Blog
August 14, 2019
⚠️ Avaya Desk & Conference Phone Vulnerability ⚠️

Patrick Zanella Security Practice Lead At last week’s DefCon event, a presentation was delivered showing how to exploit a couple of 10-year-old vulnerabilities (CVE-2009-0692 & CVE-2011-0997). These vulnerabilities impact certain Avaya desk and IP phones. If exploited, attackers could remotely take over the operation of the phone, exfiltrate audio and potentially even “bug” the phone to listen in continuously.…

Read More

August 9, 2019
⚠️ VxWorks IPnet: Urgent/11 Vulnerability ⚠️

Patrick Zanella Security Practice Lead Overview On July 29th, Armis Labs research team reported 11 zero-day vulnerabilities in VxWorks. This suite of 11 vulnerabilities is also known as “URGENT/11”. These vulnerabilities reside in VxWorks’ TCP/IP stack (IPnet), impacting all versions since VxWorks version 6.5. Six of the vulnerabilities are classified as critical and enable Remote…

Read More

July 31, 2019
4 Habits that will improve your Healthcare Security Posture

Like you, we expect organizations we choose to do business with to have taken the proper measures to ensure my personal data is not only protected but also secure.  It’s estimated that data breaches costs the U.S. economy, on average, $3.86 billion annually.  Factor in the cost of the exposed PHI information, the time to…

Read More

May 22, 2019
Himss Analytics Certified Consultant

Installing new technologies and implementing new information processes in your organization is not always an easy task. Those who can provide guidance and best practices are not always easy to find. The HIMSS Analytics Maturity Model frameworks were built to assist organizations around the globe efficiently and effectively adapt and get the most out of…

Read More

May 13, 2019
Include the Hoomans in Your Security Posture

Of the many questions asked of cybersecurity personnel almost always includes “What is the single most dangerous threat to a user or company in the cyber field?” While answers do vary, it’s been my experience the best answer is people. The end user is potentially the most dangerous to themselves and to their organizations. Whether…

Read More

May 2, 2019
STATE OF THE 5G World

We recently attended a technical gathering in which Ciena’s CEO Gary Smith presented statistics focused on the extreme rate of change of this Digital Age. While his focus was on the growth of 5G cellular service, the numbers were staggering. 95% of the population will be connected within five years. The average speed of an Internet…

Read More

April 12, 2019
3 Major Things from Palo Alto’s 2019 SE Summit

Ryan Skally Senior Security Architect Another SE Summit is in the books and yet again Palo Alto Networks has knocked another event out of the park. There were a lot of new announcements in regard to software, hardware, integrations, cloud, endpoint, etc. I will be discussing all of the announcements and my thoughts on them.…

Read More

April 12, 2019
4 Reasons Why Black Box Testing is Misguided

Many organizations use third parties to conduct a variety of security tests of their Internet-facing and internal systems, including vulnerability scans, web application tests and penetration tests to identify areas of opportunity for attackers. When specifying these engagements, the scope and level of testing must be determined. The information provided to the third party may…

Read More

February 12, 2019
3 Ways to Improve your Security Posture in 2019 by Following Albert’s Advice

Now that we’re well into 2019, it’s clear that 2018 was by far the worst year for announced data breaches. While many ask the obvious questions (how, why, who, etc.) my team and I are focused on how to this reverse this troubling trend. One area that we seem to be encountering is how to…

Read More

January 30, 2019
Scheduled Change to DNS

Integration Partners wants to update everyone on a scheduled change to DNS.   On or around Feb 1st, 2019, major open source resolver vendors will release updates that will stop accommodating non-standard responses. This change will affect authoritative servers which do not comply either with the original DNS standard from 1987 (RFC1035) or the newer EDNS standards from…

Read More

1 2 3 8