John H.’s Post

SQL Secure 4.4 is here and we are pleased to announce a suite of new features that come with this update. Get all of the details here https://lnkd.in/eiiqFYGa Here are just some of the new features: - Reporting Enhancements Get improved snapshot comparison results by hiding differences caused by a database restore. - Security Enhancements: Improved security that prevents attackers from accessing unauthorized records. - Quality Enhancements: Includes framework upgrades, password encryption, and copyright notification updates

⚠️Obrela Security Alert A critical privilege escalation vulnerability was found in Atlassian Confluence Data Center and Server. The vulnerability can be tracked with CVE-2023-22515 and its CVSS score is Critical (10/10). Any device with a network connection to a vulnerable application can exploit CVE-2023-22515 to create a Confluence administrator account within the application. Read more about the defensive measures: https://lnkd.in/dajamq3N #Obrela #SecurityOverEverything

#Security is one of the top conversation topics that are coming up as we head into 2024. So I thought I’d share a recipe that will help to enhance your asset security and compliance. You’ll be able to safeguard new IT assets by performing vulnerability scans. Use this workflow to optimize asset inventory management, ensure data security, compliance, and a more efficient, secure infrastructure. Here are the steps: 1. The recipe will trigger whenever a new asset is added to the SQL Server database. (Can be triggered on any DB or logging service) 2. It will automatically update Qualys with host IP details and initiates a VM scan to generate a comprehensive report 3. Your IT team will be notified so that they can go in for further analysis Learn more about the recipe here: https://lnkd.in/dDudMvUp Have questions about this recipe or ideas for the next one I share? Leave them in the comments.

Here you have the Top 10 AD Attacks. Active Directory is a system that stores information about network objects, ensuring easy access for administrators and users. It employs a structured data store to organize directory information in a logical, hierarchical manner. This data store, referred to as the directory, contains essential information about Active Directory objects.

Do you see your password listed below? If yes, you made the list! But this is NOT a list you want to be a part of. This is a list of the top passwords used in the US according to NordPass. This means your accounts are more likely to be hacked. What should you do? - Use complex passwords with letters, numbers, and symbols. - Never reuse passwords - Use a password manager like LastPass to save your passwords. https://lnkd.in/emVKJpK

This is NOT a list you want to be a part of. Passwords are important! Partnerd Group, LLC can help your company make sure #passwordsafety is a priority. Contact us (or drop me a message) and let us know your concerns. We can help. #partnerd #msp #passwordsecurity #wecanhelp #techcompany #yoursafetymatters #passwordmanagement

Tech Tues: researching #ibmi #ftp for a product enhancement and discovered this little nugget: "If the QMAXSGNACN system value is set to 1, the QMAXSIGN system value applies to TELNET but not to FTP. If QMAXSGNACN is set to 2 or 3 (values which disable the profile if the maximum sign on count is reached), FTP logon attempts are counted. In this case, a hacker can mount a denial of service attack through FTP by repeatedly attempting to log on with an incorrect password until the user profile is disabled." Check your configuration and be careful out there! https://lnkd.in/g_fZUVaa #ibmsecurity #as400 #ibmpowersystems

We recently had a client come to us with a request to review their new Enterprise Password Manager - Passwordstate. While it was only accessible internally, they were concerned whether an attacker on the corporate network (in an assumed breach scenario) could gain access to the contents of the safe. The client had budgeted a good amount of time, enough for us to do a deep dive into the application and identify any issues, in particular pre-authentication bugs that would allow an attacker to circumvent the authentication controls and access the keys to the kingdom. Roy S. got on the task and identified an authentication bypass vulnerability that could be used to take over any Passwordstate user account with just the knowledge of the victim's username. Full technical details of the issue can be found here: https://lnkd.in/gRmTPtrs. If you are running Passwordstate, then upgrading to build 9858 will resolve this issue. If you are deploying mission-critical applications into your environment and want a second set of eyes across them, then get in touch!

To add to this… for a password to be considered strong, it should have at least 16 characters with a combination of letters and numbers (uppercase and lowercase). Special characters are a nice addition but not nearly as important as the length. There’s no reason to enforce special characters for long passwords. And banks need to stop forcing password resets in the name of better security - it’s proven to encourage most people to reuse the same passwords with a simple change or addition at the end. This isn’t as smart as some people might think 🧐 Using a date of birth or persons name is a gigantic red flag. This is why password managers are imperative. You shouldn’t be able to remember them all. 8 characters is an absolute bare minimum in the eyes of industry standards. There’s software that can crack most people’s passwords in seconds or minutes because most people don’t have good passwords. If anyone tells you that it’s possible to train yourself how to remember strong passwords, share this post with them and ask them to prove it. People with a photographic memory don’t count, but even then I’d have to take a close look. If you can remember a lot of passwords it means they can be cracked. 1Password is everyone’s friend. I’m not an encryption expert by any stretch of the imagination but the above is pretty basic.

FTP: The standard FTP protocol transmits data and user credentials (username and password) in plain text. This makes it vulnerable to eavesdropping if the connection is not encrypted. FTPS: FTPS adds a layer of encryption (SSL/TLS) on top of FTP. This protects data transmission from eavesdropping, but the initial user login process might still be vulnerable if not properly configured. SFTP: SFTP leverages SSH (Secure Shell) for secure communication. SSH encrypts both data and user authentication (including password exchange). This ensures a high level of security for both data transfer and user login.