“Treat your password like your toothbrush. Don’t let anyone else use it and change it every six months” -Clifford Stoll Password security is always on our minds. The NYS Comptroller’s Office technology audits love to list this in audit reports as an area that needs improvement.
Tech Tidbit – The pain of changing passwords
Microsoft releases an out of band patch for Domain Controllers addressing authentication issues
I wanted to update you on the Microsoft authentication issues caused by the May patches. Microsoft has released an “out of band” update for the on-going Microsoft authentication issues stemming from the May Microsoft Domain Controller patches.
Special Session with the former White House CISO about the Ukraine War – Recording Available
This month we talked about how the Ukraine situation affects the cybersecurity landscape for the US and what it means for network security. Leading this discussion was Jason Whitehurst, a cybersecurity professional of over 20+ years, and Vince Crisler, former White House CISO and DarkCubed founder and CEO. Scott Quimby had the opportunity to listen […]
An update on Microsoft’s May Patch Issues with Domain Controllers and Certificate-Based Authentication
I wanted to update you on the Microsoft authentication issues caused by the May patches. This only potentially affects Microsoft Domain Controllers. More specifically it only affects Domain Controllers that are using certificates in any way for some form of authentication.
Vulnerability Disclosed in HPE BIOS
Recently I wrote about the increasing vulnerabilities in BIOS/UEFI underneath the operating system and encouraging you to update your devices to current BIOS levels. We have been notified of a vulnerability in select HPE BIOS. If you have HPE endpoints, please read the attached notice.
KACE Systems Management Appliance – Critical Vulnerability Disclosure
Quest has notified us that they have a critical vulnerability. If you use a KACE appliance, please read this information and perform their recommended mitigation steps. Kace Critical Vulnerability -Scott Quimby
Tech Tidbit – My Achilles Heel – Closing your District’s Vulnerability Gaps
“Legends state that Achilles was invulnerable in all of his body except for one heel because when his mother Thetis dipped him in the River Styx as an infant, she held him by one of his heels. Alluding to these legends, the term “Achilles’ heel” has come to mean a point of weakness, especially in […]
Ransomware and Incident Response: How Security Controls Help Districts Reduce Risk and Prepare for Action (and achieve Ed Law 2-d Compliance) – Recording Available
Speaker: Alan Winchester, Chief Development Officer, Caetra.io Alan Winchester is the Chief Development Officer and creator of CyMetric™. His vision is to enable customers overwhelmed with the issues surrounding legal compliance to meet their obligations intuitively and simply, reducing the need to incur the expenses of consultants and lawyers.
A discussion of MITRE ENGENUITY 2022 independent testing results – Recording Available
Mitre Engenuity has released its 2022 fully independent evaluation of 30 of the most common cybersecurity endpoint protection platforms. Why does this matter? The 2022 assessment and results are particularly interesting because the payload they used is the most common, and nefarious, ransomware and malware variants in use today.