IMC Technology

08/13/2025

For years, the cybersecurity industry has told us, “It’s not a matter of if you get breached, but when.” At IMC Technology, we challenge that defeatist mindset. We’ve spent our entire careers building bulletproof cybersecurity programs designed to stop ransomware before it ever reaches your business. And we’re so confident in our approach, if you do get hit and have to pay a ransom — we’ll pay it for you. That’s our Call Us Crazy Guarantee. Ready to stop planning for failure and start expecting protection? Let’s talk. Comment for help.

08/05/2025

Claim Your Free Cybersecurity eBook Today!

IMC Technology is your trusted Managed Security Services Provider (MSSP), delivering enterprise-grade protection with a personal touch. Whether you're starting from scratch or enhancing your current defenses, our expert team helps you design, implement, and manage a cybersecurity program that stands up to the toughest threats and compliance standards.

💥 Backed by our bold “Call Us Crazy Guarantee,” we don’t just promise security—we stand behind it.

📘 Download your free eBook now and take the first step toward smarter, stronger cybersecurity.

👉https://thecisosystem.imctechnology.net/the-ciso-system-optin

12/04/2022

IMC Technology is growing!

We are looking for a commissioned sales representative to grow the I-40 corridor between Little Rock and Fort Smith, with focus in the Russellville area. Experience in selling technology, managed services, Microsoft Office 365, cybersecurity or backup and disaster recovery preferred.

25% of top line revenue
3% of MRR for life of contract

Potential to grow into director of sales salaried position.

Please reply to this message if interested.

Referral fee of $250 if you refer a friend or family for the position and we hire them!

08/01/2022

IMC Technology is looking for an on site/remote hands technician in the Russellville area that has a general understanding of laptops, desktops, servers and networking. IT support/help desk experience a plus. Not a full time position but as needed. Time and half for same day service, holidays or weekends me.

IMC proudly serves Arkansas businesses, non profits and government municipalities. Client concentration all within one hour drive of Russellville. Must have valid drivers license and able to work in the United States.

Likely will lead to full time employment should individual be someone who takes pride in supporting our client base. We are rapidly growing. Please reply via direct message if interested.

Send a message to learn more

09/21/2021

The use of open redirects from legitimate domains makes phishing emails that much more believable and credible, obfuscating the dangerous nature of these attacks.

In the ongoing saga of attacks on Microsoft 365 users, security analysts at Microsoft recently announced a widespread attack that utilizes open redirects – a technique used in web development to point to the URL visitors of a website should be taken to once the initially-visited page is done processing the visit.

A simple example of an open redirect is the following:
[https://]example[DOT]com/redirect[DOT]php?url=[http://]attacker[DOT]com

According to Microsoft, attackers will use a bit more trickery to fool those that choose to hover over links in emails before clicking on them, embedding a malicious URL within what appears to be a trusted URL (note the red portion of the screenshot at the blog)

In many cases, redirects to malicious URLs first take visitors to Google reCAPTCHA pages to further obfuscate the nature of the final destination from security solutions designed to evaluate email links.

While evaluating destination URLs via hovering over links in an email is definitely a good security practice, threat actors are becoming wise to this and are taking steps such as those mentioned above to make it even more difficult to spot a malicious link.

Users should be taught via Security Awareness Training to be more mindful of the actual message being sent – if unsolicited, it should be treated with at least a bit of distrust and scrutiny, being certain it is legitimate before engaging with links – benign or malicious.

Blog post with links and screenshot:

The use of open redirects from legitimate domains makes phishing emails that much more believable and credible, obfuscating the dangerous nature of these attacks.

08/31/2021

A TRICKY NEW COVID-19 PHISHING CAPER:
A new phishing campaign is exploiting the ongoing uncertainty about company policies related to COVID-19, according to Roger Kay at INKY. The campaign uses emails that purport to come from a company’s HR office informing employees that they’re required to fill out a COVID-19 vaccination status form.

Clicking on the link in the email will take the user to a Microsoft Outlook credential phishing page. “This campaign was able to bypass existing email security in a number of ways,” Kay says. “It sent the lures from legitimate but hijacked email accounts to evade standard security checks.

If the recipient clicked through, they were taken to a hijacked web page that impersonated a trusted brand. Because the phishers used a hijacked site, their exploit had not yet appeared on any threat intelligence feed. The sally was effectively a zero-day attack.

Now that it’s been discovered and reported, any email security products that reference such feeds can find it, but it’s a little late for the first victims targeted by the campaign.” Kay also notes that the emails are sent from compromised email accounts, which further added to their legitimacy.

“While the pitches appeared to be local, in fact, they all originated from various legitimate — but hijacked — external accounts,” Kay says. “This legitimacy enabled them to pass standard email authentication (i.e., SPF, DKIM, and DMARC).”

08/24/2021

Cybercriminals and nation-state actors continue to launch new smishing attacks to steal credentials and distribute malware, according to Michael Marriott, Senior Strategy and Research Analyst at Digital Shadows. Marriott describes a new Android banking Trojan called “AbereBot” that’s being sold on cybercrime forums. Since the Trojan targets mobile devices, it’s distributed via text messages.

“This is just one recent example, and barely a month goes by without another Android malware making news headlines,” Marriott says. “Back in January, for example, FluBot was reported to have spread quickly and significantly across targets. This malware was installed by SMS, in this case purporting to be from a delivery company providing a package tracking link.

Users were prompted to download an application that would enable them to track the package, however, the malicious application enabled the attacker to capture banking credentials.”

Marriott cites advice from the UK’s National Cyber Security Centre (NCSC) on how to avoid falling for these scams:
• “Only download apps from App Stores, such as the Android Play Store.
• “If you suspect you have clicked on a malicious link, reset your device to factory settings and reset credentials of any accounts that you have entered since the infection.
• “Even non-Android users should be cautious of clicking on links that may be attempting to capture credentials.
• “Beware of unsolicited texts using high-pressure tactics that introduce urgency, such as closing accounts or transferring funds, for example. When in doubt, go to the full website of the company and check notifications for your accounts there.
• “Beware of anything that forces you to log in to unrelated services, such as entering banking credentials to receive a package.
• “Always treat a message offering ‘something for nothing,’ such as winning money or prizes, as suspect, especially when you need to provide financial or other sensitive information.”

07/23/2021

A lot of people ask why we implement the "Policy of Least Privileges (PoLP)." Here's a perfect example. The local ex*****on needs the Administrator Security Context. If you're not logged in as an admin, the threat is unable to execute. Source:

06/30/2021

Western Digital Backup drives "My Book Live" factory reset (backups destroyed by vulnerability). This attack appears to be aimed at preventing the backup as a defense for other attacks like Ransomware.

Western Digital provides data storage solutions, including systems, HDD, Flash SSD, memory and personal data solutions to help customers capture and preserve their most valued data.

06/16/2021

Hackers get personal information including Social Security Numbers from Intuit.

Financial software company Intuit has notified TurboTax customers that some of their personal and financial information was accessed by attackers following what looks like a series of account takeover attacks.