Harmonium, LLC

09/13/2023

Harmonium is not accepting any new customers at this time.

06/23/2020

Yet another example of why it's a bad idea to expose Windows Remote Desktop to the internet. Meanwhile, this is also one of our routine findings during security audits, especially in rural areas such as Tillamook.

Do you need a second opinion on the security of your businesses computer network? Give us a call. We have schedule openings beginning September 14th.

https://thedfirreport.com/2020/06/21/snatch-ransomware/

Another RDP brute force ransomware strikes again, this time, Sn**ch Team! Sn**ch Team was able to go from brute forcing a Domain Administrator (DA) account via RDP, to running a Meterpreter reverse…

05/22/2020

The NSA guidelines for Telework Services. Although the is largely US government focused, it also contains helpful guidelines.

Signal, and somewhat surprisingly, Wickr, both earned high marks in the service criteria selection matrix.

Of course, these services may not meet all your enterprise's needs. Please contact us if you need help establishing or configuring telework services for your team(s).

Please review for more info:
https://media.defense.gov/2020/Apr/24/2002288652/-1/-1/0/CSI-SELECTING-AND-USING-COLLABORATION-SERVICES-SECURELY-LONG-FINAL.PDF

04/15/2020

We hope that this update finds you and yours healthy, and coping well with the increased isolation.

First, we want to send a big THANK YOU out to everyone who has donated so far. However, our work is not yet done.

While we HOPE that social isolation will sufficiently contain the spread of the virus, that sufficient PPE will be delivered to protect our healthcare workers, and that the supply chain will deliver the ventilators needed for our local community hospital and others, the fact is, we've worked closely with the clinicians at Tillamook County Regional Medical Center, and our consistent goal has been to support their worst-case projections for Tillamook. Additionally, the models we've been using currently estimate an 87% chance that an undetected epidemic is already underway in Tillamook County.

Therefore, we need more donations, folks. We don't yet have a sufficient amount to complete even the initial revision of the prototype. We have a few parts at this point, but nothing complete, and no PPE, yet.

How you can help now:
Please circulate this campaign. It can't move forward without support from the community.

Secondly, in an effort to increase donor recognition, we will be launching a Kickstarter campaign beginning tomorrow, and will begin seeking more corporate donations. Please keep an eye out for this link, and let's get some local businesses on board to help fund this initiative.

Thank you again for your support!

gf.me/u/xt7cp9

In an effort to combat an anticipated upcoming ventilator shortage, we will cr… Jeremy Saldate needs your support for Emergency Ventilator Manufacturing Pilot

04/03/2020

This is the link to our crowdfunding campaign to build emergency ventilators in support of Tillamook Regional Medical Center. Please donate if you are reasonably able to do so.

https://www.gofundme.com/f/event-manufacturing

In an effort to combat an anticipated upcoming ventilator shortage, we will cr… Jeremy Saldate needs your support for Emergency Ventilator Manufacturing Pilot

04/03/2020

Harmonium is launching a philanthropic effort to manufacture emergency ventilators locally, for our small, rural, community. You can help family, friends, and neighbors now, by donating to our crowdfunding campaign.

https://www.linkedin.com/posts/saldate_harmonium-is-launching-a-philanthropic-effort-activity-6651638491950252033-gAXI

Sign in or join now to see posts like this one and more.

03/23/2020

Medical supply chain attacks are also underway. Beware.

https://content.govdelivery.com/attachments/USDHSCIKR/2020/03/23/file_attachments/1408121/LIR-CriminalsExploitingCOVID-19PPE_TLP-WHITE%2020200323e.pdf

03/23/2020

This was the earliest attack vector that we've seen exploited. Subsequent attacks have included DDOS, and ransomware campaigns.


https://www.cbc.ca/news/politics/cse-disinformation-spoofing-1.5504619

As the fight continues to slow the spread of COVID-19, Canada's foreign signals intelligence agency is waging war agains another type of virus: disinformation.

03/23/2020

In one of the most disturbing and vile, yet unfortunately predictable, developments to date, health care facilities are actively being targeted by cybercriminals during the COVID-19 pandemic.

We're part of the group that's got your back. Healthcare facilities, please contact us if you need help.

https://www.forbes.com/sites/daveywinder/2020/03/23/meet-the-volunteer-covid-19-cyber-fighters-helping-healthcare-fight-the-hackers/

As hackers dial up their vile attacks against healthcare, these are the volunteer cyber-heroes out to thwart them.

03/23/2020

Effective immediately, Governor Kate Brown has ordered most businesses to close their doors, and for as many as possible to stay at home. See the order here:
https://govsite-assets.s3.amazonaws.com/jkAULYKcSh6DoDF8wBM0_EO%2020-12.pdf

Paragraphs 13 and 14 also stipulate that telework options are to be made available for all office workers, to the maximum extent possible.

Haven't yet setup telework support for your employees? Although it's late, we can still help you put this in place, especially if you're a health care practitioner, and with minimal face-to-face interaction (only one face-to-face visit should be required, and our staff will be wearing PPE).

What's more, if you place an order before March 27th, you can take advantage of a special offer available through our partner, Sophos- free hardware with any 3-year subscription.

Call us today, or setup an appointment online, to learn how:
503-207-6400 or
https://harmonium.as.me/?appointmentType=13658130

03/20/2020

In an effort to slow the spread of COVID-19, and especially in view of our focus on supporting medical practitioners, Harmonium is practicing social distancing at this time. We recommend others do the same, to collectively support health care facilities.

While our offices have closed to customer visits, we are still supporting customers at this time. Although the vast majority of our work can and is being done remotely, any face-to-face customer visits should expect us to arrive in PPE, primarily consisting of face masks & nitrile gloves at this time; both for the safety of our customers, and our staff.

We wish everyone to survive this, together yet apart, safely, and with as little economic impact as possible. Here's to your good health!

01/27/2020

A PSA: Actions the public & small business community can take in the event of a data breach:

First, identify what information might have been stolen. Typically this information is listed in a breach notification.

Be patient with any entities that have either confirmed a breach, or you suspect may have been breached. Recognize that they usually will not have immediate answers available, and legally, they may have up to 60 days to publicly post or personally contact you with breach notifications, depending upon the specific scenario.

Make sure software and firmware (system) security updates are installed regularly on every machine on your network- including computers, printers, tablets, smartphones, and any other connected devices (e.g. networked cameras, smart speakers, smart TV boxes, etc.).

If you are a home user or small business, regularly backup all systems to a set of removable disks. Test your backups periodically (at least annually) to confirm they can restore information when you need it.

Use unique, lengthy, complex passwords/passphrases on every website or user account. Do not share passwords between websites. Use a password as long as the account will allow.

Use a password manager, such as 1Password or Dashlane, to store your passwords.

Use two-factor authentication everywhere it is available. However, not all forms of two-factor authentication are created equal. Give preference to the following order of two-factor authentication:
1. Hardware tokens (e.g. Yubikey, key fob issued to you by your banking institution)
2. App-based approval or random code generation
3. Codes sent via Email
4. Codes sent via text message
5. No two-factor authentication

Upgrade your antivirus to include a more modern advanced threat protection system, such as Cylance Home or Cylance Protect (Business version - contact Harmonium for a license).

Install ad blockers on all web browsers.

If you believe an incident of fraud or identity theft has occurred:
- place a freeze on your credit file with each of the three major credit agencies,
- work with credit grantors to close fraudulent accounts, and,
- report the incident to local law enforcement or the FBI at: www.ic3.gov.

Experian can be reached at: 1 (888) 397-3742 or http://www.experian.com/consumer-information/cis-contact-business.html

Equifax can be reached at: 1 (800) 727-8495 or https://www.equifax.com/personal/contact-us/

TransUnion can be reached at: 1 (800) 813-5604 or https://www.transunion.com/customer-support/contact-us-consumers

You can also notify the Federal Trade Commission by following the steps outlined at https://www.identitytheft.gov/ or call 1 (877)-ID-THEFT (438-4338).

If you would like additional resources relating to protecting yourself from identity theft, you can visit Oregon’s Consumer Protection website located at https://www.doj.state.or.us/consumer-protection/id-theft-data-breaches/identity-theft/.

The IC3 accepts online Internet crime complaints from either the actual victim or from a third party to the complainant. We can best process your complaint if we receive accurate and complete information from you. Therefore, we request you provide the following information when filing a complaint: