In the world of cyber and digital crime, internet security is becoming more prevalent in our lives. Although regularly changing your passwords and complicating their text seems secure, a simple phishing tactic can change all that. Enter, two factor authentication, also known as TFA or 2FA.

2FA will not only require a username and password, but also requires the user to enter a piece of information only they would have access to or know. ​The typical three factors of authentication are: something you know, something you have and something you are. Two factor authentication means using two of these. Although retina and fingerprint scanning is seen in the movies and will soon probably be a reality, the second factor of authentication is typically a code sent to your mobile device only to be used once.

Contact Us for a Free Demo and Quote





Although, 2FA is not a new concept, it is however something that is more important in the digital age that now encompasses our lives. However, many more websites and companies are now using 2FA than ever before. You can use https://twofactorauth.org/ to tell you which sites and companies are using 2FA. You can search financial institutions, social media, retail and many more. Many popular sites, including Google, Facebook and Instagram, have 2FA as well as SnapChat, PayPal and Amazon, just to list a few. Even the White House now has a campaign encouraging users to #TurnOn2FA.

More and more services now support 2FA via mobile device apps. For example, Authenticator and 2STP companion available in iOS. The apps, pre-set by you to work with certain services, has constantly rotating sets of codes to use when even 2FA is needed.

However, as we all begin to panic over what seems to be a time-consuming process with 2FA, the criminals and bad guys count on you being relaxed in protecting yourself. Although, 2FA is not a new concept, it is however something that is more important in the digital age that now encompasses our lives. However, many more websites and companies are now using 2FA than ever before. You can use https://twofactorauth.org/ to tell you which sites and companies are using 2FA. You can search financial institutions, social media, retail and many more. Many popular sites, including Google, Facebook and Instagram, have 2FA as well as SnapChat, PayPal and Amazon, just to list a few. Even the White House now has a campaign encouraging users to #TurnOn2FA.

More and more services now support 2FA via mobile device apps. For example, Authenticator and 2STP companion available in iOS. The apps, pre-set by you to work with certain services, has constantly rotating sets of codes to use when even 2FA is needed.

However, as we all begin to panic over what seems to be a time-consuming process with 2FA, the criminals and bad guys count on you being relaxed in protecting yourself.

The process of implementing 2FA on your accounts, will be worth it in the end to help avoid some serious malicious activity and theft.

be the first to know about new products & services.

sign-up for the blue layer newsletter





Datrium is changing the way managed service providers look at storage solutions.

“Prior to Datrium, the conversation I had with prospects was about leveraging our world-class data center for business continuity and taking care of everything for them. But because of the governor on our speed, we could not always promise better performance. Now with Open Convergence, it’s more resilient and faster, so I can add more benefits to the conversation. Ultimately, that means more revenue for us, and greater performance for our clients.”– Michael Strong, COO

  • What You Need to Know About Two Factor Authentication

    In the world of cyber and digital crime, internet security is becoming more prevalent in our lives. Although regularly changing your passwords and complicating their text seems secure, a simple phishing tactic can change all that. Enter, two factor authentication, also known as TFA or 2FA. 2FA will not only require...

be the first to know about new products & services.

sign-up for the blue layer newsletter

For Windows users, the product lifecycle is no surprise. It begins when released and ends when support is no longer available. Support is available for a minimum of 5 years after a products general availability. Beginning on April 11, 2017, Microsoft has decided to end support and updates for Windows Vista. Although it will continue to start and run, Windows Vista will no longer be supported.

This means that Microsoft will no longer provide fixes, updates or technical support online. If you are still running Windows Vista then now would be the time to make sure that you have the latest update available to you. This means that without Microsoft support, you will no longer receive security updates to protect your PC from viruses, spyware and malicious software.

You may continue to use Windows Vista, however, you put your PC at risk for malicious viruses and spyware. Blue Layer would recommend updating to the newest version of Windows, being Windows 10

  • What You Need to Know About Two Factor Authentication

    In the world of cyber and digital crime, internet security is becoming more prevalent in our lives. Although regularly changing your passwords and complicating their text seems secure, a simple phishing tactic can change all that. Enter, two factor authentication, also known as TFA or 2FA. 2FA will not only require...

be the first to know about new products & services.

sign-up for the blue layer newsletter

For those who frequently use Google Docs, double and triple check before opening, even if it appears to come from a trustworthy source. Anyone can be a victim.A harmful phishing scam that imitated the typical Google Docs email took over the internet yesterday, including a reasonable amount of media companies. Think before you clink may sound repetitive to many, it really can save you from a lot of damage and hassle

Google quickly took action to subdue this particular scam, and the company said that in a statement it has since disabled the accounts that are believed to have been infected. “We have removed the fake pages, pushed updates through Safe Browsing and our abuse team is working to investigate and prevent this kind of spoofing from happening again.” Although this current phishing scam has been dealt with, it is still important to be aware and scrutinize everything.

Large scale phishing attacks such as this one, regularly impersonate popular internet sites and pages. Similar Google Docs scams have been spreading on the internet since at least 2014. Unfortunately, they were not easy to identify because the authenticity was so realistic and accurate, phishers utilize actual Google accounts and really interacted with Google services. The genuine looking aspect lures victims into the scams without even knowing the pages are not real.

This is how a typical Google phishing scam would sound:

-You receive an email saying someone added you to a Google Doc. “Please click the link to view

-This link then takes you to a legitimate account screen with a list of all the Google accounts you’re logged into.

-You are then asked to choose the one you want to view the document in (or log in with to view)

-At that point, the malicious Google Docs. waits for you to grant access to your account, where it then has access to your contacts, emails and other personal information.If you had already fallen victim to the link, go to the permissions page in your Google accounts and revoke the service called “Google Docs.” It is fake. Then reset your password and turn on 2-Factor Authentication, if it wasn’t on already.Protect yourself and turn on Password Alert. This is a Google tool that will alert you anytime your Google credentials are entered into any page that is not “Google’s”. For instance, if phishers are using a genuine looking fake page, Password Alert will immediately request you change your password as soon as you have entered them into the fake Google

Clicking the links or downloading attachments should not be a regular function, even if they are from people you trust. They may be victims as well. Take time to analyze the email and the URL it came from and double check with the “sender” to see if they really sent you something. The best protection: think before you click!

  • What You Need to Know About Two Factor Authentication

    In the world of cyber and digital crime, internet security is becoming more prevalent in our lives. Although regularly changing your passwords and complicating their text seems secure, a simple phishing tactic can change all that. Enter, two factor authentication, also known as TFA or 2FA. 2FA will not only require...

be the first to know about new products & services.

sign-up for the blue layer newsletter

As has been widely reported, a well-orchestrated ransomware attack swept the world this past Friday, wreaking havoc in over 150 countries. Hospitals had to turn away patients and, as of Monday morning, approximately 200,000 systems in a wide variety of industries around the globe had been infected with the malware.This is the most extreme attack we have seen so far in 2017 and unfortunately, there is no permanent fix. Patch your systems and have proper security because this is not going away.

The Ransomware infects files and user data demanding a payment until returned. Reports stated the ransom was $300 in bitcoin to start, following 3 days, it would increase to $600 bitcoin and after a full week with no action or payment, all encrypted data would be destroyed.

WannaCry may have gone global attack this past Friday, however, Microsoft, was aware of it and released a security patch earlier this year for vulnerabilities in Windows Software. Many were affected due to the lack of security updates and using older versions of Windows leaving users susceptible to attacks on their files and systems.Although the malware was first detected in March and used by the NSA, there was a report that it was publicly stolen from the U.S. National Security Agency about a month later. The malware is believed to have been stolen by well-known hacker crew, The Shadow Brokers. The malware drops an encrypted file on the seemingly vulnerable system, which is then executed as a service dropping the ransomware file onto the affected system. Approximately 165 extensions are vulnerable to the attack, including commonly used Microsoft extensions, including .docx, .gif, .jpg, and many others.Although unusual, the temporary fix for this particular malware was discovered by a 22-year-old cybersecurity researcher in the U.K. He goes by the Twitter handle @MalwareTechBlog and by pure luck, managed to derail the entire operation.

Malware Tech noticed that one of the domain names being used in the attacks was not registered. He tweeted that he purchased the domain name, drugs-are.reallyreally.fun for $3, thus tracking the ransomware’s spread and unintentionally disarming the attackers.

Although Malware Tech stopped the ransomware spread now, that does not mean it is gone for good. You are putting yourself at a greater risk without a security appliance and without anti-virus software. Do not become a victim in the future. Protect yourself today.-PC users: run the updates on your machines with updates from Microsoft.-If at all possible, upgrade from Windows XP.

-Do not open emails, attachments, etc. from senders you do not know.

-Always be aware of suspicious emails with attachments that you did not request.

-Never click on links from questionable sources.

-Any time you download or install files from the internet, you are at risk.

Since this malware was so destructive, for the first time since 2014, Microsoft released a patch for Windows XP. Follow the link to ensure that your security is up to date and you are protected. https://www.microsoft.com/en-us/download/details.aspx?id=55245If you have any questions or concerns, please contact Blue Layer. We’ll be happy to discuss your options and how to better protect yourself from becoming a victim in the future.

  • What You Need to Know About Two Factor Authentication

    In the world of cyber and digital crime, internet security is becoming more prevalent in our lives. Although regularly changing your passwords and complicating their text seems secure, a simple phishing tactic can change all that. Enter, two factor authentication, also known as TFA or 2FA. 2FA will not only require...

Blue Layer to add 2,800 Sq Ft to Lubbock Headquarters

This will include additional offices well as new executive suites. The main feature will include an expanded network operations center as well larger dedicated spaces for new project preparations and repair areas. This will increase the amount of volume our support and break-fix teams will be able to handle as well as productivity by increasing their workspace and resources.

We began this process with the addition of a generator, making Blue Layer the only IT managed service provider in Lubbock to ensure it will have power at all times. We can power our servers as well as our existing and soon-to-be expanded network operations center to better serve our clients.

Blue Layer has been providing reliable technology consulting in the South Plains and beyond for 15 years. This expansion is aimed to better serve our clients as well as continue to grow our company and support what we believe in as a business and providing right-sized IT solutions to our customers every day.

Construction will continue throughout the summer and is expected to conclude in late fall.

“We’re excited about the future of our company and how we will be able to better serve our clients. This expansion will not only provide our growing team more space, but also strive to improve the overall customer service experience for our clients.”  Michael Strong – COO

Blue Layer is honored to serve the West Texas community and we look forward to sharing this experience with you. Please contact us at bluelayerit.com if you have any questions.

Once Equifax discovered the breach in the access to their website, they enlisted the services of an outside computer security forensic firm, Mandiant. An employee of Mandiant purchased equihax.com and other domains that may have looked appealing to phishers in order to keep it off the market.

Coincidentally or not, Equifax executives managed to sell millions of dollars-worth of stock. This happened between the time when the intrusion was discovered and when the public became aware. Stocks are now down by 13 percent, from when the breach was announced versus the price on the market Thursday. The executives claim to have no knowledge of the breach prior to the sales. 

Equifax should have been aware of the technological ramifications of not being adequately protected. Without the protection that a company such as Equifax should have had, a data breach was likely in only a matter of time. Apache Struts is a program for building web applications in Java and is believed to be the open-source software package where the vulnerability was discovered. According to reports, the vulnerability had existed since 2008. Apache Struts is a very popular framework utilized every day by over 50 percent of the Fortune 100 companies such as Lockheed Martin, Office Depot, even the IRS and more. In this case, the vulnerability was exploited and malicious code imbedded inside the data. When the Apache Struts program attempted to convert the data, it was executed at that time causing the breach. Meaning, hackers had easy access to establish malware onto the company’s webservers, as well as steal and delete confidential data.

New developments indicate a class action lawsuit has been filed. The civil action suit accuses the company of lacking security standards and guaranteed protection for its users in an effort to save money. The lawsuit is requesting compensation and costs for the potential 143 million Americans affected.

Customers should immediately put in place a freeze on all accounts that were associated with Equifax. For customers signing up with Equifax, all are required to acknowledge the terms of service. However, those terms appear to include legalese suggesting that by acknowledging the terms or terms of service you are waiving all rights to be a part of a class action lawsuit in the future, if that situation were to arise. Equifax has since provided an update on this verbiage addressing those terms. “In response to consumer inquiries, we have made it clear that the arbitration clause and classaction waiver included in the Equifax and TrustedID Premier terms of use does not apply to this cybersecurity incident.”

How this affects you?

All consumers have rights, mandated by congress, to access their credit report via annualcreditreport.com. This gives consumers one free report from each of the “big three” Experian, Trans Union, and Equifax. If you sign up with a company like Equifax, the most that they can do for you is to alert you once your information and identity has been stolen, they cannot prevent it.

Consumers can request that the bureaus “freeze” their credit information. This prevents anyone from accessing the credit files. Consumers can temporarily or permanently remove the hold if they wish.

Always be aware of where your confidential data and personal information is. Do not provide personal information such as social security numbers or credit card numbers via email, unless the emails are encrypted, or to people you do not know. Hackers and phishers are getting smarter every day. Cybersecurity is becoming increasingly more important, not just for organizations and corporations, but for individuals as well.If you have questions or concerns regarding your cybersecurity and data protection, contact Blue Layer to learn more.

  • What You Need to Know About Two Factor Authentication

    In the world of cyber and digital crime, internet security is becoming more prevalent in our lives. Although regularly changing your passwords and complicating their text seems secure, a simple phishing tactic can change all that. Enter, two factor authentication, also known as TFA or 2FA. 2FA will not only require...

This past week, big-three credit bureau giant, Equifax, was hit with a major breach of information, putting 143 million Americans at risk. Social security numbers and other personal information are among the data that was compromised in the intrusion.To make it even worse, the Equifax site, equifaxsecurity2017.com, where users are supposed to be able to find out if they were impacted by the breach, is broken and useless. Krebsecurity.com referred to it as a “stalling tactic or sham at worst.” Following the breaking news of the breach, this site was flagged as a possible phishing scheme. Many received differing answers on whether they were affected, causing much confusion. Some were also told that they were not eligible and to try again later in the month. Equifax hired a third-party public relations firm, Edelman PR, to assist in the notifications of affected customers.

Equifax confirmed that the cyberattack was discovered in the end of July, including data such as social security and drivers’ license numbers, birth dates and addresses. However, contradicting reports indicate that the vulnerability was discovered in March. Over 200,000 customers credit card data were also involved in the intrusion. Complaints are being raised about the delay in time that it took to inform customers about the breach. Equifax says that it took action quickly to prevent further damage, however, 143 million Americans are now affected by this and are not pleased with Equifax’s response. Updates from an Equifax spokesperson indicate that the site’s problems are now resolved and customers can get accurate information that clarifies whether they were affected or not.

Once Equifax discovered the breach in the access to their website, they enlisted the services of an outside computer security forensic firm, Mandiant. An employee of Mandiant purchased equihax.com and other domains that may have looked appealing to phishers in order to keep it off the market.

Coincidentally or not, Equifax executives managed to sell millions of dollars-worth of stock. This happened between the time when the intrusion was discovered and when the public became aware. Stocks are now down by 13 percent, from when the breach was announced versus the price on the market Thursday. The executives claim to have no knowledge of the breach prior to the sales.

Equifax should have been aware of the technological ramifications of not being adequately protected. Without the protection that a company such as Equifax should have had, a data breach was likely in only a matter of time. Apache Struts is a program for building web applications in Java and is believed to be the open-source software package where the vulnerability was discovered. According to reports, the vulnerability had existed since 2008. Apache Struts is a very popular framework utilized every day by over 50 percent of the Fortune 100 companies such as Lockheed Martin, Office Depot, even the IRS and more. In this case, the vulnerability was exploited and malicious code imbedded inside the data. When the Apache Struts program attempted to convert the data, it was executed at that time causing the breach. Meaning, hackers had easy access to establish malware onto the company’s webservers, as well as steal and delete confidential data.

New developments indicate a class action lawsuit has been filed. The civil action suit accuses the company of lacking security standards and guaranteed protection for its users in an effort to save money. The lawsuit is requesting compensation and costs for the potential 143 million Americans affected.

Customers should immediately put in place a freeze on all accounts that were associated with Equifax. For customers signing up with Equifax, all are required to acknowledge the terms of service. However, those terms appear to include legalese suggesting that by acknowledging the terms or terms of service you are waiving all rights to be a part of a class action lawsuit in the future, if that situation were to arise. Equifax has since provided an update on this verbiage addressing those terms. “In response to consumer inquiries, we have made it clear that the arbitration clause and class action waiver included in the Equifax and TrustedID Premier terms of use does not apply to this cybersecurity incident.”

How this affects you?

All consumers have rights, mandated by congress, to access their credit report via annualcreditreport.com. This gives consumers one free report from each of the “big three” Experian, Trans Union, and Equifax. If you sign up with a company like Equifax, the most that they can do for you is to alert you once your information and identity has been stolen, they cannot prevent it.

Consumers can request that the bureaus “freeze” their credit information. This prevents anyone from accessing the credit files. Consumers can temporarily or permanently remove the hold if they wish.

Always be aware of where your confidential data and personal information is. Do not provide personal information such as social security numbers or credit card numbers via email, unless the emails are encrypted, or to people you do not know. Hackers and phishers are getting smarter every day. Cybersecurity is becoming increasingly more important, not just for organizations and corporations, but for individuals as well.If you have questions or concerns regarding your cybersecurity and data protection, contact Blue Layer to learn more.

  • What You Need to Know About Two Factor Authentication

    In the world of cyber and digital crime, internet security is becoming more prevalent in our lives. Although regularly changing your passwords and complicating their text seems secure, a simple phishing tactic can change all that. Enter, two factor authentication, also known as TFA or 2FA. 2FA will not only require...

Vulnerability Warning: Intel CPU

By now you may have heard about the ‘Intel CPU Vulnerability’ and may have even started to receive emails from your Antivirus vendor with information regarding patching. This latest vulnerability is also commonly known as ‘Meltdown’.

Meltdown breaks the most fundamental isolation between user applications and the operating system. This vulnerability allows a program to access the memory, and thus also the secrets, of other programs and the operating system. Meltdown affects personal computers, mobile devices, servers, and cloud systems.

Meltdown breaks the most fundamental isolation between user applications and the operating system. This vulnerability allows a program to access the memory, and thus also the secrets, of other programs and the operating system. Meltdown affects personal computers, mobile devices, servers, and cloud systems.

If your computer has a vulnerable processor and runs an un-patched operating system, it is not safe to work with sensitive information without the chance of leaking the information. Luckily, there are software patches being released by Microsoft, Apple, and Linux providers to repair the vulnerability.

Meltdown uses similar techniques to many modern Antivirus programs. As such, patching the vulnerability may cause issues with system stability and Antivirus functionality. We will work with our vendors to identify, update, and patch relevant Antivirus products to then enable patching of affected operating systems.

“We are committed to patching all affected systems as quickly as possible. We continue to work closely with our vendors to monitor and protect our customers.”

Michael Strong, COO

For more information about the details of the vulnerability, visit the public information site at https://spectreattack.com/. If you have any questions or inquiries, please contact us.

  • What You Need to Know About Two Factor Authentication

    In the world of cyber and digital crime, internet security is becoming more prevalent in our lives. Although regularly changing your passwords and complicating their text seems secure, a simple phishing tactic can change all that. Enter, two factor authentication, also known as TFA or 2FA. 2FA will not only require...

Beware of Office 365 Email Phishing Scams

There is an Office 365 “Unable to Verify Subscription” phishing email that is being sent to Office 365 users. Do NOT click on the “Re-Enable Now” link included in the email.

The image below is an example of what you need to look out for.

Beware of Office 365 Email Phishing Scam

The email, text and images included may look very real, but in fact it is a scam to get your password and access to your Office 365 account. The image below is just one example of the email circulating among Office 365 users right now. When we mouse over (not click on) the “Re-Enable Now” button, the link is redirected to a URL out of Indonesia, however, other links may look different. Be suspicious of any Office 365 emails that you receive, stay alert and think twice before you click.

 

If you believe that you may be a victim of an Office 365 email scam or have any questions,

please contact our help desk.

  • What You Need to Know About Two Factor Authentication

    In the world of cyber and digital crime, internet security is becoming more prevalent in our lives. Although regularly changing your passwords and complicating their text seems secure, a simple phishing tactic can change all that. Enter, two factor authentication, also known as TFA or 2FA. 2FA will not only require...