Prepare for Patch Tuesday!

Do you have a patching strategy? It should include turning off Automatic Windows update. Patch Tuesday is here. To avoid the usual splitting headache, we recommend disabling automatic updates for Windows and implementing a reliable patch strategy. Windows 10 updates whether you want it to or not…unless you know the trick. While we recommend that…

Critical 9.9 Zoom Vulnerability

Exploit Could Install Malware on Desktops Research done by Tenable®, Inc. has revealed a critical vulnerability in Zoom’s Desktop Conferencing Application. Over 750,000 companies use Zoom as their conferencing and webinar platform. This exploit could be leveraged to spoof chat messages, remove and lock out conference attendees, and even bypass screen control permissions to execute…

December Third-Party Security Updates

Business Evolves with Technology Recently, Forbes outlined 5 ways retail is attempting to redefine itself. Overall, businesses are experimenting with new technologies, utilizing IoT devices to craft a more engaging shopping experience. But are they exposing themselves to security risks? “Smart IoT devices such as beacons and smart shelves offer retail companies the efficiency to…

Patch Outdated Systems

The United States Postal Service has finally patched a known critical vulnerability that left 60 million user’s data exposed for over a year. As horrifying as the news is, the USPS’s actions shouldn’t come as a surprise: a recent report states that nearly 60% of organizations that suffered a data breach in the past two years…

Malware: It’s Not If…It’s When

An unfortunate fact for IT departments is that they will, at some point, face a malware crisis. Here’s how addressing malware normally plays out. At some point after the infection occurs, usually much later, it gets noticed. Whether by pure luck or through receiving a ransom notice, the IT department becomes aware of the crisis…

Samsung SSD Vulnerability Bypasses Bitlocker Encryption

Samsung Unlocks Bitlocker Microsoft, Samsung, and US-Cert have all issued advisories regarding a newly discovered vulnerability. A grouping of some of the most widely used SSDs contain a vulnerability that would allow access to encrypted data without the encryption key. Products tested and found to be vulnerable: Crucial (Micron) MX100, MX200 and MX300 drives Samsung…

November Third-Party Security Updates

Critical Updates for Apple and More On the same day that Apple announced their new set of products, they released a massive group of updates. These patches address critical vulnerabilities throughout their operating systems and software offerings. The OS vulnerabilities, both iOS and macOS, could allow arbitrary code execution. While Apple won’t reveal much about…

Most Linux Builds Need an Immediate Patch

An Attacker Could Take Over Impacted Systems With 3 Commands or Less A security researcher has discovered a highly critical flaw in X.Org Server package that impacts OpenBSD and most Linux distributions, including Debian, Ubuntu, CentOS, Red Hat, and Fedora. The flaw, tracked as CVE-2018-14665, was introduced in X.Org server 1.19.0 package that remained undetected for…