Blog

By Eric Corcoran, Posted in Technology Week in Review

Monday 4/27 Beware of the GIF: Account Takeover Vulnerability in Microsoft Teams (CyberArk) Attackers could have used a malicious GIF to scrape user’s data and ultimately take over an organization’s entire roster of Teams accounts. https://bit.ly/2VHzxeB Cisco and Google Cloud Partner to Bridge Applications and Networks: Announcing Cisco SD-WAN Cloud Hub with Google Cloud This automated solution will ensure that applications and enterprise networks will be able to share service-level agreem... read more.

  • May 01, 2020

By Eric Corcoran, Posted in Technology Week in Review

Monday 4/20 Coronavirus update: as economic stimulus payments start to flow, cyber-attackers want to get their share too (Check Point) Users that visit these malicious domains instead of the official Government websites risk having their personal information stolen and exposed, or payment theft and fraud. https://bit.ly/3eBlhf6 Zero Trust, SASE-Digital Enablers or Adding Complexity to Cyber Ecosystems (McAfee) The reality is they [Zero Trust and SASE] are built upon a similar foundation of least privil... read more.

  • April 24, 2020

By Eric Corcoran, Posted in Technology Week in Review

Monday 4/13 Gotham COVID-19 Update https://bit.ly/2RxqP02 NIST SP 800-53 Revision 5 Public Draft Available for Review and Comment NIST is separating the controls catalog from the control baselines-SP800-53 Controls catalog, which will be online, and SP800-53B “bravo” Controls Baselines. https://bit.ly/3c9lFzm Cloud Security for Rapidly Increasing Remote Work (Fortinet) Many corporate resources, especially at the core network, were not designed for this sudden load of connections and traff... read more.

  • April 17, 2020

By Gotham, Posted in Infrastructure, Security, Staffing, Support

Gotham Community, It’s been three weeks since New York State issued lockdown orders and four weeks since we enacted our work from home protocol in response to the COVID-19 pandemic. I hope this note finds you all sheltering in place and that you and your families are safe. What follows is a brief update on our current capabilities and procedures. We are serving all of our clients remotely and are pleased to report no impact on our ability to fulfill client requirements and meet our service level ag... read more.

  • April 13, 2020

By Gotham, Posted in Infrastructure, Security, Staffing, Support

Gotham Community, It’s been three weeks since New York State issued lockdown orders and four weeks since we enacted our work from home protocol in response to the COVID-19 pandemic. I hope this note finds you all sheltering in place and that you and your families are safe. What follows is a brief update on our current capabilities and procedures. We are serving all of our clients remotely and are pleased to report no impact on our ability to fulfill client requirements and meet our service level ag... read more.

  • April 13, 2020

By Nancy Rand, Posted in Security

NIST has released SP 800-53 Revision 5 Public draft for review and comment. https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/draft NIST is separating the controls catalog from the control baselines-SP800-53 Controls catalog, which will be online, and SP800-53B “bravo” Controls Baselines. The following are available at https://go.usa.gov/xdevj Draft SP 800-53 Revision 5 Summary of Changes from Revision 4 Comment Template Open Security Control Assessment Language (XML, JSON, YAML)... read more.

  • April 10, 2020

By Nancy Rand, Posted in Security

Today’s privacy laws and regulations require privacy by design and by default for systems, networks, and applications. ISACA is creating a Privacy Certification. The certification targets IT professionals that implement defenses. It is intended to assess an individual’s ability to design and implement privacy by design. The work is for cross-functional design work and expected to bridge legal and technical functions. These individuals will work with operations, systems, security, application an... read more.

  • April 10, 2020

By Michael Hawkins, Posted in Security

Recent events have compelled companies to support staff members working from home. Some aspects of working from home have similarities to mobile remote staff. But there are distinct differences that need to be taken into account due to the elevated risks that working from home networks present. The risks are human and technological in nature. Let’s review some of each. SECURING THE HOME NETWORK Severe vulnerabilities exist in low-cost consumer routers. Therefore, it is necessary to examine the make... read more.

  • April 10, 2020

By Eric Corcoran, Posted in Technology Week in Review

Monday 4/6 Wait One Damn Moment, Please Systems implementations are a delicate balancing act, requiring immense time and planning. So throwing in a new app during a routine deployment without doing your due diligence may make things much more difficult in the long run. https://bit.ly/3aOOS29 A practical approach for managing risk (Citrix) Considering the impact that a cyber-security event can have, companies need to have in place a proper risk management framework that aligns with changing business pri... read more.

  • April 10, 2020

By Ed Bratter, Posted in Infrastructure

Just wait one damn moment, please. I wonder how many of my fellow IT professionals have experienced some variation of this: You walk into the office on a sunny morning thinking about the tasks you need to do for the day. Before you get to your desk, you run into your manager, who says she needs you to attend a meeting in the conference room in 30 minutes. You grab a cup of coffee, do a couple of quick things, and stroll down the hall wondering what this could be about. You walk into the conference room, wh... read more.

  • April 03, 2020