As of January 14th, 2020, Microsoft will be ending all support for their hugely popular Windows 7 operating system, which has technology professionals strongly recommending businesses upgrade to Windows 10 in response.
This brief video on the subject discusses what the end of Windows 7 support means for users and the risks that come with choosing not to upgrade before January 2020.
If you have questions or want to find out how we can assist you with upgrading smoothly to Windows 10, give us a call at (678) 389-6200 or email us at firstname.lastname@example.org.
If you use Microsoft’s Skype for Business, that service will be ending on July 31, 2021. Microsoft wants all customers to start using Microsoft Teams instead. Many of the more popular services of Skype are now available on Teams.
Microsoft says, “We’ve brought the key set of Skype for Business Online capabilities into Teams along with new voice, video, and meetings innovation. We encourage all Office 365 customers to start using Teams today, whether independently or side-by-side with Skype for Business.”
Starting September 1, 2019, if you’re an Office 365 customer, you’ll be directed to Microsoft Teams automatically.
If your business uses Skype, Microsoft’s FAQ page has very helpful information to help you transition, including these videos:
Capital One Data Breach Affects More Than 100 Million Customers and Small Businesses in The U.S. & 6 Million in Canada
On July 29, 2019, Capital One reported that their customers’ confidential information was compromised. This includes the Social Security and bank account numbers of more than 100 million people and small businesses in the U.S., along with 6 million in Canada.
The McLean, Virginia-based bank discovered the vulnerability in its system July 19 and immediately sought help from law enforcement to catch the perpetrator. They waited until July 29 to inform customers.
How Did The Hacker Get Into Capital One’s System?
According to court documents in the Capital One case, the hacker obtained this information by finding a misconfigured firewall on Capital One’s Amazon Web Services (AWS) cloud server.
Amazon said that AWS wasn’t compromised in any way. They say that the hacker gained access through a misconfiguration on the cloud server’s application, not through a vulnerability in its infrastructure.
Capital One says that they immediately fixed the configuration vulnerability that the individual exploited and promptly began working with federal law enforcement.
Who Breached Capital One’s Data?
Paige A. Thompson, a former software engineer in Seattle, is accused of stealing data from Capital One credit card applications.
Thompson was a systems engineer and an employee at Amazon Web Services from 2015 to 2016. In a statement, Amazon said that she left the company three years before the hack took place.
The FBI arrested Thompson on Monday, July 29 for the theft, which occurred between March 12 and July 17. Thompson made her initial appearance in U.S. District Court in Seattle and has been detained pending an August 1 hearing. Computer fraud and abuse are punishable by up to five years in prison and a $250,000 fine.
What Information Was Compromised?
Thompson stole information including credit scores and balances plus the Social Security numbers of about 140,000 customers and 80,000 linked bank account numbers of their secured credit card customers. For Capital One’s Canadian credit card customers, approximately 1 million Social Insurance Numbers were compromised.
The largest category of information obtained was that of consumers and small businesses when they applied for one of Capital One’s credit card products from 2005 through early 2019.
Capital One said, some of this information included names, addresses, phone numbers, email addresses, dates of birth and self-reported income.
Other data obtained included credit scores, limits, balances and transaction data from a total of 23 days during 2016, 2017 and 2018.
This is one of the top 10 largest data breaches ever, according to USA TODAY research.
What Is Capital One Saying About The Breach?
They will offer free credit monitoring services to those affected. Capital One said it was “unlikely that the information was used for fraud or disseminated by this individual” but committed to investigating the hack fully.
They’ve set up a consumer website about the breach at www.capitalone.com/facts2019 that you should refer to if you’re worried that your information was compromised.
Capital One expects that this hack will cost them approximately $100 million to $150 million in 2019.
What Should Capital One Customers Do?
If you’re a Capital One customer, you should check your account online. You should also freeze your credit through each of the three main credit bureaus: Experian, Equifax and TransUnion.
It’s important to remain vigilant. Businesses should sign up for Dark Web Scanning to detect whether your confidential business information is there for cybercriminals to use.
Prevention is always the best remedy. Ask your IT provider to ensure your that your firewall is properly configured and to continuously remotely monitor your network for intrusions.
Are You One Of Many Affected By The LabCorp Data Breach?
Financial & Personal Information of 7.7 Million Exposed
Just yesterday we wrote about the Quest Diagnostics’ breach affecting nearly 12 million. Today we’re writing to tell you about a LabCorp breach affecting 7.7 million people. Both of these breaches were caused by a third-party; the American Medical Collection Agency (AMCA). AMCA provides billing collection services to both LabCorp and Quest Diagnostics.
AMCA has informed LabCorp that it is in the process of sending notices to approximately 200,000 LabCorp consumers whose credit card or bank account information may have been accessed. AMCA has not yet provided LabCorp with a list of the affected LabCorp consumers or more specific information about them.
“AMCA’s affected system also included credit card or bank account information that was provided by the consumer to AMCA for those who sought to pay their balance. LabCorp provided no ordered test, laboratory results, or diagnostic information to AMCA. AMCA has advised LabCorp that Social Security Numbers and insurance identification information are not stored or maintained for LabCorp consumers.”
The information included in the breached system includes:
Bank account information,
Credit card information,
First and last name,
Date of birth,
Address and phone,
Date of service and provider, and
Forensic experts are investigating the breach. It’s possible that the AMCA breach could impact other companies and millions of more consumers.
What Should You Do?
Anyone who was affected by the data breach should freeze their credit report to prevent criminals from opening credit card accounts in their name. They should also be concerned that their Social Security numbers were exposed.
If you believe that your information has been leaked, you can contact LabCorp customer service on their contact page.
If you are still using Windows Server 2003 or XP, Windows 7, Windows 2008 R2, or Windows 2008 you could be in trouble. A wormable virus may be coming your way. The virus is designated as CVE-2019-0708.
This means that the virus can get into your system without you doing anything like clicking a malicious link. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights without your knowledge.
What Should You Do?
Microsoft has released a critical update for their Remote Desktop Services that impacts multiple Windows versions. The patches are for devices and systems that are both in and out-of-support, which is rare for Microsoft to do. This shows the importance of these patches.
The update addresses the vulnerability by correcting how Remote Desktop Services handles connection requests. To apply the patches, go to the Microsoft Security Update Guide for in-support systems and KB4500705 for out-of-support systems.
Note: Clients & Customers on a valid managed services agreement are being taken care of and there is no immediate action for any computer, server or other devices under a valid managed services agreement.
Microsoft recommends that customers running one of these operating systems download and install the update as soon as possible.
Does This Mean Even Systems Without Support Can Get The Patch?
Yes, Microsoft is aware that some customers are running versions of Windows that no longer receive mainstream support. This means that you wouldn’t have received any security updates to protect your systems from the CVE-2019-0708 virus.
Given the potential impact on customers and their businesses, Microsoft decided to make security updates available for platforms that are no longer in mainstream support.
It’s recommended that you back up all of your important data first. If you have a reliable backup, if the patch creates problems you can still access your data. You should do this before you install any patches.
What If We Can’t Apply The Patches?
If you can’t apply the patch for your system there are other things that you can do:
If you don’t need the Remote Desktop Services, you can disable it.
Block the TCP port 3389 (this prevents unauthorized requests from the Internet).
Enable NLA (Network Level Authentication) for Windows 7 and Windows Server 2008.
Of course, the best thing to do is to contact your local IT services company. They’ll know exactly what to do.
What Is A Wormable Virus?
This means that any future malware that uses this vulnerability could propagate from one vulnerable computer to another. This is how similar malware like WannaCry spread around the world. Experts are worried that this flaw could be used to fuel a fast-moving malware threat like the WannaCry ransomware attacks of 2017.
“This vulnerability is pre-authentication and requires no user interaction,” Pope said. “In other words, the vulnerability is ‘wormable,’ meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017. It is important that affected systems are patched as quickly as possible to prevent such a scenario from happening.”
Have There Been Any Attacks Yet?
Microsoft said they haven’t found evidence of attacks against this dangerous security flaw. But one could happen at any time. Right now they are trying to prevent a serious, imminent threat with these patches.
Simon Pope goes on to say:
“While we have observed no exploitation of this vulnerability, it is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware.”
What Does The Microsoft Remote Desktop Do?
You use the Microsoft Remote Desktop application to connect to a remote PC or virtual apps and desktops made available by your admin. You can control your desktop computer and all of its contents from another computer.
The app lets you connect to your desktop from wherever you are. The access to the remote desktop happens over the Internet or via another network. It lets you interact as if you were physically working from your desktop.
The Remote Desktop application also gives the “master” computer access to all of the contents on the remote computer.
What Else Should We Know?
If you had updated from Windows 7 to Windows 10 or from Windows Servers 2008/2008 R2 to Windows Server 2016 or 2019, you wouldn’t need to worry. This is why it’s essential to keep your systems up to date.
Soon, on January 14, 2020, support will come to an end for all Windows Server 2008, 2008 R2 equipment and the Windows 7 operating system.
If you’re still using these servers or operating system, it’s crucial to replace them now so that there’s no disruption to your daily operations or loss of data.
Any hardware or software product that reaches its end of life is a potential gateway for hackers to enter through. In addition to the security hazard, there are other reasons why it isn’t a good idea to keep using old equipment such as unresolvable outages.
Where Can We Get Help?
Contact us to ensure your Microsoft desktops and servers are secure and protected from unauthorized intrusions.
In working with John Mamon (CEO) over the years, I have personally witnessed his commitment to making sure the customer comes first, consistently creating raving fans of his services. When we started thinking about a managed services partnership to help our education clients manage, secure, and control their tablets, mPowered IT was our first call. Our partnership was not only a great decision for PowerUp EDU, it is an even better decision for our customers!Jerry G.
I am impressed with the professionalism and courtesy of the mPowered IT technicians. We are thrilled!Stephanie C.
mPowered IT is extremely professional and dependable. They consistently deliver results and as an owner, I trust that they will take care of my business. Their attention to detail has earned my business.David B.
I have worked closely with John Mamon, CEO of mPowered IT, for the past 7 years. He understands the business advantage that well-managed IT can bring and has a sound understanding of what makes IT work for business. Many IT Service Providers talk a good talk, but they haven’t built the delivery capability to actually achieve what they promise. John has instilled in his team the discipline and knowledge necessary to keep IT running optimally for his clients, enhancing the client’s return from every IT dollar invested.John K.
Our experience during a recent project was great. Our engineer kept us informed as we went through the process. Even when we hit a snag, the team responded very quickly and got everything resolved. They even took care of a separate issue I was trying to get handled for some time. They really came through.Eleanor C.
I just called mPowered IT on an issue and they were fantastic and fixed the problem in a matter of minutes.Matthew J.
I cannot imagine trying to manage our tablets without your help.Peggy W.
Thank you again for making the final push to the deadline on our website launch. I can’t tell you enough how much I appreciate your commitment to quality. Feels like I’ve got someone fighting by my side.Nicole B.