blog-banner-image.jpg

Systems Engineering Blog

Cisco ASA Firewall Web VPN Vulnerability

February 20, 2018

Update: Tuesday, February 20

 

As of this posting Systems Engineering has completed the update to fix this vulnerability for all affected firewalls covered under our SE EventWatch and SE Critical Care services. 

 

If you are concerned that your Cisco firewall may still be vulnerable, please contact your Account Manager or email info@syseng.com.

Read More »

SE Alert

CPU Hardware Vulnerability

February 20, 2018

Update: Tuesday, February 20

We are happy to announce that SE has begun pushing Microsoft patches to mitigate the Meltdown and Spectre vulnerabilities. If you have subscribed to our patching services under SE Essentials, SE Secure, SE Desktop Defense, or SE Monitoring, you will receive these during your next scheduled update window. 

Read More »

SE Alert

Unusual Ransomware Strain Encrypting Cloud Email

January 16, 2018

There's a new social engineering tactic on the loose affecting cloud email accounts like Microsoft Office 365. The ransomware attack, hidden beneath a "new Microsoft anti-spam service," tricks users into accepting the service, thereby providing the cyberattacker with access to their email account. It is at that time that all emails and their attachments are encrypted in real time and requested to pay a ransom to recover the data.

Read More »

SE Alert

Hardware Encryption Chip Vulnerability

October 23, 2017

Last week, it was revealed that researchers had found a weakness in the "Trusted Platform Module" or TPM chip from Infineon Technologies. This chip set, commonly found in the current generation of computers, could allow a criminal to decrypt a stolen hard drive, which had previously been encrypted.

Read More »

SE Alert

WPA2 Vulnerability Update

October 23, 2017

As you may have already heard, a new high-severity security vulnerability has been released publicly that is related to the WiFi Protected Access 2 Protocol (WPA2 Protocol). This newly discovered weakness could potentially allow an attacker to compromise an encrypted wireless session between a wireless client (PC/Smartphone) and the associated Wireless Access Point (AP). Once compromised, the attacking AP now acts as a "Man-in-the-Middle" and would be able to view packets between the wireless client and a remote endpoint as well as potentially inject malformed packets into the session.

Read More »

SE Alert

iPhone Software Update 10.3.3

July 24, 2017

Apple has released the iOS 10.3.3 software update for iPhone, iPad, and iPod touch. The update focuses on bug fixes and performance improvements for all devices running iOS 10. It is important to execute on the update right away as the patch fixes a vulnerability which allows an attacker to breach your device.

Read More »

SE Alert

SE CleanMail Communication

July 11, 2017

As of 12:36 PM EST, our SE CleanMail provider, Proofpoint, was experiencing intermittent email delays. As a result, SE CleanMail clients might have experienced a disruption in the receipt of emails from external senders. 

Read More »

SE Alert

SE Alert: Breach at DocuSign

May 18, 2017

Please be advised that DocuSign, one of the largest agreement/signature technology providers, suffered a breach earlier this year.  According to DocuSign, “a complete forensic analysis has confirmed that only a small list of email addresses were accessed; no names, physical addresses, passwords, social security numbers, credit card data, or other information appeared to be accessed. No content or any customer documents sent through DocuSign’s eSignature system were accessed; DocuSign’s core eSignature service, envelopes, and customer documents and data remain secure.”

Read More »

SE Alert, Cybercrime, IT Security

SE Alert:  New Zero-Day Attack Detected in Microsoft Word

April 12, 2017

A new zero-day vulnerability has been detected in Microsoft Word.  This affects everyone regardless of their version of Office or whether they have a fully patched workstation, including Windows 10.

Read More »

SE Alert

SE Alert:  Microsoft Announces Delay in Security Updates

February 21, 2017

 On February 14th, Microsoft announced their scheduled security patches would be pushed out to a March release due to potential negative impact.  However a critical “flash” patch for Internet Explorer and Edge will be released this month.  

Read More »

SE Alert