Blog

By Steve Gold, Posted in Security

Always! I was going to continue to use movie or television references to highlight the importance of this CIS Safeguard but realistically, there isn’t one. There are plenty of examples where the lack of an effective Vulnerability Management Process caused a breach. Here are just a few: Equifax (2017): One of the most notable breaches in recent history. Equifax, a major credit reporting agency, suffered a data breach that exposed the personal information of 147 million people. The breach occurred du... read more.

• November 15, 2023

By Eric Corcoran, Posted in Technology Week in Review

Monday 11/6   Purity//FA 6.6.0: Paving the Way for FlashArray//E (Pure Storage) Purity//FA 6.6.0 delivers bold ESG benefits, enables storage consolidation, and simplifies storage provisioning along with other improvements for FlashArray customers. https://bit.ly/49gnOrc How to Secure Your Network Infrastructure (Arctic Wolf) Effective security operations are necessary to continuously monitor data centers and servers, user login activity, SaaS applications, cloud workloads, email systems, and mana... read more.

• November 10, 2023

By Steve Gold, Posted in Security

This line from “The Fugitive” portrays Dr. Richard Kimble (played by Harrison Ford), a vascular surgeon who was wrongly convicted of his wife's murder. After escaping custody, he set out to prove his innocence while being pursued by Deputy Marshall, Samuel Gerard (played by Tommy Lee Jones). In a face-to-face standoff, Richard says, “I didn’t kill my wife.” Deputy Gerard responds with, “I don’t care.” One of the best responses to that line, in my humble opinio... read more.

• November 07, 2023

By Eric Corcoran, Posted in Technology Week in Review

Monday 10/30 ICYMI: Gotham’s CTO, Ken Phelan, met with Secure Network Technologies’ President, Steve Stasiukonis, to discuss the steps you need to take during a cybersecurity event. See the link below for the full video. https://youtu.be/u6J7BV5cImQ Skeleton Keys and Local Admin Passwords: A Cautionary Tale (CyberArk) In today’s complex enterprise landscape, the prevalent use of what can be termed as “modern digital skeleton keys” – local administrator accounts &ndas... read more.

• November 03, 2023

By Steve Gold, Posted in Security

One of my favorite movies is WarGames. If you haven’t seen it, stop reading immediately cause I’m going to spoil it for you. In the movie, David Lightman (played by Mathew Broderick) uses a technique called wardialing, where his computer dials every phone number in a given area to find a modem at the other end. David discovers a modem for a military supercomputer aka WOPR (War Operation Plan Response, because everything needs an acronym). Once he's connected, he relies on easily guessable passw... read more.

• October 31, 2023

By Eric Corcoran, Posted in Technology Week in Review

Monday 10/23 Another InfoStealer Enters the Field, ExelaStealer (Fortinet) InfoStealer malware exfiltrates data belonging to corporations and individuals that can be used for blackmail, espionage, or ransom. Despite the number of infostealers in the wild, ExelaStealer shows there is still room for new players to emerge and gain traction. https://bit.ly/3s28AFw Are You Sure Your Browser is Up to Date? The Current Landscape of Fake Browser Updates (Proofpoint) Fake browser updates refer to compromised we... read more.

• October 27, 2023

By Steve Gold, Posted in Security

In "Mission: Impossible," one of the most iconic scenes involves Ethan Hunt (played by Tom Cruise) infiltrating a highly secure CIA facility at Langley to steal the NOC list, a comprehensive list of all covert agents. To access this room, Hunt has to bypass multiple security measures: Temperature Regulation: The room is temperature-controlled. A sudden rise could trigger the alarm. Ethan and his team have to ensure that his body heat doesn't increase the room's temperature. Sound Sensors: The room is eq... read more.

• October 26, 2023

By Hank Smith, Posted in Security

In the ever-evolving landscape of cybersecurity threats, phishing and ransomware emails remain persistent challenges for organizations. While technology plays a crucial role in minimizing the impact of such threats, user-based training is equally essential. Many corporations have adopted mandatory training programs that aim to educate employees and test their ability to identify and respond to suspicious emails. In this blog post, we will explore the effectiveness of user training and how Microsoft Attack S... read more.

• October 25, 2023

By Carlo Costanzo, Posted in Security, Virtualization

During our internal tech brief, Tim Husar brought to everyone’s attention a new vulnerability announced by VMware. This critical issue involves an out of bounds write vulnerability in the implementation of the DCERPC protocol. VMware has evaluated the severity of this issue to be in the Critical Severity Range with a maximum CVSSv3 base score of 9.8. The write vulnerability could allow a malicious actor to execute remote code. The issue affects most versions of vCenter in production and VMware has... read more.

• October 25, 2023

By Eric Corcoran, Posted in Technology Week in Review

Monday 10/16 I’ve Been Hit by Ransomware—Now What? Steps for Dealing with the Aftermath (Proofpoint) The best ransomware strategy is to avoid it in the first place. But increasingly advanced attacks against the software supply chain and end users have shown that even the best-prepared companies can be caught out. https://bit.ly/45yOyju PAM and Cloud Security: The Case for Zero Standing Privileges (CyberArk) A new approach is required to apply the principles of Zero Trust in a world with the... read more.

• October 20, 2023