NYC Geeks - New York City's Computer Repair and IT Service Experts!

Good Evening user! NYC Geeks is a technology service provider in the New York City metropolitan area with over 25 years of experience!

Our Services

On-Site & Remote Technology Support
Managed IT Services
Wired & Wireless Networking
Racks & Structured Cabling
Antivirus & Cybersecurity
Data Backup & Data Recovery
Cloud Computing
Virtualization
Server Administration
Custom System Assembly
Surveillance & Access Control
Unified Communication

Let us Solve IT!

We are industry professionals with expertise in computer technology and how it integrates into the world around us. With decades of experience in a variety of industries and a vast intelligence network, our goal is to deliver efficient, reliable IT system administration solutions.

Technology News

DDoSers are abusing Microsoft RDP to make attacks more powerful:
DDoS amplification attacks have abused all kinds of legit services. Now, it's Windows.
This site posted every face from Parler’s Capitol Hill insurrection videos:
Faces of the Riot used open source software to detect, extract, and deduplicate every face.
Home alarm tech backdoored security cameras to spy on customers having sex:
Employee for ADT accessed ~200 customer cams on more than 9,600 occasions.
Chrome and Edge want to help with that password problem of yours:
The line between browsers and password managers is blurring.
Phishing scam had all the bells and whistles—except for one:
A reminder that stuff published on the Internet gets published on the Internet.
Ars online IT roundtable: What’s the future of the data center?:
Join Sean Gallagher, Dell's Ivan Nekrasov, and me today, January 21, at 3:15pm Eastern!
Ars Technicast special edition, part 1: The Internet of Things goes to war:
Ars presents a two-part limited edition podcast on the "connected battlespace."
Security firm Malwarebytes was infected by same hackers who hit SolarWinds:
Group backed by a nation-state rifles through company's email servers.
Hackers alter stolen regulatory data to sow mistrust in COVID-19 vaccine:
Post titled “Astonishing fraud! Evil Pfffizer! Fake vaccines!” found on the Dark Web.
How law enforcement gets around your smartphone’s encryption:
Openings provided by iOS and Android security are there for those with the right tools.
The NSA warns enterprises to beware of third-party DNS resolvers:
Yes, plaintext DNS is insane, but encrypting it has its own tradeoffs.
Hackers used 4 zero-days to infect Windows and Android devices:
Boobytrapped websites are used by attackers to infect people who visited them.
AT&T kills off the failed TV service formerly known as DirecTV Now:
AT&T TV Now folded into AT&T TV, which finally gets a no-contract option.
Hackers steal Mimecast certificate used to encrypt customers’ M365 traffic:
Compromise by "sophisticated threat actor" prompts company to issue new certificate.
Parler’s amateur coding could come back to haunt Capitol Hill rioters:
Some 80 terabytes of posts, many already deleted, preserved for posterity.
Jared Mauch didn’t have good broadband—so he built his own fiber ISP:
"I had to start a telephone company to get [high-speed] Internet access."
SolarWinds malware has “curious” ties to Russian-speaking hackers:
Similarities could prove a link or might be part of a false flag operation.
New York City proposes regulating algorithms used in hiring:
Bill would require firms to disclose when they use software to assess candidates.
Reddit’s largest remaining Trump community banned for “inciting violence” [Updated]:
Friday ban comes with clear notice: "Do not post violent content." Discord follows suit.
Hackers can clone Google Titan 2FA keys using a side channel in NXP chips:
Yubico and Feitian keys that use the same chip are likely susceptible, too.

Security Alerts

Cisco Releases Advisories for Multiple Products :
Original release date: January 21, 2021
Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.

CISA encourages users and administrators to review the following Cisco Advisories and apply the necessary updates:
- Cisco SD-WAN Command Injection Vulnerabilities cisco-sa-sdwan-cmdinjm-9QMSmgcn
- Cisco SD-WAN Buffer Overflow Vulnerabilities cisco-sa-sdwan-bufovulns-B5NrSHbj
- Cisco DNA Center Command Runner Command Injection Vulnerability cisco-sa-dnac-cmdinj-erumsWh9
- Cisco Smart Software Manager Satellite Web UI Command Injection Vulnerabilities cisco-sa-cssm-multici-pgG5WM5A
This product is provided subject to this Notification and this Privacy & Use policy.
Drupal Releases Security Updates:
Original release date: January 21, 2021
Drupal has released security updates to address a vulnerability affecting Drupal. An attacker could exploit this vulnerability to take control of an affected system.

CISA encourages users and administrators to review Drupal Advisory SA-CORE-2021-001 and apply the necessary updates or mitigations.

This product is provided subject to this Notification and this Privacy & Use policy.
CERT/CC and CISA Report Multiple Vulnerabilities in Dnsmasq:
Original release date: January 21, 2021
CISA and the CERT Coordination Center (CERT/CC) are aware of multiple vulnerabilities affecting Dnsmasq version 2.82 and prior. Dnsmasq is a widely-used, open-source software that provides Domain Name Service forwarding and caching and is common in Internet-of-Things (IoT) and other embedded devices. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and vendors of IoT and embedded devices that use Dnsmasq to review CERT/CC VU#434904 and CISA ICSA-21-019-01 21 for more information and to apply the necessary update. Refer to vendors for appropriate patches, when available.

This product is provided subject to this Notification and this Privacy & Use policy.
Google Releases Security Updates for Chrome:
Original release date: January 21, 2021
Google has released Chrome version 88.0.4324.96 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

CISA encourages users and administrators to review the Chrome Release and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.
Oracle Releases January 2021 Security Bulletin:
Original release date: January 21, 2021
Oracle has released its Critical Patch Update for January 2021 to address 329 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the Oracle January 2021 Critical Patch Update and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.
NSA Releases Guidance on Encrypted DNS in Enterprise Environments :
Original release date: January 15, 2021
The National Security Agency (NSA) has released an information sheet with guidance on adopting encrypted Domain Name System (DNS) over Hypertext Transfer Protocol over Transport Layer Security (HTTPS), referred to as DNS over HTTPS (DoH). When configured appropriately, strong enterprise DNS controls can help prevent many initial access, command and control, and exfiltration techniques used by threat actors.

CISA encourages enterprise owners and administrators to review the NSA Info Sheet: Adopting Encrypted DNS in Enterprise Environments and consider implementing the recommendations to enhance DNS security.

This product is provided subject to this Notification and this Privacy & Use policy.
Apache Releases Security Advisory for Tomcat :
Original release date: January 15, 2021
The Apache Software Foundation has released a security advisory to address a vulnerability affecting multiple versions of Apache Tomcat. An attacker could exploit this vulnerability to obtain sensitive information.

CISA encourages users and administrators to review the Apache security advisory for CVE-2021-24122 and upgrade to the appropriate version.

This product is provided subject to this Notification and this Privacy & Use policy.
RCE Vulnerability Affecting Microsoft Defender :
Original release date: January 14, 2021
Microsoft has released a security advisory to address a remote code execution vulnerability, CVE-2021-1647, in Microsoft Defender. A remote attacker can exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild.

CISA encourages users and administrators to review Microsoft Advisory for CVE-2021-1647 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.
Cisco Releases Security Updates for Multiple Products:
Original release date: January 14, 2021
Cisco has released security updates to address vulnerabilities in Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities see the Cisco Security Advisories page.

CISA encourages users and administrators to review the following Cisco Advisories and apply the necessary updates:
- AnyConnect Secure Mobility Client for Windows DLL Injection Vulnerability cisco-sa-anyconnect-dll-injec-pQnryXLf
- Connected Mobile Experiences Privilege Escalation Vulnerability cisco-sa-cmxpe-75Asy9k
- Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Command Injection Vulnerabilities cisco-sa-rv-command-inject-LBdQ2KRN
- Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities cisco-sa-rv-overflow-WUnUgv4U
This product is provided subject to this Notification and this Privacy & Use policy.
Juniper Networks Releases Security Updates for Multiple Products:
Original release date: January 14, 2021
Juniper Networks has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to cause take control of an affected system.

CISA encourages users and administrators to review the Juniper Networks security advisories page and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.
:
:
:
:
:
:
:
:
:
:

info Our Services

build Let us Solve IT!

contact_mail Contact Us

view_quilt Technology News

https Security Alerts

Our Services

Let us Solve IT!

Contact Us

Technology News

Security Alerts