syse-blog-header

BLOG

It's Cyber Monday, So Be Cyber Aware

December 02, 2019

Every year, Cyber Monday brings us incredible deals and discounts; however, it's also the time of year when cybercriminals increase their efforts to steal our money and confidential information. To stay safe while shopping online, keep the following cybersafety tips in mind.

Read More »

Data Protection, Cybercrime, IT Security

Security Alert: Cisco ASA and FTD Security Advisory Bundled Publication

October 29, 2019

Cisco recently released a collection of 10 security advisories against Cisco's Adaptive Security Appliance (ASA), Firepower Threat Defense (FTD), and Firepower Management Center (FMC) software. The collection includes a few high-risk vulnerabilities that affect File Transfer Protocol (FTP) Inspection, Session Initiated Protocol (SIP) inspection that could lead to a denial-of-service condition. Importantly, Cisco is not aware of any public exploitation of the vulnerabilities. 

Read More »

Systems Engineering Alert, IT Security

Disposing of E-waste Securely and Responsibly

October 21, 2019

In 2018, there was 49.8 million tons of e-waste generated worldwide. The US contributed a staggering 10 million tons of this waste, and our share is growing. As environmental and health concerns arise over the ever-increasing e-waste, it is the responsibility of everyone to ensure its proper disposal.

Read More »

General, IT Consulting, Compliance, IT Security, Technology Trends

Security Alert: Fortinet Firewall SSL VPN Vulnerability

September 04, 2019

Systems Engineering is aware of the vulnerability affecting customers with Fortinet Firewalls who are using an SSL VPN (Secure Sockets Layers Virtual Private Network) to connect to their offices remotely. This vulnerability utilizes an improper limitation of a pathname to a restricted directory ("path traversal") in multiple Fortinet OS versions under the SSL VPN web portal.

Read More »

Systems Engineering Alert, IT Security

Security Bulletin: Remote Desktop Services Vulnerability

August 23, 2019

Microsoft recently announced a pair of Windows 10 Remote Code Execution vulnerabilities, CVE-2019-1181 and CVE-2019-1182. These vulnerabilities allow cybercriminals to obtain remote control of a computer over a network connection. Microsoft discovered the vulnerabilities during routine testing of Windows 10, which allowed them to publish the required security updates and notify the public at the same time.

Read More »

Data Protection, Compliance, IT Security

What is Shadow IT and how should organizations deal with it?

August 02, 2019

Most employees want to be productive. As cloud service consumers, we have become accustomed to finding a tool or app that will help us fill a need and simply buy it without obtaining approval from our organization first. This practice of employees bypassing IT management to procure tools and services without proper vetting has infiltrated the workplace and is known as Shadow IT.

Read More »

Cloud, Data Management, Compliance, IT Security, Digital Transformation

What do businesses need today that they don't already have?

July 25, 2019

Trends in Information Technology are continuously changing and, as a result, organizations are having to adapt to those changes. Let's look at the most prominent IT trends that are showing up today. 

Read More »

Cloud, Data Points, Data Management, IT Strategy, IT Security, Technology Trends

A Hacker's Low Hanging Security Fruit

July 19, 2019

I spent a lot of time early in my career solving complicated problems related to security. In the late 1990's, I consulted as a civilian for the NSA to help automate the 'need-to-know' access of their internal web infrastructure and documentation. I followed that with some time as a Reserve Information Operations Officer for the U.S. Army, and then working for financial services companies including VISA during the birth of the PCI standards. Needless to say, the security field is one with overwhelming depth and it can be challenging for companies to make an iterative, incremental plan to become more secure.

Read More »

Cloud, IT Security

Cisco IOS XE Software Web UI Command Injection Vulnerability

May 24, 2019

Systems Engineering is paying special attention to a Cisco IOS XE Software Web UI Command Injection Vulnerability that was announced earlier this week. Also known as "ThrangryCat Vulnerability," it is serious enough to get the attention of the press. As quoted on ZDNet, "This vulnerability allows hackers to plant persistent "backdoors" on Cisco gear, even over the Internet, with no physical access to vulnerable devices."

Read More »

Data Protection, IT Security

Remote Desktop Services Worm Vulnerability

May 20, 2019

A bug in Microsoft’s Remote Desktop Services has been discovered. The vulnerability allows an attacker to take over a Windows PC if it’s connected to the internet and is operating with an out-of-support operating system. Not all machines are vulnerable, but the number of exposed machines makes it likely that somebody will come up with a worm.

Read More »

IT Security, Technology Trends