syse-blog-header

BLOG

Security Alert: Fortinet Firewall SSL VPN Vulnerability

September 04, 2019

Systems Engineering is aware of the vulnerability affecting customers with Fortinet Firewalls who are using an SSL VPN (Secure Sockets Layers Virtual Private Network) to connect to their offices remotely. This vulnerability utilizes an improper limitation of a pathname to a restricted directory ("path traversal") in multiple Fortinet OS versions under the SSL VPN web portal.

Read More »

Systems Engineering Alert, IT Security

Security Bulletin: Remote Desktop Services Vulnerability

August 23, 2019

Microsoft recently announced a pair of Windows 10 Remote Code Execution vulnerabilities, CVE-2019-1181 and CVE-2019-1182. These vulnerabilities allow cybercriminals to obtain remote control of a computer over a network connection. Microsoft discovered the vulnerabilities during routine testing of Windows 10, which allowed them to publish the required security updates and notify the public at the same time.

Read More »

Data Protection, Compliance, IT Security

What is Shadow IT and how should organizations deal with it?

August 02, 2019

Most employees want to be productive. As cloud service consumers, we have become accustomed to finding a tool or app that will help us fill a need and simply buy it without obtaining approval from our organization first. This practice of employees bypassing IT management to procure tools and services without proper vetting has infiltrated the workplace and is known as Shadow IT.

Read More »

Cloud, Data Management, Compliance, IT Security, Digital Transformation

What do businesses need today that they don't already have?

July 25, 2019

Trends in Information Technology are continuously changing and, as a result, organizations are having to adapt to those changes. Let's look at the most prominent IT trends that are showing up today. 

Read More »

Cloud, Data Points, Data Management, IT Strategy, IT Security, Technology Trends

A Hacker's Low Hanging Security Fruit

July 19, 2019

I spent a lot of time early in my career solving complicated problems related to security. In the late 1990's, I consulted as a civilian for the NSA to help automate the 'need-to-know' access of their internal web infrastructure and documentation. I followed that with some time as a Reserve Information Operations Officer for the U.S. Army, and then working for financial services companies including VISA during the birth of the PCI standards. Needless to say, the security field is one with overwhelming depth and it can be challenging for companies to make an iterative, incremental plan to become more secure.

Read More »

Cloud, IT Security

Cisco IOS XE Software Web UI Command Injection Vulnerability

May 24, 2019

Systems Engineering is paying special attention to a Cisco IOS XE Software Web UI Command Injection Vulnerability that was announced earlier this week. Also known as "ThrangryCat Vulnerability," it is serious enough to get the attention of the press. As quoted on ZDNet, "This vulnerability allows hackers to plant persistent "backdoors" on Cisco gear, even over the Internet, with no physical access to vulnerable devices."

Read More »

Data Protection, IT Security

Remote Desktop Services Worm Vulnerability

May 20, 2019

A bug in Microsoft’s Remote Desktop Services has been discovered. The vulnerability allows an attacker to take over a Windows PC if it’s connected to the internet and is operating with an out-of-support operating system. Not all machines are vulnerable, but the number of exposed machines makes it likely that somebody will come up with a worm.

Read More »

IT Security, Technology Trends

Does your organization have good IT security hygiene?

May 10, 2019

The promises of productivity in the cloud continue to ring true. Access to your data from anywhere, at any time, with the ability to collaborate in real-time, is truly revolutionary and is providing a competitive advantage for organizations in every industryHowever, access from anywhere means that without sufficient protections, the wrong people can gain access to your data by easily hacking usernames and passwords. 

Read More »

IT Strategy, IT Security, Technology Trends

Microsoft Patch Required Before July 2019

February 27, 2019

If your organization is still utilizing Windows 7 SP1Windows Server 2008 R2 SP1, and Windows Server 2008 SP2, please read this article in its entirety. 

Read More »

IT Strategy, Managed IT, IT Security

Five Mistakes Employees Make to Compromise Network Security

January 25, 2019

The 2018 Human Factor report by Proofpoint states that as many as 95% of web-based attacks now incorporate social engineering, or human error factor. So, with that simple fact, how can your organization prevent its employees from releasing confidential and critical information?

Read More »

Encryption, Data Protection, Managed IT, Cybercrime, IT Security