Windows 7 Rides Off Into the Sunset

On January 14th of next year, popular computer operating system Windows 7 will reach it’s End of Life stage, and Microsoft will no longer support it in an official capacity. Windows 7 was released in July 2009, and will be discontinued after 11 years. In addition, Windows Server 2008 R2 will also reach End of Life on the same date. 

What does this mean for my organization?

Will my computers still work? Yes, technically your computes running Windows 7 will continue to operate. However, on that date Microsoft will stop issuing patches and security updates for the OS. This means that all computers in your organization still running Windows 7 become vulnerable, which can also expose your entire network.

The biggest issue with continuing to use Windows 7 is that it won’t be patched for any new viruses or security flaws once it enters End of Life, and this leaves you open to any emerging threat. Moreover, hackers and malicious code writers will take advantage of this event to develop new ways to attack the Window 7 OS, knowing that no fixes or patches will come.

It is critical that you begin to plan now to replace or upgrade these machines. Please contact Mosesys about a replacement strategy today.


Why you NEED a password manager

internet screen security protection
Photo by Pixabay on

In this day and age, password managers have become integral. It’s not a matter of if you need a password manager, you simply DO.

If you are storing your passwords in an Excel spreadsheet, or Outlook contact notes, you are taking unnecessary risks with your sensitive data.

Excel encryption is easy to defeat, and Outlook contact notes get synced to every device that accesses the account. What happens to those notes when that device is lost or stolen? It’s easy to access contact notes once a device is compromised. What if the email account gets hacked? The attacker now has all your contact notes as well. In addition, users are everyday granting contact permissions on their devices to apps that may or may not be ‘above the board’.

An even worse practice is using the same password, or variations of the same password across multiple sites. This is possibly the most dangerous security practice you can have. A study¹ by Virginia Tech University found that:

52% of the users studied have the same passwords (or very similar and easily hackable ones) for different services.

Credential Stuffing is a term used to describe an attack in which hackers compromise one site, or obtain usernames and passwords from the black-market (known as the dark web) and then try those passwords on other sites like your email or bank, to see if you are using the same password. They employ computer algorithms to test slight variations on those passwords as well. Many people do, and credential stuffing is the cause of a lot of data breaches today.

A password manager is a must. Why? Because they allow you to use strong, complex, unique passwords for every site without struggling to remember multiple passwords. In fact, you only have to remember the master password for the password manager. They also allow for tiered access and multiple user accounts, so that your employees can get access to passwords that you allow, and not others. Their database is encrypted on every device with strong encryption, so that even if the device is lost or stolen, attackers wouldn’t be able to get the information.

At MoseSys we recommend RoboForm

Another popular alternative is LastPass

Both of these companies offer desktop apps, web browser extensions, and mobile apps. They also store your password database in the cloud. For those of you who may be concerned about a third party storing and possibly having access to your sensitive information, a good litmus test is whether or not they can recover your password if you forget it. Both RoboForm and Lastpass cannot. Your password database is encrypted using your master password as a key. This means you are in real trouble if you forget your master password. However, it also means that the companies themselves cannot access your sensitive data.

Ask a MoseSys associate today for more information and assistance in setting up a password manager.



Apple Releases Multiple Security Updates

Apple has released multiple security updates to various products which address vulnerabilities found.  All those using iPhones, iPads and Macs are going to want to make sure to apply these new updates.

National Cyber Awareness System:


Apple Releases Multiple Security Updates

02/07/2019 02:12 PM EST


Original release date: February 07, 2019

Apple has released security updates to address vulnerabilities in multiple products, including the recently discovered FaceTime vulnerability. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), encourages users and administrators to review the Apple security pages for the following products and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.

A copy of this publication is available at If you need help or have questions, please send an email to Do not reply to this message since this email was sent from a notification-only address that is not monitored. To ensure you receive future US-CERT products, please add to your address book.


Social Engineering Attacks on the Rise

Currently the most prevalent attacks are based on Phishing.

A Phishing attack is generally an email that appears to be from a known or trusted sender, but is instead an attempt to steal your credentials.  It typically leads you to a login prompt that looks identical to your email or other website login page, and is an attempt to trick you into giving the attackers your account credentials.

A couple of examples:

  • Your email provider asking you to login to a system or website,
  • A trusted associate asking you to “open the attached document,”
  • Your boss asking you to initiate a wire transfer to one of your vendors.

A lot of times, these emails are fraudulent.  The intent is to gain access to an account such as your email or bank account.  From there they are able to gain control of your data or money, and typically use your accounts to further spread their fraudulent emails.

As a MoseSys customer, you are protected in several ways, including exchange mail server anti-spam filters, as well as Webroot anti-virus software.  However, no security measures are infallible.  The next section, employee training is just as vital as any of the other security components.


Probably the most effective tool to mitigate these attacks is proper training of your employees. These are some highlights:

-Never open links or attachments in an email that looks suspicious.

-Never provide your login credentials (email, banking etc.) to a website unless you navigated to that site yourself, directly, without clicking any links in emails or other web pages.

-Do not click a link or open an attachment unless you are expecting it from that specific sender at the time.

-The person sending you the email, although someone you know and trust, may have had their account compromised so that the email actually not coming from them but a hacker who is in control of their account.

-Always double-check the links and sender address to see where they are actually coming from


From <>

In the example above, although the underlined blue link appears to directing your browser to, by hovering over the link you can see in the bottom grey bar that it’s actually directing you somewhere different.  It’s quite easy to spoof a web-link, or a ‘from’ email address in this manner.

-If you are ever in doubt as to whether a link or attachment is legitimate, pick up the phone and call the person sending it.  Get verbal confirmation from them that it’s safe.

-Look at emails for misspellings, improper grammar, or even strange greetings (Hello Madam!). Often times these attacks are perpetrated by folks who don’t speak English as their first language.

-Be very suspicious of emails that invoke a sense of urgency, trying to get you to act quickly for some stated reason.

-As a rule of thumb, don’t click on links in emails if possible.  If you get an email from FPL asking you to log into your account, instead of clicking the link, open your web browser and type ‘‘ to access your account.

-Finally, check to see if the SSL certificate is valid.  At the left side of the address bar in most browsers (Internet Explorer, Chrome, Firefox etc) You will see the green padlock symbol to confirm that this web page has a valid certificate from a trusted authority.


Virtually all websites that ask you to login will have this.  If for any reason you don’t’ see this, or see a red ‘open’ padlock, do not trust the site!


At MoseSys, we have multiple extra security measures that can be implemented to further protect your employees and accounts. Some examples:

-Multi Factor Authentication : any time someone attempts to login to an email account from a new computer or browser, a second form of authentication is required, such as a text message confirmation sent to the employee’s phone

-SafeLinks and SafeAttachments are add-on services available for Office 365 email customers that scan every email your employees receive, analyzing it for dangerous links and/or attachments

-Firewall: Modern security appliances include subscription based services that inspect incoming network traffic, looking for viruses and malware attempting to attack your network.

-Training Seminar: We have prepared a brief 1-1.5 hour seminar for your employees to alert them to the dangers and equip them with the tools necessary to remain safe, and to keep your valuable systems and data safe. Please ask us about this service.

Please contact your MoseSys team today to discuss the possibility of implementing some of these additional security features and services.

If you think you may have clicked on a link in a phishing email, or fallen for an online scam, contact the MoseSys team immediately.  (941) 234-0687



What is the KRACK Wi-Fi vulnerability, and should you be concerned?

KRACK stands for Key Reinstallation AttaCK, and is a security flaw discovered in the Wi-Fi encryption protocols WPA and WPA2, used in almost all modern-day devices . This includes your laptop, cell phone and tablet. (Most desktop computers do not have wireless capability).

The KRACK vulnerability exists when your device first makes it’s connection to a secured Wi-Fi access point.  Step one is for your device and the access point to exchange authentication information, also known as a ‘handshake’.  By exploiting this vulnerability in WPA and WPA2, this process can be manipulated to allow a third party to obtain the encryption key.  With that, they can execute a ‘Man-in-the-middle’ based attack, and therefore view your data traffic.

Device manufacturers are racing to release patches to fix this security vulnerability.  Among those which are still vulnerable: Apple, Android and Linux devices.  A couple of points below:

  • An attacker needs to be in-range of your device and wireless access point to exploit this vulnerability. For a typical wireless router, this is a little more than 100 ft.
  • If you are using a Windows PC running Windows 7 or newer, and your PC is up-to-date on patches, you are already protected.  Microsoft released a security fix on October 10th. If you are a MoseSys managed customer, with our Patch Doctor system you can be assured that your computers have the latest patches and updates.
  • If you are using an Apple or Android device, stay tuned for patches that will be issued soon.  You may consider not connecting to public Wi-Fi hotspots, or possibly using only cellphone network data in the meantime.
  • If your network utilizes a Sonicwall firewall appliance, no changes are necessary.  Sonicwall units are not vulnerable to the KRACK exploit.
  • If you are using a third party wireless router, consider contacting the router manufacturer to see if they’ve released a new firmware update that fixes the KRACK exploit.  Consider doing the same if you are using your cable provider’s router.
  • Make sure your anti-virus, anti-malware, and software firewalls are patched and up-to-date.  For MoseSys customers, this is another area in which you can rest easy, knowing it’s taken care of.
  • ALWAYS practice discretion when using a public Wi-Fi hotspot. Do not transmit sensitive information , and try to use websites that use the HTTPS protocol (Or show the little padlock symbol in the address bar).

For more information, see PCWorld’s FAQ:

Why you NEED a hardware firewall.

In your car, the firewall is a sheet of metal between the cabin and the engine which prevents engine fires from reaching you.

In computer networking, the firewall is just as important, a barrier to keep destructive forces away from your office network.


The network firewall performs the following functions:

Intrusion prevention

Your office network is under constant attack.  Malware and bot nets across the globe are slowly, but surely probing every machine connected online to find vulnerable points to attack.  A hardware firewall acts like a gate-keeper, blocking known patterns of malicious intent and hacking.

Packet filtering/inspection

Much like security at the airport, the firewall is constantly inspecting data moving across your network, watching for certain patterns and characteristics of malicious code, suspicious behavior, identifying the good traffic, and blocking the bad.  This includes traffic from the outside trying to gain entry, but also internal traffic trying to get out.

Gateway Anti-Virus and anti-spyware protection

Hardware firewalls compare known virus and spyware signatures against what they observe traveling through your network, with the ability to stop a large number of threats before they can even get to company equipment.

Several methods are employed by unscrupulous individuals to gain access to, or control of your computer equipment.  Many of these can be mitigated in full or partially by a hardware firewall.  Among them are:

-Unauthorized Remote login

-Application backdoors

-Operating system bugs/security flaws

-Denial of Service attacks

-E-mail bombs



In today’s environment, if your business employs a computer network, a hardware firewall is a must.  Please ask a MoseSys team member today how you can add this essential piece of protection to your network.



Ransomware, what is it, and what can you do about it?


Some of you may have recently read about WannaCry, the largest ransomware attack ever recorded, currently spreading to computer systems around the globe.  What is ransomware? In a nutshell, it is a variant of malware (malicious software) which encrypts data without your permission.  Once encrypted, it will attempt to extort money from the victim for the safe restoration of said files, basically holding your files hostage.

Many companies today are using old, out of date hardware and software, and lack a solid security or backup program that would help to mitigate this threat.  The majority of these malicious attacks are the result of a user clicking on a link or attachment in an email, or browsing unsafe websites.  WannaCry also utilizes a worm, which is malware that can actually seek out and spread to other vulnerable PCs on your network.

WannaCry is just the beginning.  Due to the unfortunate success of these types of cyberattacks, we will almost certainly see an increase going forward, both in the number of attacks, and their sophistication.

Below is a list of some of the steps your organization can take to prevent a ransomware attack, and how being a MoseSys customer helps to mitigate this threat.

  1.  System security – An effective, up to date security software is essential in preventing cyberattacks of all kinds.  Our service includes industry-leading antivirus and malware prevention software on each computer, constantly monitoring for virus and malware signatures and activities.    Our security tools are cloud based, providing instant updates and signatures for known attacks.
  2. User Security – We also recommend restricting access to administrative privileges for your users.  The Principle of Least Privilege is a rule in IT security that dictates the limiting of employee user rights to the minimal level that will allow them to perform their job, no more.  This principle goes a long way in minimizing the potential damage of any security breach, both accidental and malicious.
  3. Consistent patching – The fix for the WannaCry exploit has already been released by Microsoft, listed below:

KB4019216 — Windows 8 and Windows Server 2012

KB4019264 — Windows 7 and Windows 2008 R2

KB4019215 — Windows 8.1 and Windows 2012 R2

KB4012598 — Windows XP, Windows Server 2003, Windows 8, Windows XP Embedded

Vulnerable systems are the ones that don’t update regularly, or are running an out-of-date version of Windows.  As a MoseSys customer, your systems are always up-to-date with the latest critical security updates from Microsoft and other vendors.  Our Patch Doctor software monitors the patch status of your machines, and attempts to redeploy any failed attempt, alerting us along the way.

4. Email – As mentioned earlier, the majority of these attacks infect the system   through email attachments and links.  As a MoseSys exchange email customer, your emails and attachments are filtered through multi-stage, server-level virus detection tools, before they even get to your inbox.   This includes 60 types of filtering techniques that rid incoming email of worms, viruses, phishing attempts and other protocol-based vulnerabilities.

5. Backup –  A solid backup strategy is critical.  Ransomware is so effective because most victims do not have another copy of the encrypted data, or in some cases the backup data also becomes encrypted.   MoseSys backup solutions include cloud and local backup solutions for redundancy.

6. User Training – It is essential that your employees practice good digital hygiene, especially when using company computers and accounts. This includes being cautious about suspicious emails, links and attachments.  If you are not sure if an email is legitimate, try to contact the sender or company directly to confirm. Avoid unknown and suspect websites and weblinks while using company equipment.  Remember that sometimes legitimate sites contain ads or links that can take you to third parties who are not as well known or proven.

Please contact your MoseSys support team with any questions.

For additional information please review the US Federal Computer Emergency Readiness Team (US-CERT) recommendations for users:


3 New Features for Windows 10

1. The Start Menu

For you Windows 7 users, rest easy, because this is here to stay. For the Windows 8 users, the start menu is back with its full functionality – and then some. The aesthetics of the new start menu combine the basics of the start menu from Windows 7 with the sleek\ tiles that were a part of Windows 8. The customization of this helps you to access what you need much faster and boosts productivity. Open the Start Menu, click on Settings, Personalization, and then Start. Make the Start Menu work for you. Microsoft created a helpful onboarding resource
for this feature as well.

2. Microsoft Edge

Although this is the new web browser, do not worry – Internet Explorer 11 will be available by default in your upgrade. It is worth noting that many business applications remain untested with Microsoft Edge. If you find that Microsoft Edge is popping up as your default browser, this article will help you with that. Remember that super awesome Start Menu we spoke about above? Click in the search bar right next to it, and type “Default Programs.” Open that up, find Internet Explorer on the left, and click on it. There will now be an option to click that states “Set this program as default.”

3. Search Enhancements

Find anything on your PC. No, really. On the bottom left, to the right of the Start Menu, type a term in that search box. If it doesn’t automatically populate, click on the “My Stuff” icon on the bottom of that pop-up window. Your machine will be scanned for files, applications, pictures – just about anything – containing any or all of that search term within that file name. Don’t catch yourself drilling down through menus trying to find something. Don’t waste your time digging and trying to find that one file you thought you’d never need again. Use this search function
to help save time.

Internet of Things (IoT)

What is the Internet of Things?

Since the invention of smart phones and tablet PCs, technology has been growing at lightning speed. We now have the ability for internet connectivity on so many devices throughout our homes and businesses. Simply put, IoT is the concept of connecting any device with an on/off switch to the internet and to one another. Smart devices are now being used in a multitude of industries from Energy and roadway safety to your home and healthcare.

According to an article by;

A thing, in the Internet of Things, can be a person with a heart monitor implant, a farm animal with a biochip transponder, an automobile that has built-in sensors to alert the driver when tire pressure is low — or any other natural or man-made object that can be assigned an IP address and provided with the ability to transfer data over a network.

Since the invention of technology we’ve seen this coming. An age where everyone and everything is connected.

“In the next century, planet earth will don an electronic skin. I will use the internet as a scaffold to support and transmit its sensations.” – Neil Gross 1999

Here we are only seventeen years later and we now have the ability to do almost everything from the palm of our hand. The reality is that IoT allows for endless opportunities and connections to take place, many of which we cannot even begin to comprehend today. More than 90% of homes in the United States of America have three or more devices which are connected to the internet. The average American household consist of two adults, two children, and a pet. The following table shows an example of the devices which may be within that home.

Device Number Within Home
Smart TVs 1-3
Tablet 2-4
Game Consoles 1-2
Ipod/Mp3 Players 2-4
FitBits 1-2
Pet Microchip 1

These items add up to between eight and fifteen items which are connected to the internet on a regular basis. This doesn’t include any other smart devices you may have hooked up such as; lights, door locks, electrical outlets, thermostats, smart sprinkler controllers, IP cameras, or the hands free speakers you control with your voice.

Issues with the Internet of Things

Security and Privacy are the biggest issues we face with IoT. For example, your new lamp simple as plug it in and it asks to connect to your home Wi-Fi network. Developers of these devices and applications, in many instances, have no experience in security. Their expertise is in creating devices or appliances for the home. Or maybe they are a startup company trying to develop their product as fast and efficient as possible, to keep costs low. Most of these devices have little or no built-in security and therefore place you and your data at risk. Without the proper software updates and security precautions, these devices can be hacked and have malware installed which can then propagate throughout your network. This not only leaves your devices at risk but it also gives would-be criminals access to your personal information.

Some of these devices actually ask for permission to access information which they really do not need. For instance, there was a flashlight application for smart phones here a few months ago which was requesting access to multiple services on the phone including;

  • Phone Calls
  • Network Communication
  • GPS Location

The question becomes, why does an application that is supposed to only be turning a light on and off require access to things such as GPS location or have network connectivity?

Top 5 ways to secure your devices:

With all these devices, what are the best ways to protect your family and data from theft and corruption? We’ll look at the top five ways to secure your devices and protect your data.

  1. Connect Only What Has to be Connected:

    This is the simplest way to protect yourself and data when it comes to IoT devices. If a device does not need to be online to work then don’t connect it to your Wi-Fi network.

  2. Have A Separate Wi-Fi Network:

    If require an internet connection to work, consider creating a separate Wi-Fi network just for your IoT devices. Most wireless access points (AP) come with the capability of turning on additional networks, such as a guest network. Even the wireless AP you get from internet service provider will generally come with this capability ad is sometimes already configured. Another option would be to purchase a separate AP This ensures any device connected to this network will have no access to your main network therefore your other devices are safe from infection and your data as well.

  3. Strong Passwords:

    Strong passwords are one of the best ways to protect your network. If your IoT device has the ability, change the password to a unique passphrase only you know. An example of a strong password would be something like the following:


    This meets the follow requirements:

  • Contains a capital letter
  • Contains a lowercase letter
  • Is apha-numeric
  • Contains a special character ie. (!@#$%^&*-_=+)

If you can’t remember all the different passwords, then don’t worry, neither can we. You may consider using a password manager which will securely store them all for you.

4. Update When Possible:

Just as your PC, all these devices need to be kept up to date on their latest security and firmware updates. Most devices have the option to do this automatically. If so, enable it. There is no reason to leave a whole in your security because of an update.

5. Privacy Options:

Your IoT device may have privacy settings which can be enabled to limit the amount of information it shares. If possible, disable any information sharing capabilities. This will ensure your information is not shared outside of your personal network.

In summary:

There is no one size fits all rule when it comes to IoT devices. You have to implement the measures which are right for you, your home or organization, and the devices which you are using. It is worth the time to do a little research on your devices and find out the best way to secure them. In the end, it is about privacy. If you wouldn’t share it with the world why give them access?