PHISHING ALERT: PoS Malware Mimics LogMeIn Software Updates

As part of our ongoing commitment to security, we want to make our users and the public aware of a new report of malicious software impersonating LogMeIn updates to Point of Sales (PoS) systems.

On Friday, January 19, 2018, a security researcher from Forcepoint ( reached out to LogMeIn’s Security Team and provided details on a suspected PoS-based malware. According to our investigation, the malware is intended to deceive an unsuspecting user into executing a malicious email, link or file, possibly containing the LogMeIn name.

This link, file or executable is not provided by LogMeIn and updates for LogMeIn products, including patches, updates, etc., will always be delivered securely in-product. You will never be contacted by us with a request to update your software that also includes either an attachment or a link to a new version or update.

This potential malware is being delivered through channels independent of our solutions and we have no evidence at this time to believe that the LogMeIn environment or our products have been compromised as a result thereof.

As always, we encourage users follow standard best practices to safeguard their accounts against phishing and social engineering which include:

  • Only accept updates directly from within your LogMeIn product. We will never deploy a software update via email.
  • Beware of phishing attacks. Do not click on links from people you don’t know or that seem out of character from your trusted contacts and companies.
  • Turn on 2FA for email, and other services like your bank, Twitter, Facebook, etc. Two-factor authentication remains one of the most effective ways to protect your account from targeted attacks.
  • Set a strong, random password for email and for every online account.

As with all suspicious emails, please read carefully and review the website links in these messages. Please be sure to delete these messages if you receive them.


Four Key Components of an Endpoint Management Solution



Endpoint management is increasingly becoming a top priority in the IT community. It’s defined as the ability to centrally discover, provision, deploy, update, and troubleshoot endpoint devices – including, but not limited to, laptops, desktops, or servers – within an organization. An endpoint management solution feature set is pretty extensive, but the typical features include asset management, patch management, mobile device management, operating system (OS) or application deployment, remote control, and anti-virus management. With so many features falling into the endpoint management bucket, I’m here to help you focus on the four key components of an endpoint management solution.

Patch Management

Patch Management has been a hot topic as of late given the first major cyber-threats of the new year – Spectre and Meltdown. A good endpoint management solution allows you to discover and apply patches to all devices within your endpoint infrastructure. The advantage of leveraging endpoint management technology is that by pairing the ability to patch with alerts and process automation, it enables you to be more productive and proactive securing your endpoints.

OS Deployment

Save time and resources by automatically deploying an operating system to your endpoint infrastructure. An endpoint management solution enables you to deploy an operating system to one or all your endpoints with little to no disruption to the end user. Operating systems have and continue to be a large target for cyber threats which is why having a patch management solution to compliment OS deployment is critical.

Application Deployment

It’s becoming more common for employees to bring their own applications into the workplace – Spotify and Slack just to name a few. Add that to other employee-shared applications like Adobe or Java and the difficulty of managing these applications skyrockets. An endpoint management solution not only lets you manage applications within your ecosystem, but also enables you to monitor your endpoints for software that is outdated or at risk, push software updates directly to one or multiple endpoints, manage and perform multiple updates silently without interruption to end users or remote endpoints, and automate software updates on endpoints to prevent future issues.

Asset Management

A good endpoint management solution collects all the important details about your assets regarding the hardware, software, operating system, and applications running on a given endpoint. It stores this information in a single location – usually in the form of a list view or dashboard – for easy reporting.

If you would like to take a look at an endpoint management solution, try LogMeIn Central Premier for free today.


What We Know About The Latest CPU Bugs Meltdown and Spectre and Steps You Can Take to Protect Your Organization

On Wednesday, January 3rd, two CPU bugs were discovered that could impact billions of devices worldwide. These two security flaws, known as Meltdown and Spectre, target most computer processing systems making it possible for attackers to steal sensitive data – including passwords, banking information, and encrypted communications.

Meltdown and Spectre: What Are These New Security Flaws?

Let’s start with Meltdown. Affecting Intel processors, Meltdown enables attackers to bypass the hardware barrier between applications that are being run and the computer’s memory – allowing for them to read a computer’s memory and steal passwords.

Spectre, on the other hand, breaks the isolation between different applications allowing attackers to essentially trick those applications into giving up valuable information. Spectre’s impact is larger given it affects Intel, AMD, and ARM processors. This expands its reach to include a multitude of devices, essentially anything with a chip in it.

Combined, these two bugs affect virtually every modern computer, including laptops, smartphones, tablets, and PCs from all vendors, running almost any operating system.

What steps can be taken to reduce the risk of being exposed to these two bugs?

Three steps your organization can take to reduce the risk of being impacted by these two security flaws are to patch your systems with the latest update, monitor CPU usage, and continue to keep an eye on this evolving threat.

  • Patch Your Systems

Patch Management is an essential part of securing your IT infrastructure. Meltdown and Spectre can impact devices running just about any operating system – including Windows, Mac, and Linux – or application leaving just about every organization at risk. Intel and ARM have issued patches that they deem will make your systems immune to these two bugs – but this requires users to download a patch and update their operating system to fix. If you have not already applied the necessary patches, make sure to do so as soon as possible.

  • Monitor CPU Usage

Because these two bugs target CPUs, be sure to continuously monitor CPU usage on all machines in your ecosystem. If you notice any unusual activity, be sure to raise a red flag to your IT leadership and explore the situation further.

  • Keep An Eye On This Evolving Threat

It has only been a few days since these security flaws were identified. More information is sure to surface over the coming days and weeks – including critical information from the security researchers who identified these flaws as well as the impacted providers Intel, AMD, and ARM.


Don’t Leave Your Endpoint
Protection to Chance

News coverage of recent cybersecurity attacks shines a glaring spotlight on the vulnerability of our endpoint infrastructure in this increasingly technology-dependent world.

Exploits in the News

When the WannaCry ransomware infected more than 300,000 computers in over 74 countries this May, it forced the UK National Health Service to turn patients away, resulted in a two-day shut down of LG self-service kiosks in South Korea, affected more than 40,000 businesses in China and threatened thousands of individual systems.

According to a New York Times article, the hackers behind the attack leveraged a hacking tool they stole from the National Security Association (N.S.A.) called “Eternal Blue.” Eternal Blue enabled the rapid spread of WannaCry by exploiting a vulnerability in Microsoft Windows servers. Even though Microsoft had addressed the vulnerability via a patch in a March software update, large volumes of computers weren’t up-to-date to defend against this attack.

The incident was quickly followed up by other global ransomware attacks including Petya ransomware initiated in June, and the series of Equifax data breaches which started in May and were discovered in July before being reported to the public 6 weeks later. The Equifax breaches, like the WannaCry attack, were enacted by exploiting a software vulnerability that the firm attempted to patch months prior to the attack.

Costs of Exploits

Incidents like these are more common than you might think. According to a study conducted by Ponemon Institute and sponsored by IBM security, the probability of experiencing a data breach is 1 in 4 and costs around $141 per record on average. If your company or the clients you serve have as few as 20k records, that’s equivalent to $2.8 million dollars at risk.

Proactive Prevention

Protecting systems from costly exploits, like just the few we mentioned, falls on IT. It’s imperative to have a centralized approach to maintaining machines and keeping them up-to-date with the latest software patches that are vital to protecting your overall network. Automating updates and patch deployment will ensure that your systems aren’t left unprotected and can save hours of time over updating each endpoint manually.

If you’re not managing or automating this critical function yet, try LogMeIn’s Central Premier for free for 14 days or request a demo from one of our Central pros. Make security your #1 priority and protect your endpoints today!


Introducing Application Updates for Central Premier

Today we’re excited to announce the release of Application Updates for LogMeIn Central Premier. Application Updates is a patch management feature that allows IT professionals to effectively monitor third-party applications that require updates and automate the deployment of patches to their managed network.

Update Third-Party Applications

With more and more vulnerabilities surfacing every day, keeping your systems update-to-date and secure can be time consuming and costly. Unpatched third-party applications like Adobe, Java, Chrome, and Firefox leave your systems susceptible to attacks and security breaches.

With Application Updates, users can quickly and easily monitor, push updates to applications, perform multiple updates simultaneously, and automate the process of updating software to stay ahead of potential issues and keep their managed network up and running.

Complete Patch Management

As the threat landscape continues to evolve, the need for IT professionals to protect and manage their end points both efficiently and effectively becomes more and more challenging. Patching is an essential part of securing systems from potential vulnerabilities, and cyber-attacks against unpatched software can be completely eliminated with the right solution.

With Central Premier, IT professionals are now equipped with a complete, dedicated view of their endpoints that require important security patches and software updates. Quickly deploy updates to anti-virus software, operating systems, and third-party applications, remotely and automatically, without taking up more time from your day. As the leading remote access platform, LogMeIn now provides IT professionals with the ability to confidently address not only the management, but also the security of their managed network.

Application Updates is included in Central Premier subscriptions at no additional cost, and is now generally available.


Discontinuing LogMeIn Authenticator

Our product development efforts at LogMeIn have always centered on enabling employees and individuals to simply and securely connect to their devices and applications. Today, we notified users of our plans to discontinue the LogMeIn Authenticator, our dedicated two-factor authentication app, on December 31, 2016.

Designed to simplify the second factor authentication process to a single gesture, we’ve built a superior product with a better user experience in the LastPass Authenticator. A LogMeIn product and free mobile app, the LastPass Authenticator delivers a unique one-tap password verification experience and can be used on hundreds of popular applications and websites such as LogMeIn, LastPass, Google, Amazon, Salesforce, and more.

We recommend users migrate their two-factor authentication enabled online accounts over to the LastPass Authenticator before the end of the year. The app can be downloaded from:

For step-by-step instructions on how to enable the LastPass Authenticator for your LogMeIn accounts, please click here. 


Make Your Business More Cyber Aware

Closeup of business people working

We talk a lot about security here at LogMeIn, especially with our recent partnership with Kaspersky Lab, and given that October is National Cyber Security Awareness Month (NSCAM), it’s an ideal time to refresh some of your company’s security practices.

As a small business or an IT lead for a larger company, you’re maintaining a large amount of technology, devices, users, and much more. But there are a few areas where you can make quick improvements to better secure your company’s important information. Check out this list of items you can address fairly quickly and make quick improvements to your security:


From WiFi to VPN, make sure your company networks have strong, secure and protected passwords. Enable strong encryption (WPA2 and AES) and require authentication as needed. For the WiFi, set up multiple networks for each use case – one for employees, guests, IT, development, etc – to help eliminate disruption and security breaches impacting the entire company. Also consider the physical security of your network equipment – is it stored in the open where anyone can access, or is it stored away hidden from potential theft?

Mobile Devices

It’s likely that many of your employees are using more than just their desktop or laptop to access company systems and information. Make sure those devices are secure as possible, including requiring a passcode that enables you to wipe the device in case it is lost. On top of the passcode, use finger swipe authentication for additional security.

POS Devices

Many LogMeIn users are managing not just computers, but also POS devices. Those machines should be just as secure as others with strong, secure passwords that are changed frequently, if not automatically, and enabled with both user and admin access. You’ll also want to set up anti-virus protection on these machines; it’s likely they don’t receive as frequent maintenance as a laptop or desktop computer so anti-virus monitoring is critical to ensuring the machine is free from malware and threats.

File Storage

Whenever you’re using a cloud-based file storage and sharing solution, you can enable authentication for those user accounts as well. And if possible, set up application-level encryption to protect that data. You can also choose to restrict the locations and devices where data and files stored in the company account can be stored so you always know where that data is going.


Our friends at LastPass have done a great job at highlighting the importance of good password practices, not just at home, but at work as well. The three key tenants that your company should adopt is secure, unique passwords for each account, use of two-factor authentication, and use of a password. Start with employee education on secure password practices and take steps within your team to roll out 2FA. While these are just a start, these steps will greatly improve your company’s security.


Plans to Retire Cubby


Today, we began notifying Cubby users and customers of the decision to retire Cubby, our file sync & share offering. Since its debut in 2013, Cubby has provided a unique file sharing experience for millions of individuals and businesses and this difficult decision was made after much deliberation and consideration.

LogMeIn’s long-term investment strategy is focused on three key technology markets — Collaboration, Identity & Access Management, and Customer Support & Engagement – and we are aligning our product development efforts accordingly to best serve our customers rapidly evolving needs. With such focus comes tough decisions around the future of products that don’t fully align with our strategy, and after careful consideration and evaluation, we have reached the difficult, but none-the-less important, decision to discontinue Cubby.

Our users are our top priority and chief concern with this change, and we are taking steps we believe will help existing Cubby users safely and securely migrate to alternative cloud-based offerings, whether to LogMeIn or other trusted companies.

Cubby Free users will be given until November 16th to migrate away from Cubby, and can choose to move to another free service – LogMeIn is recommending Dropbox and OneDrive – or a paid service, including LogMeIn Pro. Cubby Pro and Enterprise customers will continue to have full access to Cubby, both their files and full product functionality, through their account’s expiration date plus an additional 30 days to allow more time to evaluate options and complete the migration of their files.

Here is a quick tutorial on how to move your files out of Cubby and into another service like Dropbox.

We understand that with any change comes questions and potentially concerns.  Here are a few FAQs to explain what we anticipate will be the most common questions for our users:

  • How are you notifying customers?

All Cubby users are being notified of this decision by email and in-product notifications. Our users are our top priority and chief concern with this change, and we are taking steps we believe will help existing Cubby users to safely and securely migrate to other cloud offerings, whether from LogMeIn or from other trusted companies.

  • Will you offer cloud storage and file sharing capabilities in any of your other products?

LogMeIn will continue to offer cloud storage and file sharing capabilities as key features in our other products – for example both LogMeIn Pro and both offer these features – but we will no longer package them as a separate product.

  • How long will Cubby users have access to their files?

Cubby Free users will be given until November 16th to migrate away from Cubby, and can choose to move to a free service – LogMeIn is recommending Dropbox and OneDrive – or a paid service, including LogMeIn Pro.

Cubby Pro and Enterprise users will have full access to Cubby – both their files and full product functionality – through their account’s expiration date plus an additional 30 days to allow more time to evaluate options and complete the migration of their files.

For more information pertaining to your Cubby Basic, Pro or Enterprise account, please read our detailed FAQs here:


The Surprising State of IT Security: 4 Key Trends Revealed

Whether it’s malware or hackers or viruses, they pose significant threats to businesses and companies around the world, and rightfully so. These continue to evolve – and get smarter – making risk management a consuming task for IT teams and MSPs. There were over 400 million known malware instances in 2015 and that number is on the rise in 2016. What’s even scarier is how commonplace breaches and attacks are – almost 60% of IT teams have experienced a breach or attack at some point.

But rather than becoming more skilled at handling these threats, IT teams are more challenged by them now than ever before. And there are plenty of reasons for that. With the proliferation of devices such as laptops, smartphones, tablets, and the rise of account-based information that lives in the cloud, employees and companies are more at risk than ever, and IT teams are scrambling to keep up with rapidly-changing tech behaviors.

In our latest research study, we heard from 500 IT professionals on everything related to anti-virus and security management – their current processes, challenges, and overall take on the overwhelming task of protecting their computers and customers from threats. Check out the infographic below to learn the 4 trends we uncovered in the current state of IT security.



Educate your employees during Internet Safety Month


In honor of Internet Safety Month, we’re offering up some of our best tips that help small businesses keep their employees and company information safe from fraud and hackers.

Your company is only as strong as your least-informed, most insecure employee; nearly 30% of companies say employee apathy is a big threat to their company’s security. It’s worth the time and investment in educating your employees, reinforcing the risks of weak security habits and instilling good habits, which is the focus of this week’s Internet safety tip.

Tip #2: Establish device management policies: It’s clear that how we get work done every day has changed dramatically in the last 10 years. It’s becoming much more uncommon to find desktop computers and the prevalence of laptops, tablets, and smartphones in the workplace has risen dramatically. With these devices, employees are able to work out of the office far more frequently. But that means IT teams need to be even more diligent with device management and BYOD policies, including encryption, firewalls, VPN requirements, and more.

However that’s only one side of the problem. Be sure to instill good practices with your employees. Encourage them to lock their computers before walking away from them or keep them securely stored somewhere while traveling, especially while traveling in places like airports or hotels. Also be sure employees understand not to connect outside devices – like external hard drives – to their work computers because of the risk of what those devices might bring to the computer.

Check out Tip #1 on safe browsing practices and stay tuned next week for another tip!