Blog

By Hank Smith, Posted in Security

In the ever-evolving landscape of cybersecurity threats, phishing and ransomware emails remain persistent challenges for organizations. While technology plays a crucial role in minimizing the impact of such threats, user-based training is equally essential. Many corporations have adopted mandatory training programs that aim to educate employees and test their ability to identify and respond to suspicious emails. In this blog post, we will explore the effectiveness of user training and how Microsoft Attack S... read more.

• October 25, 2023

By Carlo Costanzo, Posted in Security, Virtualization

During our internal tech brief, Tim Husar brought to everyone’s attention a new vulnerability announced by VMware. This critical issue involves an out of bounds write vulnerability in the implementation of the DCERPC protocol. VMware has evaluated the severity of this issue to be in the Critical Severity Range with a maximum CVSSv3 base score of 9.8. The write vulnerability could allow a malicious actor to execute remote code. The issue affects most versions of vCenter in production and VMware has... read more.

• October 25, 2023

By Eric Corcoran, Posted in Technology Week in Review

Monday 10/16 I’ve Been Hit by Ransomware—Now What? Steps for Dealing with the Aftermath (Proofpoint) The best ransomware strategy is to avoid it in the first place. But increasingly advanced attacks against the software supply chain and end users have shown that even the best-prepared companies can be caught out. https://bit.ly/45yOyju PAM and Cloud Security: The Case for Zero Standing Privileges (CyberArk) A new approach is required to apply the principles of Zero Trust in a world with the... read more.

• October 20, 2023

By Steve Gold, Posted in

In Iron Man 2, Ivan Vanko hacks into Lt. Col. James 'Rhodey' Rhodes’ suit (a.k.a. War Machine, Iron Patriot) and programs it against Iron Man. Ivan locks out everyone from Stark Industries and from Hammer Industries, the company that paid him to build the Iron Man-competitive suits. Ivan Vanko ended up building drones instead of suits because “People make problems. Trust me. Drone better”. This is a great example of an automated process to revoke access to an Enterprise Asset aka War Mach... read more.

• October 17, 2023

By Eric Corcoran, Posted in Technology Week in Review

Monday 10/2 Join Gotham CTO, Ken Phelan, and Secure Networks Technologies President, Steve Stasiukonis, on Thursday, October 26, at 9:30 AM for a CTO Tech Talk discussing what you need to do during a cybersecurity event. See the link below for registration details. https://www.eventbrite.com/e/cto-tech-talk-tickets-723656886227?aff=oddtdtcreator Driving Enterprise Hybrid Cloud Efficiency: How F5 and NetApp Change the Game (F5) With data stored across multiple cloud environments and on-premises, the nee... read more.

• October 13, 2023

By Carlo Costanzo, Posted in Infrastructure

VMware released vCenter Server 8.0 Update 2 recently, so it’s time to upgrade the HomeLab. The process of upgrading is pretty straight forward (assuming no complications) and starts in the vCenter UI admin interface located on port 5480. Find the update and process the upgrade. It is about 8 GB, so it could take a while to download and install. What’s New With Update 2? With a successful upgrade, you are now on the latest version of vCenter. This includes your basic security and performa... read more.

• October 12, 2023

By Steve Gold, Posted in Security

One of my favorite scenes in Thor: Ragnarok was when Thor attempted to escape the junk planet. He made it to the Quinjet and tried many different activation codes (access) such as: "Thor", "Son of Odin," and "Strongest Avenger" (twice). None worked. It was only when he said “Point Break” did the Quinjet start. Point Break was the activation code that Tony Stark had assigned him back from the 2012 Avengers movie. Unauthorized access to sensitive information is one of the most significant threats... read more.

• October 10, 2023

By Timothy Karl, Posted in Infrastructure

Email-based discovery in the Citrix Workspace app allows users to setup Workspace using only their email address. The benefit of this feature is that a user does not have to enter or remember any server URLs to access their Citrix resources. All they need to do is enter their email address and the Workspace App will auto-configure itself. To configure this feature in traditional NetScaler Gateway and StoreFront deployments, an administrator would need to configure the following for each email domain: A... read more.

• September 29, 2023

By Eric Corcoran, Posted in Technology Week in Review

Monday 9/25 10 Real-World Business Email Compromise (BEC) Scam Examples (Proofpoint) The FBI’s Internet Crime Complaint Center reports that businesses lost more than $2.7 billion to BEC scams in 2022. That’s more than one-quarter of all the cyber crime-related financial losses for that year. https://bit.ly/3RC1LVw What is Alert Deafness? (Check Point) The exponential increase in data processed by organizations means a rise in errors, failures, and vulnerabilities is expected. But with pings... read more.

• September 29, 2023

By Steve Gold, Posted in Security

One of the most famous wizards of all time, Harry Potter, learned that he was destined to attend Hogwarts School of Witchcraft and Wizardry on his 11th birthday. It was then that Harry acquired his first wand at Ollivanders shop in Diagon Alley. From the moment he received his first wand, Harry had to learn how to wield the power of his wand. Similarly, in the digital landscape, providing every user with administrator privileges is like handing them a wand without proper training. Just as aspiring wizards... read more.

• September 27, 2023