Directive Blogs

Tuesday, October 14, 2025. That’s the day that Windows 10 will no longer be supported by Microsoft, which means you need to ensure your business has updated its devices to Windows 11 before then. This is a critical process, as failing to do so will expose your business to severe cyberthreats and regulatory shortcomings.

In addition to these issues, Microsoft has announced that support for Microsoft 365 will also end for Windows 10. For many businesses, likely including yours, this should only serve as more motivation to prioritize this migration to the more recent OS.

We’re still getting more information on this, but at the time of writing this, every American can assume that their social security number has been stolen. Let’s share what we know so far.

The world’s largest ticket retailer is in hot water after their parent company, Live Nation Entertainment filed an 8-K filing with the Security and Exchange commission admitting that they had been hacked to the tune of 1.3 terabytes of information. That amounts to 560 million customers’ personal information that has been stolen from the company’s servers. Today, we take a look at the hack and what it means for consumers.

It was a busy weekend for hackers and several local organizations as two hospitals and a New York state casino were hit with cyberattacks. This caused quite a bit of chaos for everyone involved, including patients, hospital staff, and a nursing home that all had to struggle through the attack.

Even the solutions designed to keep businesses and organizations safe are vulnerable to the threat of a cyberattack, as when it all boils down, these tools are still software solutions, no matter how secure they might be. The company in question today—Barracuda—is a huge name in the cybersecurity industry, and it has become the victim of a zero-day exploit. Let’s go over how you can prevent your business from experiencing the same thing.

Google’s Project Zero team has discovered 18 zero-day vulnerabilities impacting the Samsung Exynos modems—four of which enable remote code execution. Let’s talk about what this issue does, and what needs to be done to minimize risk.

Google's Project Zero, a team of security analysts employed by Google who are tasked with finding zero-day vulnerabilities, has found critical security flaws in Samsung modems (used in smartphones and other communication devices). This flaw could enable hackers to remotely gain access to vulnerable devices without any intervention from you, the user.

Central NY residents who use Sidney Federal Credit Union have been seeing a rash of phishing scams that could put their information and their money at risk. Here’s what we know so far, and how to protect yourself from this targeted scam.

You’ve probably already heard about Log4j this week. Maybe you don’t recognize the name, but it’s likely that you have run across emails or news articles talking about this widespread vulnerability. You need to take it very seriously.

If you use almost any Apple products, you’ll want to check for and apply an update that will prevent your devices from being spied on. Apple has just issued an emergency software update for a critical vulnerability that was recently discovered.

The new updates were pushed out on Monday, September 13th, 2021, and include a major security fix for the Apple iPhone, Apple iPad, Apple Watch, and Apple Mac computers and laptops.

The recent discovery of four flaws in Microsoft’s Exchange Server software came too late to prevent a rash of stolen emails, but that doesn’t mean you need to remain vulnerable to this attack. Let’s go over the story so far, and how you can help protect your business.

True to form, 2020 has given us a final parting gift: the news that the United States was targeted this year by the biggest cyberespionage attack ever. Let’s go into the ramifications of this attack, and what it should teach us going forward.

We realize that it’s one thing for us to tell you how important it is to update your software. After all, we’re tech guys, so we worry about that kind of thing all the time. Hopefully, it’s quite another matter when Homeland Security does it, which is why we’re really hoping that you take heed of this warning and update Google Chrome.

The Cybersecurity and Infrastructure Security Agency (CISA) has released an emergency directive concerning a critical exploit known as Zerologon, that affects servers running Windows Server operating systems that needs to get patched as soon as possible.

Data and cybersecurity is hard enough without vulnerabilities coming from one of your most utilized applications. That’s the scenario after a bug was found in some of today’s most popular Internet browsers putting billions of people’s data security at risk. Let’s take a brief look at the vulnerability and how you can ensure that it won’t be a problem for you or your company.

As if Oneonta residents didn’t have enough to worry about during the coronavirus crisis, there’s a new email cyberattack to keep on the lookout for. While it follows the similar pattern of using social engineering to trick its targets into providing funds, this time the attackers have reached a new low. Read on to learn how you can protect yourself.

Companies around the world have or are finding the need to send their workers home to prevent the spread of the novel coronavirus. For many business owners, managing your staff remotely is a brand new paradigm. Here’s what you need to know.

New York State recently joined a number of other states in prohibiting businesses from enacting a cash-free policy. A cash-free policy means a business can refuse to accept cash or even charge a ‘service’ fee for taking cash. There was significant pushback against businesses having no cash policies and the measure failed. However, as the world focuses on hygiene, specifically hand-washing or avoiding shaking hands, reducing the exchange of cash could be seen as a good thing. Perhaps it’s time to reconsider the benefits of a cash-free environment.

COVID-19, or coronavirus, has been a major global health concern over the past couple of months. At this point, it is clear that this disease could have serious impacts on the workplace. We wanted to provide a brief rundown of good workplace and network health practices, as well as a few pointers on how you can handle health-based employee absences.

You would think that Upstate New York would be the last place cybercriminals would pay attention to, but as recent events show us, no place is safe from fraud. In May of this year, our area was under attack from a SMiShing scam, then in June there was a rash of phone scams. Now, our area is facing a skimming attack. Read on to learn more about it and how to protect yourself.

Windows is a great operating system, but unless you’re keeping track of which version you have, you’ll be in for a rude awakening when it comes time to upgrade. In just six short months, there will be two Windows End of Life events for major technology solutions: Windows 7 and Windows Server 2008 R2. You need to start thinking about upgrading now before it’s too late to do so.

Mobile devices associated with the 607 area code are being targeted by text message-based phishing attempts, also known as SMiShing. It is important that you are able to identify these messages so that you aren’t added to the list of those fooled by them. The same also goes for your employees.

If you own an Asus laptop, there is a chance that a recent update could have installed malware, and we are urging anyone who has an Asus device reach out to us to have it looked at.

Printers, along with every other piece of equipment that is on your network, require careful configuration and regular upkeep to ensure that they aren’t putting your data and users at risk. Security researchers recently discovered two massive vulnerabilities in HP Officejet All-in-One printers that make it incredibly easy for hackers to spread malware and gain access to a company’s network.

As headlines shout about Hurricane Florence approaching the East Coast later this week, with Helene and Isaac also stirring in the Atlantic Ocean, it seems as good a time as any to discuss preparing your business for hurricane season; and, really any adverse weather effects that could negatively influence your business. Preparing your business for events like these is key to its survival, making it crucial that you know what your responsibilities are when awaiting a potentially devastating event such as a hurricane.

If you thought that small town Oneonta wasn’t at risk of cybersecurity attacks and scams that you see in the headlines, you might want to think again. Most of the time, smaller businesses (especially around upstate New York) feel that they’re not a viable target for cybercriminals. After all, these kinds of issues are just concerns for bigger companies in larger cities, they surely don’t happen here, in Oneonta... right?

Hackers and cybercriminals, like most people, tend to gravitate towards high-reward activities. In this case, that means that focus is turning to creating malware that attacks the router, potentially infecting the users that leverage it to connect wirelessly to the Internet. Researchers at Kaspersky Lab recently discovered an example of such a malware, so today, we will review this threat and how to best protect your network.

Social media has been an emerging technology in recent years, and has produced many threats. Hackers have learned that they can take advantage of these communication mediums to launch dangerous new attacks on unsuspecting users. With enough ingenuity on a hacker’s part, they can potentially steal the identity of a social media user. Here are some of the best ways that your organization can combat identity theft through social media.

Virtual private networks are vulnerable to an exploit that was recently brought to light. Cisco has announced that this exploit undermines its ASA, or Adaptive Security Appliance tool. If this issue isn’t patched immediately, you could find your organization vulnerable through remote code exploitation.

Email scams have become a sort of punchline, often featuring Nigerian princes or wealthy, unknown relatives in need of funds to get home. However, another email scam is anything but amusing, as it uses a unique possession of the target to entice them to comply: their life.

In a statement given by Tom Bossert, the homeland security adviser to the White House, blame for the WannaCry attacks leveraged from May 12th to the 15th in 2017 was attributed to the Democratic People’s Republic of Korea. This assertion is in line with the conclusions that New Zealand, Australia, Canada, and Japan have come to, according to Bossert.

The Internet is rife with potential threats. Some are situational, but most are deliberate actions made by malicious entities who are trying to obtain any semblance of value from you or your company. Some of these exploits have been around longer than you’d imagine possible. This has been made evident by huge Internet-based companies such as PayPal and Facebook testing positive for a 19-year-old vulnerability that once allowed hackers to decrypt encrypted data.

December 14th is the last day that our government representatives can vote whether or not to continue the Internet’s protection under the net neutrality rules established in 2015. Without these rules in place, your data can be analyzed by your Internet service provider, and they are free to act on that knowledge and manipulate your Internet in support of their own interests.

There has been a lot of buzz about the term net neutrality in the news, on social media, and around the water cooler lately. The FCC is preparing to end net neutrality on December 14th, 2017, and it’s causing a major stir. From activist groups encouraging people to call congress with their concerns, to headlines exclaiming that the Internet as we know it is dying, there is a lot to sift through to really understand what the stakes are. Our goal is to make sense of net neutrality without the sensationalism, and explain how it can affect small business owners.

Hackers always love the holiday season. Lots of people are spending lots of money (both online and in-store) for the perfect gifts for their loved ones. When there are so many people making purchases all over the world, there are countless opportunities to steal information. Data such as credit card numbers and personally identifiable information can be taken and used to make people’s lives pretty miserable, during what is supposed to be the most wonderful time of the year.

A major vulnerability has been discovered that affects everyone that uses Wi-Fi. Key Reinstallation Attack, or KRACK, affects the core encryption protocol that most Wi-Fi users depend upon to shield their browsing from others, Wi-Fi Protected Access 2 (WPA2).

Students generally love it when classes are cancelled for whatever reason, but thanks to a cybercriminal group called TheDarkOverlord Solutions, a school in Flathead Valley, Montana was disrupted for an extended period of time. This downtime resulted in a disruption of operations for over 30 schools, as well as the threat to the personal information of countless teachers, students, and administrators due to a ransomware attack.

A recent surge of hurricanes, wildfires, earthquakes, and floods have crippled major cities and devastated entire regions all over the world. In the aftermath of these events, business owners are faced with a few glaring truths - one of which is the undeniable vulnerability of their business’ future in the event of a disaster. Most of the major news outlets are reporting this figure: according to the Federal Emergency Management Agency (FEMA), 40% of small businesses never recover from a disaster. Despite all the literature and precautionary tales surrounding these catastrophic events, there are still an overwhelming amount of businesses that choose not to prepare for a disaster until it's too late.

In case you haven’t heard, the credit bureau, Equifax, has suffered a data breach that may have exposed the records of 143 million Americans.

Ransomware is a tricky piece of malware that locks down the precious files located on a victim’s computer, then (in theory) will return access to them when a ransom has been paid. Depending on the files stored on a victim’s computer, they might simply blow it off and not worry too much about losing access to a couple of pictures or videos--but what if this ransomware threatened to expose your web browsing history?

Using the most up-to-date versions of your technology’s operating systems is one of the best ways to stay secure. Yet, some organizations forego the jump to more recent operating systems due to the immense up-front expense represented by upgrading multiple servers or workstations at once. Unfortunately, this can be detrimental to your organization’s security, and potentially even put your business’s future at risk.

A new malware swept across the globe Tuesday, incorporating facets of many ransomwares that have made headlines recently. While it originally appeared to be a variant of the Petya ransomware, it has been determined that it shares more in common with WannaCry. However, “NotPetya,” as it has been named, has a few additional features that experts say make it worse than either of its predecessors.

On June 12th, the U.S. Department of Homeland Security issued a warning to power grid operators and electric utilities concerning a newly surfaced malware called CrashOverride (aka Industroyer). Only, it’s not entirely new. The world has seen this before and the fallout from it is concerning.

Just over a third (36 percent) of businesses don’t back up business data at all, and apparently this number isn’t keeping some IT providers up at night (not the case for us). Your businesses’ data is precious, irreplaceable, and extremely expensive to lose. Let’s talk about how delicate and dangerous it is to not have it backed up.

Run your Windows Updates and be very skeptical about opening unsolicited emails. Failure to do so may result in a very dangerous strain of ransomware that could infect your entire network and spread to your clients, partners, and prospects.

On Wednesday, several users found themselves the victim of a convincing phishing attack. The attack was designed to look like an invitation to view and edit a Google Doc, and is designed to steal your Google credentials and spread through your contacts.

ATMs are, surprisingly enough, not the most secure pieces of technology out there, though there are efforts to improve security by taking advantage of mobile devices. Granted, this won’t be enough to protect against the considerable vulnerabilities in ATMs. In order to maximize security and minimize the amount of damage done by vulnerabilities, the user needs to understand how to protect themselves while using ATMs.

Sometimes Mother Nature simply isn’t on your side, or you’re unfortunate enough to experience a troublesome disaster that threatens to knock your business off its feet. While various parts of the world are known for experiencing deadly natural disasters, other regions might not be as prone to them, giving business owners the wrong idea. It’s not a question of whether you’ll be hit with a crippling disaster, but when.

One of the major password managers out there, LastPass, has become the victim of a major vulnerability. Google researchers from the Zero Day Project discovered this, along with other flaws within LastPass.

It’s National Clean Out Your Computer Day! To kick off this important day, we’d like to remind business owners that this is a valuable opportunity to make sure that you’re taking good care of one of your greatest assets: your company’s technology. Let’s go over some of the best ways that you can optimize the performance of your office computers.

Guess what? Today is National Clean Out Your Computer Day, and we know the perfect way to celebrate! Go grab yourself a can of compressed air and your trusted IT technician, because it would be a shame if you were to miss out on this annual opportunity to improve your computer’s performance.

The branch of malware known as Ghost Push now has a new component, Gooligan, and it certainly lives up to its name. Google was struck by an attack that infected over one million Android users, with over 13,000 additional devices adding to that total on a daily basis.

If we told you that automated teller machines, or ATMs, were susceptible to hacking attacks, would you believe us? You should; there are a plethora of ways for hackers to infiltrate and steal money from ATMs, with the latest being so dangerous that even the Secret Service has issued warnings about it.

If you have the most recent addition to Samsung’s growing collection of smartphones, we hope you haven’t grown too attached to it. The company is recalling the Galaxy Note 7 on reports that the batteries explode. This event is largely considered one of the more high-profile recalls in the history of consumer technology.

Hackers continue to innovate and cause trouble for businesses of all industries and sizes. One of the more interesting recent tactics includes utilizing a malicious Twitter account to command a botnet of Android devices to do its bidding. Twitoor is considered to be the first real threat to actively use a social network in this manner, making this a major cause for concern.

Every security professional’s worst nightmare consists of the National Security Agency (NSA) being hacked. While there’s no proof that the NSA itself has been hacked, there is some evidence to suggest that some of the exploits used by the agency are up for grabs on the black market. What this means is that a lucky group of hackers could potentially get their hands on some very dangerous tools.

The Internal Revenue Service is one organization that you don’t want to mess with. Thanks to their antics filing fraudulent tax returns through the often-exploited Get Transcript site managed by the IRS, Anthony and Sonia Alika have to do some time in the slammer; and that’s not even mentioning what they have to pay the IRS in restitution.

Ransomware, the malware variant that has appeared more and more frequently has struck again, this time targeting users of Microsoft Outlook in a zero-day attack. A malware variant of Cerber (a ransomware) was recently utilized in a large scale attack on users of the messaging program, sent via phishing emails to corporate users.

The ransomware machine keeps moving forward, despite significant opposition. In particular, the ransomware tag-team duo of Petya and Mischa have steamrolled most attempts to block them from accessing critical systems, always finding ways to outsmart security professionals. Now, these ransomwares have adopted a Ransomware as a Service model, which has made significant changes to the way that this ransomware is distributed.

In the latest round of security patches released by Microsoft, 27 vulnerabilities were fixed. Affected software includes major titles like Windows, Microsoft Office, Internet Explorer, and the new Edge browser. It’s imperative that you apply these security patches as soon as you can, or else your system will be exposed to some serious threats.

27 vulnerabilities: The amount of vulnerabilities that were resolved with the round of security patches in Microsoft’s latest Patch Tuesday. Windows, Microsoft Office, Internet Explorer, the Edge browser, and more, were all affected. It’s important to patch these vulnerabilities as soon as possible, especially if you haven’t done so already.

The Petya ransomware, a particularly vicious monster of a threat, has reared its ugly head once again, only this time, it’s not alone. Petya now comes bundled together with Mischa, yet another ransomware that works well alongside Petya. The ransomware is delivered via an inconspicuous email disguised as a job application, with a resume attached. Once the user downloads the file, Petya encrypts the files located on the device.

While security experts tend to focus the brunt of their discussions on desktop OS vulnerabilities, there are plenty of mobile malware threats that fly under the radar. One such malware is called Hummer; a trojan that installs unwanted apps and malware on a device, and can be found on over a million phones worldwide.

Users of Acer’s online store between May 12th, 2015, and April 28th, 2016, may be in for a rude awakening. Acer may be attempting to contact you to relay that your credit card’s credentials have been lifted by hackers. The breach in question resulted in 34,500 customers having their credentials stolen, including the user’s name, address, credit card number, expiration date, and security code.

A vulnerability has been uncovered in all Windows systems - one that’s described as “probably the widest impact in the history of Windows.” Coined BadTunnel, the vulnerability could provide attackers a route directly past the defenses of a system to set up a man-in-the-middle style attack.

No security solution is perfect. Each one has its own set of pros and cons. For example, relying completely on an automated solution is thorough, but it will flag plenty of threats that aren’t really threats (aka, false positives). Meanwhile, a human overseeing security is great for spotting worrisome trends, but a human can’t possibly catch every single attack. With this dynamic in mind, a team of researchers from MIT has successfully blended the two.

One of the latest vulnerabilities in open-source software can be found in 7zip, a file archiver and decompresser. 7zip has been found to have several security vulnerabilities which have software developers rushing to fix their products. The damage done extends far beyond 7zip, reaching both people who use 7zip itself, and developers who have used the technology in the creation of their own tools and software.

In light of a recent zero-day vulnerability discovered with Adobe Flash, along with the wide adoption of the alternative rich media player HTML5, Google has put into motion plans to stop supporting Flash for its popular web browser, Google Chrome. By all accounts, this move may be the final nail in the coffin for the Internet stalwart, which means that your business should cease using it.

All business owners should be aware of which Microsoft products they use. It’s one of the many complex and confusing parts of managing your technology. Of course, all great things must eventually come to an end, and the same applies to your mission-critical applications and operating systems. When your solutions can no longer be considered secure and are no longer supported by the developer, you know it’s time to move on and upgrade to something better.

You don’t need us to tell you that Microsoft has an extensive library of software products aimed at all kinds of businesses. But, of course, nothing good can last forever, and old solutions eventually give way to more versatile or efficient versions. When this happens, Microsoft stops supporting older software in order to provide better features and experiences to users of more recent versions.

Which database management system is running on your company’s server units? For end users, it’s not something that they put a whole lot of thought into. However, if you completely overlook your Microsoft SQL Server, you may end up running an expired version that puts your data at risk. Case in point, SQL Server 2005, which Microsoft recently ended support for.

You’ve heard about a ton of high-profile hacks over the past few years, and it’s important to note that these numbers will only continue to climb. A recent incident involving Time Warner Cable, a large ISP in the United States, shows the world that even huge companies that specialize in providing Internet for users can suffer the embarrassment of a data breach.

Virtually every tech user wishes their mobile device battery would last longer, yet not every user understands that they can achieve this simply by adjusting their device settings. Here are seven simple adjustments you can make to your Android device in order to get its battery power to last longer.

One minute you’re browsing trusted sites on the Internet, the next, your PC freezes up and displays the dreaded blue screen of death, along with a fake tech support message. This strain of malware is duping plenty of computer users into calling the provided phone number, which only makes the situation worse.

Whenever you receive an email, there’s the possibility that it’s a spam message sent to infect you with viruses or malware, or to just waste your time. This chance isn’t just negligible; in fact, it’s enough to warrant concern for anyone utilizing email as a communication medium, including business owners. Thankfully, users of Gmail will soon be having a much easier time knowing the origin of their messages, and whether or not they were sent over a secure connection.

There’s an intrusive malware on the Internet that locks a user out of their PC and directs them to a fake IT support phone number. In addition to being inconvenient, it can lead to the theft of sensitive information. If this happens to you, whatever you do, don’t call the fake phone number.

With many organizations heavily relying on mobile computing, malicious operators have begun targeting the “low-lying fruit” of a business’ IT infrastructure, which is often a company’s mobile devices. Kemoge, a malicious adware strain designed to corrupt Android mobile operating systems, is the latest mobile threat that your business needs to protect itself against.

It’s been two years since the world was introduced to CryptoLocker, a particularly-nasty ransomware that encrypts a computer’s data while giving the user a deadline to pay a ransom for the encryption key, or else have their data destroyed. What we’re seeing now is that the reach of CryptoLocker is extending beyond the average PC user; even gamers are getting owned by Cryptolocker.

For many Windows users, the fact that Microsoft is issuing Windows 10 incrementally came as a shock for those who patiently waited for its release date. While users wait, however, hackers are taking advantage of those who are less patient by creating a ransomware that disguises itself as a launcher for a Windows 10 download. So, while you sit and wait for your version of the latest OS, don’t fall prey to deals that seem too good to be true.

Microsoft’s latest PC operating system arrived with fanfare yesterday, and has received overwhelmingly positive reviews so far, but is it ready for your business? Let’s take it for a spin and find out.

One would assume that software preinstalled on a new PC is secure and has been properly vetted by the manufacturer. This is the case 99 percent of the time, but an exception has recently been discovered with the Superfish app, which came installed on new Lenovo computers sold between September and December of 2014. How can you protect your PC from this fishy security threat?

Last year, Microsoft pulled the plug on Windows XP’s support. Now, one year later, Windows Server 2003 is scheduled to meet its demise. If your servers are still running Windows Server 2003 as their operating system, it’s important to upgrade before the end of support date of July 14th. Otherwise, you could be running a server operating system without necessary patches and security updates.

The latest threats can put a damper on your business plan and put your company at risk. Therefore, it's only natural to protect yourself from them. This new threat in particular, Cryptowall 2.0, has the potential to do plenty of heavy-duty damage to your business's network, if given the opportunity.

A new malicious threat in the technical marketplace has just been discovered. The bug, dubbed the Bash bug, or "shellshock," is on the loose for users of Unix-based operating systems, like Linux or Mac OS X. It allows the execution of arbitrary code on affected systems, and could potentially be very dangerous for your business. In fact, CNet is calling it "bigger than Heartbleed."

If you haven't done it already, then on the very top of your 2014 to-do list should be upgrading from Windows XP. Microsoft has scheduled to end support for its popular decade-old OS on April 8, 2014, which is only a few short months away. Here are five tips that will help you with upgrading from Windows XP.

On December 3, 2013, security company Trustwave discovered over two million stolen user passwords for popular online services like Facebook, LinkedIn, Google, Twitter, Yahoo, and 93,000 other websites. There's a high probability that you use one of the services affected by the hack. Is your personal information compromised?

In September, a new ransomware came on the scene and it's been wreaking havoc on computers the world over ever since. Given the name CryptoLocker, it's capable of taking over your system, encrypting your files, and literally holding your data ransom in order to extort money from you. If you don't pay, then your files are deleted. What's an honest business to do against such a threat?

Since the late 1990s, digital information, music, movies, software, and content has been at risk of being illegally shared worldwide for free. Peer-to-peer file sharing has forced entire industries to shift the way they do business as they try to counteract the illegal practice. The new Copyright Alert System will attempt to quell illegal file sharing.