Blog

By Eric Corcoran, Posted in Technology Week in Review

Monday 8/7 Prevention Is the Best Preparation for the SEC’s New Breach Disclosure Rules (CrowdStrike) The U.S. Securities and Exchange Commission (SEC) this week voted to adopt new rules for how companies inform investors about cybersecurity concerns. The vote comes after years of gradually increasing guidance and scrutiny over companies’ handling of cybersecurity events. https://bit.ly/3qeR0NR The 8 Stages of the Ransomware Attack Chain (Proofpoint) Although attackers may be constantly fin... read more.

• August 18, 2023

By Carlo Costanzo, Posted in Infrastructure

Sometimes with VMware solutions, you need to install a custom vSphere Installation Bundle (VIB). There are VIBs for Nvidia GPUs, storage VIBs, and many others. In this post, let’s talk about how you can use Lifecycle Manager to install VIBs, rather than messing around with the Command Line as most of the instructions would have you do. What is a VIB? A VIB is a package containing software that you can install on a VMware ESXi host. It is typically a ZIP file containing the kernel modules, scripts, a... read more.

• August 16, 2023

By Steve Gold, Posted in Security

If you ever played the massively multiplayer online role-playing game (MMORPG) World of Warcraft, you entered a fantastical world where you create a character, embark on quests, and explore vast virtual landscapes. In the early days of "World of Warcraft," the default account for players was the "Guest" account. The account had limited capabilities and was mainly meant for players who were trying out the game before subscribing to a full account. Not surprisingly, some players discovered that the "Guest" a... read more.

• August 16, 2023

By Steve Gold, Posted in Security

If you were lucky enough to watch Mr. Robot (no judgement here, please!), you learned some valuable lessons on implementing robust security measures and seeing how they can be compromised. In this blog, we will explore how the show's character, Tyrell Wellick, exemplifies secure asset and software management through version-controlled-infrastructure-as-code and accessing administrative interfaces via Secure Shell (SSH) and Hypertext Transfer Protocol Secure (HTTPS). SSH provides a secure and encrypted mean... read more.

• August 08, 2023

By Eric Corcoran, Posted in Technology Week in Review

Monday 7/31 Making Zero Standing Privileges a Reality (CyberArk) The most significant change in the lifespan of identity security thus far is zero standing privileges (ZSP). Considered to be the next evolution of just-in-time (JIT) access, although it may seem needlessly complex at first, once you wrap your head around the concept, it feels as natural as turning off lights when you leave a room. https://bit.ly/457DKZX Build Strong, Secure Browsing Habits During—and Before—Cybersecurity Aware... read more.

• August 04, 2023

By Steve Gold, Posted in Security

Many homeowners invest in home security systems to protect their property and loved ones. These systems often include components such as alarms, surveillance cameras, and access control measures. They act as a deterrent against intruders and provide peace of mind by ensuring the safety and security of the household. Similarly, implementing and managing a firewall on end-user devices can be compared to having a personal security system for digital devices. A firewall acts as a digital barrier, monitoring an... read more.

• August 01, 2023

By Eric Corcoran, Posted in Technology Week in Review

Monday 7/24 Five Ways to Secure External Identities (CyberArk) The cast of characters playing essential roles in driving your high-stakes initiatives continues to grow in number, scope and risk. Keeping their identities secure is essential for preventing third-party breaches and attacks – and for protecting everything these external B2B users are building for your enterprise. https://bit.ly/43FTGSj Ransomware Roundup - Cl0p (Fortinet) The Cl0p ransomware appears to be a descendent (or variant) of... read more.

• July 28, 2023

By Carlo Costanzo, Posted in Infrastructure, Virtualization

Do you have any Raw Disk Mappings (RDMs) in your environment? If so, you might want to learn more about Clustered VMDKs. Clustered VMDKs vs RDMs Before Clustered VMDKs, clients would have to use RDMs to present a shared disk between VMs. RDMs were basically LUNs passed directly through the ESXi host to the Virtual Machines. The cluster software then handled writes and locking directly with the SAN. You could abstract the interactions a bit more by using Virtual Raw Disk Mappings (vRDMs), but the gist of t... read more.

• July 27, 2023

By Steve Gold, Posted in Security

Steve’s Thoughts I’ve heard this many times in my life from a bouncer at a club/event. Sometimes it was my ID, sometimes there were too many people already in, and sometimes it was because, well, they just said no. Nightclubs and events employ bouncers to control access and maintain security within the venue. Bouncers act as a barrier between the outside world and the controlled environment inside, ensuring that only authorized individuals are granted entry. Similarly, a firewall can be compa... read more.

• July 25, 2023

By Eric Corcoran, Posted in Technology Week in Review

Monday 7/17 VMware's Purple Screen of Death Similar to Microsoft’s Blue Screen of Death, the Purple Screen of Death occurs when there is a kernel panic in Linux variants that result in a system halt. This typically is due to a driver issue, hardware issue, or in my case, a recent patch. https://www.gothamtg.com/blog/vmwares-purple-screen-of-death Log4j Vulnerability: Are Organizations Still at Risk? (F5) It’s been almost 2 years since the log4j vulnerability was exposed, and organizations a... read more.

• July 21, 2023