News and Blog
Cyber-skills: Building your own virtual superhero suit at home or at work (Part 1)
During this year’s Cybersecurity Awareness Month, we will explore the current landscape of online security threats, examine how individuals can safeguard themselves from potential breaches, and discuss strategies for organizations to empower their employees in defending against cyber-attacks.
Cybersecurity Basics: How to Safeguard Your Firm in an Evolving Digital Landscape
The digital world is constantly evolving and some parts of it are scary. What can a firm or company do to protect itself when it seems like the barbarians are constantly at the proverbial gate?
There are actually several basic steps you can do to protect your data and the data of your clients, not to mention your well-earned reputation.
Future-Proofing Your Law Firm: Key IT Investments for 2025
As a law firm CIO or COO, planning your 2025 information technology budget involves anticipating future needs, addressing current challenges, and leveraging technology to enhance attorney productivity and security. Firms will need to continue to invest in their cloud migration and hybrid-work plans, but here are some other critical areas to focus on.
Citrix Workspace App local privilege escalation vulnerability on Windows (CVE-2024-7889 / CVE-2024-7890)
Local privilege escalation allows a low-privileged user to gain SYSTEM privileges with Citrix Workspace application on Windows.
Jim Moreo Interview at ILTACON 2024 with Jennie Azoulai
Interview with Jim Moreo with Jennie Azoulai (Legal Tech Publishing) at ILTACON 2024.
Why Do a Tech Assessment?
Whether you do them yourself or get some help, taking stock of your technology, your team’s skills and your processes is never a bad thing. Many firms do them every few years as a self-check. They help you identify gaps that need to be addressed and points the way to solutions that may not be evident until you see everything summarized in one place.
Zero-click Vulnerability on Windows TCP/IP IPv6 (CVE-2024-38063)
An unauthenticated attacker could repeatedly send IPv6 packets, that include specially crafted packets, to a Windows machine which could enable remote code execution.
Key Takeaway from CrowdStrike Incident
This issue, affecting computers running Microsoft Windows, underscores the importance of having a reliable Managed IT Services provider.
Citrix NetScaler Console, Agent and SVM Security Bulletin
Two vulnerabilities have been discovered in NetScaler Console (formerly NetScaler ADM), NetScaler SVM, and NetScaler Agent. Sensitive information disclosure and Denial of Service.
Cornerstone.IT Achieves Comprehensive ISO 27001 Certification, Ensuring Enhanced Data Security for Law Firms
To our prospective clients, choosing Cornerstone.IT means you’ll be partnering with an ISO-certified provider. Our services not only meet ISO standards, but we also strive to impart the benefits of these standards to your firm.
Steering Towards the Future: The AI Revolution in Legal Tech with iManage and Microsoft Copilot Integration
As we draw nearer to the introduction of iManage’s innovative Artificial Intelligence (AI) services at ConnectLive NYC, the anticipation is tangible. This groundbreaking initiative was a significant focus at the recent iManage partner conference.
Cornerstone.IT: Partnering Exclusively with Top-Tier Vendors for Premier Managed Services
Congratulations Arctic Wolf for being named a leader in the 2024 IDC MarketScape for Worldwide Managed Detection and Response report!
CISCO IOS and IOS XE Software Vulnerabilities
Cisco has released free software updates that address the vulnerabilities described in this advisory. Customers with service contracts that entitle them to regular software updates should obtain security fixes through their Updates Channel.
Google Chrome (Desktop) Multiple Security Vulnerabilities
Multiple vulnerabilities found with desktop version of Google Chrome prior to version 123.0.6312.86
Mozilla Firefox Desktop – Critical Security Vulnerabilities
An attacker was able to perform an out-of-bounds read or write on a JavaScript object by fooling range-based bounds check elimination. This vulnerability affects Firefox < 124.0.1.
Microsoft ODBC Driver Remote Code Execution Vulnerability (CVE-2024-26162)
An authenticated victim who is connected to the network must be tricked or persuaded to connect to a malicious SQL database using their SQL client application.
VMWare ESXi 7.0 and 8.0 Multiple Vulnerabilities
A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine’s VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox.
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability (CVE-2024-26192)
An attacker could host a specially crafted website designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website.
Critical Connectwise ScreenConnect Vulnerabilities (CVE-2024-1709 & CVE-2024-1708)
ConnectWise ScreenConnect 23.9.7 and prior are affected by an authentication bypass using an alternate path or channel vulnerability, which may allow an attacker direct access to confidential information or critical systems.