Description

Complying with General Data Protection Regulation (GDPR), video-sharing platform Dailymotion disclosed to France's Commission Nationale de l'Informatique et des Libertés (CNIL) on Friday that it suffered a credential-stuffing attack.


What You Can Do

Ensure strong firewalls, password policies and data encryption are in place. Educate your employees about cyber threats such as phishing and urge them to be cautious. Upgrade to SSL if you haven't already done so. Consult with a trusted MSP to learn more about how you can keep your data safe from attackers.

Article Source

LeeShanok Network Solutions

3877 N 7th Street | Suite 320 | Phoenix | Arizona | 85014
BRatia@leeshanok.com

LeeShanok IT News: End-of-Support / End-of-Life


2019 is an important year in that some of the most popular operating system and productivity software revisions will reach End of Support in 2019 or 2020, after which security and reliability patches will no longer be released by the manufacturer. With perpetual licensing, your software will continue to run after the EOS date, but it will become increasingly vulnerable to malicious attacks and instability resulting in freezes or crashes. This progression is particularly risky with server and gateway class devices, which can impact an entire organization and take time to correct.

Many of these upgrades require project planning, financial outlay and resource downtime, so it's a good idea to begin planning up to a year in advance. If you are unsure of your situation, our team is available to help you evaluate and plan.

Legend:
Red - Past End-of-Support, needs replacement ASAP.
Yellow - Reaching End-of-Support end of 2019 or beginning of 2020.

Business Applications:

  • MS Office 2003 is at end of support on April 8, 2014
  • MS Office 2007 is at end of support on October 10, 2017
  • MS Office 2010 is at end of support on October 13, 2020
  • MS Office 2013 is at end of support on April 11, 2023

Desktop Operating Systems:

  • Windows XP is at end of support on April 8, 2014
  • Windows 7 is at end of support on January 14, 2020
  • Windows 8 reached end of support on January 12, 2016
  • Windows 8.1 is at end of support on January 10, 2023

Servers:

  • MS Exchange Server 2007 is at end of support on April 11, 2017
  • MS Exchange Server 2010 is at end of support on January 14, 2020
  • MS Exchange Server 2013 will reach end of support on April 11, 2023
  • Windows Server 2003 is at end of support on July 1, 2015
  • Windows Server 2008 R2 is at end of support on Jan 14, 2020
  • Windows Server 2012 R2 will reach end of support on Oct 10, 2023
  • Microsoft SQL Server 2008 is at end of support on July 9, 2010
  • Microsoft SQL Server 2008 SP4 is at end of support on July 9, 2019
  • Microsoft SQL Server 2008 R2(SP3) is at end of support on July 9, 2019
  • Microsoft SQL Server 2012 (SP4) is at end of support on July 12, 2022

Security Devices:

  • Cisco SA520 is at end of support on April 30, 2016
  • Cisco ASA5505 Firewall end of life, last date of to purchase extended support is November 20, 2021

Virtualization:

  • VMware ESXi 5.5 is at end of support on September 19, 2018
  • VMware ESXi 6.0 is at end of support on March 12, 2020
  • VMware ESXi 6.5, 6.7 is at end of support on November 15, 2021

Wireless Infrastructure:

  • Wireless Access Points – Replace older models on 802.11a/b/g
  • Cisco Aironet 1040, 1100, 1200, 1600 have all reached end of support
  • Meraki MR16 is end of support on May 31, 2021

It's human nature to wait until the last minute, but these expirations affect everyone universally and concurrently, which will cause a "mad scramble" near the end of 2019. So please don't wait too long before contacting us for advice.

Your Technology Partner, The LeeShanok Team

itsupport@leeshanok.com
Tucson: 520.888.9122
Phoenix: 602.277.5757

LeeShanok IT News


SECURITY ADVISORY:
Current Security Threat - Remote Support
Scams and Search Ads


Dear [Contact: First Name],

"Hello, this is Microsoft Technical Support." Or is it?


There is a new twist on an old scam that impersonates trusted companies like Microsoft, Apple, and Merrill Lynch, attempting to gain remote access to your computer or online account. Google Chrome appears to be the susceptible browser, and fictitious phone numbers can be found in the ads at the top of search results. These ads are platform-aware, such that scammers answer “This is Apple…” when you’ve used Chrome running on an Apple device to search for a number, and “This is Microsoft…” when Chrome was used on a Windows device.


The scammer will ask the victim to go to Microsoft's Remote Assistance Support website. As stated at the bottom of the picture, Microsoft uses the 3rd support tool LogMeIn to provide tech support to clients. The unaware victim will think that they are working with Microsoft directly.


The scammer then provides the victim the 6-digit code to THEIR LogMeIn Account to gain remote access to the victim’s computer. See the picture below:



This is all a part of the scammer’s ongoing unethical pursuit to steal your money and/or identity. Once they have access to your PC, all of your data can potentially be compromised.


If you receive a call or email and are not sure if it is genuine, do not share any information or allow remote connections. Contact LeeShanok for any questions and we can make a determination of legitimacy.


LeeShanok takes IT security seriously and it is our duty to inform our clients about potential threats and vulnerabilities that can affect your business. LeeShanok is monitoring the current status of security threats and will continue to inform its clients of any new information.


If you have any questions or need assistance with anything IT-related, please don't hesitate to contact us.


Your Technology Partner,

The LeeShanok Team

Tucson: 520-888-9122
Phoenix: 602.277.5757

CompTIA Managed Services TrustmarkTM signifies commitment to industry best practices

Phoenix, AZ - February 5, 2019 - LeeShanok, a Managed IT and Cloud Technology Provider, announced today it has received the CompTIA Managed Services Trustmark™, a respected industry credential that signifies its adherence to best practices for technology service delivery and customer interaction.

“Earning this credential identifies LeeShanok as a business that meets or exceeds the best business practices the IT industry has to offer,” said Nancy Hammervik, senior vice president, industry relations, CompTIA. “This includes managed services agreements, standard operating procedures, systems and tools for delivering services and general business operations.”

The Trustmark was developed by CompTIA, the non-profit association for the information technology industry, in collaboration with industry experts and leaders, to identify businesses that have made a commitment to the highest levels of integrity and sustained quality service.

"Attaining this level of accreditation is an important achievement for our company," states Eric LeeShanok, President of LeeShanok Network Solutions. "As a Managed IT partner, it is important that our team continually strives to improve our processes, best practices and meet industry compliances. We appreciate that CompTIA has reviewed our company to be trustworthy to have the Managed Services Trustmark credentials. Our clients rightfully expect and deserves to be serviced by a Technology Partner that abide by a code of conduct with integrity. It is a trust and a partnership we take very seriously."

To earn the CompTIA Managed Services Trustmark, LeeShanok was evaluated on several aspects of their business operations, including organizational structure, technology tools and systems they utilize, standard operating procedures and IT service specific activities. The company also committed to abiding by a code of conduct and provided customer references.

Visit CompTIA Managed Services Trustmark to learn more.

About LeeShanok

LeeShanok Network Solutions is committed to providing leading Managed information technologies with Expertise, Efficiency, and Excellence. World class customer service is our number one priority. We are a full service Managed IT and Cloud Provider that guarantees the best end results with system reliability with our proven company processes and technologies. We believe in using innovative network technology to improve business communications and optimize business operations. We believe in supporting industry standard technologies to accomplish our mission. We provide a “Higher Level of Information Technology”.

About CompTIA

CompTIA is the voice of the world’s information technology (IT) industry. Its members are the companies at the forefront of innovation; and the professionals responsible for maximizing the benefits organizations receive from their investments in technology. CompTIA is dedicated to advancing industry growth through its educational programs, market research, networking events, professional certifications, and public policy advocacy. Visit http://www.comptia.org/home.aspx or follow CompTIA at http://www.facebook.com/CompTIA and twitter.com/comptia.

Contacts:

Eric LeeShanok
President
LeeShanok Network Solutions
602-277-5757

IT News - Social Network Security

Threats to your social network aren't new, but the frequency and cleverness of attacks and the cost of repairs make it vital to keep your awareness fresh and defenses strong. Reacting to a breach can require far more time, effort and cost than preventing one.

Attacks come from:

  • Viruses & Malware - Relies on users to share malicious links with their contacts, then replicates itself to other devices
  • Ransomware - Encrypts user data demanding payment to unlock it
  • Phishing - Impersonates social contacts to encourage execution of malicious code
  • Spamming - Sends out numerous emails resulting in blacklisting
  • Identity Theft - Gathering personal information from social networks, attackers assume your identity or the identity of your contacts
  • Apps - Games, puzzles and quizzes can be given access to your profile and contacts and subsystems of your device (e.g. location, camera, microphone) without your knowledge
  • CEO Fraud - Impersonates company executives and key employees so that lower level employees open emails, links and attachments

Visualize social network security like layers of an onion. Your network firewall is your first line of defense, scanning inbound and outbound internet traffic, filtering content and detecting intruders. An email spam filter scans and quarantines suspect inbound and outbound messages. Endpoint protection keeps malicious code from entering and running on devices we use, which includes computers, tablets and smart phones.

Inspect the privacy and security settings on your devices and in your email and social accounts, and use strong settings when available. Avoid installing new third-party applications from unknown vendors, and limit their access with your privacy and security settings. Limit the amount of personal information you post to sites, remembering that your posts will last a long time. And share with friends, but limit automatic sharing with "friends of friends". For those being especially targeted, most email providers offer Advanced Threat Protection for a few dollars per month per user.

The most effective protection is you, a vital link in the "human firewall". Look before you click, think before you open, verify before you trust. In your email client windows, look over the sender's email address and subject, and preview the message before opening it or picking any links or attachments. If something feels amiss, it probably is. Right click on the message and move it to "Junk" (spam) folder.

Contact us to schedule a free phishing security test of your employees, followed by our IT Security for the Common Worker lunch-n-learn workshop. There is no cost for either, other than several hours of labor to deliver these services.


Your Technology Partner,

LeeShanok Network Solutions

Tucson: 520.888.9122 | Phoenix: 602.277.5757

Marriott says 500 million Starwood guest records stolen in massive data breach

Description

Starwood Hotels has confirmed its hotel guest database of about 500 million customers has been stolen in a data breach.


What You Can Do

In order to protect yourself, sources suggest you can:
1. Change your password
2. Monitor your accounts for suspicious activity
3. Open a separate credit card for online transactions
4. Be vigilant

In addition, talk to a Managed Service Provider to learn how they can help you stay protected.


Article Source

LeeShanok Network Solutions

3877 N 7th Street | Suite 320 | Phoenix | Arizona | 85014

IT News - Chrome Vulnerability

When you prepare to leave work, do you shut down or restart your computer?

If not, it's unlikely you restart it when you arrive at work either, meaning Windows and your web browsers continue running un-patched and un-protected. This is a problem with the newest zero-day vulnerability in Google's Chrome web browser, and Malwarebytes warns ... "Considering how many users keep Chrome and all their tabs opened for days or even weeks without ever restarting the browser, the security impact is real." 0 PC Magazine echos the caution: "If you don't close Chrome, updates will not be applied." 1

To complete installation of many Windows patches, you must restart your computer. Updates to Chrome usually remind the user to restart the app, but more significant Chrome patches also require restarting your computer.

You ask "What about my tabs, I use the same tabs every day?" Chrome saves open tabs when you restart the app with the "chrome://restart" command, or restart your computer while Chrome is still running. Still not convinced? Start Chrome, open several tabs, then in the address field, type "chrome://restart" and watch the magic. Chrome will shutdown and restart, restoring all previously opened tabs.

Now let's update Chrome.

Update Chrome on Windows PC or Apple Mac

If Chrome has an available update, it will begin applying it immediately.

After updating, always restart Chrome. Better yet, restart your computer by typing in Chrome's address field type "chrome://restart" which will save and recreate your open tabs. When Chrome restarts, in the address field type "chrome://help".

Update Chrome on iPhone, iPad

You may have your apps set to update automatically, but it's wise to verify this patch. Settings > iTunes & App Store > Updates. Make sure it's green and enabled as shown.

Then open App Store and apply update to Chrome if available.

Update Chrome on Android

Settings > Google Play Store > My Apps & Games



If the button is labelled [OPEN], your Chrome already has the latest update. But if you see [UPDATE], click it to update Chrome.


Your Technology Partner,

LeeShanok Network Solutions

itsupport@leeshanok.com
Tucson: 520.888.9122 | Phoenix: 602.277.5757

0 Google Chrome zero-day: Now is the time to update and restart your browser
1 How to Update Google Chrome

Android Malware Steals from PayPal Accounts

Description

What happens when you combine a remotely controlled banking Trojan with an abuse of Android Accessibility services? According to new research from ESET, you get an Android Trojan that steals money from PayPal accounts, even with 2FA on.


What You Can Do

The attack against the PayPal app highlights the vulnerabilities of installing apps from unknown sources and demonstrates how easily an overlay attack can hijack a strong application. You should avoid installing apps from third-party app stores to remain safe from malware attacks. Also, exercise great caution before providing any app with access.

Article Source

LeeShanok Network Solutions

3877 N 7th Street | Suite 320 | Phoenix | Arizona | 85014
BRatia@leeshanok.com

Recently, the FBI has discovered a hacking threat that affects at least half a million wireless routers and other devices across the world. This malware creates a "botnet", a group of connected devices that can launch an attack simultaneously, and also allows these devices to steal website credentials or can shut the appliance down completely. Because these devices do not have an Intrusion Protection System (IPS) or an anti-virus solution, they are easily exploited. Small home and office products as well as network-attached storage devices are affected.

The FBI recommends:

  • 1) Reboot these devices to disrupt and help identify affected appliances.
  • 2) Disable remote management settings.
  • 3) Secure appliances with a new, strong and encrypted password.
  • 4) Keep firmware up-to date.
  • 5) Optional: Completely reset the device.

More reading:

https://blog.talosintelligence.com/2018/05/VPNFilter.html
https://www.ic3.gov/media/2018/180525.aspx

If you are not sure if one of your devices is affected, we can evaluate for best practices up to and including replacement of your network appliances with one of our recommended products. Contact us to schedule service.

LeeShanok takes IT security seriously and it is our duty to inform our clients about potential threats and vulnerabilities that can affect your business. LeeShanok is monitoring the current status of available updates and will continue to inform its clients of any new information.

If you have any questions or need assistance with checking and updating your devices, please don't hesitate to contact us.

Your Technology Partner,
The LeeShanok Team

Tucson: 520.888.9122
Phoenix: 602.277.5757

SCROLL TO TOP