One of the world’s biggest security vendors had hidden backdoors in their products that would allow virtually anyone to take over the firewall.

Your firewall is the security appliance that is supposed to separate your internal, secure, network from the outside world. This bug/backdoor essentially lets anybody into your network that would like to be there.

This hits East Tennessee hard for 3 major reasons

  • One of the biggest IT firms in the area standardized on this vendor’s firewalls years ago, smaller IT shops followed
  • The security required by firms that do business with DOE and ORNL mean a lot of these firewalls are in place in and around Oak Ridge and Knoxville
  • One of the areas biggest retailers also standardized on these, with 100s believed to be in production

What you need to do — today!

If you’ve seen the images below in your office, server room or computer call your IT firm — TODAY — and ask them if they’ve updated it to a version that no longer contains these bugs. Most IT firms are notorious for patching firewalls slowly, so things don’t break. But being behind on these patches means you are already broken.

This is a really big deal

It allows anyone, anywhere to reset any user’s password on the firewall.

One of the world’s biggest video game companies has had two incredibly major bugs this month and it can kill your organization’s security if you don’t have the right policies in place.

Most organizations we bring on initially have a fuzzy line around what’s “work” equipment and what’s “personal,” and what can be used for what, the result is an insecure environment. On business machines, there is typically a security standard that is in place, a set of policies and procedures set by management and rules (set by IT) to keep the bad guys out and your confidential information inside. Personal machines typically have virtually none of this. security

If your organization allows business information on personal machines or personal use of business machines you’ve opened up the door to attackers. To use the video game example, this company doesn’t seem to count an entire category of bugs important enough to fix. If they sold to businesses, they would never get away with it. If you let your employees install this video game software on your computers, however, you just did. If you allow your employees to access your company information from their personal machines, you also just did.

It’s an easy fix: put in place a written policy that only allows access to confidential information from secured, company-owned machines.

BIG WARNING: Execs usually want to be exempted from these rules. They also typically have the MOST access to the most CONFIDENTIAL information. Then THEY become your biggest risk, and TARGET.

Policies are abstract and don’t often change. They are defined by specific procedures that change as your business changes (“our external IT partner will provide you with a work laptop from which you can access company information”) and enforced by technical rules (i.e., your MSP provider blocks access to company information from machines without your security policy in place).

Even if you can’t get all of your rules and procedures in place today, define and communicate your policies. The security of your organization depends on it, and your security is no less than your future.

Need help? Call us today: 865-240-2716.

Microsoft recently rolled out a new agreement for users of Microsoft 365. It appears that this is response to Europe’s GPDR regulations. For all 365 customers who purchase 365 through a reseller, the end customer is required to confirm through the reseller that they have accepted the new terms.

At JM Addington & Kairos, we haven’t seen anything in the new terms that we believe would be prohibitive to our customers.


However, if you have concerns about the new agreement we’d suggest you to consult your legal counsel.

You can find the updated terms at
https://docs.microsoft.com/en-us/partner-center/agreements