NYC Geeks - New York City's Computer Repair and IT Service Experts!

Good Afternoon

Welcome user! NYC Geeks is the premier computer repair and technology service provider for homes and businesses in the New York metropolitan area.

Learn About Us

Technology News

Database leak exposes millions of two-factor codes and reset links sent by SMS:
As if there weren’t already enough reasons to shun SMS-based 2fa...
FCC tells SpaceX it can deploy up to 11,943 broadband satellites:
Initial launch of 4,425 satellites to be followed by 7,518 closer to the ground.
When a network intel provider’s domain serves fraudulent content, something is wrong:
ThousandEyes, a firm that provides DNS monitoring, falls prey to its own DNS goof.
Why aren’t chip credit cards stopping “card present” fraud in the US?:
Fraud is on the rise despite a move to chip cards.
Indonesia 737 crash caused by “safety” feature change pilots weren’t told of:
737 Max safety bulletin revealed changes to system that pilots never knew about.
Google goes down after major BGP mishap routes traffic through China:
Google says it doesn't believe leak was malicious despite suspicious appearances.
A 100,000-router botnet is feeding on a 5-year-old UPnP bug in Broadcom chips:
At least 116 different router models are infected by unusually well-written malware.
VA’s software so SNAFU’d that vets were made homeless waiting for benefits:
Ongoing IT train wreck is putting veterans on streets as agency promises fixes soon.
New year, same story: Cost of wind and solar fall below cost of coal and gas:
The direction of the cost of storage is less clear and depends on metals prices.
Russian officials: Nope, we can’t finish fixing the carrier Kuznetsov:
Dry-dock repairs may take a year or more; others aren't large enough for carrier.
Negotiating with ISPs: Don’t accept broadband price hikes without a fight:
Your bill rose $40 because the promotional rate expired—here's what to do next.
Get your code in RunCode, the online programming and pwning extravaganza:
180 coding and hacking challenges in capture-the-flag-style event for code warriors.
California’s cap-and-trade dollars are building a hydrogen fuel cell boat:
Boat expected to be completed by September 2019.
Police decrypt 258,000 messages after breaking pricey IronChat crypto app:
Weakness allowed cops to monitor encrypted messages for some time.
Tesla battery will power unusual community storage project in Western Australia:
Participants will virtually store their excess solar energy.
AT&T steps up copyright enforcement, kicks customers off network:
AT&T's action against alleged pirates comes after purchase of Time Warner.
The ugly truth about voting security: States won’t fix it:
Georgia, Texas cases show states whistling past voting security graveyard.
Ajit Pai slams Sprint, Charter, and CenturyLink for poor robocall effort:
Pai says seven big carriers haven't promised to use new robocall blocking tech.
Strange snafu misroutes domestic US Internet traffic through China Telecom:
Telecom with ties to China's government misdirected traffic for two and a half years.
Stuxnet 2.0? Iran claims Israel launched new cyber attacks:
President Rouhani's phone "bugged," attacks against network infrastructure claimed.

Security Alerts

Microsoft Releases November 2018 Security Updates:
Original release date: November 13, 2018

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
NCCIC encourages users and administrators to review Microsoft’s November 2018 Security Update Summary and Deployment Information and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.
Adobe Releases Security Updates:
Original release date: November 13, 2018

Adobe has released security updates to address vulnerabilities in Flash Player, Adobe Acrobat and Reader, and Adobe Photoshop CC. An attacker could exploit these vulnerabilities to obtain access to sensitive information.
NCCIC encourages users and administrators to review Adobe Security Bulletins APSB18-39, APSB18-40, and APSB18-43 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.
VMware Releases Security Updates:
Original release date: November 09, 2018

VMware has released security updates to address vulnerabilities in ESXi, Workstation, and Fusion. An attacker could exploit these vulnerabilities to take control of an affected system.
NCCIC encourages users and administrators to review the VMware Security Advisory VMSA-2018-0027 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.
NCCIC Releases Analysis Report on JexBoss:
Original release date: November 08, 2018

NCCIC has released Analysis Report (AR) AR18-312A: JexBoss - JBoss Verify and EXploitation Tool. Cyber threat actors use JexBoss to remotely access victims' systems. The report provides information on JexBoss' capabilities, as well as suggestions for detection and mitigation.
NCCIC encourages users and administrators to review AR18-312A for more information.

This product is provided subject to this Notification and this Privacy & Use policy.
Cisco Releases Security Updates:
Original release date: November 07, 2018

Cisco has released security updates to address vulnerabilities affecting Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system.
NCCIC encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates:
- Cisco Stealthwatch Management Console Authentication Bypass Vulnerability cisco-sa-20181107-smc-auth-bypass
- Cisco Unity Express Arbitrary Command Execution Vulnerability cisco-sa-20181107-cue
- Cisco Meraki Local Status Page Privilege Escalation Vulnerability cisco-sa-20181107-meraki
This product is provided subject to this Notification and this Privacy & Use policy.
Self-Encrypting Solid-State Drive Vulnerabilities:
Original release date: November 06, 2018

NCCIC is aware of reports of vulnerabilities in the hardware encryption of certain self-encrypting solid-state drives. An attacker could exploit these vulnerabilities to obtain access to sensitive information.
NCCIC encourages users and administrators to review Vulnerability Note VU# 395981, Microsoft's Security Advisory ADV180028, and Samsung's Customer Notice regarding Samsung SSDs for more information and refer to vendors for appropriate patches and recommendations, when available.

This product is provided subject to this Notification and this Privacy & Use policy.
Apache Releases Security Advisory for Apache Struts:
Original release date: November 05, 2018

The Apache Software Foundation has released an advisory to address a vulnerable commons-fileupload library used in Apache Struts versions 2.3.36 and prior. A remote attacker could exploit this vulnerability to take control of an affected system. Struts versions from 2.5.12 are not affected.
NCCIC encourages users and administrators of Apache Struts versions 2.3.36 and prior to review the Apache security advisory for CVE-2016-1000031 and upgrade to the latest released version of Commons FileUpload library, which is currently 1.3.3.

This product is provided subject to this Notification and this Privacy & Use policy.
Cisco Releases Security Advisory:
Original release date: November 01, 2018

Cisco has released a security advisory to address a vulnerability affecting Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software. A remote attacker could exploit this vulnerability to cause a denial-of-service condition.
NCCIC encourages users and administrators to review the Cisco Security Advisory and the CERT Coordination Center's Vulnerability Note VU# 339704 and apply the necessary mitigations until patches are made available.

This product is provided subject to this Notification and this Privacy & Use policy.
November is National Critical Infrastructure Security and Resilience Month:
Original release date: November 01, 2018

November is National Critical Infrastructure Security and Resilience Month. Critical Infrastructure (CI) is our Nation’s backbone; it is the physical and cyber systems and assets that are so vital to the United States that their incapacity or destruction would have a debilitating impact on our physical or economic security or public health or safety.
Everyone is involved in the mission to protect CI. Users and administrators can help by using cybersecurity best practices, reporting cybersecurity incidents and phishing attempts, and submitting malware for review. Keeping your systems secured can help NCCIC identify cyber threats and inform the CI community.
NCCIC encourages CI owners and operators to review the DHS CI resource page for information on available resources and training. NCCIC also encourages CI owners and operators to visit the Critical Infrastructure Cyber Community Voluntary Program (C3VP) page for information on the C3VP program.

This product is provided subject to this Notification and this Privacy & Use policy.
Mozilla Releases Security Update for Thunderbird ESR:
Original release date: October 31, 2018

Mozilla has released a security update to address vulnerabilities in Thunderbird ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system.
NCCIC encourages users and administrators to review the Mozilla Security Advisory for Thunderbird ESR 60.3 and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.
:
:
:
:
:
:
:
:
:
:

brightness_6 Good Afternoon

Request Support live_help

Learn About Us info

Technology News view_quilt

Security Alerts https

Good Afternoon

Request Support

Learn About Us

Technology News

Security Alerts