Western Digital MyCloud NAS Vulnerability

March 6, 2017: A Critical Vulnerability has been found in the Western Digital MyCloud Series of NAS Drives This latest vulnerability presents a very real potential for complete loss of control of the device. If deployed properly, this NAS should be behind a firewall and further secured by design elements that reduce the risk these devices[…]

Exploit Wednesday

EXPLOIT WEDNESDAY PATCH TUESDAY IS NOW FOLLOWED BY EXPLOIT WEDNESDAY For years we were satisfied that within a couple of weeks after Patch-Tuesday the latest rounds of patches would go through deployment and stability testing then be applied to production systems in due time. THIS WAS ACCEPTABLE UNTIL RECENTLY Over recent months, using advanced reverse[…]

KnowBe4 Scam of the Week

REPOSTED FROM THE KNOWBE4 WEBSITE We partner with KnowBe4 for obvious reasons REPOSTED FROM THE ORIGINAL POST AT KnowBe4 Here is the triple-threat scam which was discovered by our friends at Malwarebytes: Comcast has a search page called Xfininity that serves tons of searches. On this page is a malicious ad (served by Google) from[…]

Security and Change Management

UNCONTROLLED CHANGE IS THE ANTITHESIS OF SECURITY EASY TO UNDERSTAND, HARD TO IMPLEMENT Effective SMB Change Management is a rare beast. Most client organizations don’t demand change management procedures until after a series of troubling failures has soured a relationship. Many Managed Service Providers (MSP’s) don’t introduce the topic early in the life of an[…]

Private Key Management

CERTIFICATES PROVIDE GREAT SECURITY ONLY IF UNDERSTOOD AND IMPLEMENTED PROPERLY Secure Certificates protect almost everything on the internet. Whether Symmetric or Asymmetric the foundational technology usually relies on a certificate or key. The key system is usually part of a set of private and public keys used for various purposes and relying on eachother for[…]

(SSD) Solid State Drive Destruction

SOLID STATE DRIVE DESTRUCTION THERE IS ONLY ONE WAY TO SAFELY DISPOSE OF AN SSD DRIVE Secure destruction of digital media is an interesting topic. Most normal hard drives can ben degaussed or overwritten enough times to control any issues with data remnance. SSD Drives started to become very popular about three years ago and[…]

Penetration Testing Level II

PENETRATION TESTING LEVEL II – NETWORK EVALUATION Much more hands-on than a Level I assessment. This process looks at external technical risk potential, however does not actively attempt manual intrusions. This Assessment results in a Threat Analysis Report and defines an estimate of the exposure profile of an organization. The following items are explored: External Firewall Ports[…]

Penetration Testing Level I

PENETRATION TESTING LEVEL I – HIGH LEVEL ASSESSMENT A top-down look at the organization’s policies, procedures, standards and guidelines. A Level I assessment does not usually involve hands-on technical work. During this period a technical system’s security is not actually tested, rather policies and procedures. The following items are explored: New User Requests or Changes Physical Security[…]