Blog

By Steve Gold, Posted in Security

One of my favorite movies is WarGames. If you haven’t seen it, stop reading immediately cause I’m going to spoil it for you. In the movie, David Lightman (played by Mathew Broderick) uses a technique called wardialing, where his computer dials every phone number in a given area to find a modem at the other end. David discovers a modem for a military supercomputer aka WOPR (War Operation Plan Response, because everything needs an acronym). Once he's connected, he relies on easily guessable passw... read more.

• October 31, 2023

By Eric Corcoran, Posted in Technology Week in Review

Monday 10/23 Another InfoStealer Enters the Field, ExelaStealer (Fortinet) InfoStealer malware exfiltrates data belonging to corporations and individuals that can be used for blackmail, espionage, or ransom. Despite the number of infostealers in the wild, ExelaStealer shows there is still room for new players to emerge and gain traction. https://bit.ly/3s28AFw Are You Sure Your Browser is Up to Date? The Current Landscape of Fake Browser Updates (Proofpoint) Fake browser updates refer to compromised we... read more.

• October 27, 2023

By Steve Gold, Posted in Security

In "Mission: Impossible," one of the most iconic scenes involves Ethan Hunt (played by Tom Cruise) infiltrating a highly secure CIA facility at Langley to steal the NOC list, a comprehensive list of all covert agents. To access this room, Hunt has to bypass multiple security measures: Temperature Regulation: The room is temperature-controlled. A sudden rise could trigger the alarm. Ethan and his team have to ensure that his body heat doesn't increase the room's temperature. Sound Sensors: The room is eq... read more.

• October 26, 2023

By Hank Smith, Posted in Security

In the ever-evolving landscape of cybersecurity threats, phishing and ransomware emails remain persistent challenges for organizations. While technology plays a crucial role in minimizing the impact of such threats, user-based training is equally essential. Many corporations have adopted mandatory training programs that aim to educate employees and test their ability to identify and respond to suspicious emails. In this blog post, we will explore the effectiveness of user training and how Microsoft Attack S... read more.

• October 25, 2023

By Carlo Costanzo, Posted in Security, Virtualization

During our internal tech brief, Tim Husar brought to everyone’s attention a new vulnerability announced by VMware. This critical issue involves an out of bounds write vulnerability in the implementation of the DCERPC protocol. VMware has evaluated the severity of this issue to be in the Critical Severity Range with a maximum CVSSv3 base score of 9.8. The write vulnerability could allow a malicious actor to execute remote code. The issue affects most versions of vCenter in production and VMware has... read more.

• October 25, 2023

By Eric Corcoran, Posted in Technology Week in Review

Monday 10/16 I’ve Been Hit by Ransomware—Now What? Steps for Dealing with the Aftermath (Proofpoint) The best ransomware strategy is to avoid it in the first place. But increasingly advanced attacks against the software supply chain and end users have shown that even the best-prepared companies can be caught out. https://bit.ly/45yOyju PAM and Cloud Security: The Case for Zero Standing Privileges (CyberArk) A new approach is required to apply the principles of Zero Trust in a world with the... read more.

• October 20, 2023

By Steve Gold, Posted in

In Iron Man 2, Ivan Vanko hacks into Lt. Col. James 'Rhodey' Rhodes’ suit (a.k.a. War Machine, Iron Patriot) and programs it against Iron Man. Ivan locks out everyone from Stark Industries and from Hammer Industries, the company that paid him to build the Iron Man-competitive suits. Ivan Vanko ended up building drones instead of suits because “People make problems. Trust me. Drone better”. This is a great example of an automated process to revoke access to an Enterprise Asset aka War Mach... read more.

• October 17, 2023

By Eric Corcoran, Posted in Technology Week in Review

Monday 10/2 Join Gotham CTO, Ken Phelan, and Secure Networks Technologies President, Steve Stasiukonis, on Thursday, October 26, at 9:30 AM for a CTO Tech Talk discussing what you need to do during a cybersecurity event. See the link below for registration details. https://www.eventbrite.com/e/cto-tech-talk-tickets-723656886227?aff=oddtdtcreator Driving Enterprise Hybrid Cloud Efficiency: How F5 and NetApp Change the Game (F5) With data stored across multiple cloud environments and on-premises, the nee... read more.

• October 13, 2023

By Carlo Costanzo, Posted in Infrastructure

VMware released vCenter Server 8.0 Update 2 recently, so it’s time to upgrade the HomeLab. The process of upgrading is pretty straight forward (assuming no complications) and starts in the vCenter UI admin interface located on port 5480. Find the update and process the upgrade. It is about 8 GB, so it could take a while to download and install. What’s New With Update 2? With a successful upgrade, you are now on the latest version of vCenter. This includes your basic security and performa... read more.

• October 12, 2023

By Steve Gold, Posted in Security

One of my favorite scenes in Thor: Ragnarok was when Thor attempted to escape the junk planet. He made it to the Quinjet and tried many different activation codes (access) such as: "Thor", "Son of Odin," and "Strongest Avenger" (twice). None worked. It was only when he said “Point Break” did the Quinjet start. Point Break was the activation code that Tony Stark had assigned him back from the 2012 Avengers movie. Unauthorized access to sensitive information is one of the most significant threats... read more.

• October 10, 2023