October 7, 2021
Two days ago, The Apache Foundation disclosed a path traversal and file disclosure flaw in Apache HTTP Server 2.4.49 (an open-source web server for Unix and Windows that is among the most widely used web servers), tracked as CVE-2021-41773, as actively being exploited in the wild. The advisory does not indicate when exploitation of CVE-2021-41773 was detected, but the exploitation drove the expedited release of a patch by Apache.Continue Reading
June 17, 2021
No doubt about it — if your company has employees, you have shadow IT. According to a survey conducted by Stratecast and Frost & Sullivan, 80% of employees say they use applications on the job that aren’t approved by IT.
March 4, 2021
Over the last couple of days, Microsoft released out-of-band security updates to address multiple vulnerabilities in Microsoft Exchange that could allow an unauthenticated, remote attacker to exploit an Exchange Server by sending a specially crafted HTTP request over port 443 allowing the attacker to authenticate.
December 17, 2020
Data breaches are everywhere, and everyone is susceptible – even the security experts. This was recently put front and center by the state-sponsored adversary that stole FireEye’s Red Team tools.
December 16, 2020
Specific to the FireEye breach which identified a widespread compromise of Solarwinds software, OneNeck continues to ensure we are following security industry and vendor recommendations for securing our environment specific to any of the Common Vulnerabilities and Exposures (CVE) and any Indicators of Compromise’s (IoC) that become known to be associated with these breaches. The CVEs specifically associated with these breaches have documented solutions from the appropriate vendors that have ...
November 16, 2020
“What's in a name? That which we call a rose by any other name would smell as sweet.” True, Juliet, but a name does matter, especially when it’s simply arbitrary versus describing what it actually is. And this seems to be a truth that Microsoft has taken to heart…
September 24, 2020
On September 2nd, 2020, Cisco issued a Critical Security Advisory announcement regarding Cisco’s Jabber for Windows that customers should be aware of. A vulnerability in Cisco Jabber for Windows could allow an authenticated, remote attackers to execute arbitrary code. Attackers could achieve remote code execution by sending specially crafted chat messages.
September 17, 2020
On September 14, Citrix pushed out an announcement around a high-severity security vulnerability Citrix StoreFront customers should be aware of. An issue has been discovered in Citrix StoreFront (before 2006) that, if exploited, would allow an attacker who is authenticated on the same Microsoft Active Directory domain as a Citrix StoreFront server to read arbitrary files from that server.
August 31, 2020
Ransomware is at our doorstep. We cannot ignore it any longer or think we are not a target. In recent years at OneNeck, we have seen a significant upward trend of ransomware attacks. And even more troubling is in the last year, we have seen bad actors getting smarter, and they are now targeting your backup server and backup data to prevent you from recovering from the attack. As ZDNet stated, "The number of ransomware strains targeting NAS and backup storage devices is growing, with users ...
August 18, 2020
We’ve all heard of the dark web, but most law-abiding people don’t give it much thought, as we chalk it up to the place shady people go to do shady things. But the truth is that today’s data-driven organizations can no longer ignore the dark web and the possibility that their customer and employee data could be out there with a for-sale sign.
July 28, 2020
Ransomware is a type of malware that threat actors use to infect computers and encrypt computer files until a ransom is paid. After the initial infection, ransomware will attempt to spread to as many connected systems as possible, including file systems and other accessible systems on a business’s network.
July 8, 2020
Recent months have seen a massive shift towards supporting remote workers, which in turn has created a series of security challenges. IT teams are now not only tasked with quickly providing support for a never-before-seen number of offsite workers and their devices, but they must do it without compromising security – no small task.
March 31, 2020
As today’s IT teams are scrambling to figure out the logistics of helping their coworkers be productive from their home offices, it’s important to remember that security can’t be an afterthought. Enabling employees to work remote has only broadened the landscape for attackers, giving them even more opportunity to find a way into your organization.
December 23, 2019
Long ago, in a land far away, there used to be a network perimeter. Those were the good old days where the network perimeter was the all-encompassing traffic control point, and where traffic was all funneled through a single point, no matter where it came from. But the cloud changed everything by decentralizing the network, making the perimeter vaporize, and giving IT many a sleepless night.
November 6, 2019
For a long time, security initiatives have been driven by compliance mandates and a healthy dose of fear. But as threats continue to become more sophisticated, so must our efforts in thwarting them. This is why aligning with best practices is a great place to start, specifically the Center for Internet Security (CIS) Top 20 Critical Security Controls which was developed by a global group of security experts who continue to finetune them every year.
October 23, 2019
Security is intrinsic to our services (for all customers) and organization (all the way to the president and CEO of our parent company TDS Inc.). It’s part of every service we develop—from start to finish. Additionally, we leverage the Critical Security Controls (CSC), outlined by the Center for Internet Security (CIS), to complete our annual security assessments and third party audits. The Critical Security Controls provide a series of cybersecurity actions prioritized by their criticality in ...
October 1, 2019
Although containers aren’t new (been built into Linux for 10+ years and been available in FreeBSD, AIX and Solaris), containers seem to be all the rage, and for good reason. The agility containers can bring to an IT team alone make them appealing, but add in the security benefits that the self-contained nature of containers brings, they seem like a no brainer. But even with numerous benefits, there is also a lot of confusion about what they really are and what is the best-fit scenario. So, we ...
August 27, 2019
In its simplest form, compliance is about setting rules and following them, every time. No wavering, no audible—everyone simply follows the rules—every time. Seems easy, but it’s not always.
August 14, 2019
Do you ever feel that your non-IT co-workers are trying to thwart your security protocols – ignoring software update alerts, opening suspicious emails or not following password best practices? If it seems that way, it might be “security fatigue.”
July 30, 2019
I need backup for Office 365? Isn’t it already included? In short, no. The misconception that Microsoft fully backs up your data on your behalf is all too common. To the contrary, Microsoft is primarily focused on managing the infrastructure and ensuring uptime; you are responsible for your data.
June 6, 2019
Finding a mechanism to collect, store and analyze security only data is relatively simple. There is no shortage of options for storing data. Collecting all security relevant data and turning all that data into actionable intelligence, however, is a whole other matter.
June 4, 2019
Creating a strong external security posture is critical. But what can businesses do to protect their data and environments?
May 16, 2019
Are you running an older version of Windows and not current with your patch management? If so, you need to be aware of a recent exploitable vulnerability that just hit the news this week. Here's what you need to know...
May 16, 2019
It’s no secret... security attacks are the rise:
May 9, 2019
TeleSign research indicates that the majority of users use five or fewer passwords for all of their accounts. While it may seem efficient for password memory on your end, you could actually create a “domino effect” that allows hackers to take down multiple accounts by cracking one password.
April 18, 2019
How can a CIO be confident that IT will perform 24/7/365? According to Zerto, in today’s always-on, information-driven organizations, IT resilience depends completely on IT infrastructures that are up and running 24/7. The costs of downtime are huge and data loss can put a company out of business. Data loss is not only caused by natural disasters, power outages, hardware failure and user errors, but more and more by software problems and cybersecurity related disasters.
March 26, 2019
Credential stuffing is a type of cyber-attack where hackers take combinations of usernames and passwords leaked from other sites and use them to gain access to accounts on another site. F5 states that there’s typically a 1 to 2 percent success rate, which means that if a cybercriminal purchases 1 million stolen credential records (for sale on the dark web for fractions of a cent each), they can generally gain access to 10,000 to 20,000 accounts.
March 5, 2019
In Cisco’s February 2019 Threat Report, their cybersecurity experts analyzed prominent threats of the past year for clues to new attack strategies and targets. As they put it, “It's as close as we can get to anticipating future trends without a crystal ball.”
February 26, 2019
Antiquated is not a word commonly associated with the advanced worldwide network of client-server configurations that make up modern data transmission. However, advances in data storage, file sharing and security protocols have struggled to keep pace with demands on infrastructure, cybersecurity threats and the ever-evolving competition that drives the industry.
January 29, 2019
A look at retrospective security versus point-in-time solutions With cybercrime predicted to reach $6 trillion annually by 2021 and to be more profitable—and therefore, more attractive to criminal organizations—than the global combined trade of all major illegal drugs, businesses can no longer rely on traditional network security tools and expect to achieve protection.
January 22, 2019
Extended support for Windows Server 2008 and 2008 R2 is coming to an end respectively on January 14, 2020 What does end of support mean for Windows Server 2008 & 2008 R2?
January 15, 2019
Organizations, big or small, are all grappling with combating the onslaught of security attacks, making security a top priority for today’s IT teams in every vertical. As Forbes so broadly states, “Cybersecurity is applicable to every business operation, whether it’s in the military, corporations or entrepreneurs.” And while cybersecurity decisions used to be contained to the boardroom or high-level government agencies, now the average employee is hyper aware of the potential risks a breach can ...
January 10, 2019
Many IT leaders expect to see their budgets to increase or remain unchanged. This is driven largely by the need to upgrade aging infrastructure, accelerate digital transformation via a shift to the cloud and enhance their overall IT security posture.
January 3, 2019
As organizations embrace the cloud’s flexibility and agility, Microsoft’s cloud platform, Azure, has become a top choice as a cost-effective solution that scales for any organization, no matter the size, to meet agility and flexibility needs.
December 11, 2018
Organizations are rapidly embracing cloud services to gain agility and thrive in today’s digital economy. This has created a strategic imperative to better manage cybersecurity risk while keeping pace at scale as firms move critical apps to the cloud.
December 4, 2018
It’s that time of year, where twinkling lights and Santa’s sleigh full of toys are everywhere. But with all of the holiday bustle comes additional risk, the risk of mounting security threats as shoppers are eagerly swiping their credit cards while checking gifts off their lists. What does this mean for today’s organization, where the line between corporate and personal devices is blurrier than ever before?
November 7, 2018
Outsourcing is becoming an increasingly popular business strategy. By carving off business processes and giving them to outside vendors companies save money and resources. Outsourcing enterprise computing processes using cloud services, for example, allows you to hand off the cost and responsibility of maintaining on-premise hardware and software. However, just because you outsource your enterprise infrastructure does that mean your cloud service provider assumes total responsibility for your ...
October 9, 2018
There has been a lot of chatter the past several days around a POTENTIAL hack via a China-based manufacture chip. Yet, despite all the clamor, there are mixed reports about how real this is.
October 2, 2018
Early detection, rapid response, collaboration to mitigate advanced threats imposes significant demands on today’s enterprise security teams.
September 13, 2018
Running a security program can be an overwhelming task. There are so many factors to consider including: encryption, application security, disaster recovery and let’s not forget adherence to compliance mandates such HIPAA and PCI DSS . How then do security professionals prioritize and maintain their efforts to build the most effective security program for their business?
July 31, 2018
If there’s any constant in today’s technology landscape, it’s change. And when it comes to security, there’s no rest for the weary. Advancing technology, savvier-than-ever users and the onslaught of attacks are making today’s IT teams scramble to keep up. Now more than ever, it’s critical to make sure the basics are covered so that you have the ability to respond and keep your business safe.
March 29, 2018
One of the big challenges organizations face today is complexity, and security is no exception. According to the 2018 Cisco Annual Cybersecurity Report, in 2017, 25% of security professionals said they used products from 11 to 20 vendors, compared with 18% of security professionals in 2016. Also, in 2017, 16% said they use anywhere from 21 to 50 vendors, compared to 7% of respondents in 2016 (refer to figure below).
March 22, 2018
Ransomware has quickly become the most profitable form malware ever seen, on its way to becoming a $1 billion annual market. Last year, the FBI reported more than 4,000 ransomware attacks occurred daily between January and June of 2016 — a 300% increase from 2015. In 2017, nearly 10% of organizations worldwide recorded some sort of ransomware activity during Q1.
March 13, 2018
Today’s consumers demand their private information remains secure. But as we learned from the 2017 breach at Equifax that exposed the personal information of 145 million, even what should be the most secure companies fall under attack.
February 22, 2018
There’s a new buzzword making the rounds (like we needed another one). Move over Digital Transformation, and welcome Edge Computing. While it’s being credited with the power to deliver speed, security and cost-savings to organizations, is it really all that? Let’s break it down…
January 30, 2018
How many IoT (Internet of Things) devices is your company planning to install in 2018? Perhaps a plan for smart TVs in the conference room, webcams, smart locks or connected printers are in the works.
January 2, 2018
Who’s ready to fight cybercrime in 2018? Don’t all raise your hands at once. If you’re a CIO or CISO, you’re expected to protect the network and sensitive data.
October 31, 2017
Long gone are the days of yore, when IT administrators slept like babies, content that their company desktops, business apps and critical infrastructure were all tucked in safe, securely located behind a firewall. Today, an enterprise user is spending more time outside the safe haven of the network’s security and roaming on other networks in the big, terrifying world.
October 3, 2017
As a longtime Cisco partner, we’ve been a part of many Cisco Identity Services Engine (ISE) implementations and upgrades, giving us first-hand knowledge of not only how ISE helps our customers meet enterprise mobility challenges, but also gleaned some insider tips and tricks on how best to execute upgrades.
September 7, 2017
Malware is a broad term that encompasses any form of software designed to damage, steal or corrupt data. Ransomware, trojans, worms and rootkits are common malware examples, but the list is far more exhaustive, making fighting malware a normal part of operations for SMBs and corporations alike.
August 17, 2017
Digital transformation is disrupting the old ways of doing business by introducing digital technologies into the workplace and enabling employees to perform tasks in more efficient and productive ways, which in turn brings exponential new opportunity for business growth.
August 10, 2017
Distributed Denial of Service (DDoS) attacks aren’t like other types of cyber-attacks. They don’t spread malware into your network, and they don’t directly hijack sensitive data or steal from bank accounts. However, the financial and reputational damage caused by DDoS can be devastating to your business. They are also one of the most difficult types of cyber-attacks to defend against.
July 18, 2017
Ransomware was big business last year, estimated to have grossed cybercriminals $1 billion. More than half of US companies experienced a ransomware attack in 2016, and the threat continues to be a major concern for organizations.
June 29, 2017
Today’s CIOs must achieve a delicate balance between meeting business objectives and providing security for their most critical data and systems. As more organizations migrate operations to the cloud, cybersecurity is a critical consideration, but there are many other components to consider as well. If your business needs to meet compliance regulations such as PCI DSS, CERT, FINRA and HIPAA, you must have the structure in place to ensure you can pass audits. So, while security needs to be a ...
June 13, 2017
Loss Prevention and Protection As a result of a digital economy, the IT landscape is changing before our eyes. Cloud, big data, social and mobile have accelerated the pace of business like we have never seen. We see the Internet of Things (IoT) expanding at a prolific pace — with the expected market to reach $1.7 trillion by 2020. Advanced robotics, automation and artificial intelligence (AI) are quickly adding to the mix, and regulations for governing all this growth haven’t really caught up.
June 6, 2017
The healthcare IT market is expected to double — reaching a projected $280 billion by 2020. The federal portion of national healthcare spending, according to the Federal government, will grow 86%, from $920 billion in 2015 to $1.7 trillion by 2025. Deltek's Federal Health Information Technology Market report states that as the need for improvements in healthcare quality, interoperability and privacy grows, federal agencies acting as payers, promoters and providers will continue to invest in ...
May 16, 2017
The growing mobile workforce is bringing with it two of the fastest growing operational and security concerns — Enterprise Mobility and Bring Your Own Device (BYOD).
April 13, 2017
Q. Many experts maintain that the total cost of ransomware in 2016 was over a billion dollars – that’s a staggering number. With the rate of sophisticated security attacks increasing at an alarming rate, how can an organization protect themselves from data leaks and/or malicious security attacks?
April 11, 2017
Sensitive business data at rest in the cloud is more vulnerable than ever before. Ensuring that this critical corporate data is secure against unauthorized access and meets any organizational policies, industry or government regulations, is of critical importance to many CIOs.
March 23, 2017
From hospitals and government agencies, to enterprise organizations and everyday business owners, to private citizens— it seemed like no one was immune from ransomware in 2016. As we are now well into 2017, we’re continuing to see alarming rates of ransomware attacks that encrypt data or lock digital files until a ransom is paid.
November 10, 2016
Cisco’s 2016 Midyear Cybersecurity Report provides an unfiltered look into the current cybersecurity landscape. It’s not a rosy picture, as the report reveals the growing threat of cyberattacks, and most notably, ransomware. The report, though, isn’t all doom and gloom and reveals the latest measures organizations can implement to protect themselves.
August 18, 2016
Vulnerability Description A vulnerability in the Simple Network Management Protocol (SNMP) code of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code.
May 18, 2016
As mobility and the Internet of Things (IoT) converge, and cyber threats continue to loom large, the need to focus on balancing data security with employee and customer privacy is top of mind for IT departments around the world. At the same time, IT departments are struggling with how to meet user demand in the age of everything connected, from devices to wearables. In addition, IT must find ways to meet compliance regulations and assure senior leadership that the company’s sensitive data is ...