B'more Secure I.T.

12/29/2025

Most parked domains on the Internet are now serving up malware and other malicious content.

December 16, 2025 42 Comments Direct navigation — the act of visiting a website by manually typing a domain name in a web browser — has never been riskier: A new study finds the vast majority of “parked” domains — mostly expired or dormant domain names, or common misspellings of popular we...

12/22/2025

If your business runs in the cloud, your Internet connection is mission-critical. A single Internet link is a single point of failure. Redundant Internet keeps email, phones, and cloud apps online when outages happen.

Read more:

Internet outages disrupt cloud services, VoIP, and security monitoring. Learn how redundant Internet links improve uptime, reduce risk, and support business continuity in the cloud era.

12/02/2025

New data laws are coming! 🚨 You need to track breach timelines and automate consent for 2026. Don't get caught behind. Read our guide for the top 6 privacy developments and get your actionable compliance steps now.

11/25/2025

Thanksgiving is one of the busiest times of year for cybercriminals. When offices are short staffed and employees are working remotely, attackers take advantage of relaxed security habits.

We put together a quick guide to help small businesses stay protected during the holiday weekend without making security complicated. A few smart habits now can prevent a major headache later.

Cyberattacks surge during Thanksgiving when offices are short staffed. Learn simple security habits to protect your business during the holiday season.

11/18/2025

Thinking about moving sensitive data to the cloud? You need a proactive plan. Here are 3 non-negotiable compliance best practices: 1. Implement the Principle of Least Privilege (PoLP) 2. Encrypt all data at rest and in transit 3. Maintain Audit Logs and continuous monitoring Get the full compliance roadmap now.

As organizations migrate to the cloud, compliance becomes more complex. Explore how GDPR, HIPAA, PCI DSS, FedRAMP and ISO 27001 impact cloud security, what the shared responsibility model means for customers, and how to maintain compliance with audits, encryption, access controls and continuous moni...

11/13/2025

Important distinction. Also look at the difference between microsoft and rnicrosoft or google and googIe. They're not the same, and the bad guys are tricky.
Can you spot the differences?

11/12/2025

Running a small business is tough — and staying ahead of technology changes can feel impossible. That’s where an IT roadmap comes in! 🚀

An IT roadmap acts like a digital compass — helping you plan upgrades, manage budgets, and keep your business secure and efficient.

Learn how to:
🔹 Align tech spending with business goals
🔹 Reduce downtime and tech headaches
🔹 Plan smarter for the future

Get the full guide here 👉 https://www.bmoresecureit.com/blog/2816330_how-to-create-an-it-roadmap-that-guides-your-small-business-to-growth

Small businesses often struggle to use technology strategically. An IT roadmap provides a clear, proactive plan for aligning technology with business goals. Learn how to build one that supports long-term growth, reduces downtime, and improves efficiency.

11/12/2025

Unfortunately, this happens with forgotten-ware, sometimes...

Your Windows PC has a fax modem driver from 2006. You've never owned a fax machine. (Okay, maybe you have. But stick with me...) It's there. On EVERY Windows version. And it's been exploited. 😏

CVE-2025-24990. Microsoft's legacy code nightmare.

Here's the crazy part: A driver for old fax modems (ltmdm64.sys) has been quietly sitting on every Windows system since 2006. Possibly even Windows XP - this driver has been around that long. Windows 7, 10, 11, Server 2022, Server 2025. ALL of them.

The driver was designed for hardware nobody uses anymore. Fax modems.

But it runs with the highest system permissions possible.

Here's what's happening:

→ Driver has a security hole that lets attackers become admin
→ Works even if you don't have a fax modem
→ Sitting on every Windows computer by default
→ Has been actively exploited in the wild

Every Windows PC you've ever used. Your work laptop. Your home computer. Your company's servers. All had this security hole sitting there since 2006.

And nobody noticed.

Microsoft's solution? They're deleting the driver completely instead of fixing it.

Translation: "This 19-year-old code is so broken we're just removing it."

Security researcher Ben McCarthy explained it: "This driver is from before we knew how to write secure code. It has the highest permissions on your system. That makes it perfect for attackers."

Researchers think hackers use it to bypass antivirus and security tools.

The timeline is ridiculous:

→ 2006: Driver ships with every Windows version
→ October 2025: Researchers discover hackers are using it
→ Microsoft's fix: Just delete it

Every Windows version since 2006.
→ Windows 7, 10, 11
→ Windows Server 2022, 2025
→ Even if you never used a fax modem

Want to check if the driver is still on your system?

Press Windows + R
Type: C:\Windows\System32\drivers
Look for: ltmdm64.sys

Still there? Update immediately.

CISA (U.S. security agency) required federal agencies to patch this immediately.

Old code kills security. This driver sat on billions of computers for 19 years before anyone noticed it was broken.

Hackers noticed.

Your antivirus didn't.

This is why ethical hackers exist. We find old security nightmares like this before criminals use them.

Want to understand privilege escalation and Windows exploitation?

I cover pe*******on testing, privilege escalation, and real hacking scenarios in my ethical hacking course.
Check out my complete ethical hacking course:
→ https://www.udemy.com/course/ethical-hacking-complete-course-zero-to-expert/?couponCode=DECEMBER25

Hacking is not a hobby but a way of life. 🎯

11/06/2025

AI can definitely help businesses work smarter. It speeds up repetitive tasks, summarizes documents, and helps teams stay organized. But if employees use AI tools without guidance, private company data could end up in the wrong place.

The goal is to use AI to improve productivity while keeping your business secure.

In our latest blog, we break down how to:
• Choose safe AI tools
• Protect sensitive information
• Avoid common risks
• Train your team to use AI correctly

Read the full article here:

AI tools can boost productivity, reduce errors, and save time. But using AI without guardrails can leak data and create security risks. Learn how to use AI safely and protect your business information.

10/27/2025

Ever had an employee quietly plug in their own Wi-Fi router or use an app you didn’t approve? That’s Shadow IT — and it’s riskier than most businesses realize.
From security gaps to compliance issues, the dangers are real. Here’s what you need to know:

Shadow IT can put your business at risk. From unapproved apps to rogue wireless access points. Learn how hidden tools create security gaps, compliance issues, and blind spots, and what you can do to stop them.

10/10/2025

The EU rules about this, however well-intentioned, literally break the foundations of Internet privacy and security. You can't have secure encryption without it actually being securely encrypted.

Good on Signal for having the integrity to stand up against them.

🚨 Signal just threatened to leave the EU.

Why? The proposed “Chat Control” law would force apps to scan every private message before it’s sent.

The catch: even encrypted chats would be exposed. Experts call it “mass surveillance in disguise.”

The details you need to see ↓ https://thehackernews.com/2025/10/threatsday-bulletin-ms-teams-hack-mfa.html -to-e-u-chat-control