Exploit Wednesday

EXPLOIT WEDNESDAY PATCH TUESDAY IS NOW FOLLOWED BY EXPLOIT WEDNESDAY For years we were satisfied that within a couple of weeks after Patch-Tuesday the latest rounds of patches would go through deployment and stability testing then be applied to production systems in due time. THIS WAS ACCEPTABLE UNTIL RECENTLY Over recent months, using advanced reverse[…]

KnowBe4 Scam of the Week

REPOSTED FROM THE KNOWBE4 WEBSITE We partner with KnowBe4 for obvious reasons REPOSTED FROM THE ORIGINAL POST AT KnowBe4 Here is the triple-threat scam which was discovered by our friends at Malwarebytes: Comcast has a search page called Xfininity that serves tons of searches. On this page is a malicious ad (served by Google) from[…]

Security and Change Management

UNCONTROLLED CHANGE IS THE ANTITHESIS OF SECURITY EASY TO UNDERSTAND, HARD TO IMPLEMENT Effective SMB Change Management is a rare beast. Most client organizations don’t demand change management procedures until after a series of troubling failures has soured a relationship. Many Managed Service Providers (MSP’s) don’t introduce the topic early in the life of an[…]

Private Key Management

CERTIFICATES PROVIDE GREAT SECURITY ONLY IF UNDERSTOOD AND IMPLEMENTED PROPERLY Secure Certificates protect almost everything on the internet. Whether Symmetric or Asymmetric the foundational technology usually relies on a certificate or key. The key system is usually part of a set of private and public keys used for various purposes and relying on eachother for[…]

(SSD) Solid State Drive Destruction

SOLID STATE DRIVE DESTRUCTION THERE IS ONLY ONE WAY TO SAFELY DISPOSE OF AN SSD DRIVE Secure destruction of digital media is an interesting topic. Most normal hard drives can ben degaussed or overwritten enough times to control any issues with data remnance. SSD Drives started to become very popular about three years ago and[…]

Breach Reporting

BREACH REPORTING IN THE UNITED STATES REPORTING IS MANDATORY In the US reporting is mandatory within 30 days of a data breach. There are also certain laws requiring various notification methods to alert affected individuals given the scope of the release. In Canada we have no such reporting requirements and therefore have no way of[…]