Blog

By Eric Corcoran, Posted in Technology Week in Review

Tuesday 5/26 ThreatList: People Know Reusing Passwords Is Dumb, But Still Do It Researchers said that password reuse was the biggest security faux pas being committed by respondents. In fact, password reuse has actually gotten worse over the years: When asked how frequently they use the same password or a variation, 66 percent answered “always” or “mostly” – which is up 8 percent from the same survey in 2018. https://bit.ly/3glWxbn Is Disaster Recovery Really Ransomware Rec... read more.

• May 29, 2020

By Eric Corcoran, Posted in Technology Week in Review

ICYMI: Check out the link below if you missed our latest live panel webinar "Incident Response: How to Detect & Recover Remotely". https://bit.ly/2XaFz73 Monday 5/18 Ready-made COVID-19 Themed Phishing Templates Copy Government Websites Worldwide (Proofpoint) Threat actors are continuing to try and take advantage of people worldwide as the pandemic continues—and most recently their efforts have included using fake websites, associated with COVID-19 financial assistance, to steal credentials. ... read more.

• May 21, 2020

By Eric Corcoran, Posted in Technology Week in Review

Monday 5/11 Microsoft and F5: Together Addressing Secure Remote Access and Productivity (F5 Networks) F5 BIG-IP APM and Azure Active Directory simplify the user experience for application access by enabling users to log in once and access all applications they have the right to access, from a single location. https://bit.ly/2zuVdC0 We Are Excited to Announce the Acquisition of The Defence Works (Proofpoint) The Defence Works’ award-winning content will be integrated into our broader Proofpoint Se... read more.

• May 15, 2020

By Eric Corcoran, Posted in Technology Week in Review

Monday 5/4 FlashBlade 3.0: The Solution for Modern Unstructured Data (Pure Storage) FlashBlade uniquely solves for multi-dimensional performance, agility, and simplicity with the efficiencies of public cloud, but in your data center. https://bit.ly/2xu9vCi CursedChrome turns your browser into a hacker's proxy Once the attacker has connected to an infected host, they can then navigate the web using the infected browser, and by doing so, hijack logged-in sessions and online identities to access forbidden... read more.

• May 08, 2020

By Eric Corcoran, Posted in Technology Week in Review

Monday 4/27 Beware of the GIF: Account Takeover Vulnerability in Microsoft Teams (CyberArk) Attackers could have used a malicious GIF to scrape user’s data and ultimately take over an organization’s entire roster of Teams accounts. https://bit.ly/2VHzxeB Cisco and Google Cloud Partner to Bridge Applications and Networks: Announcing Cisco SD-WAN Cloud Hub with Google Cloud This automated solution will ensure that applications and enterprise networks will be able to share service-level agreem... read more.

• May 01, 2020

By Eric Corcoran, Posted in Technology Week in Review

Monday 4/20 Coronavirus update: as economic stimulus payments start to flow, cyber-attackers want to get their share too (Check Point) Users that visit these malicious domains instead of the official Government websites risk having their personal information stolen and exposed, or payment theft and fraud. https://bit.ly/3eBlhf6 Zero Trust, SASE-Digital Enablers or Adding Complexity to Cyber Ecosystems (McAfee) The reality is they [Zero Trust and SASE] are built upon a similar foundation of least privil... read more.

• April 24, 2020

By Eric Corcoran, Posted in Technology Week in Review

Monday 4/13 Gotham COVID-19 Update https://bit.ly/2RxqP02 NIST SP 800-53 Revision 5 Public Draft Available for Review and Comment NIST is separating the controls catalog from the control baselines-SP800-53 Controls catalog, which will be online, and SP800-53B “bravo” Controls Baselines. https://bit.ly/3c9lFzm Cloud Security for Rapidly Increasing Remote Work (Fortinet) Many corporate resources, especially at the core network, were not designed for this sudden load of connections and traff... read more.

• April 17, 2020

By Gotham, Posted in Infrastructure, Security, Staffing, Support

Gotham Community, It’s been three weeks since New York State issued lockdown orders and four weeks since we enacted our work from home protocol in response to the COVID-19 pandemic. I hope this note finds you all sheltering in place and that you and your families are safe. What follows is a brief update on our current capabilities and procedures. We are serving all of our clients remotely and are pleased to report no impact on our ability to fulfill client requirements and meet our service level ag... read more.

• April 13, 2020

By Gotham, Posted in Infrastructure, Security, Staffing, Support

Gotham Community, It’s been three weeks since New York State issued lockdown orders and four weeks since we enacted our work from home protocol in response to the COVID-19 pandemic. I hope this note finds you all sheltering in place and that you and your families are safe. What follows is a brief update on our current capabilities and procedures. We are serving all of our clients remotely and are pleased to report no impact on our ability to fulfill client requirements and meet our service level ag... read more.

• April 13, 2020

By Nancy Rand, Posted in Security

NIST has released SP 800-53 Revision 5 Public draft for review and comment. https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/draft NIST is separating the controls catalog from the control baselines-SP800-53 Controls catalog, which will be online, and SP800-53B “bravo” Controls Baselines. The following are available at https://go.usa.gov/xdevj Draft SP 800-53 Revision 5 Summary of Changes from Revision 4 Comment Template Open Security Control Assessment Language (XML, JSON, YAML)... read more.

• April 10, 2020