Author: Casserly Consulting

Categories
Security

Study Finds Social Media Phishing Scams to Be the Most Dangerous

b2ap3_thumbnail_employee_misuse_causes_problems_400.jpg Ordinary fishing, where you hope for a simple-minded fish to latch onto your hook, relies on using a proper lure. The same can be said for the virtual method of phishing, where a hacker will use a similar type of “lure” to convince the target to bite. These phishing scams are especially useful for hackers who want to take advantage of social media to find new targets. A recent study has shown that this is a surprisingly effective method of phishing.

A report from phishd by MWR InfoSecurity orchestrated a simulated phishing attack that attempted to target a million users. ITProPortal told of their findings: “Almost a quarter of users clicked a link to be taken to a fake login screen. Out of that number, more than half (54 percent) provided user credentials, and 80 percent downloaded a file.”

This means that about 10 percent of users fell victim to the first two stages of the simulation and gave up their account credentials. Now, compare this rate to how often a normal scam, like spam, accomplishes its goal. While the typical spam message will only have a fraction of a percentage point rate of success, social media provides a substantially larger chance of success to hackers.

James Moore, the Managing Director of phishd by MWR InfoSecurity, states: “More concerning is that out of those targeted with a social media request or a promotional offer, more than 10 percent downloaded a potentially malicious file via their corporate email accounts.” This is especially a problem, as there are so many people who connect their social media accounts to their work accounts–risky business for any organization that wants to avoid a critical data breach.

If anything, this study shows why your business needs to keep data safe. This includes being capable of identifying phishing scams and responding to them properly, but also the implementation of security tools like antivirus, spam blocking, and content filtering. If you’re very concerned about social media phishing, you can go so far as to block social media websites completely on your network. Additional measures such as comprehensive training can help your users identify phishing attacks both in and out of the office, on a variety of platforms. Often times, the lures used by hackers can be so tantalizing that they’re able to bypass your security, so the only thing standing between you and a data breach is the knowledge you’ve imparted to your users.

You can’t trust anyone on the Internet, be it a new friend on social media, a new entry into your address book, or a seemingly-legitimate website. You have to be ready for anything, but this can be a daunting task. Thankfully, you don’t have to endure it alone. With COMPANYNAME by your side, you’ll be prepared to handle any cyber threat. To learn more about what we can offer your business, reach out to us at PHONENUMBER.

Categories
Business

Looking for Outside-the-Box Ideas? Give Your Intrapreneurs a Voice

b2ap3_thumbnail_intrapreneur_400.jpg Entrepreneurs are the heroes of today, making great strides in the business world by introducing new ideas to their industries. However, the intrapreneur is a bit more of an enigma; they create commendable ideas within their own organization. In fact, your organization probably has its own intrapreneurs. How do you take advantage of their skills to your business’s benefit?

Simply put, the intrapreneur is an employee that can see past the short-term and look at what must be done in the long-term. They understand that their ingenuity can help your organization achieve its goals, and they go out of their way to make sure that their ideas are used for the benefit of the entire organization.

Tim Beerman, CTO of Ensono, describes to CIO what exactly makes a good intrapreneur, and why organizations should look to individuals like them for helpful insight: “These are the employees who want to get their hands dirty and are often the first people to volunteer for a job. Intrapreneurs are not content with the status quo. They often see how things could be part of a bigger picture and come up with ideas to realize this new vision.” Who in your office fits this profile?

Here are a few more characteristics that business owners should look for when identifying their own intrapreneurs.

  • Intrapreneurs are capable of motivating those around them, especially with challenging their perspectives with new thoughts and ideas.
  • Intrapreneurs stick to their loyalties and are always willing to go above and beyond to create positive change for your organization.
  • Intrapreneurs have plenty of skill to be successful outside of your business, but they insist on staying employed by your organization.
  • Intrapreneurs are always challenging the way that your business functions, inviting disruption not to mess with operations, but to improve them.
  • Intrapreneurs can identify where your workplace needs to improve and provide ways to resolve these problems. Moreover, they are willing to take risks to resolve issues.

It’s clear that any intrapreneur will be easy to spot. They are naught but your most loyal, motivated, and thoughtful employees. The real question from a business owner’s point of view is what to do with them. They’ll challenge you to the best of your ability, whether they mean to or not. Will you step up and embrace this challenge, or will you feel threatened by their contributions?

The best way to take advantage of intrapreneurs is to encourage them to step up and communicate their ideas. In particular, you need to make sure that there are various ways that they can communicate their ideas to management. If they don’t, you’ll simply crush the spirit and nobody will be benefitting from their good ideas anymore–certainly not your business. These employees will just put in the minimal effort, get paid, and go home at the end of the day, rather than use their intuition to help your business improve. In a worst-case scenario, they may even leave and find another company that’s more willing to hear them out.

IT professionals can make it much easier for your intrapreneurs to express themselves. Beerman explains: “An intrapreneur might see inefficiencies within his or her company’s workflow, but may not necessarily have the experience to fully develop a solution. The IT department can then act as a partner to find the right recommendation. When intrapreneurs and IT teams are communicating regularly, there are more windows of opportunity for collaboration. Innovation and collaboration will eventually become business as usual, once initial bridges are crossed.”

This type of collaboration doesn’t have to be difficult, but can, as expected, require a major change in your company’s culture. If you want quality communications solutions that can help your organization benefit from each and every great mind behind your operations, reach out to us at PHONENUMBER.

Categories
Cloud

Tip of the Week: 3 Ways the Cloud Streamlines Operations for SMBs

b2ap3_thumbnail_cloud_computing_400.jpg The cloud is a great asset that your business can use to your business’ operational efficiency, but only if you’ve put plenty of thought into the implementation process. Since the same cloud solution likely won’t work the same way for two different organizations, you’ll need to intimately know what your business needs so that you can build and deliver a cloud solution to meet these demands. This week’s tip is all about helping you determine the best cloud solution for your organization.

Here are three factors that you need to consider when seeking out a cloud solution.

Hosting and Maintenance
It’s likely that hosting complicated technology solutions isn’t your organization’s forte. Not only is it a time-consuming endeavor, but it’s also technical and challenging. Plus, your organization may not have anyone dedicated to the task. In this case, it’s ideal to simply outsource this responsibility so that a cloud provider can host your solution and maintain it for you.

There are three types of cloud solutions that allow your organization to adapt to its specific needs: public, private, and hybrid. Public clouds allow your organization to store data in a shared online space that’s managed by the provider. Private clouds, on the other hand, can be hosted on-site on your own network, or virtually by an outside provider. Hybrid clouds are designed in a way which allows for the convenience of a public cloud while retaining the privacy and functionality of a private cloud.

Flexibility
Since your business will inevitably grow, you’ll be likely to add new users and implement new technologies. You’ll obtain more clients, and in doing so, your workload will increase to the point where your previous infrastructure might not be able to handle it properly. Therefore, if you want your cloud solution to be a valuable asset in the future, you’ll need to think about growth.

The cloud allows organizations of all shapes and sizes the flexibility to adapt to changes in their workforce or the number of devices accessing company data. You will have complete control over how many user accounts and how much data storage your organization has. The main difference, however, is that the public cloud makes it a bit less expensive to expand. If you choose a private cloud solution, it is sure to require a substantial investment on your part, as you will have to secure the resources. The main benefit of the private cloud is that you will have full control over the management and maintenance of the computing infrastructure, providing complete situational flexibility.

Security
When it comes to running a business, there are few things more important than security. Considering how cloud storage is based in the Internet, you have to worry more about hackers. There are security solutions designed to keep breaches from occurring, but not all cloud solutions offer the same level of protection.

What’s the major difference between these cloud solutions in regard to security? The public cloud generally allows for a set level of protection, with the potential for increased levels of service depending on how much you’re willing to pay. The good news is that the public cloud is relatively safe, the reason being that these cloud providers generally have trained IT teams that are dedicated to keeping your data safe. Of course, this is just to keep their own organization safe, but it’s nice to know that you can count on them. The same can be said for any managed service provider who offers a private cloud hosting service. If you host your own private cloud, you can implement whatever measures you desire.

Do you need a hand choosing a cloud solution for your business? If so, reach out to us at PHONENUMBER.

Categories
Technology

What’s Behind so Many Businesses Switching Their Phone Systems to VoIP?

b2ap3_thumbnail_voip_is_great_400.jpg The office telephone has been a staple in the business environment for generations, but the extent that each organization uses their telephone will vary. Factors like the number of users, telephone handsets, and wiring required will influence how much use you get from your telephone solution. However, these questions don’t have to be as difficult to ask if you consider the many benefits of a hosted phone system.

We’ll discuss some of the best reasons for using a Voice over Internet Protocol (VoIP), and what it can offer your business.

Fewer Costs
A traditional telephone system is provided by your local telephone company. Sometimes these agreements include services that aren’t needed by your organization, like television or otherwise. This can be frustrating, as all you want is the ability to use a telephone, and instead you’re forced to go all-in on some entertainment package that you won’t use.

VoIP doesn’t demand that you sign up for any extra services. In fact, you actually wind up saving money thanks to VoIP using another service that you’re already paying for–your Internet connection. With VoIP, your voice is transferred over the Internet rather than through the traditional telephone lines. Just keep your bandwidth in mind, as VoIP will likely use up more resources than your other network-connected services.

A Simplified Infrastructure
There’s a reason why you take so much time to plan your cabling infrastructure before implementation, and that’s because it’s not easy to make changes once you’ve set your network up. Of course, this also requires that you anticipate growth, which isn’t always easy. For all you know, your business can grow substantially over your first few years in business. How can you anticipate such growth?

While VoIP can’t predict the future, it can help you adapt to change with one-time setup costs. You won’t have to tear down walls or run new telephone lines just to accommodate new employees. All you have to do is contact your VoIP provider and add new users to your system.

More Flexibility
How many phone numbers do you have? Chances are that, as a business owner, you have your personal cell phone number, as well as your in-house number for company affairs. You wouldn’t be the first professional to think that it would be extremely convenient to have all of your numbers on one single device. Thankfully, VoIP offers a solution for this dilemma, too.

With VoIP, you and your employees have a great way to access your work-related phone numbers and contacts. Since VoIP can be used on desktops, smartphones, and even the traditional telephone handsets, it’s a customizable experience that lets you use your phone solution in the way you prefer. Plus, the extra accessibility allows your employees to be productive off the clock too, which can be great for getting ahead.

No matter how you look at it, VoIP can be a valuable investment for your organization. To get started, reach out to us at PHONENUMBER.

Categories
Technology

Don’t Worry, Your Samsung Phone “Winking” at You is Just a Cool Feature

b2ap3_thumbnail_samsung_smart_stay_400.jpg If you’re a Samsung smartphone user, have you ever seen a little eyeball symbol appear at the top of the screen? You might notice that it will show up for a minute, and then disappear again. Since this kind of activity usually makes users question what’s going on with their device, let’s get down to the bottom of this weird occurrence.

To assuage your fears that you’re being watched by some sort of malware or spyware, know that this eyeball icon doesn’t mean you’ve been hacked. Instead, it’s a feature called Smart Stay created by Samsung. When the eye appears, the feature is activated.

What is Smart Stay?
Smart Stay uses your front facing camera to tell whether or not you’re looking at the device. While this sounds a bit creepy, the camera can use your face to keep the screen from turning off while you’re looking at it–like, say, when you’re reading an article on the Internet that’s particularly long. This actually overrides any screen timeout settings, so it’s a great way to finish off whatever you are reading without having to press a button every now and again to keep it lit up.

To change the settings of Smart Stay, you just go through to Menu > Settings > My Device > Smart screen. All you have to do is uncheck the Smart Stay box to turn it off. Depending on how helpful you find this feature, you might actually prefer to keep it on.

How You Know You Have Something to Worry About
While Samsung’s Smart Stay isn’t something to worry about, there are other symptoms of hacking attacks on your mobile device that you want to keep in mind should the need arise. Depending on the type of problem, the symptoms will vary, but keep the following in mind if you suspect something out of the ordinary.

  1. Unfamiliar charges on your carrier’s statement.
  2. Data access patterns that you don’t recognize.
  3. Your battery drains quicker than normal.
  4. You find apps that are downloaded from a third-party app store.
  5. Strange notifications start appearing, especially related to finding and downloading new apps and games.
  6. Your device has been rooted (aka jailbroken).
  7. Your antivirus has been disabled.
  8. You actually see the hacker’s remote actions of opening apps and navigating your phone.

If you ever have reason to suspect that your phone has been hijacked, make sure that the first thing you do is turn off the device’s Internet connection and power it down as soon as possible. Once you’ve done this, consult your trusted IT professionals at COMPANYNAME. We can remove the threat before it causes any more damage to your device.

A little healthy skepticism never hurt anyone, so be sure to approach issues with your device with a grain of salt. To learn more about how your business can identify troubles with technology, reach out to us at PHONENUMBER.

Categories
Best Practices

Tip of the Week: Resolve a Poor Internet Connection By Following These 3 Steps

b2ap3_thumbnail_internet_connectivity_speed_400.jpg When the Internet goes down in the modern office, chaos ensues. The only way to subdue the panicked masses is to provide answers and to resolve the issue, ASAP. If you happen to find yourself in such an Internet-less predicament, then be sure to follow these three troubleshooting tips.

Is Everything Plugged In?
This may seem like a rather trivial thing to check, but sometimes the worst problems happen because the obvious is overlooked. When your Internet connection fails, be sure to check key components of your network like your modem and cables in order to make sure that everything is plugged in. Considering all of the activity that goes on in a work space, it’s important to keep in mind that accidents happen and equipment can get bumped and the wrong devices can get unplugged. Remember, looks can be deceiving and even a loose cable can be the culprit, so giving your cable connections a firm jiggle may prove an easy fix.

Turn Your Technology Off and on Again
It’s rather comical how many technology woes are remedied by simply turning a device off and on again, yet it’s a troubleshooting method that’s wholeheartedly recommended by IT technicians because it routinely does the trick! One piece of equipment you’ll want to restart first is the modem. If that doesn’t do it, then try restarting your wireless router or PC.

Now, before you go and compulsively restart everything, you’re first going to want to pause and apply some logic to the situation by asking some basic questions. For example, if the Internet is out on your workstation but it’s working on another office computer, then you know it’s an issue with your PC and not the network. If your smartphone lost Internet signal but the signal your PC that’s wired into the network is working fine, then you’ll know that you’ve got a problem with your wireless router and not the modem itself.

Call Your Internet Service Provider
If you go through the previous two steps and you’re still experiencing issues with your Internet connection, then the problem may lie with your Internet service provider. While it’s certainly a relief to learn that the problem isn’t your fault, it’s nevertheless annoying to still have to deal with lost productivity. If you do contact your ISP regarding the issue, they should be able to confirm if it’s an issue on their end, and they may even be able to help by giving you an estimate of when the issue will be resolved. This insight will allow you to better manage your downtime by helping you know what to do next, like sending your staff out to lunch early while the Internet is being fixed instead of having everybody sit around with hands in their pockets.

Bonus Tip: Have a Backup Plan
While we’re on the topic of lost productivity, it’s good to remind business owners about having a business continuity plan that includes backup solutions that allow employees to continue working while the Internet is down, like apps that aren’t totally dependent on the Internet and perhaps a way to connect mission-critical devices to a 4G wireless signal.

While it’s common for businesses to lose Internet connection every so often, it shouldn’t happen so frequently that it eats into your bottom line and causes serious problems. If this is the case, then you’ll want IT professionals to take a look at your network. COMPANYNAME can perform this task for you by discovering the issue and taking the necessary steps to get your network connections working at optimal levels. For assistance troubleshooting any of your company’s technologies, give us a call at PHONENUMBER.

Categories
Alerts

Banks Enact New Security Solutions to Safeguard ATMs

b2ap3_thumbnail_atm_best_practices_400.jpg All across the United States, banks are rolling out ATM improvements to help boost the security of their members by utilizing mobile devices. While these measures will undoubtedly help, they aren’t enough to fix all of the vulnerabilities that ATMs suffer from without some vigilance on the user’s part.

What is Being Done
Wells Fargo launched an initiative that allows their members to access their accounts via automated teller machines, without the use of their ATM cards. By utilizing the bank’s mobile application, an account holder can receive a temporary code that will grant them access to a Wells Fargo ATM when paired with a personal identification number.

While Wells Fargo is the first bank to incorporate app-based access to all 13,000 of their ATMs, other banks aren’t far behind. Chase, Bank of America, and Citigroup have also begun to incorporate similar functions into some of their ATMs.

This isn’t the end of improvements to Wells Fargo’s ATMs, either. Wells Fargo is making the necessary additions to allow members to utilize near-field communication (NFC). By doing so, bank members won’t even need their card to access the ATM. Instead, their mobile device prompts them to scan their fingerprint and enter their pin. So far, about 40 percent of the bank’s ATMs are equipped for this functionality.

Why These Advancements Might Help
Advancements like these are sure to help boost the user’s account security while they utilize these machines to handle their finances. Criminals have been getting more clever in their schemes, and it shows. There were six times as many ATMs that were compromised in 2015 than in 2014.

Scammers now use spy cameras and card skimmers in tandem to collect the information they need to gain access to a bank member’s accounts. These skimmers are able to be inserted directly into the ATM’s card reading mechanism, where it is almost impossible to detect their presence. The same can be said of the pinhole cameras that criminals will use to capture a user’s PIN number. These tiny devices are remarkably difficult to spot.

Worse yet, criminals will often damage machines that don’t have their devices inserted, forcing users into their trap. If you see a row of ATMs with only one in working order, it’s best to give that one a pass.

If you think that a user is safe if they were to use a chip-based card, rather than the magnetic strip, you’d be mistaken. Much as they capture the information from a card’s magnetic strip, scammers have a method to do the same with the card’s onboard chip. Known as “shimming,” this approach is rare but will likely only increase in popularity as more transactions are made with the chip functionality. Plus, these chip-based cards still have the magnetic strip as well, tempting many to swipe away their security.

A Few Issues That Remain
Unfortunately, there are still factors that make ATM machines an effective vehicle for scammers. First of all, many of these new security features were added to the ones already present in the ATMs, rather than replacing them. For instance, while Wells Fargo ATMs will permit the use of a temporary PIN, they will still allow account access through the less secure methods as well. Not to mention that out of a total of 70 million members, there are only 20 million Wells Fargo app users. This means that there are 50 million bank members who aren’t even using the features.

This is assuming that those 20 million app users will make use of them, anyways. Habits are hard to break, so many account holders will likely continue to carry and swipe their ATM cards, despite having a more secure way to access their accounts.

What Should You Do?
Whether you’re dealing with the accounts for your business, or your personal finances, keep security in mind whenever you happen to use an ATM, and take advantage of the improved, more secure processes that are available to you. At the very least, shield your PIN number with your other hand as you input it into the machine.

Is it worth potentially allowing a criminal to access your (or your business’) accounts? Share your thoughts with us in the comments!

Categories
Technology

What Your Software Has in Common With the Food in Your Fridge? An (EOL) End of Life Date

b2ap3_thumbnail_expiring_software_400.jpg It’s a well-known fact that nothing in this world lasts forever (other than Twinkies), and this pertains to your technology more than perhaps anything else. The same solutions that you’ve been working with for years will also need regular updates and improvements in order to stay relevant to your organization.

When you think about it, making sure that your software solutions are always up to date is sort of like keeping your kitchen cabinet full of foodstuffs that haven’t spoiled. Both the software developer and the food producer offer resources that are absolutely crucial in the modern world, and both create products that frequently need to be replaced in order to function as intended. Both offer sustenance to something or another; yet, how similar are they really?

A food producer will tend to focus on offering delectable foods that taste great and offer nutritional value, while a software developer will work toward creating user-friendly solutions and patching up vulnerabilities. Any improvements made tend to be focused on security, but often times the developer will add new features or improve the user interface to offer a better experience as a whole. Primarily, the patches issued resolve problems that hackers can take advantage of to infiltrate your organization and cause trouble.

These improvements are one of the reasons why you might receive notifications about updates available every so often. In fact, they are so frequent that if you don’t implement them as they are released, you could quickly fall behind on network maintenance.

Returning to the food analogy, let’s take a look at a convenience that most businesses have: a break room fridge. If each of your employees keeps a single cup of yogurt in this fridge, and it goes uneaten, it will naturally spoil. However, if you keep this spoiled yogurt in the fridge, despite it being practically inedible, someone will eventually try it out. This could result in employees getting sick.

Whether it’s poor productivity from being ill all day or software that’s missing critical software updates, the result is the same: the potential for a really bad time. If you have someone whose responsibility is to “restock the fridge,” you can keep your organization from being exposed by the sudden, gut-wrenching sickness of a hacking attack.

COMPANYNAME can be the ones to keep an eye out for anything that needs updates or patches on your network, and better yet, we can do all of it ourselves without interrupting operations. This keeps you from taking valuable time out of the day to do it yourself, and you can know for certain that your software solutions are being handled with the care they deserve. To make sure that your business’s network security doesn’t reach its expiration date, reach out to us at PHONENUMBER.

Categories
Security

Tip of the Week: 9 Hacker Profiles You Need to Be Aware Of

b2ap3_thumbnail_cybercrime_classificiations_400.jpg “Hacker” is a word that can bring up many powerful impressions in people. It may very well bring up images of a pale super genius hunched over a keyboard, awash in dim blue light, as it does for many people. However, this extremely specific image does little but pigeonhole the many hackers in the real world into this dramatized caricature.

In reality, there are many different kinds of hacker, each with a preferred target and reason for doing what they do. For your part, it helps to be familiar with the 10 types of hackers you have a chance to encounter.

Amateurs

  • Script Kiddies: There’s a reason that this type of hacker is under the “amateur” heading. These are the hackers who are capable of little more than piggybacking onto larger efforts, or dabbling in the more basic forms of cybercrime. They are little more than nuisances, compared to their hacking compatriots.

The Good Guys

  • White Hats: These ethical hackers, usually security researchers, are those that help the average user by using their skills to keep threats at bay.

Political Players

  • Hacktivists: Using DDoS attacks and website vandalism to humiliate and hobble their targets, these actors are usually part of a larger group, working towards an ideologically driven common cause.
  • Nationalist Hackers: These actors are those that, thanks to their sympathies and patriotic motives, are often given a pass by law enforcement.
  • Nation State Agents: These typically work for a government body, usually in a military or intelligence capacity. They have access to great capital resources, but will not hesitate to use common tools as well.

The Criminals

  • Cyber Mercenaries: These are hackers-for-hire, who will be brought on to assist other cybercriminals for a share of whatever ill-gotten gains there are to be had.
  • Repeat Offenders: These hackers are skilled, yet disorganized, which keeps them from obtaining the profits that other varieties of hackers do.
  • Organized Crime: These are criminal organizations that focus on cybercrime, with a hierarchy that allows them to reap great profits from their schemes.
  • Malicious Insider: These are the criminals who sit inside your walls, actively working to sabotage your efforts and leak critical information to your competition, often for personal motivations.

These malicious insiders are easily the most dangerous threat to an SMB, but that doesn’t mean that the others don’t cause problems as well. In order to keep them all at bay, you will not only need to encourage diligence in the workplace, but also protect that workplace with comprehensive security solutions.

The experts at COMPANYNAME are ready to assist you in securing your business assets against external influences. Call PHONENUMBER to get started.

Categories
Alerts

Alert: LastPass Vulnerability Found. Is Any Password Manager Safe?

b2ap3_thumbnail_last_pass_leak_400.jpg Thanks to one of Google’s researchers with the Zero Day Project, it has been discovered that LastPass has a major vulnerability as a result of a major architectural problem. This news comes on the heels of many other flaws the same researcher discovered within LastPass. However, based on what the researcher claims, these vulnerabilities were much less serious than his latest discovery.

After having “an epiphany in the shower,” Tavis Ormandy realized that the latest version of the password manager’s browser extension is subject to a flaw that allows some malicious websites to have their way with the user’s system. Otherwise, the vulnerability allows malicious websites to steal the user’s passwords from behind LastPass’ protections. Unfortunately, this vulnerability seems to be present in the extensions for every major browser on Windows and Linux, and is most likely present for Mac users as well.

Making this vulnerability even more significant, the vulnerability only requires the extension to be installed in order for it to be exploited. A user could be logged out and still be subject to receiving malicious code from the website they’re visiting.

To their credit, LastPass is committed to resolving this issue, acknowledging Ormandy’s report a mere hour after he submitted it. Two days later, LastPass released a blog post going over these events and offering a few recommendations:

  • Launch websites from the LastPass vault: To retain the highest level of security as possible, it’s better to access websites from the LastPass vault itself.
  • Use Two-Factor Authentication wherever possible: This will add an extra layer of security to prevent leaked credentials from granting easy access to your accounts.
  • Keep an eye out for phishing attacks: Clicking on a malicious link is a great way to hand over your access credentials to malicious entities, so before you click on a link in a received message, take a moment to ask yourself if the link makes sense to be coming from who allegedly sent it.

LastPass has also been vocal in their appreciation for people like Ormandy finding issues like these before they are found the hard way. According to Joe Siegrist, cofounder and vice president of LastPass, “We greatly appreciate the work of the security community to challenge our product and uncover areas that need improvement.

LastPass now has 90 days before Ormandy and Project Zero release the technical details as part of their disclosure policies. In the meantime, it would be prudent to take LastPass’ advice to heart for the sake of your own network security.

To ensure your credentials are protected, and to schedule a full security audit, contact COMPANYNAME at PHONENUMBER.