You know the proverbial "lump in the throat", a common reaction among ethical rational people when viewing this latest attack on innocent human life.

Some of the recently discovered scams will strum your heartstrings into picking links or downloading flyers for...

  • Blood drives
  • Gun control
  • Exclusive videos
  • Donations to charities
  • Contributions to the families of victims

Our anti-phishing partner,, recommends each of us communicate with friends and family to be especially careful following sensational events (good and bad) with lots of news coverage.

Here's a tip we all should practice. When you receive an email, tweet, text message, phone call, or letter that you did not ask for, do not click on any links or buttons and do not call phone numbers in the message. Instead, open a web browser to a search field, and search for the organization. Then from their legitimate website, gather the email address or phone number and contact them directly. You can then safely pick most links with confidence, and gain legitimate access to resources without risk of infection or exploit.

For charitible donations, use the same technique by contacting the organization directly rather than through a link in an email or message. For blood drives, contact your local Red Cross directly rather than through any messaged link or downloaded flyer.

And if you are not sure, contact the experts at LeeShanok Network Solutions, and we will evaluate the situation and ensure your network remains safe.

Tips for Staying Safe

  1. Updates should come from an official manufacturer's website
  2. View emails from recognized senders only
  3. Verify the source before opening or downloading any files
  4. Check for grammatical errors or unusual information in emails
  5. Ensure that spam filters and antivirus are active and updated
Security Advisory

LeeShanok takes IT security seriously and it is our duty to inform our clients about potential threats and vulnerabilities that can affect your business.

LeeShanok is continually on the watch for such threats and advises when a threat needs more than the usual caution and action is recommended. Cyber threats continually evolve and attacks are ongoing towards businesses and consumers. At this time, we would like to advise you about some of the current security threats that may require action on your part.

Spectre and Meltdown

As you may have heard, there are two new vulnerabilities called Spectre and Meltdown. These flaws in modern processors will potentially allow an attack on nearly every computer in the world which includes hypervisors, tablets, phones and laptops. An attacker could gain access to private information such as passwords and encryption keys from the memory of the exploited device.

How to Protect Yourself and Your Organization

Since discovery of these vulnerabilities, product vendors have started to release patches that will mitigate these issues. Here is some information for your particular product:

  • Microsoft: Released a number of updates depending on your operating system. Run Windows update and install all appropriate patches. More updates are coming in the near future.
  • Google: Chrome OS was patched December 15th.
  • Apple: Released patches to the macOS on December 6th.
  • Linux: Testing and releasing patches currently depending on variant.
  • All other products: Perform updates on your hypervisors, tablets and cellular phones. Vendors will continue to send out patches for their products.

If you are a Hosted or Managed IT client, we are taking proactive steps to assess the immediate impact and we will reach out if there are any necessary actions needed.

Feel free to contact us to discuss your situation.

Data Breach

Two years ago on September 15, 2015, Experian discovered a massive data breach that exposed sensitive personal data of 15 million people who had applied for service with T-Mobile. Fast forward to 2017, and the personal information of 143 million Americans was exposed from May through July. As we have little say in the collection of our personal information by the credit agencies, there are several things all American's should do now.

  1. Visit and bookmark the following websites:

  2. Freeze Your Credit

    A credit freeze makes it harder for someone to open a new account in your name, but won't prevent a thief from making charges to your existing accounts.

  3. Place a Fraud Alert on your files:

    A fraud alert warns creditors that you may be an identity theft victim and that they should take steps to protect you

If you have any questions, please don't hesitate to contact us.

Last week, Cisco released a security alert for customers that utilize network security devices and their corresponding software. These appliances that are configured with a clientless VPN(WebVPN) software are vulnerable to attackers that seek to gain control through commands. This would give the attacker unlimited access to the device and ultimately the protected network. The device also could potentially reload or block incoming VPN authentication requests.

This vulnerability affects Cisco ASA Software that is running on the following Cisco products:

3000 Series Industrial Security Appliance (ISA)
ASA 5500 Series Adaptive Security Appliances
ASA 5500-X Series Next-Generation Firewalls
ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
ASA 1000V Cloud Firewall
Adaptive Security Virtual Appliance (ASAv)
Firepower 2100 Series Security Appliance
Firepower 4110 Security Appliance
Firepower 4120 Security Appliance
Firepower 4140 Security Appliance
Firepower 4150 Security Appliance
Firepower 9300 ASA Security Module
Firepower Threat Defense Software (FTD)
FTD Virtual

Cisco has released new software updates February 5th, 2018 that address this vulnerability. The only method of eliminating this threat is by applying a patch to the affected devices. In order to download the patch, Cisco states,

"Customers may only install and expect support for software versions and feature sets for which they have purchased a license....Additionally, customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously purchased. Free security software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades."

If one of your devices is listed and you are a Managed Services client, LeeShanok will be contacting you in the near future to update your software. If you are not a Managed Services client, we can still help evaluate and patch your vulnerabilities. Contact us to schedule service.

LeeShanok takes IT security seriously and it is our duty to inform our clients about potential threats and vulnerabilities that can affect your business. LeeShanok is monitoring the current status of available updates and will continue to inform its clients of any new information. If you have any questions or need assistance with checking and updating your devices, please don't hesitate to contact us.

It was right there in the email:
"Thank you for your pizza order. Your order will be ready for delivery on......."

Wait, what pizza order? My wife must have ordered pizza for herself and her coworkers. How much did she spend THIS time?.....Pizza, breadsticks, liter of Coke. Under $30. Deliver at 12:30 pm to Tupelo, Mississippi. Wait a minute! Mississippi??? We live in Arizona!

And that is how a security professional found out that he was hacked a few months ago. Even I am not exempt from the nefarious behaviors of the underworld. I had done all of the right things. I changed my passwords regularly, watched what websites I browsed to and I kept my antivirus current. There must be a mistake....

And there was. Mine. I discovered that I had accounts on websites that were created a long time ago(2009) that were still active and had been breached(shown below):

All of these accounts used the same username and password. When one of these websites was hacked, they gained my username, email address and password. Armed with that information, the hackers used my credentials to access the most popular websites and waited until they got a, "Welcome, Silly User!" And voila, fresh, hot pizza for everyone under my account. Even my username was changed.

Two things were my saving grace: I had purchase notifications turned on so that if something was ordered I would know, and I didn't have my credit card information saved. The hackers were limited, but it would look bad on my record the next time I wanted it, "Fresh, hot and fast!" I quickly called the pizza place and told them that they had been duped and to not deliver the pizza. They were very thankful and so was I. Subsequently, I closed the exploited accounts and changed all my passwords. If you haven't figured it out by now, there is no free pizza!

Our Recommendations:

  1. Search for old accounts and accounts with the same password. Delete unused accounts and change the passwords on the rest.
  2. Passwords should never be used for more than one account. There are personal password managers that can store all your passwords and you'll only have to remember one.
  3. As soon as you are notified of a breach of security on a website where you have an active account, change that password immediately.
  4. Always use notifications and alerts.
  5. Use two-factor authentication to force a push to a mobile device before a user can login. We recommend Duo Mobile.
  6. Credit card information should not be stored on a website. While it may be extra work to re-enter your card information each time, that is easier than trying to recoup stolen funds.

We are here to support our clients and recommend products or services that will prevent breaches and minimize any resulting damage. If you have any questions, please don't hesitate to contact us.

Technical Update

Tucson Dinner Meeting
October 12, 2017
@radisson Suites Speedway

Project SAFE "best OF" Contest Winners & Guest Speaker Bert Ratia.

Bert Ratia of LeeShanok Network Solutions will be presenting on "IT Security for the Common Worker." It's packed with useful tips we can all use every day to recognize, deflect, and protect.

Click HERE for more Info

We hope 2018 is shaping up to be both prosperous and predictable for you and your company. There are many potential barriers to company success, and CyberCrime continues to derail the best laid plans. Phishing attacks continue to be the top method for hackers to gain unauthorized access to sensitive data. And End-user Security Awareness Training leads the pack in effective defenses. Many compliance and regulatory requirements require evidence for auditors to review.

Today's workers need to be exposed to realistic scenarios that require they look, recognize and decide without introducing infection into their organization. Some worker's require accountability to their email and surfing behaviors, otherwise they tend to click on anything.

Ever wonder about the Top 10 Global Phishing Email Subject Lines? Click Here

LeeShanok Network Solutions has evaluated and partnered with the best and brightest Security Awareness Training platform available today.

The methodology is simple:

A typical Security Awareness Training will include:

1. Baseline Testing - assesses "Phish-prone" users through simulated phishing attacks.
2. Train Your Users - workshops, interactive modules, videos, games, posters and newsletters.
3. Phishing Your Users - best in class, automated simulated attacks using huge library of phishing templates with unlimited usage
4. See the Results - enterprise-strength reporting, shoring stats and graphs for both training and phishing, ready for management to make decisions.
5. Targeting Weakness - The analysis includes training reports for all users, categorized lists of "clickers" who failed simulated attacks, who repeat steps 2-4, as well as individual user "report cards" with their open and click history.

The combination of web-based training and frequent simulated phishing attacks really works.

This is a new offering, and we are excited for you to benefit as we have. Feel free to contact us to discuss the process and your particular needs.

Security Advisory

The popular Foscam C1 webcam has multiple vuln erabilities that, if exploited, allow retrieval of information stored in the camera and the running of arbitrary commands in it's operating system.

A compromise of these wireless cameras is particularly disturbing when you consider they are frequently used as baby monitors and home security. Apps for computer and phone provide ready access to the camera, which captures both 720 HD video and 2-way audio. Data is stored on micro-SD cards, NVR, NAS, local hard drive, or in Foscam’s Cloud, and can also be sent with FTP.

Cisco's Talos Intelligence Group worked with Foscam to understand and resolve 20 separate issues, and Foscam has released an update to it’s firmware, version V-2.x.2.46, that patches these vulnerabilities in several of their cameras, and can be downloaded from:

The vulnerabilities and exploits include:

  1. Dynamic DNS allows running admin commands in camera with authority, and when a response string is longer than the response buffer, the extra characters can be executed by the camera as code.
  2. Un-signed “custom” Firmware Updates can be installed through the web interface, which lacks security and validation of the firmware image’s authenticity and integrity.
  3. Private camera information (MAC address, camera name, firmware version) can be obtained using unsecured UDP for device to device communication.
  4. If a username is entered that is longer than the receiving buffer in the camera, the extra characters can be executed as code by the camera’s operating system.
  5. User accounts in camera can be reset to factory defaults by an un-authenticated user in the web management interface.
  6. Even when logging off the web management interface, if the interface submits too long a string to the “logOut” command in the camera, even the limited but authenticated “visitor” account can cause the camera to run the extra characters as program code.
  7. These cameras are designed to communicate with a network gateway for remote access to the device through the web management interface using UPnP Discovery and Response. If the web interface sends a UPnP response that has more characters than the receiving buffer is expecting, the extra characters can be run as program code.

It is clear that the coding practices of programmers can introduce multiple vulnerabilities just waiting to be discovered. The companies releasing e-devices often release firmware updates when vulnerabilities are discovered or exploits are reported. When you purchase a new device, be sure to register it, save a bookmark to the Support page for your device, and sign up for email alerts when updates are released.

If you wish to read more about the Foscam Camera Vulnerabilities click here.

Technical Update

Layers of Security

IT Security today is like an onion with concentric layers of protection, where each layer must be compromised to get to the center. The military calls this "deep defense", as multiple defensive layers work together to deflect or slow down an attack.

Next generation firewalls remain your first line of defense with monitoring, content filtering, intrusion prevention, and 2 factor VPN access. Active Directory and Group Policy enforce consistent rights management that enables employees to work with the data they need, but protects the data they don't need. Modern cloud and client/server apps encrypt data in transit. Antivirus software and operating system patches protect both servers and end-user devices. Organizational policies, procedures and backups protect against and respond to threats.

We recommend:

  1. Design and periodically review IT security strategy with certified specialists.

  2. Cisco Meraki or ASA 5506X Next Gen Firewall, with annual subscription for content filtering and intrusion prevention.

  3. Dashboard managed end-point protection software on company-owned PCs, tablets and smart phones.

  4. LeeShanok's Managed IT or Hosted plans, where we design role-based access to your network and data, and enforce it through Active Directory and Group Policy.

  5. SSL VPN two-factor authenticated remote access to network.

  6. Modern supported operating systems patched with the latest security updates.

  7. VoIP and Video over IP communications need to be encrypted and secured too.

  8. Local and cloud backup of servers and data repositories that can spin up quickly following disaster.

  9. Physically locking server rooms, and automatic screen locking of PCs and phones.

Layered IT Security is not a "set and forget" exercise. Contact us for a complimentary review of your situation and professionally designed security that will protect your most valuable assets: your ability to research, compute, communicate and contribute to your company's supply and value chains.