Thursday, October 29, 2015

Scomage introduces our newest service...

Digital Signage System

Using the power of the internet, turn any HDMI-compatible TV or device into a dynamic information and advertising platform.  Simply plug in the small ScreenScape Connect device, attach to your local WiFi network and the TV will immediately begin to display the content that you create and maintain online.  Manage one screen or an entire network of devices from your PC, Mac, laptop or tablet.

Plug & Play Digital Signage

If you’ve tried digital signage before, you know it can be difficult and expensive. But it doesn’t have to be.  ScreenScape offers a smarter way to turn any TV into a dynamic digital sign.
It starts with the ScreenScape Connect device.  This tiny media player is backed by Dell and features a true plug and play design – no brackets to mount, no screws to turn.  It draws power from most TVs and connects wirelessly to your network.
There is no operating system to configure and no software to download.  Plug it in, get it online and control it remotely from your ScreenScape internet account.

Influence Buying Decisions

Digital signage is a proven, effective way to engage customers and boost sales.  Savvy marketers use it to influence buying behavior where it matters most – in the storefront.
Local digital signage informs your customer’s buying decisions allowing you to serve them better with a wider range of options.

Manage Content, Deploy Anywhere

All of your content is stored on secure, cloud-based servers.  This allows you to manage one or even hundreds of screens from a single ScreenScape internet account.

Corporate managers can create and deploy consistent content to all screens while still allowing for local content that is managed at the local level.

Simple Content Creation

We’ve taken the difficulty out of digital signage so you can spend your time managing your business.  You get access to industry leading content management software and graphic design services from Cox Printers that makes publishing easy.

Boost Advertising Revenue

In addition, to your own in-house content and promotions, ScreenScape allows you to create a revenue-generating advertising stream. Get paid by your vendors, distributors or other local businesses to run their promotions on your screens.  With a free content-provider account, other business can create the content and you can manage the times and locations that the content is displayed. 

Great Product, Free Perks

Not only is ScreenScape the quickest and easiest digital signage system to install, but all of these services are included:
·        Free Device (with a 3-year contract)
·        Free Content Management
·        Unlimited Ads/Content
·        Free Training
·        Free Support

Find out if ScreenScape is right for you.  Call us today for a no obligation demo at:  844-726-6243

Tuesday, July 28, 2015

Be Mindful of Which E-mails You Open

Dyre -- a dangerous financial trojan -- has been infecting thousands of banking customers worldwide. The virus is hidden in an e-mail usually disguised as business documents, voicemail or fax messages. Recipients are invited to click on an attachment which directs the user to a malicious website and downloads the virus.

The attacks began one year ago and have been continuing to grow in numbers. Symantec Security Response posted a graph this past June showing the numbers of virus detentions over time.

The most dangerous aspect of this virus is its ability to steal credentials not only from the banking company, but from any site a victim visits. According to, "Dyre is capable of using several different types of man-in-the-browser (MITB) attacks against the victim’s web browser to steal credentials.

One attack redirects the victim to a fake website that looks similar to its genuine counterpart. This fake website will harvest the victim’s credentials before redirecting back to the genuine website. Another attack allows Dyre to alter the way legitimate websites are displayed in the browser window by adding malicious code to it to steal the victim’s login credentials. In some scenarios, Dyre may also display an additional fake page informing the victim that their computer has not been recognized and that additional credentials need to be provided to verify their identity, such as their date of birth, PIN code, and credit card details.

Scomage encourages all our clients and their families to be careful when it comes to e-mail. Stay educated and never open an attachment from an unfamiliar e-mail address.

Tuesday, July 21, 2015

Office Macros are Back

Microsoft Office macros are back as reliable way to spread viruses and malware. This works by inserting a malicious macro into an otherwise normal looking document. This could be a Word document, Excel spreadsheet or PowerPoint presentation.

Take a look at the email we received the other day.  I'm sure Bedoes is a fine Georgia restaurant, but they are not immune from hacking and viruses. Neither are any of your typical vendors, so just assume this came from someone you do business with on a regular basis.

The attached spreadsheet looks innocent enough and even pertains to the subject of the message. If you try to open it with a modern version of Excel (Office 2010 of later), you will receive a warning about the macro, but it does not prevent you from running it.  If you have certain versions of Office or clones (Open Office, Libre Office, etc), you may not get a warning at all and could be immediately infected.

If you receive an attachment of any type--even from someone you know-- be very, very cautious about opening it.  If unsure, it is always best to call the sender to confirm. 

Friday, June 19, 2015

Adobe Flash Prior to 18.0 May Lead to Ransomeware

Warning: a new exploit was just released for the recent Adobe Flash vulnerability.

 Adobe may have already patched a Flash Player vulnerability last week, but several users—especially those in the US, Canada, and the UK —are still currently exposed and are at risk of getting infected with CryptoWall 3.0. The Magnitude Exploit Kit included an exploit for the Flash vulnerability, allowing attackers to spread crypto-ransomware into their target systems.

The fix for the vulnerability was just released on June 9th.  The exploit appeared June 15th.

This particular vulnerability, identified as CVE-2015-3105, was fixed as part of Adobe’s regular June Update for Adobe Flash Player which upgraded the software to version However, many users are still running the previous version (, which means that a lot of users are still at risk.

As of this week, these are the top 5 countries most affected by this threat:
  1. United States
  2. Canada
  3. UK
  4. Germany
  5. France

Ongoing Exploit Problem

This is another example of how cybercriminals rapidly take advantage of recently-patched vulnerabilities through exploit kits. We saw a similar incident in March, where exploits for an Adobe Flash Player vulnerability were added to the Nuclear Exploit Kit just a week after the patch was released. We also noted earlier this month that Flash Player was being targeted more frequently by exploit kits, and that shows no sign of changing soon.

Widely-used exploit kits such as Magnitude are often well-maintained with new vulnerabilities. Our research on these tools reveals that Magnitude is one of the most used exploit kits by cybercriminals along with SweetOrange and Angler.

CryptoWall is also another notable threat in and of itself. We initially saw CryptoWall last year spreading through spam, and again later this year partnering with information stealing malware FAREIT.

For a more technical details, see the original Trend Micro blog:
         Magnitude Exploit Kit Uses Newly Patched Adobe Vulnerability - US Most At Risk

  Trend Micro Blog

Monday, May 4, 2015

Acumatica Presents

Many of today's businesses are more connected than ever before with new technologies such as cloud computing and the growing functionality of mobile devices driving a whole new level of expectations - from your customers, your business partners and your employees.

Whether its how you engage from a customer service perspective, how you enable your employee's productivity or even how you engage with the next generation of customers and employees, small and midsize businesses like yours can take advantage of these technologies to drive profitable growth and carve out a competitive edge in your market.

Acumatica and Scomage can show you how!

Join us at the Connected World - Connected Business event where you'll learn:

  • How you can utilize Cloud ERP to unlock your business potential and drive profitable growth.
  • How businesses like yours are doing this today.
  • How your business can accelerate past your competitors using cost effective cloud technology as an enabler.
  • How Acumatica's Cloud ERP enables you to take control of your business, play to your strengths and empower your people.
Connected World - Connected Business Agenda
Friday, May 15, 2015
9:30am - 10:000amWelcome and Hot Breakfast
10:00 – 11:30amAcumatica Overview and Live Demos
11:30 – 11:45amPower BI Demo
11:30 – 12:15amOpen Q&A with Acumatica Executives and Customers
12:15 – 1:00pmOpen Q&A with ISV Community
Business Casual
Questions about the Event or Product Pricing and Information?
For more information contact the Acumatica team
Acumatica Inc.
4030 Lake Washington Blvd NE Suite 100
Kirkland, WA 98033
Scomage Information Services
6 Kevin Road, Suite 301
Scotch Plains, NJ 070763

Thursday, April 30, 2015

Watch out for fake ACH, Dropbox and Microsoft Word documents

A recent outbreak spreading by email is targeting users of common office documents. The malware called BARTALEX uses a Microsoft Word document and social engineering lure that is widely recognized by enterprises—making infection all too possible. This attack highlights how macro malware in Microsoft Office files is fast becoming a big threat to businesses and organizations.

In this attack, some messages all related to Automated Clearing House (ACH) fraud. ACH is a network used for electronic fund transfers in the United States; as a result it is frequently used by businesses that need to transact with other companies on a regular basis.

Figure 1. Sample spammed email that leads to W2KM_BARTALEX.SMA

ACH fraud is a typical cybercriminal hook seen in spammed emails, but instead of attachments, these email messages contain a Dropbox link. The URL leads to a Dropbox page that contains a specific and pretty convincing Microsoft Office warning that instructs users to enable the macros.

Figure 2. A Dropbox page contains the malicious macro (click to enlarge)

Upon enabling the macro, the malicious document then triggers the download of the banking malware TSPY_DYRE.YUYCC. This malware targets banks and financial institutions in the United States, among which are JP Morgan, U.S. Bank, California Bank & Trust, Texas Capital Bank, etc. Based on feedback from the Smart Protection Network, the United States is the top country affected by BARTALEX, followed by Canada and Australia.

Additionally we noticed that this attack used an old Microsoft Office 2010 logo. Given that many enterprises do not immediately upgrade to the latest Office versions, it is possible that users within enterprise organizations may fall victim to this technique.

Figure 3. W2KM_BARTALEX infection count over the last three months

For a more technical details, see the original Trend Micro blog:   Trend Micro Blog
         Enterprises Hit by BARTALEX Macro Malware in Recent Spam Outbreak

Tuesday, April 28, 2015

Monday, April 27, 2015

Common Virus Definitions

Software that adds additional benefits or features to an existing program. For example, adding a particular search engine interface to your browser.
A type of malware that bombards the user with advertisements. This may include pop-up or in-browser ads.
Drive By (drive by exploit, drive by vulnerability)
An exploit or malware that can infect the users system without any interaction from the user. The user is not required to "click" anywhere, open anything, or respond to any dialogue box.
Any trick or combination of actions that can take advantage of a vulnerability to install some type of malware.
Any collection of programs and/or configuration changes that alters the operation of the users system in a negative way. Includes: viruses, worms, PUPs, and others.
Potentially Unwanted Program (PUP)
A type of malware that alters the operation of the user's system, but also provides a useful feature. Some users are willing to live with the negative aspects of the program in order to gain the benefits. Typically, PUPs are distributed as "free" games, shopping incentives (sales, coupons), or web browsing enhancements.
A type of malware encrypts or locks the user's system or data (files, pictures, other important info). Typically, the user is presented with an option to pay a ransom of about $500 to regain access.
A type of malware that alters the operation of the users system for evil.
Vulnerability (bug, flaw)
A previously undetected problem with your operating system or installed software that exposes a weakness that can be exploited by a malware author.
Zero Day (zero day exploit)
A vulnerability so new that a fix has not been discovered. The term is used most often to refer to specific malware that already exploits the new vulnerability and was named because the developers had "zero" days to find and fix the problem.