would not even patch two recently identified major vulnerabilities in the software that can allow hacker access to people’s computers.

The vulnerabilities are so serious that the U.S. Department of Homeland Security has sent out an urgent alert telling Windows customers to remove the program from their computers. So we’re advising everyone to check and see if you have this app on your computer and if so, uninstall it now.

Everyone stay safe out there!


Does Your Endpoint Protection Include this Important Ramsonware Tool?

Unless you’ve been away on a small island for the last couple of years, you know about the problems presented by Ransomware and probably know of an organization that’s been hit. But as a refresher, Ransomware is software that encrypts your computer, network, and Cloud data and your only recourse to get your data back is to pay a ransom, usually in Bitcoin and typically +$1,000.

What’s really tricky about Ransomware is that it isn’t delivered like a typical virus that sneaks onto your computer and runs itself. Ransomware is usually self-inflicted. A user gets an email that looks legit such as an efax or Word document – these are called phishing attacks. The attachment is actually the code and by the user clicking on it, the ransomware application gets started.

While there are many steps your organization can take to protect yourself, at a minimum you want a good quality antivirus/antimalware application on each user’s computer, and you want to make sure this antivirus solution does email content filtering. This is a basic but effective line of defense to stop a large percentage of these phishing messages from getting in to your organization.

Symantec, McAfee, Kaspersky, Sophos, F-Secure, and Vipre do not perform content filtering. Trend Micro’s Worry Free Business Security Advanced does provide content filtering which is why we recommend this solution.

If you haven’t looked at the capabilities of your organization’s Endpoint Protection software lately, with ransomware infections growing each month, now might be a good time.


Data Mishandling Could Cost CA Hospital $25,000 per Patient Record

Think that professional IT services are expensive? How about the cost of your current provider making a mistake? Last month a California state court judge finalized the highest ever per-plaintiff cash settlement in a data breach case. St. Joseph Health System, based in Irvine, is set to pay upwards of $28 million to settle a 31,074-member class action. The dispute arose out of a 2012 incident that exposed over 31,000 patient records to the Internet. The cause was not malware in this case but rather simple mis-configuration of the hospital’s intranet.

The takeaway? Security for your network and data needs to be one of your highest priorities. Even a small business can have thousands of customer records with sensitive information that must be secured.

If you’re not sure about your organization’s IT security, I urge you to take advantage of a special, limited-time promotion we’re offering where we’ll review your IT systems and provide you with a detailed 57-Point IT Systems Security and Performance Assessment – all for FREE. Click here to learn more.


Stealing Data with a Wheelbarrow

I was just reading a fascinating story on the U.S. Dept. of Justice website about a bank robbery and there’s a lesson in there for all of us about IT security. What made this story so interesting wasn’t the use of Mission Impossible-like technology or swarms of armed criminals, but exactly the opposite. Low tech, physical theft by one guy with a wheelbarrow. I’m not kidding.

Over a 2-month period, the defendant stole over $200,000 in quarters from a Federal Reserve coin storage facility at an Alabama Brink’s facility where he worked. He had noticed that the quarters were stored in ballistic bags – think large duffle bags – so he grabbed 4 empty bags, filled them with beads and just enough quarters to show through a small plastic inspection window, then he put them on a skid swapping them for legitimate bags full of quarters.

The lesson for IT? Don’t neglect physical security of your IT assets. Ask yourself how hard it would be for someone who gains access to your facilities to simply pick up a computer or server and carry it off. This is exactly why part of every yearly required HIPAA audit is to verify the physical security of key data processing equipment.

If you have any questions about your IT security – physical or electronic – we’d be glad to help you out. Get in touch here.


Ransomware Comes to the Mac

Ransomware is nasty stuff. Covert software gets onto your computer, encrypts all your files (and network files) with what’s effectively an unbreakable code, then extorts the user into paying a ransom – usually in untraceable bitcoins – to get the data back.

The cybercriminals that develop ransomware have traditionally gone after the Windows market as it’s large and predominately used in business, but now they’ve specifically started targeting Mac users.

This past weekend Palo Alto Networks wrote that they had found the ‘KeRanger’ ransomware app wrapped inside Transmission, which is a free and reputable Mac BitTorrent client. To make it worse, the infected version of the app was signed with a legitimate Apple developer’s certificate.

It’s not know how the hackers were able to upload an infected version of Transmission to the app’s website, but it worked. BTW, if you use Transmission the bad version was 2.90 and you should immediately upgrade to 2.12. This particular variant of malware waits for 3 days after being installed then does its deed.

And to make matters worse, it appears that this ransomware will try to encrypt files on Apple’s consumer cloud backup service, Time Machine. So an infected user could be looking at losing all their local and backed up data.

The ransom? 1 bitcoin or currently about $404.

The lesson? It doesn’t matter what kind of computer or operating system you have. Cybercriminals will target any group that seems profitable to them and they have the expertise and resources to be successful.

Everyone stay safe out there!



Bogus “American Express Fraud Protection Alert”: Heads Up!

Cyber criminals are at it again and this time they’ve come up with an interesting twist. The Phishing email is actually disguised as a fraud alert message from American Express! Here’s what to look for.

You receive a message with the subject line of Fraud Protection Alert with a ‘FROM’ address of American Express Customer Service. The message body looks like an Amex message with the logo and some footer information that seems pretty typical. But if you click on the hyperlink to ‘Verify’, you’re actually taken to a bogus Amex website where they tell you to log in. If you do you’ve just given the criminals access to your Amex account.

What are the giveaways this message is bogus? First, it isn’t actually addressed to you – it’s just Dear Customer. Second, there are some spacing problems in the message body that a real company like Amex would never do. Just sloppy. And finally, Amex and other credit card companies won’t ever include links to log in with any alert messages. They’ll instead tell you to call them at the number on the back of your card or to manually go to the credit card company’s website and log in normally. By the way, if there was a number included in the message don’t call it – those are often manned by fake ‘agents’ who will try to verbally get your credit card info.

Are your employees having difficulty with Phishing messages like this? Contact us about a new and very affordable company-wide training program we now have available to help educate your users.

Everyone stay safe out there!


A Simple Mobile HotSpot for Your Car

At the recent Mobile World Conference Samsung has released a dongle that plugs into an existing connector in your car and gives you and your passengers a mobile hotspot for full-time wifi connectivity.


Called the Samsung Connect Auto, the device plugs into the car’s OBD II diagnostic port which provides power. Any car or light truck made in the last 20 years has an OBD II port – this is the port that your mechanic uses to read diagnostic codes for the car and if your state has an emissions test, that reading is obtained through this port, as well.

Initially it appears this will be available through AT&T at around $10 month and will offer LTE speeds. Look for availability around April or May.

Beware Tax-Season Scams

It’s tax season and the bad guys will use this opportunity to try and scam you – both by email and telephone. Last year over 360,000 people received harassing phone calls demanding payments and threatening jail. And there were millions of similar bogus emails.

By telephone, the routine is that you get a call supposedly from the IRS demanding payment for an overdue balance. The criminals will often even have the last 4-digits of your Social Security number to try and convince you they are legit. They demand immediate payment of the ‘overdue balance’ or threaten you with arrest. Typically payment is requested via Western Union or MoneyGram – both of which are very hard to trace.

The email messages are similar but will add a link to a site where you can ‘make payment’.

The IRS never initiates official business via telephone or email. They will always send a letter.

So if you get one of these phone calls just hang up. And delete the email messages, too.

Everyone stay safe out there!