Client Notifications

Meltdown / Spectre

Posted January 8, 2018 By admin

Computer researchers have recently found out that the main chip in most modern computers—the CPU—has a hardware bug. It’s really a design flaw in the hardware that has been there for years. This is a big deal because it affects almost every computer on our network, including your workstation and all our servers.

This hardware bug allows malicious programs to steal data that is being processed in your computer memory. Normally, applications are not able to do that because they are isolated from each other and the operating system. This hardware bug breaks that isolation.

So, if the bad guys are able to get malicious software running on your computer, they can get access to your passwords stored in a password manager or browser, your emails, instant messages and even business-critical documents. Not good.

So, What Are We Doing About This?

We need to update and patch all machines on the network. This is going to take some time, some of the patches are not even available yet. We also may have to replace some mission-critical computers to fix this.

In the meantime, we need you to be extra vigilant, with security top of mind and Think Before You Click.

If you haven’t already heard of the hardware vulnerability recently discovered, here are a couple of articles: http://mashable.com/2018/01/04/spectre-meltdown-explained and https://www.pcworld.com/article/3245606/security/intel-x86-cpu-kernel-bug-faq-how-it-affects-pc-mac.html .

We are currently waiting on our antivirus applications to have their compatibility confirmed (actually most clients are on a compatible version of Vipre) before Microsoft’s patch can be installed. On January 9th Vipre (and hopefully Bitdefender) will set a flag that will allow Microsoft’s patch to install.

The good news is there are currently no known exploits and a user must still run code (like though a rouge website). The bad news is that the patch may hurt computer performance by up to 20 percent (testing has been mixed from no impact to 40 percent). We fully understand the frustration this may cause but there’s nothing that can be done at this time and it may mean some computers must be replaced.

Also, we have seen a handful of computers have all their files completely erased due to what we think are compromised websites.  This has required a full reload of the computer. Unless we specifically have a backup in place for your computer, as always, please do not store data on the the local hard drive. If you have questions about your computer please send a help request or call. We absolutely can setup a backup for local data.

8:23 PM Update: I have confirmed two clients are up (one using Outlook and one using OWA). If you are still having issues please restart Outlook and if you continue to have issues after five minutes please open a ticket by sending a help request.

10/30/17 – 20:01 – Hosted Exchange and Hosted SharePoint services in Everett, Washington are restored. Power remains partially restored

10/30/17 – 19:24 – Power in Everett, Washington has been partially restored. Some customers may still be experiencing disruption, and all power service remains in UPS bypass. We are working to restore remaining services and will post an update soon.

7:04 PM Update: Our own monitoring is showing mail servers are responding so issue should be resolved shortly. This is the latest post:  10/30/17 – 18:56 – Network disruption in Bellingham, Washington should be resolved at this time. Please submit a ticket if you are still experiencing issues. Power issues continue in Everett, Washington. Electricians and UPS Technicians are en route to resolve the issue.

5:56 PM Update: Email from Green House Data: Outage Start Time: 10/30/2017 5:14 PM Our Everett facility is currently experiencing a power event, which may be affecting internet service in the Bellingham facility as well. We are currently working to restore service in all facilities and will update as soon as we have a resolution.

Our provider may have had a fiber line cut outside of the data center and we are aware this is affecting multiple clients. I am waiting on a call back and will keep this post updated. For now, clients that have mail continuity through MSPMail should use https://mail.maxfocus.com to get inbound messages and you can also reply/send emails though MSPMail.

 

Phish Alert Button in Outlook

Posted May 15, 2017 By admin

How To Use The Phish Alert Button

CITS is pushing out a Phish Alert Button (PAB) in Outlook (provided by KnowBe4). How does this work, and how can you use it to help keep your organization safe?

When do I use it?
Click the PAB anytime you believe you have received a phishing email, or any potentially dangerous email. Any emails you report using the PAB will be automatically deleted from your inbox. The emails you report will also be forwarded to us for analysis.

How do I use it?
You’ll see the Phish Alert add-in at the top of your Outlook client. To report an email as a phishing email, simply click the button while you’re looking at the email. The email you reported will be forwarded to CITS for investigation and reporting and then will be deleted from your inbox. If you report an email in error, you can retrieve the email from your Trash/Deleted Items.

Why should I use it?
Reporting emails will help your organization stay safer. Because the emails you report are sent for analysis, we will now be aware of which phishing attacks are able to reach your company’s inboxes. Once we are aware of possible vulnerabilities, we can better defend against them. You are an important part of the process of keeping your organization safe from cyber criminals.

Stop, Look, and Think!

Domain registrar and DNS moving

Posted December 9, 2016 By admin

My DNS/Registrar host sold out and accounts were moved to a new host which I am not really pleased with. I will be migrating client DNS over the next few days and registrations over the next few weeks (possibly longer depending on expiration).  You should not see any changes (although I picked a very fast DNS provider so it should be even better) but please send a help request right away if you have any issues with your website, email, etc. If changes are needed outside of my control I will reach out to the appropriate person by opening a ticket.

Example of Cerber Ransomware

Posted December 6, 2016 By admin

I had a client fall for a ransomware email yesterday so when I got a similar one I thought I would post it. Don’t open attachments unless you know what they are and are expecting them. I was about to say “I don’t know why you would think about opening this attachment” but then I realized since someone did I should explain why it’s suspicious on the face of it without even looking at the headers or tracking information:

  1. It says Fwd: timlanders – but it’s not a forward and most people would take the time to actually put my name.
  2. I don’t know a Jeanene Celenza which isn’t a deal breaker but it’s at least a small yellow flag considering its for almost $2,500.
  3. That’s one crazy email address.
  4. It was sent using a generic/free account – outlook.com, gmail.com, yahoo.com, etc. – it didn’t come from a business (one of the reasons I tell clients they should not be using gmail for business accounts).
  5. Hello timlanders – again, a legit email would most likely say “Tim Landers”.
  6. “You will be charged “- well, I guess this is the hook. Normally though you would have already been charged and they would have sent the receipt as a PDF so this is kind of strange.
  7. I do have a personal Visa so they got me there – but “on your personal Visa balance” – who would say that?
  8. To avoid the charge I have to open an attachment? Why don’t you just put in the body?
  9. You password protected the document and included the password in the email? What’s the point of that?
  10. “Faithfully yours” ? But I don’t know this person – seems a little personal in that case.
  11. What’s missing? A business name, contact information, some more info, a real subject?

Fortunately, the client sent a help request right away and I immediately got on and restarted the computer then got on and removed the script. Because we caught it early it had not hit the server and we were able to restore the few files it hit (he did not have much local data).

20161206-crypto-example

My church goes regularly to Reynosa, Mexico to help build homes for local residents. Volunteers stay at an orphanage in Reynosa. It came to my attention that the orphanage has internet connection issues, security concerns with their wireless, and a desire to increase wireless coverage for guests and staff. I volunteered to purchase and install about $1,000 worth of wireless equipment to connect five buildings together, secure the network, increase the wireless coverage and setup bandwidth allocation between the office staff and the guests. My son and I are going down the day after Christmas for a week to install and configure the equipment.

You can help us a couple of ways. First of all, be patient with us while I’m in Mexico. I’ll do my absolute best to take care of issues and help requests in a timely manner and Juan will be in the office. Second of all, consider sponsoring my son and I. In addition to the equipment, I’ve also purchased about $800 in tools and supplies and the trip is over $250 for each of us (fuel, food, lodging). Checks can be made out to “Bear Creek Bible Church” with Landers in the memo. You can send them to the CITS address (PO Box 335, Euless TX 76039).

CITS Help Request version 2.0

Posted October 30, 2016 By admin

We are pleased to announce we are rolling out version 2 of the CITS Help Request. The old version should get uninstalled but if you have any issues after a couple of days of getting the new version please let us know. We won’t push it out to everyone right away so don’t be concerned if you don’t get the new version for a week or two.

After install you will need to launch the Help Request from an icon (or restart) before its’ placed by the clock.

Changes:

  • The program has been completely rewritten.
  • Icon has been changed to our logo (mainly so there is a difference between the two icons).
  • The installer will now put an icon in the start menu, the CITS folder of the start menu and the desktop.
  • You can now use any icon to bring up the form instead of just the icon by the clock (other icons reported that the program was already running).
  • Out of Office message will now be reported even without sending a help request (click the OoO tab).
  • We can push out alerts and notices to users on a global level, domain level, user level or computer level. You will be notified via brief popup and then the icon will notify you of unread message(s). Once you read the message(s) you will not be notified again. Messages are updated every five minutes.
  • Filled out information (name, phone, email) is now stored. Fields are initially completed from active directory if information is available but after that it will use information entered.
  • Field validation has been changed to tell users that phone number is required (as opposed to just turning it red).
  • Better error handling of situations where the alert could not be sent (instead of just crashing).
  • Response reports if alert is being sent outside of business hours or during a time when the alert is limited.
  • The program now sends the alert directly to the alerting platform and the ticket directly to the service desk platform (old version sent message to a server that then sent message to alerting platform that then sent message to ticketing system).
  • You will now get a ticket number in the response window (if you don’t attach a screenshot – one minor thing to work on).
  • The font should be a little larger (user requested).
  • You can now resize the form.
  • You can now use carriage returns in the issue field.
  • The resulting ticket will now have a little more descriptive titles.
  • Added balloon popups for help.
  • You can now send a screenshot of the primary monitor – this should be a huge help to us as we were getting a lot of requests that said “I’m getting this message” which required us to access the computer. It often took longer to get on the computer than it did to simply reply to the help request with an “ignore it”, “click yes” or whatever the correct answer was.
  • Version has been moved to top left and is v2.0.0.
  • The request box now stays on top of other windows.
  • Response and message are now rich text as opposed to plain text.

11/08/2016 change

  • version 2.0.1
  • Found issue where email addresses had to be lower case to validate.
  • Emails will now be made lower case when exiting field and will validate regardless.

20141118 Out of Band Patch

Posted November 18, 2014 By admin

Microsoft release a couple of out of band patches today so most computers and servers will be restarted tonight.

Network Solutions DNS server issues

Posted October 22, 2013 By admin

Network Solutions has reported issues with their DNS servers. Browsing certain sites is affected as well as your own website and email if your DNS is with Network Solutions (most of my clients are not).  For updates: https://twitter.com/netsolcares .

Cryptolocker

Posted October 14, 2013 By admin

I don’t normally send out virus warning because the warning is standard: Never open ANY attachment from ANY sender you don’t recognize and hover over ANY link from ANY unfamiliar email before clicking on it to confirm it’s a valid link. For example, if you receive an email from Linked In that has a link that doesn’t take you to LinkedIn.com then it’s likely not legit.

However, there is an older virus going back around that has a very damaging payload. Cryptolocker (technically ransomware) corrupts all local and network files. As a result, I am implementing security policies at all domain-based clients that will prevent EXE’s from running in user profiles. Update: I have implemented the same security policy on non-domain clients as well.

The new additional rule is: if you suspect you opened a bad attachment then immediately unplug power to the computer and call me.

If you receive an email that you aren’t sure about then forward the email AND send a help request (you need to send the help request because there’s a good chance the email is bogus and my spam filter will catch it) and I will let you know if its legit.