PHISHING ALERT: PoS Malware Mimics LogMeIn Software Updates

As part of our ongoing commitment to security, we want to make our users and the public aware of a new report of malicious software impersonating LogMeIn updates to Point of Sales (PoS) systems.

On Friday, January 19, 2018, a security researcher from Forcepoint ( reached out to LogMeIn’s Security Team and provided details on a suspected PoS-based malware. According to our investigation, the malware is intended to deceive an unsuspecting user into executing a malicious email, link or file, possibly containing the LogMeIn name.

This link, file or executable is not provided by LogMeIn and updates for LogMeIn products, including patches, updates, etc., will always be delivered securely in-product. You will never be contacted by us with a request to update your software that also includes either an attachment or a link to a new version or update.

This potential malware is being delivered through channels independent of our solutions and we have no evidence at this time to believe that the LogMeIn environment or our products have been compromised as a result thereof.

As always, we encourage users follow standard best practices to safeguard their accounts against phishing and social engineering which include:

  • Only accept updates directly from within your LogMeIn product. We will never deploy a software update via email.
  • Beware of phishing attacks. Do not click on links from people you don’t know or that seem out of character from your trusted contacts and companies.
  • Turn on 2FA for email, and other services like your bank, Twitter, Facebook, etc. Two-factor authentication remains one of the most effective ways to protect your account from targeted attacks.
  • Set a strong, random password for email and for every online account.

As with all suspicious emails, please read carefully and review the website links in these messages. Please be sure to delete these messages if you receive them.


What We Know About The Latest CPU Bugs Meltdown and Spectre and Steps You Can Take to Protect Your Organization

On Wednesday, January 3rd, two CPU bugs were discovered that could impact billions of devices worldwide. These two security flaws, known as Meltdown and Spectre, target most computer processing systems making it possible for attackers to steal sensitive data – including passwords, banking information, and encrypted communications.

Meltdown and Spectre: What Are These New Security Flaws?

Let’s start with Meltdown. Affecting Intel processors, Meltdown enables attackers to bypass the hardware barrier between applications that are being run and the computer’s memory – allowing for them to read a computer’s memory and steal passwords.

Spectre, on the other hand, breaks the isolation between different applications allowing attackers to essentially trick those applications into giving up valuable information. Spectre’s impact is larger given it affects Intel, AMD, and ARM processors. This expands its reach to include a multitude of devices, essentially anything with a chip in it.

Combined, these two bugs affect virtually every modern computer, including laptops, smartphones, tablets, and PCs from all vendors, running almost any operating system.

What steps can be taken to reduce the risk of being exposed to these two bugs?

Three steps your organization can take to reduce the risk of being impacted by these two security flaws are to patch your systems with the latest update, monitor CPU usage, and continue to keep an eye on this evolving threat.

  • Patch Your Systems

Patch Management is an essential part of securing your IT infrastructure. Meltdown and Spectre can impact devices running just about any operating system – including Windows, Mac, and Linux – or application leaving just about every organization at risk. Intel and ARM have issued patches that they deem will make your systems immune to these two bugs – but this requires users to download a patch and update their operating system to fix. If you have not already applied the necessary patches, make sure to do so as soon as possible.

  • Monitor CPU Usage

Because these two bugs target CPUs, be sure to continuously monitor CPU usage on all machines in your ecosystem. If you notice any unusual activity, be sure to raise a red flag to your IT leadership and explore the situation further.

  • Keep An Eye On This Evolving Threat

It has only been a few days since these security flaws were identified. More information is sure to surface over the coming days and weeks – including critical information from the security researchers who identified these flaws as well as the impacted providers Intel, AMD, and ARM.


Don’t Leave Your Endpoint
Protection to Chance

News coverage of recent cybersecurity attacks shines a glaring spotlight on the vulnerability of our endpoint infrastructure in this increasingly technology-dependent world.

Exploits in the News

When the WannaCry ransomware infected more than 300,000 computers in over 74 countries this May, it forced the UK National Health Service to turn patients away, resulted in a two-day shut down of LG self-service kiosks in South Korea, affected more than 40,000 businesses in China and threatened thousands of individual systems.

According to a New York Times article, the hackers behind the attack leveraged a hacking tool they stole from the National Security Association (N.S.A.) called “Eternal Blue.” Eternal Blue enabled the rapid spread of WannaCry by exploiting a vulnerability in Microsoft Windows servers. Even though Microsoft had addressed the vulnerability via a patch in a March software update, large volumes of computers weren’t up-to-date to defend against this attack.

The incident was quickly followed up by other global ransomware attacks including Petya ransomware initiated in June, and the series of Equifax data breaches which started in May and were discovered in July before being reported to the public 6 weeks later. The Equifax breaches, like the WannaCry attack, were enacted by exploiting a software vulnerability that the firm attempted to patch months prior to the attack.

Costs of Exploits

Incidents like these are more common than you might think. According to a study conducted by Ponemon Institute and sponsored by IBM security, the probability of experiencing a data breach is 1 in 4 and costs around $141 per record on average. If your company or the clients you serve have as few as 20k records, that’s equivalent to $2.8 million dollars at risk.

Proactive Prevention

Protecting systems from costly exploits, like just the few we mentioned, falls on IT. It’s imperative to have a centralized approach to maintaining machines and keeping them up-to-date with the latest software patches that are vital to protecting your overall network. Automating updates and patch deployment will ensure that your systems aren’t left unprotected and can save hours of time over updating each endpoint manually.

If you’re not managing or automating this critical function yet, try LogMeIn’s Central Premier for free for 14 days or request a demo from one of our Central pros. Make security your #1 priority and protect your endpoints today!



On the heels of the publicity around the WannaCry ransomware scare, we’ve received reports about suspicious emails that are designed to look like they are coming from LogMeIn. These e-mails have all the hallmarks of a phishing attempt.  The reported emails have the same headline and text. In each case, these communications are meant to look like an alert of a computer infected with the now notorious “WannaCry” ransomware with an email subject line similar to the following: “Your computer is infected with WannaCry Ransomware.”  We want to make it clear that these communications did NOT come from LogMeIn and we urge recipients not to click on any such links if you receive a similar email.

As part of our commitment to security, we want to make sure our users and the public are aware of this specific email, as well as provide an easy way for people to identify the telltale signs of phishing attacks.

For more details, please see the full blog post at our corporate blog here. 



LogMeIn and WannaCry

LogMeIn has been monitoring the evolving WannaCry situation and taking proactive measures to mitigate the risk associated with this global event. To that end we have:

1) Made a concerted effort to patch all of our machines with the latest available security fixes;
2) Configured our internal computer security, security information, and event management (SIEM) tools to monitor for recognizable or known signatures of any WannaCry activity;
3) Alerted our end users within the organization to be ever vigilant; and
4) Been in communication with the vendors of our perimeter and end point protection security systems.

In addition, the LogMeIn corporate network is segregated from the production systems network, providing a further layer of protection and defense. As a result, at this time, we believe that our exposure to the WannaCry ransomeware is minimal and controlled.


Make Your Business More Cyber Aware

Closeup of business people working

We talk a lot about security here at LogMeIn, especially with our recent partnership with Kaspersky Lab, and given that October is National Cyber Security Awareness Month (NSCAM), it’s an ideal time to refresh some of your company’s security practices.

As a small business or an IT lead for a larger company, you’re maintaining a large amount of technology, devices, users, and much more. But there are a few areas where you can make quick improvements to better secure your company’s important information. Check out this list of items you can address fairly quickly and make quick improvements to your security:


From WiFi to VPN, make sure your company networks have strong, secure and protected passwords. Enable strong encryption (WPA2 and AES) and require authentication as needed. For the WiFi, set up multiple networks for each use case – one for employees, guests, IT, development, etc – to help eliminate disruption and security breaches impacting the entire company. Also consider the physical security of your network equipment – is it stored in the open where anyone can access, or is it stored away hidden from potential theft?

Mobile Devices

It’s likely that many of your employees are using more than just their desktop or laptop to access company systems and information. Make sure those devices are secure as possible, including requiring a passcode that enables you to wipe the device in case it is lost. On top of the passcode, use finger swipe authentication for additional security.

POS Devices

Many LogMeIn users are managing not just computers, but also POS devices. Those machines should be just as secure as others with strong, secure passwords that are changed frequently, if not automatically, and enabled with both user and admin access. You’ll also want to set up anti-virus protection on these machines; it’s likely they don’t receive as frequent maintenance as a laptop or desktop computer so anti-virus monitoring is critical to ensuring the machine is free from malware and threats.

File Storage

Whenever you’re using a cloud-based file storage and sharing solution, you can enable authentication for those user accounts as well. And if possible, set up application-level encryption to protect that data. You can also choose to restrict the locations and devices where data and files stored in the company account can be stored so you always know where that data is going.


Our friends at LastPass have done a great job at highlighting the importance of good password practices, not just at home, but at work as well. The three key tenants that your company should adopt is secure, unique passwords for each account, use of two-factor authentication, and use of a password. Start with employee education on secure password practices and take steps within your team to roll out 2FA. While these are just a start, these steps will greatly improve your company’s security.


Phishing Alert: Fake Emails Mimic LogMeIn Activation Emails

In light of recent news around the Yahoo breach, we are getting reports from both the general public and LogMeIn customers about suspicious emails that are designed to look like they are coming from LogMeIn — they have all the hallmarks of phishing attempts.

All of the reports are meant to look like a LogMeIn activation email. The email subject line is: Activate your account” or “Verify your new LogMeIn ID.”

We want to make it clear that these did NOT come from LogMeIn and people should NOT click on the links in these emails.   While we are working with our partners to remove these malicious websites, as part of our commitment to security, we want to make sure our users and the public are aware of this specific email, and we wanted to share what we’ve learned, as well as provide an easy way for people to identify the tell-tale signs of phishing attacks.

View the entire post on our corporate blog at


The Surprising State of IT Security: 4 Key Trends Revealed

Whether it’s malware or hackers or viruses, they pose significant threats to businesses and companies around the world, and rightfully so. These continue to evolve – and get smarter – making risk management a consuming task for IT teams and MSPs. There were over 400 million known malware instances in 2015 and that number is on the rise in 2016. What’s even scarier is how commonplace breaches and attacks are – almost 60% of IT teams have experienced a breach or attack at some point.

But rather than becoming more skilled at handling these threats, IT teams are more challenged by them now than ever before. And there are plenty of reasons for that. With the proliferation of devices such as laptops, smartphones, tablets, and the rise of account-based information that lives in the cloud, employees and companies are more at risk than ever, and IT teams are scrambling to keep up with rapidly-changing tech behaviors.

In our latest research study, we heard from 500 IT professionals on everything related to anti-virus and security management – their current processes, challenges, and overall take on the overwhelming task of protecting their computers and customers from threats. Check out the infographic below to learn the 4 trends we uncovered in the current state of IT security.




This excerpt is from a post that originally appeared on our official corporate blog: 

“…Today we began proactively resetting some LogMeIn users’ passwords. So we wanted to let both these users and the rest of our customer base understand why. The short version is these users’ credentials were on a list making the rounds on the web — credentials taken from high profile breaches at companies like LinkedIn, Tumblr and MySpace. Here’s a bit more.

What happened?

As you may have seen in the news, lists of hundreds of millions of user credentials taken from past breaches (mostly at social networks) are now being used for a variety of recent nefarious activity on high profile sites like Netflix and Facebook.

LogMeIn actively looks for situations where the accounts of our users could be at risk—even if the threat is external to our service. In this particular case, we identified users who may be at risk because of password reuse. Out of an abundance of caution, we proactively reset those users’ LogMeIn passwords…”

View the entire post on our corporate blog at




Why CAPTCHA (and how do you turn it off)?

Your security is our first and foremost interest. Your experience is an incredibly close second. So we want to protect you in the most friction-less way possible. To that end, we’ve just started using a CAPTCHA check when you login to, LogMeIn Pro, LogMeIn Central and/or Cubby. But we understand it does add an extra step that some users may not want. So here’s a quick take on why CAPTCHA is a good thing when it comes to protecting your account…and how you can turn it off if desired.


Simply put, CAPTCHA stops most brute force attacks. That is, it stops bad guys who are trying to run hundreds, thousands or millions of login attempts against popular online services to gain access to individual user accounts. You’ve likely heard the recent stories, but if you haven’t, millions of social media accounts are reportedly on sale. Worse is there is lots of evidence that hackers are counting on users’ reusing these across other services.  CAPTCHA largely protects against such attempts.

How to turn it off:

CAPTCHA should help as an extra layer of protection against password reuse, in that it protects against automated, big scale attacks that rely on such reuse. Even better is changing your password. So if you want to shut off CAPTCHA, all we ask is that you reset your, LogMeIn or Cubby password. Here’s how you can do that.