By -- 2020-04-6 in Blog

As massive amounts of people begin working from home during the COVID-19 crises, Zoom videoconference, along with many other video-conferencing applications, has been booming.

What people may not be aware of, however, is that  Zoom users might need to be concerned about the app’s privacy and security.  Some of the concerns with the application include that people in your meeting might be able to read your private messages if the host chooses to record a zoom meeting to the cloud.

Another concern regarding Zoom’s privacy policy is the app maker claims that your conference is end-to-end encrypted – which means, no one, even Zoom, has access to your chats or can read them.  This does not appear to be the case as research claims that Zoom has access to your audio and video meetings.

If you are unsure about which video conferencing app is right for you or are looking for secure ways to telework, we are here to help.   Contact us at (703)790-0400 or to discuss your concerns.

By -- 2020-03-30 in Blog


As you have seen in our previous postings, a cybercriminal will attempt to use any type of flaw which exists.  One of the more recent ones is the KrØØk vulnerability, also known as CVE-2019-15126.  This vulnerability can be found in a specific Cypress and Broadcom Wi-Fi chipset which can be found in millions of  smartphones, tablets, laptops, Wi-Fi- access points and routers.
While this isn’t good news, the one benefit is that the KrØØk flaw needs to be in close proximity with the Wireless connection in order to decrypt and steal sensitive data from your devices.  The only solution is to make sure that your wireless devices are running on the latest updates and have security patches. If you are not sure if you or your organization is capable of handling vulnerable security flaws, contact OptfinITy at (703)790-0400 or and we would be happy to help!

By -- 2020-03-24 in OptfinITy News


OptfinITy is proud to announce that our CEO, Michael Drobnis, has been selected to participate in the Goldman Sachs 10,000 Small Businesses (10KSB) Program. The program offers continuing business education through Babson College, a network of executive mentors, and access to capital through “mission-driven small business lenders.”

“I am a lifelong learner and understand the importance of networking and learning from others,” says Drobnis. Although his background includes an MBA, and various certifications, Drobnis says the 10KSB opportunity offers something his previous achievements couldn’t.

“All of this education was undertaken before I became CEO of OptfinITy and when you are the owner of a company, you are concerned about the business from different angles, so participating in the 10KSB program is perfect for me to learn more as a business owner.”

Of the 9,000 small businesses that have entered the program so far, more than two-thirds saw an increase in revenue within six months of joining the program, and nearly 80 percent reported revenue growth after 30 months. That’s compared to a national average of 47 percent among U.S. businesses.

By -- 2020-03-19 in Blog

The Coronavirus panic has spread nation-wide and it did not take cyber criminals long to attempt to cash in on it. A report released on Thursday has stated that certain websites claiming to introduce news of the virus, are malicious websites and are sending out mass scams and emails attempting to monetize from this pandemic.

Director of operation of Recorded Future, Lindsay Kaye, has specifically called out these domains publicly as possibly dangerous:

  • Coronavirusstatus[.]space
  • Coronavirus-map[.]com
  • canalcero[.]digital
  • Coronavirus-realtime[.]com
  • Coronavirus[.]app
  • coronavirusware[.]xyz
  • Coronavirusaware[.]xyz
  • COVID19 Tracker [app]

Since the panic of the pandemic has left people frantically searching for information regarding the state of the outbreak, also watch out for another app called “COVID19 Tracker” which has been masking itself as an outbreak map tracker, when in reality it is ransomware that locks down your phone completely and demands you pay $100 in bitcoin in 48 hours or lose all your digital data.

If you are confused on which websites to trust and how to avoid hacking or ransomware, OptfinITy can help keep your data safe. Give us a call at 703-790-0400 or email us at

By -- 2020-03-13 in Blog

With the recent declaration by WHO (World Health Organization) we are now dealing with a pandemic, and it is important to consider the following items when preparing for teleworking:

• Making sure the employee has the proper direct communication tools (cell phone, work phone or app to access the phone system)
• Making sure the employees can access their information securely (using VPN, remote desktop applications)
• Making sure the employee has a computer or remote computer access
• Making sure that the employee has the ability to collaborate and communication with their staff (Google Hangouts, Microsoft Teams, Slack)
• Making sure that the employee stays on task and on-track (Rescue time, Focus Time, etc.)

While many organizations have access to tools already if they use Google’s G-Suite or Office-365, there are other applications out there who are making their products available if needed. For more information on those types of apps, see the following link:

Should your organization need assistance with teleworking or other remote access policies, please give OptfinITy a call and we will be glad to work with you.

By -- 2020-03-9 in Blog

Security researchers are now warning Android phone users about a malware strain that can withdraw and obtain one-time passcodes by extracting it from the Google Authenticator app. The Google Authenticator app is a two-factor authentication security layer that creates a 6 to 8 digits long code to enter on various online accounts. The Android malware, Cerberus, has an OTP-stealing capability that steals 2FA codes from Google Authenticator.

When the app is running, the Trojan collects the content of the interface and sends it to the command-and-control server. A feature called RATs on the trojan allows the trojan to bypass the Authenticator, giving access to all types of private accounts including email inboxes, social media accounts, and coding repositories.

If you or your business have any concerns about keeping your systems secure,  feel free to call OptfinITy at 703-790-0400 or email us at


By -- 2020-03-5 in Blog

Twitter just requested that all 5,000 of their employees work from home because of the COVID-19 Coronavirus. However, Twitter does not stand alone in this decision. Companies all over the world are now asking their employees to work from home – a request that was once considered a privilege is now a necessity. Fortunately, web-conferencing and video-conferencing applications are using this epidemic to their advantage and offering their services for free for a limited time during this pandemic.

Cisco’s WebEx, for example, has reported that that traffic from china has increased 22 times more since the outbreak, and four to five times as many users in Japan, South Korea, and Singapore. Free signup rates for countries with infections increased by 700% and climbing.


Video and web conference applications currently offering services and special deals in response to the Coronavirus are Cisco WebEx, Google Hangouts Meet, LogMeIn GoToMeeting, Microsoft Teams, and zoom. Luckily, OptfinITy provides IT services to many of our remote clients. If you or your organization have any questions regarding the services we provide, don’t hesitate to reach us a call at 703-790-0400 or email us at


By -- 2020-03-3 in Blog

The Coronavirus outbreak has been spreading national fear, and cyber-criminals have found a way to exploit that. Cyber attacks through emails have been circulating by attackers falsely impersonating a trusted establishment – the World Health Organization. Hackers have created their own email campaign that is feed on public fear. The campaign uses conspiracy and indicates that the email contains information filled with unknown cures for the virus. When the victim presses on the attachment in the email, they are accepting a malware. One campaign even provides a DocuSign page where users enter their personal information in hopes of receiving further information regarding the secret cure. Another method uses a Microsoft Word attachment to redirect users to a fake Microsoft Office website where the World Health Organization name appears to give a sense of credibility.

The U.S Centers for Disease Control and Prevention indicates that the risk for the American Public regarding the Corona virus is quite low. If are afraid your staff is not prepared to handle cyber-security threats, OptfinITy can help keep your data safe. Give us a call at 703-790-0400 or email us at

By -- 2020-02-27 in Uncategorized

Google was forced to remove 500 malicious Chrome extensions from its web store after it was discovered that many extensions carried malicious ads which siphoned off browsing data to servers being controlled by attackers.
It’s been reported that the extensions were part of an Ad-fraud campaign that’s been operating since January 2019. However, some evidence shows that the actor may have been operating from as early as 2017.

The extensions posed as promotions and advertising services. Unfortunately, this was not the first time Chrome extensions on chrome were caught stealing data from browsers. For now, individuals are cautioned to continue reviewing extension permission, uninstalling extensions not often used or don’t require access to your browser activity.

If you or your business are unsure on how to handle ad-fraud, OptfinITy can help.  Call us at (703)790-0400 or contact us at for  more information.

By -- 2020-02-24 in Blog, Uncategorized

Last year businesses worldwide lost billions of dollars due to ransomware. This year, however, some ransomware criminals are looking to collect something other than money.

Researchers at Emisoft have discovered a ransomware that demands payment of a different kind – nude photographs. The creator of the ransomware distorts the typical sextortion scam which is to usually ask for payments in order not to post explicit photographs of the victim. Now, the criminal offers up a decryption tool to the victim but only if they send explicit photos of themselves first.

Although the scam is worrisome, the new strain of Ransomware has proven not to be very sophisticated in its execution yet. It is important before turning over sensitive images of yourself to consult a professional before. Thankfully, OptfinITy is equipped to deal with threats of cybercriminals. If you or your organization fear that you are not prepared to deal with these types of security issues attacks and can use some guidance, feel free to contact us at OptfinITy at (703)790-0400 or contact us at