Category: Cybersecurity

Password Manager Browser Extensions Exposed: What You Need to Know About the DEF CON 33 Vulnerability

At this year’s DEF CON 33 hacker conference, independent security researcher Marek Tóth unveiled a set of critical flaws affecting some of the most widely used password manager browser extensions. Soon after, cybersecurity firm Socket verified the findings and worked with impacted vendors to coordinate a public disclosure.

While password managers remain one of the most important tools for securing online accounts, this discovery highlights how attackers could exploit browser-based variants to steal sensitive information under specific conditions.

What Was Discovered?

Tóth’s research revealed that browser-based password managers—including 1Password, Bitwarden, Enpass, iCloud Passwords, LastPass, and LogMeOnce—could unintentionally leak credentials and other sensitive information in certain scenarios.

The vulnerability stems from how these extensions handle autofill processes and interact with web page content. Maliciously crafted websites could potentially trick extensions into exposing stored data—such as usernames, passwords, or even tokens—without user awareness.

Why This Matters

Password managers are often the front line of defense against credential theft. Businesses and individuals rely on them to:

Generate unique, complex passwords.
Store them securely in an encrypted vault.
Reduce the risk of password reuse across accounts.

If attackers can exploit browser extensions, the convenience of autofill becomes a liability instead of a safeguard. This type of vulnerability is particularly dangerous because:

Browser-based access is common — Many users depend heavily on extensions instead of desktop apps.
Attackers only need a single visit — A malicious web page can capture data immediately.
It affects multiple major vendors — Broad exposure increases the potential attack surface.

What Vendors Are Doing

Following responsible disclosure, vendors have been alerted and are actively working on patches. Some have already rolled out fixes, while others are refining their defenses to prevent similar attack vectors in the future.

Both the researcher and Socket stressed that these flaws do not mean password managers are inherently unsafe—rather, that their browser-based components must be hardened to meet modern attack techniques.

What You Should Do Now

Until patches are fully confirmed and deployed, here are recommended best practices for businesses and individuals:

🔒 Update Immediately – Apply the latest version of your password manager across all browsers and devices.
🛡️ Limit Autofill – Consider disabling automatic autofill and instead copy/paste credentials when possible.
🌐 Use Desktop Apps – Whenever possible, rely on the desktop or mobile application instead of the browser extension.
🚨 Stay Alert for Phishing – These attacks often rely on malicious sites. Verify links before entering credentials.
🔑 Start Exploring Passkeys – Passkeys, which use cryptographic keys tied to your device rather than traditional passwords, are quickly emerging as a safer, phishing-resistant alternative. Many major platforms (Google, Apple, Microsoft) are already rolling them out. While still new, passkeys reduce reliance on stored passwords entirely and may play a big role in reducing risks like the ones revealed at DEF CON.

Final Thoughts

Password managers are still one of the strongest tools available for securing digital identities. However, as the DEF CON 33 findings show, no solution is immune to flaws.

The key takeaway: security is not a one-time setup—it requires continuous vigilance, updates, and layered defenses. As passkeys continue to gain adoption, they may eventually reduce the need for password storage altogether. Until then, keeping your tools updated and following best practices remains the most effective way to stay secure.

Deepfakes, AI, and the Future of Cybercrime: What Your Business Needs to Know

Cybercrime is no longer limited to phishing emails and stolen passwords. With the rapid rise of artificial intelligence, criminals are gaining powerful new tools that make scams more convincing and harder to detect. One of the most alarming trends is the use of deepfakes—AI-generated videos, audio, and images that can realistically mimic real people.

Imagine receiving a voicemail that sounds exactly like your CEO asking you to transfer funds, or a video message that looks like a trusted partner providing instructions. These aren’t science fiction scenarios—they’re happening today. Cybercriminals are already using deepfakes to bypass traditional security measures and exploit human trust.

But deepfakes are only one piece of the puzzle. AI is also being used to:

Automate phishing campaigns that adapt in real time to increase click-through rates.
Clone voices and writing styles to make fraudulent emails, calls, or texts more convincing.
Crack passwords and security questions faster than ever before.

Why This Matters to Your Business

For small and mid-sized businesses, these threats pose a serious risk to finances, data, and reputation. Traditional security awareness—like spotting spelling mistakes or poor grammar in emails—may no longer be enough. Employees need to understand that even a familiar voice or face could be faked.

What You Can Do Now

Educate your team about deepfakes and AI-driven scams so they know what to watch for.
Adopt advanced cybersecurity tools that help detect unusual activity and potential impersonations.
Verify requests through a second channel (for example, calling a known number before acting on financial instructions).
Enable strong authentication such as multi-factor authentication (MFA) to limit the damage if credentials are stolen.

Final Thoughts

AI is transforming business in exciting ways, but it’s also transforming cybercrime. Staying ahead requires awareness, vigilance, and the right security strategies. At TMD Technology Services, we help businesses prepare for these evolving threats with advanced security solutions and user training programs.

Ready to protect your business from AI-driven cybercrime? Contact us today 561-404-9251

cybercrime deep fakes

Why Small Businesses Need Enterprise-Grade Cybersecurity (Without the Enterprise Price Tag)

Cybersecurity isn’t just a big-business problem anymore. In fact, 43% of all cyberattacks target small businesses, and over 90% of breaches start with a phishing email. Unfortunately, many businesses with fewer than 50 employees assume they’re “too small” to be a target — but attackers know that small companies often have fewer defenses, making them an easy entry point.

At TMD Technology Services, we specialize in helping small businesses stay protected with affordable, scalable, and fully managed solutions. You don’t need a large IT department — you need the right tools, managed by experts who understand the challenges of a small business environment. See some of the services we offer below to help protect your small business

Security Services for Small Business

Microsoft Defender for Office 365

Email remains the #1 entry point for attacks. Defender for Office 365 blocks phishing, malware, and ransomware before they hit your inbox. For businesses that rely on email to operate (that’s all of us!), it’s the first and most essential line of defense.

Managed Detection & Response (MDR) for Microsoft 365 & Google Workspace

Our 24/7 SOC (Security Operations Center) actively monitors your cloud environment. If suspicious activity is detected, automated actions — like disabling a compromised account — happen instantly. Human experts then validate and respond, ensuring threats don’t spread across your organization. This level of protection used to be reserved for enterprise companies — but now it’s available and affordable for small businesses.

SentinelOne Endpoint Detection & Response (EDR)

Traditional antivirus isn’t enough. SentinelOne uses AI-driven detection to stop ransomware, viruses, and zero-day attacks in real-time. If something slips through, SentinelOne can even roll back an infected device to a safe state, minimizing downtime and data loss. Combined with 24/7 SOC oversight, your workstations and laptops get true enterprise-grade protection.

Proofpoint Essentials

Phishing scams and Business Email Compromise (BEC) attacks cost small businesses billions every year. Proofpoint Essentials filters malicious messages, quarantines threats, and provides advanced email security that outperforms standard spam filters.

Backup & Business Continuity Solutions

Cloud-to-Cloud Backup for Microsoft 365 & Google Workspace

Deleting or losing email, files, or calendar data in the cloud doesn’t mean it’s gone forever — unless you don’t have a backup. Our C2C backup automatically protects:

Microsoft 365: Email, OneDrive, and SharePoint
Google Workspace: Gmail, Drive, Contacts, and Calendar

This ensures your team’s productivity data is always recoverable, no matter what happens.

Direct-to-Cloud Backup

Basic file backup tools aren’t enough for today’s threats. You need a robust backup solution that goes further by protecting entire server images, including critical applications like QuickBooks and Active Directory.

Even more importantly, if your server hardware fails or ransomware takes hold, our backup solution lets you spin up a virtual server in the cloud — keeping your business online while hardware is repaired or replaced. What used to take days or weeks can now be resolved in hours.

Employee Training & Awareness

Technology is powerful, but people are often the weakest link. That’s why we include:

Phishing Simulations – Test your employees with safe, realistic phishing attempts.
Security Awareness Training – Short, simple training to help your staff spot suspicious emails, links, and files before it’s too late.

When employees are trained and tested regularly, your risk of a successful attack drops dramatically.

Why Small Businesses Can’t Afford to Wait

Downtime is expensive: Even a single day offline can mean thousands in lost revenue.
Data loss is catastrophic: Customer records, QuickBooks files, and email history are too valuable to risk.
Reputation matters: Customers expect you to protect their data — and breaches can damage trust.

With the right mix of tools, small businesses can finally access the same level of protection enterprises rely on — but at a fraction of the cost.

Ready to Protect Your Business?

At TMD Technology Services, we help businesses with 5 – 100 employees deploy enterprise-grade security and backup without the enterprise price tag.

Contact us today to learn how Defender for Office, MDR, SentinelOne, Proofpoint, and Axcient can keep your business secure — and your employees productive. (561) 404-9251

backup Business Continuity cybersecurity

Protect Your Mobile Identity: How to Prevent SIM Swapping and Smishing Attacks

Mobile security threats are on the rise, with SIM swapping and smishing attacks becoming increasingly common. These attacks can compromise personal data, financial accounts, and even business operations. Here’s how you can protect yourself and your business from these risks.

What Is SIM Swapping?

SIM swapping occurs when an attacker convinces your mobile carrier to transfer your phone number to a new SIM card. Once successful, the attacker gains access to your calls and texts, including authentication codes used for two-factor authentication (2FA).

How to Prevent SIM Swapping:

Enable PIN or Passcode on Your SIM: Contact your carrier to set up a PIN that must be provided before any changes are made to your account.
Use Strong Multi-Factor Authentication (MFA): Opt for app-based authenticators (like Authy or Google Authenticator) instead of SMS-based 2FA.
Be Cautious of Phishing Attempts: Fraudsters may try to obtain your personal information to impersonate you to your carrier.
Monitor Your Phone Activity: Be vigilant for sudden loss of service or unexpected notifications about SIM changes.
Notify Your Carrier Immediately: If you suspect SIM swapping, contact your carrier to freeze your account.

What Is Smishing?

Smishing is a type of phishing attack that uses SMS or text messages to trick users into revealing sensitive information or installing malware.

How to Avoid Smishing Attacks:

Do Not Click on Suspicious Links: Avoid clicking on links in unsolicited text messages, even if they appear legitimate.
Verify the Sender: If a message claims to be from a bank or service provider, call the company directly to verify its authenticity.
Do Not Share Personal Information: Reputable companies will never ask for sensitive information via text.
Install Mobile Security Software: Use reputable apps that detect and block malicious SMS messages.
Report Smishing Attempts: Inform your carrier and relevant authorities about suspected smishing messages.

Final Thoughts

Cybercriminals are constantly looking for ways to exploit mobile devices. Taking proactive steps to secure your SIM and staying cautious of suspicious messages are key to safeguarding your digital identity. Stay vigilant, and educate your team on these risks to minimize potential damage.

sim swapping smishing

Why Small Businesses Should Use SentinelOne for Cybersecurity

In today’s digital landscape, small businesses face the same cybersecurity threats as larger enterprises, but often without the robust defenses that larger companies can afford. SentinelOne offers an advanced and scalable solution that is particularly well-suited for small business environments. Here’s why SentinelOne should be your go-to choice for endpoint security.

1. Comprehensive Threat Protection

SentinelOne provides real-time protection against a wide range of threats, including ransomware, malware, and phishing attacks. Its AI-driven threat detection continuously monitors endpoints, identifying suspicious behavior and taking automated action to contain and remediate threats.

2. Ease of Use and Deployment

Small businesses typically lack dedicated IT security teams. SentinelOne’s intuitive interface and automated workflows make it easy to deploy and manage, even for those without specialized cybersecurity expertise.

3. Automated Response and Recovery

In the event of an attack, SentinelOne’s automated response capabilities kick in immediately, isolating infected systems and performing remediation tasks without requiring manual intervention. This rapid action helps minimize downtime and data loss.

4. Scalability for Growing Businesses

As your small business grows, so does your cybersecurity footprint. SentinelOne’s scalable architecture allows you to easily add new devices and endpoints without disrupting existing protection.

5. Real-Time Visibility and Control

SentinelOne provides detailed visibility into your network, giving you insight into potential vulnerabilities and attack vectors. The platform’s centralized dashboard lets you monitor and manage endpoint security from a single pane of glass.

6. Cost-Effective Solution

SentinelOne’s value lies not only in its advanced protection but also in its ability to reduce costs associated with manual threat detection and response. Investing in a robust solution now can save your business from costly data breaches down the line.

Final Thoughts

For small businesses aiming to protect their digital assets without breaking the bank, SentinelOne is an ideal choice. Its AI-powered capabilities, user-friendly interface, and automated response features make it a powerful yet accessible tool for keeping your business secure.