Blog

By Steve Gold, Posted in Security

If you’re a geek like me, you remember the above line from Star Wars Episode VI: Return of the Jedi where a strike team posing as an engineering crew gives a stolen (dormant) authorization code as they attempt to pass through a security checkpoint. The successful use of that dormant code allowed the rebels to take down the force field, fly inside the superstructure, knock out its main reactor, and destroy the Death Star. Dormant accounts are those virtual identities that lie idle, untouched, and unus... read more.

• September 19, 2023

By Eric Corcoran, Posted in Technology Week in Review

Monday 9/11 New Perimeters—Identity Threats Are the New Attack Surface (Proofpoint) Cyber criminals can bypass standard perimeter defenses with minimal effort or technical know-how by targeting unmanaged and misconfigured identities. Service accounts, local and shadow admins and cached credentials often slip through the net of privilege and password security tools. https://bit.ly/488aQeF Purity//FA 6.4.10: NFS 4.1 Support and Ransomware Protection Enhancements (Pure Storage) The latest release of... read more.

• September 15, 2023

By Steve Gold, Posted in Security

If you’ve ever seen Jimmy Kimmel Live, I hope you’ve seen the “What’s your Password” skit. As funny, and as incredibly disappointing this is, it’s real life. We’re not in Kansas anymore folks. Many years ago, all we needed to do to protect our assets was lock our door. Now, our assets are spread across a virtual kingdom. Our online activities touch almost every aspect of our lives. From banking and shopping to work and communication, our digital presence is widespr... read more.

• September 13, 2023

By Eric Corcoran, Posted in Technology Week in Review

Tuesday 9/5 What Is Smishing and How Organizations Can Protect Themselves (Arctic Wolf) SMS (short messaging service) phishing or “smishing” is a common type of cyber attack where victims receive misleading text messages intended to trick them into providing credentials, access, valuable data, or even downloading malware onto a system. It is also called “cell phone phishing.” https://bit.ly/3fvq8nh The Evolution of Cybersecurity in Banking (Fortinet) As highlighted in recent rep... read more.

• September 08, 2023

By Steve Gold, Posted in Security

“Identity theft is not a joke, Jim.” If you’re not familiar with this reference, please DM me as we have much to discuss. For context, the line above is said by Dwight K. Schrute, a character played by Rainn Wilson in the TV series The Office. In this episode a colleague impersonates Dwight, causing the line above. Once again, Dwight highlights the importance of account/identity security within an organization without hiding weapons throughout the office. User and administrator accounts p... read more.

• September 06, 2023

By Eric Corcoran, Posted in Technology Week in Review

Monday 8/28 Surge in Cybercrime: Check Point 2023 Mid-Year Security Report Reveals 48 Ransomware Groups Have Breached Over 2,200 Victims (Check Point) The key takeaway from CPR’s 2023 Mid-Year Security Report is that cybersecurity is a dynamic battlefield. It underscores the need for organizations to evolve their security strategies in tandem with the shifting threat landscape, employing a combination of the latest AI-driven defenses and a deep understanding of older vulnerabilities. https://bit.ly... read more.

• September 01, 2023

By Eric Corcoran, Posted in Technology Week in Review

Monday 8/21 How to Protect Your Cloud Environment From Today’s Top 5 Threats (Varonis) Cloud environments are evolving quickly, and so are the threats looking to compromise them. No matter what the risk is or what the attack vector is, the goal is always the same: threats are after the data.  https://bit.ly/3qFixIk Five Things To Know About PCI DSS 4.0 Authentication Requirements (HYPR) PCI DSS 4.0, introduces more than 60 new or updated requirements, with new directives around passwords and... read more.

• August 25, 2023

By Carlo Costanzo, Posted in Infrastructure

In my opinion, home labs are awesome. One of the best ways for you to learn software is to actually run it in your house on a home lab and have the ability to test out solutions, features, upgrades, and break fixes without having to worry about impacting your user base at work. The major drawback in running a home lab is cost. Often times, the gear is expensive (even when purchased used) and the cost to power the lab can also be excessive. Sure, you can spin things up in the cloud, but for me, I find witho... read more.

• August 25, 2023

By Eric Corcoran, Posted in Technology Week in Review

Monday 8/7 Prevention Is the Best Preparation for the SEC’s New Breach Disclosure Rules (CrowdStrike) The U.S. Securities and Exchange Commission (SEC) this week voted to adopt new rules for how companies inform investors about cybersecurity concerns. The vote comes after years of gradually increasing guidance and scrutiny over companies’ handling of cybersecurity events. https://bit.ly/3qeR0NR The 8 Stages of the Ransomware Attack Chain (Proofpoint) Although attackers may be constantly fin... read more.

• August 18, 2023

By Carlo Costanzo, Posted in Infrastructure

Sometimes with VMware solutions, you need to install a custom vSphere Installation Bundle (VIB). There are VIBs for Nvidia GPUs, storage VIBs, and many others. In this post, let’s talk about how you can use Lifecycle Manager to install VIBs, rather than messing around with the Command Line as most of the instructions would have you do. What is a VIB? A VIB is a package containing software that you can install on a VMware ESXi host. It is typically a ZIP file containing the kernel modules, scripts, a... read more.

• August 16, 2023