Access 403 Sdn Bhd

04/07/2024

Your IT dept needs to patch now! This covers any *nix servers exposed to the internet.

The Qualys Threat Research Unit (TRU) has discovered a Remote Unauthenticated Code Ex*****on (RCE) vulnerability in OpenSSH’s server (sshd) in glibc-based Linux systems. CVE assigned to this…

08/11/2021

What do Managed Service Providers (MSPs) do? We manage your IT infrastructure, ensuring that IT security & IT best practices are applied throughout, whether you're a 5-person firm, or a 500-strong corporate. We keep you secure and productive so your business can grow exponentially.

04/07/2020

RDP implementations are flawed. Use a VPN. https://www.theregister.com/2020/07/02/apache_guacamole_vulns_hijackable_rdp/

18/01/2019

20/09/2018

Do not expose your consumer storage devices on the web, since this is what’ll happen. This is what VPNs are for.

Researchers at infosec shop Securify revealed this week a vulnerability, designated CVE-2018-17153, which allows an unauthenticated attacker with network access to the device to bypass password checks and login with admin privileges. From a report:This would, in turn, give the attacker full control....

26/05/2018

this is why, if you’re a business, you use equipment that’s robust, rather than consumer rubbish where security is never a priority.

The FBI is advising users of consumer-grade routers and network-attached storage devices to reboot them as soon as possible to counter Russian-engineered malware that has infected hundreds of thousands devices. Ars Technica reports: Researchers from Cisco's Talos security team first disclosed the e....

18/04/2018

You've probably been reading about how Facebook has failed us with regard to our privacy. Short of deleting your account, this is one of the ways to limit how much FB collects while you're surfing the web,

Prevent Facebook from tracking you around the web. The Facebook Container extension for Firefox helps you take control and isolate your web activity from Facebook.

05/03/2018

How did this sorry state of affairs come to happen? Because one company in their wisdom thought it was a good idea to run a PRIVATE KEY GENERATOR on their site, and other fools thought it was a good idea to outsource their PRIVATE KEY generation to this company, since generating their own private keys and CSRs is apparently too difficult for some people (if your tech does this, fire him immediately). Then said company CEO emails their cert distributor telling them, oops please revoke our insecure certs because we don't like the stuff you're selling which will be obsolete soon (sayonara Symantec SSL), and yah, just to prove we want a refund and we're absolute wankers, here's our customers' private keys attached to this here email. .

Trustico, DigiCert come to blows as browsers prepare to snub Symantec-brand SSL

01/03/2018

4 more months left for TLSv1, before it's deprecated. If you value PCI compliance, best move on to TLSv1.2.

Is your organization still using the SSL/early TLS protocols? Do you work with online and e-commerce partners or customers who haven’t yet started the migration away from SSL/early TLS to a more secure encryption protocol?

07/02/2018

If you're using Symantec SSL certs, get migrating asap.

Well, melee. Dust-up? Minor inconvenience? But it's coming!!

25/01/2018

Instead of losing 1-1.2 billion ringgit in downtime (that's for a mere 10 days), one wonders how much might have been saved had preventive measures been in place. IT Security needs to be taken more seriously not only by enterprises but SMBs.

4,000 servers, 45,000 PCs and 2,500 apps all rebuilt, while other staff went manual

10/01/2018

The question is whether your current wifi router can be firmware-upgraded to it.

To be released later in the year.