PHISHING ALERT: PoS Malware Mimics LogMeIn Software Updates

As part of our ongoing commitment to security, we want to make our users and the public aware of a new report of malicious software impersonating LogMeIn updates to Point of Sales (PoS) systems.

On Friday, January 19, 2018, a security researcher from Forcepoint (https://www.forcepoint.com/) reached out to LogMeIn’s Security Team and provided details on a suspected PoS-based malware. According to our investigation, the malware is intended to deceive an unsuspecting user into executing a malicious email, link or file, possibly containing the LogMeIn name.

This link, file or executable is not provided by LogMeIn and updates for LogMeIn products, including patches, updates, etc., will always be delivered securely in-product. You will never be contacted by us with a request to update your software that also includes either an attachment or a link to a new version or update.

This potential malware is being delivered through channels independent of our solutions and we have no evidence at this time to believe that the LogMeIn environment or our products have been compromised as a result thereof.

As always, we encourage users follow standard best practices to safeguard their accounts against phishing and social engineering which include:

  • Only accept updates directly from within your LogMeIn product. We will never deploy a software update via email.
  • Beware of phishing attacks. Do not click on links from people you don’t know or that seem out of character from your trusted contacts and companies.
  • Turn on 2FA for email, and other services like your bank, Twitter, Facebook, etc. Two-factor authentication remains one of the most effective ways to protect your account from targeted attacks.
  • Set a strong, random password for email and for every online account.

As with all suspicious emails, please read carefully and review the website links in these messages. Please be sure to delete these messages if you receive them.

         

Four Key Components of an Endpoint Management Solution

 

 

Endpoint management is increasingly becoming a top priority in the IT community. It’s defined as the ability to centrally discover, provision, deploy, update, and troubleshoot endpoint devices – including, but not limited to, laptops, desktops, or servers – within an organization. An endpoint management solution feature set is pretty extensive, but the typical features include asset management, patch management, mobile device management, operating system (OS) or application deployment, remote control, and anti-virus management. With so many features falling into the endpoint management bucket, I’m here to help you focus on the four key components of an endpoint management solution.

Patch Management

Patch Management has been a hot topic as of late given the first major cyber-threats of the new year – Spectre and Meltdown. A good endpoint management solution allows you to discover and apply patches to all devices within your endpoint infrastructure. The advantage of leveraging endpoint management technology is that by pairing the ability to patch with alerts and process automation, it enables you to be more productive and proactive securing your endpoints.

OS Deployment

Save time and resources by automatically deploying an operating system to your endpoint infrastructure. An endpoint management solution enables you to deploy an operating system to one or all your endpoints with little to no disruption to the end user. Operating systems have and continue to be a large target for cyber threats which is why having a patch management solution to compliment OS deployment is critical.

Application Deployment

It’s becoming more common for employees to bring their own applications into the workplace – Spotify and Slack just to name a few. Add that to other employee-shared applications like Adobe or Java and the difficulty of managing these applications skyrockets. An endpoint management solution not only lets you manage applications within your ecosystem, but also enables you to monitor your endpoints for software that is outdated or at risk, push software updates directly to one or multiple endpoints, manage and perform multiple updates silently without interruption to end users or remote endpoints, and automate software updates on endpoints to prevent future issues.

Asset Management

A good endpoint management solution collects all the important details about your assets regarding the hardware, software, operating system, and applications running on a given endpoint. It stores this information in a single location – usually in the form of a list view or dashboard – for easy reporting.

If you would like to take a look at an endpoint management solution, try LogMeIn Central Premier for free today.

         

What We Know About The Latest CPU Bugs Meltdown and Spectre and Steps You Can Take to Protect Your Organization

On Wednesday, January 3rd, two CPU bugs were discovered that could impact billions of devices worldwide. These two security flaws, known as Meltdown and Spectre, target most computer processing systems making it possible for attackers to steal sensitive data – including passwords, banking information, and encrypted communications.

Meltdown and Spectre: What Are These New Security Flaws?

Let’s start with Meltdown. Affecting Intel processors, Meltdown enables attackers to bypass the hardware barrier between applications that are being run and the computer’s memory – allowing for them to read a computer’s memory and steal passwords.

Spectre, on the other hand, breaks the isolation between different applications allowing attackers to essentially trick those applications into giving up valuable information. Spectre’s impact is larger given it affects Intel, AMD, and ARM processors. This expands its reach to include a multitude of devices, essentially anything with a chip in it.

Combined, these two bugs affect virtually every modern computer, including laptops, smartphones, tablets, and PCs from all vendors, running almost any operating system.

What steps can be taken to reduce the risk of being exposed to these two bugs?

Three steps your organization can take to reduce the risk of being impacted by these two security flaws are to patch your systems with the latest update, monitor CPU usage, and continue to keep an eye on this evolving threat.

  • Patch Your Systems

Patch Management is an essential part of securing your IT infrastructure. Meltdown and Spectre can impact devices running just about any operating system – including Windows, Mac, and Linux – or application leaving just about every organization at risk. Intel and ARM have issued patches that they deem will make your systems immune to these two bugs – but this requires users to download a patch and update their operating system to fix. If you have not already applied the necessary patches, make sure to do so as soon as possible.

  • Monitor CPU Usage

Because these two bugs target CPUs, be sure to continuously monitor CPU usage on all machines in your ecosystem. If you notice any unusual activity, be sure to raise a red flag to your IT leadership and explore the situation further.

  • Keep An Eye On This Evolving Threat

It has only been a few days since these security flaws were identified. More information is sure to surface over the coming days and weeks – including critical information from the security researchers who identified these flaws as well as the impacted providers Intel, AMD, and ARM.

         

Introducing Application Updates for Central Premier

Today we’re excited to announce the release of Application Updates for LogMeIn Central Premier. Application Updates is a patch management feature that allows IT professionals to effectively monitor third-party applications that require updates and automate the deployment of patches to their managed network.

Update Third-Party Applications

With more and more vulnerabilities surfacing every day, keeping your systems update-to-date and secure can be time consuming and costly. Unpatched third-party applications like Adobe, Java, Chrome, and Firefox leave your systems susceptible to attacks and security breaches.

With Application Updates, users can quickly and easily monitor, push updates to applications, perform multiple updates simultaneously, and automate the process of updating software to stay ahead of potential issues and keep their managed network up and running.

Complete Patch Management

As the threat landscape continues to evolve, the need for IT professionals to protect and manage their end points both efficiently and effectively becomes more and more challenging. Patching is an essential part of securing systems from potential vulnerabilities, and cyber-attacks against unpatched software can be completely eliminated with the right solution.

With Central Premier, IT professionals are now equipped with a complete, dedicated view of their endpoints that require important security patches and software updates. Quickly deploy updates to anti-virus software, operating systems, and third-party applications, remotely and automatically, without taking up more time from your day. As the leading remote access platform, LogMeIn now provides IT professionals with the ability to confidently address not only the management, but also the security of their managed network.

Application Updates is included in Central Premier subscriptions at no additional cost, and is now generally available.

         

PHISHING ALERT: FAKE LOGMEIN EMAILS PLAY OFF WANNACRY SCARE

On the heels of the publicity around the WannaCry ransomware scare, we’ve received reports about suspicious emails that are designed to look like they are coming from LogMeIn. These e-mails have all the hallmarks of a phishing attempt.  The reported emails have the same headline and text. In each case, these communications are meant to look like an alert of a computer infected with the now notorious “WannaCry” ransomware with an email subject line similar to the following: “Your computer is infected with WannaCry Ransomware.”  We want to make it clear that these communications did NOT come from LogMeIn and we urge recipients not to click on any such links if you receive a similar email.

As part of our commitment to security, we want to make sure our users and the public are aware of this specific email, as well as provide an easy way for people to identify the telltale signs of phishing attacks.

For more details, please see the full blog post at our corporate blog here. 

 

         

LogMeIn and WannaCry

LogMeIn has been monitoring the evolving WannaCry situation and taking proactive measures to mitigate the risk associated with this global event. To that end we have:

1) Made a concerted effort to patch all of our machines with the latest available security fixes;
2) Configured our internal computer security, security information, and event management (SIEM) tools to monitor for recognizable or known signatures of any WannaCry activity;
3) Alerted our end users within the organization to be ever vigilant; and
4) Been in communication with the vendors of our perimeter and end point protection security systems.

In addition, the LogMeIn corporate network is segregated from the production systems network, providing a further layer of protection and defense. As a result, at this time, we believe that our exposure to the WannaCry ransomeware is minimal and controlled.

         

LogMeIn Completes Merger with Citrix’s GoTo Business

NewCo

We’re very excited to share that LogMeIn has officially announced the completion of a merger with Citrix’s GoTo business. Effected through a Reverse Morris Trust transaction, the merger brings together two of the preeminent players in cloud connectivity to instantly create one of the world’s top 10 public SaaS companies, and a market leader with the scale, resources and world-class talent required to accelerate innovation and significantly expand its total addressable market opportunity.

For more on what this means for our customers, please a letter from our CEO, Bill Wagner, on our corporate blog, here.

 

 

         

5 tips to enjoy the holidays and stay on the ball at work

Woman holding Christmas gift at the desk

The holidays are in full swing, which means holiday parties, time off with the family, and sneaking away to finish up your shopping. However, it can be a challenge to balance holiday to-do’s with work to-do’s and the last thing we want to worry about during the holidays is work.

For most of us, knowing we’ve covered our bases allows us to flip the work switch off and relax. But that peace of mind can only be achieved if we set ourselves up correctly. And while business is inherently unpredictable, we’ve put together these five tips for factors that you can control before going away to set yourself up for a happy, stress-free holiday season!

  1. Pre-holidays prep

The biggest gift you can give yourself is peace of mind as we head into the holiday seaon, and that means preparation well ahead of time. Anticipating deadlines and prioritizing projects weeks ahead of when you’ll be out of the office can translate into a clear line between what needs to be done before you leave, and what can wait until after. Use apps like Trello to maintain your lists with this “before and after” perspective.

  1. Don’t be a bottleneck

Nobody wants to be the reason a project is being held up, and the key here is communication. Reach out early to all of your stakeholders and let your team know when you’re going to be out of the office – Connect with them in person, via e-mail or quick pings on Slack – so you can leave knowing you didn’t drop the ball.

  1. Notorious OOO message

Probably the simplest, yet most effective thing you can do is to set-up your Out of Office message. For anyone you might have missed before leaving, or that falls outside your usual team, it sets clear expectations while you’re away or unavailable. In many cases, after you let people know that you have limited access to email, they may even be pleasantly surprised to hear back from you while you are away.

  1. Schedule your work ‘check-ins’

If you do need to keep in touch while you’re off for the holidays, be sure to set specific times that won’t disrupt your time with family, and set a maximum on your communication. For example, an easy rule to follow is two email checks in your day: once in the morning, and once in the evening. Reply only to what is time-sensitive, and save everything else until you get back. Done. It’s important to respect the time you have allowed for time off, both for your well-being and for those around you. Switching your email notifications off or even turning your data off while you’re out enjoying yourself can help keep this in check.

  1. Enable your technology

Technology has made it possible for us to be equally or more productive when we are outside of the office. In fact, many leaders are beginning to embrace remote culture for its many productivity benefits. With LogMeIn Pro you can access files on your work computer from your personal laptop, even if you’re over the river and through the woods at Grandma’s house (assuming Grandma has wi-fi). Once you retrieve that document from your work computer, you may need to collaborate on it with a colleague or update a client in a quick meeting. Simple start up join.me from your laptop or your mobile app. You can easily screen share with a colleague or meet face-to-face with a client, maintaining strong relationships even with your time off.

         

Discontinuing LogMeIn Authenticator

Our product development efforts at LogMeIn have always centered on enabling employees and individuals to simply and securely connect to their devices and applications. Today, we notified users of our plans to discontinue the LogMeIn Authenticator, our dedicated two-factor authentication app, on December 31, 2016.

Designed to simplify the second factor authentication process to a single gesture, we’ve built a superior product with a better user experience in the LastPass Authenticator. A LogMeIn product and free mobile app, the LastPass Authenticator delivers a unique one-tap password verification experience and can be used on hundreds of popular applications and websites such as LogMeIn, LastPass, Google, Amazon, Salesforce, and more.

We recommend users migrate their two-factor authentication enabled online accounts over to the LastPass Authenticator before the end of the year. The app can be downloaded from:

For step-by-step instructions on how to enable the LastPass Authenticator for your LogMeIn accounts, please click here. 

         

Make Your Business More Cyber Aware

Closeup of business people working

We talk a lot about security here at LogMeIn, especially with our recent partnership with Kaspersky Lab, and given that October is National Cyber Security Awareness Month (NSCAM), it’s an ideal time to refresh some of your company’s security practices.

As a small business or an IT lead for a larger company, you’re maintaining a large amount of technology, devices, users, and much more. But there are a few areas where you can make quick improvements to better secure your company’s important information. Check out this list of items you can address fairly quickly and make quick improvements to your security:

Networks

From WiFi to VPN, make sure your company networks have strong, secure and protected passwords. Enable strong encryption (WPA2 and AES) and require authentication as needed. For the WiFi, set up multiple networks for each use case – one for employees, guests, IT, development, etc – to help eliminate disruption and security breaches impacting the entire company. Also consider the physical security of your network equipment – is it stored in the open where anyone can access, or is it stored away hidden from potential theft?

Mobile Devices

It’s likely that many of your employees are using more than just their desktop or laptop to access company systems and information. Make sure those devices are secure as possible, including requiring a passcode that enables you to wipe the device in case it is lost. On top of the passcode, use finger swipe authentication for additional security.

POS Devices

Many LogMeIn users are managing not just computers, but also POS devices. Those machines should be just as secure as others with strong, secure passwords that are changed frequently, if not automatically, and enabled with both user and admin access. You’ll also want to set up anti-virus protection on these machines; it’s likely they don’t receive as frequent maintenance as a laptop or desktop computer so anti-virus monitoring is critical to ensuring the machine is free from malware and threats.

File Storage

Whenever you’re using a cloud-based file storage and sharing solution, you can enable authentication for those user accounts as well. And if possible, set up application-level encryption to protect that data. You can also choose to restrict the locations and devices where data and files stored in the company account can be stored so you always know where that data is going.

Passwords

Our friends at LastPass have done a great job at highlighting the importance of good password practices, not just at home, but at work as well. The three key tenants that your company should adopt is secure, unique passwords for each account, use of two-factor authentication, and use of a password. Start with employee education on secure password practices and take steps within your team to roll out 2FA. While these are just a start, these steps will greatly improve your company’s security.