Articles In Security

By Hank Smith, Posted in Infrastructure, Security, Support

Throughout my years of IT consulting, patching servers and desktops has been a sore subject with customers. It’s always been something that is required, but in many cases not performed. The benefits of patching in a timely manner include feature enhancements, bug fixes, and of course security updates. But for many of our customers, patching is time-consuming and resource-intensive, and gets in the way of IT teams focusing on more strategic and tactical matters. As a result, patches aren’t maint... read more.

• December 21, 2017

By Ken Phelan, Posted in AppDev, Infrastructure, Security, Storage, Virtualization

Recently back from AWS:ReInvent, I’m still processing all the data. AWS is Amazon’s Web Services. Amazon is currently hosting 3 times more cloud services than their closest competitor (Azure), making them the 800 pound gorilla of cloud computing. AWS:ReInvent is the trade event they recently held in Las Vegas. Writing a blog helps me process, so here’s my blog about the show. Thanks for helping me process. First of all, ReInvent is huge. Content was being delivered in three different hote... read more.

• December 05, 2017

By Nancy Rand, Posted in Security

This year was once again filled with major security breaches. In fact, these breaches have impacted so many of us that they are becoming a routine fact of life for companies and individuals alike. The Equifax breach in particular affects practically every person or entity that has had a credit check done in recent years.  Protection of our personally identifiable information (PII) and financial information should have been a priority with a credit bureau. As we've seen, it was not. And of course... read more.

• November 30, 2017

By Tom Stanley, Posted in AppDev, Infrastructure, Security, Virtualization

The tech news has been abuzz recently with stories about how machine learning is making impressive strides in areas like autonomous vehicles, face recognition, and language translation. You can now be automatically tagged in Facebook photos of events you don’t even remember attending. But, while these are impressive achievements that may enhance some of your personal experiences, they have little bearing on your business. You might be surprised to find out these are just some of the more exciting appl... read more.

• November 10, 2017

By Stephen Kilcoyne, Posted in Security

Gotham Technology Group and BUFFERZONE Partner to Provide Prevention-Based Container Security Technology to Enterprises  Leading InfoSec Solutions Provider Augments Existing Isolation Security Tech Offering with BUFFERZONE New York City, NY--November 2, 2017- BUFFERZONE Security, a provider of next-generation endpoint security solutions protecting organizations from advanced threats including ransomware, zero-days and phishing scams, and Gotham Technology Group, a leading technology solutions provide... read more.

• November 02, 2017

By Eduardo Blanco, CISSP, Posted in Security

A critical weakness has been discovered in WPA2, the ubiquitous protocol that secures Wi-Fi networks worldwide. The attack known as “KRACKS” which is short for Key Reinstallation Attacks, enables attackers within range of the target Wi-Fi network to see data that is presumed to be safely encrypted. This effectively renders organizations that leverage WPA2 vulnerable to theft of critical data such as credit card numbers, passwords, emails, photos, etc. It also makes it possible for a man-in-the-m... read more.

• October 17, 2017

By Nancy Rand, Posted in Security

February 23, Techcrunch.com - Major Cloudflare bug leaked sensitive data from customers’ websites. Cloudflare revealed a serious bug in its software today that caused sensitive data like passwords, cookies, authentication tokens to spill in plaintext from its customers’ websites. The announcement is a major blow for the content delivery network, which offers enhanced security and performance for more than 5 million websites. This could have allowed anyone who noticed the error to collect a... read more.

• February 27, 2017

By Nancy Rand, Posted in Security

January 16, SecurityWeek – (International) Flaws found in Carlo Gavazzi energy monitoring products. Carlo Gavazzi released firmware updates after a security researcher found that the company’s VMU-C product was plagued with a flaw that grants a malicious actor access to most of the application’s functions without authentication, as well as a cross-site request forgery (CSRF) issue that can be exploited to change configuration parameters. The researcher also found the product stores some se... read more.

• January 18, 2017

By Nancy Rand, Posted in Security

January 12, SecurityWeek – (International) GoDaddy revokes nearly 9,000 SSL certificates. GoDaddy revoked nearly 9,000 Secure Sockets Layer (SSL) certificates after discovering that a software bug, which was introduced in July 2016 as part of a routine code change intended to improve the certificate issuance process, can cause the domain validation process to be unreliable. GoDaddy provides the customer a random code and directs the customer to place it in a specific location on their Website in order... read more.

• January 17, 2017

By Nancy Rand, Posted in Security

January 12, SecurityWeek – (International) Eight vulnerabilities patched in WordPress. WordPress version 4.7.1 was released, resolving a total of 8 security flaws and 62 bugs including 2 cross-site request forgery (CSRF) flaws, several cross-site scripting (XSS) vulnerabilities, and a weak crypto issue related to multisite activation keys. Source January 12, SecurityWeek – (International) Four high severity DoS flaws patched in BIND. The Internet Systems Consortium (ICS) released BIND versions... read more.

• January 13, 2017