//mega nav ctas

OneNeck Blog

Author: Katie McCullough, OneNeck CISO

March 4, 2021

CVE-2021-26855 - Microsoft Exchange Server Remote Code Execution Vulnerability

Over the last couple of days, Microsoft released out-of-band security updates to address multiple vulnerabilities in Microsoft Exchange that could allow an unauthenticated, remote attacker to exploit an Exchange Server by sending a specially crafted HTTP request over port 443 allowing the attacker to authenticate.

Continue Reading

December 17, 2020

FireEye Red Team Tools Breach – Yet Another Example that No One’s Safe.

Data breaches are everywhere, and everyone is susceptible – even the security experts. This was recently put front and center by the state-sponsored adversary that stole FireEye’s Red Team tools.

Continue Reading

December 16, 2020

OneNeck's Response to the FireEye Breach

Specific to the FireEye breach which identified a widespread compromise of Solarwinds software, OneNeck continues to ensure we are following security industry and vendor recommendations for securing our environment specific to any of the Common Vulnerabilities and Exposures (CVE) and any Indicators of Compromise’s (IoC) that become known to be associated with these breaches.  The CVEs specifically associated with these breaches have documented solutions from the appropriate vendors that have ...

Continue Reading

July 28, 2020

Anatomy of Ransomware

Ransomware is a type of malware that threat actors use to infect computers and encrypt computer files until a ransom is paid. After the initial infection, ransomware will attempt to spread to as many connected systems as possible, including  file systems and other accessible systems on a business’s network.

Continue Reading

October 23, 2019

When it comes to avoiding risk, what is OneNeck doing?

Security is intrinsic to our services (for all customers) and organization (all the way to the president and CEO of our parent company TDS Inc.). It’s part of every service we develop—from start to finish. Additionally, we leverage the Critical Security Controls (CSC), outlined by the Center for Internet Security (CIS), to complete our annual security assessments and third party audits. The Critical Security Controls provide a series of cybersecurity actions prioritized by their criticality in ...

Continue Reading

August 27, 2019

Components of a Successful Security Practice

In its simplest form, compliance is about setting rules and following them, every time. No wavering, no audible—everyone simply follows the rules—every time. Seems easy, but it’s not always.

Continue Reading

June 4, 2019

Creating a strong external security posture is critical

Creating a strong external security posture is critical. But what can businesses do to protect their data and environments?

Continue Reading

October 9, 2018

The Big Chinese Hack – What do we know, and what should we do?

There has been a lot of chatter the past several days around a POTENTIAL hack via a China-based manufacture chip.  Yet, despite all the clamor, there are mixed reports about how real this is.

Continue Reading