“Treat your password like your toothbrush. Don’t let anyone else use it and change it every six months” -Clifford Stoll Password security is always on our minds. The NYS Comptroller’s Office technology audits love to list this in audit reports as an area that needs improvement.

I wanted to update you on the Microsoft authentication issues caused by the May patches. Microsoft has released an “out of band” update for the on-going Microsoft authentication issues stemming from the May Microsoft Domain Controller patches.

This month we talked about how the Ukraine situation affects the cybersecurity landscape for the US and what it means for network security. Leading this discussion was Jason Whitehurst, a cybersecurity professional of over 20+ years, and Vince Crisler, former White House CISO and DarkCubed founder and CEO. Scott Quimby had the opportunity to listen […]

I wanted to update you on the Microsoft authentication issues caused by the May patches. This only potentially affects Microsoft Domain Controllers. More specifically it only affects Domain Controllers that are using certificates in any way for some form of authentication.

Recently I wrote about the increasing vulnerabilities in BIOS/UEFI underneath the operating system and encouraging you to update your devices to current BIOS levels. We have been notified of a vulnerability in select HPE BIOS. If you have HPE endpoints, please read the attached notice.

Quest has notified us that they have a critical vulnerability. If you use a KACE appliance, please read this information and perform their recommended mitigation steps. Kace Critical Vulnerability -Scott Quimby

“Legends state that Achilles was invulnerable in all of his body except for one heel because when his mother Thetis dipped him in the River Styx as an infant, she held him by one of his heels. Alluding to these legends, the term “Achilles’ heel” has come to mean a point of weakness, especially in […]

  Speaker: Alan Winchester, Chief Development Officer, Caetra.io Alan Winchester is the Chief Development Officer and creator of CyMetric™. His vision is to enable customers overwhelmed with the issues surrounding legal compliance to meet their obligations intuitively and simply, reducing the need to incur the expenses of consultants and lawyers.

Mitre Engenuity has released its 2022 fully independent evaluation of 30 of the most common cybersecurity endpoint protection platforms. Why does this matter? The 2022 assessment and results are particularly interesting because the payload they used is the most common, and nefarious, ransomware and malware variants in use today.

Your techs *should not* be local admins anymore. It is simply too dangerous.   I have personally been a limited user on all my laptops, VMs and desktops for three years. I am living a happy life. It is time to completely eliminate this concept of “Techs are Local Admins”. It is simply too dangerous […]