Kraft Kennedy - Technology and Management Consulting
343 FOLLOWERS
Kraft Kennedy is a multidisciplinary consulting firm with expertise in technology and management consulting, technology strategies, application specialties, technology infrastructure, managed services and proactive support. Combining this knowledge, our focused teams are dedicated to meeting the needs of our clients.
Kraft Kennedy - Technology and Management Consulting
1M ago
The Lawyer’s Copilot
Imagine the advantage gained by a lawyer preparing for a case and having virtually instant access to the specific arguments used in similar cases and summaries of relevant laws? Consider the value of being able to ensure consistency across all documents. A tool designed to streamline workflow and increase productivity is gaining rapid adoption across law firms. Future focused organizations across the industry are leveraging Microsoft Copilot (a chatbot that was developed as a next iteration of the discontinued Cortana) to harness the power of AI.
According to a Redr ..read more
Kraft Kennedy - Technology and Management Consulting
2M ago
NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2023-6548 and CVE-2023-6549 Issue
Two vulnerabilities have been discovered in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway).
CVD-ID
Description
Pre-Requisites
CWE
CVSS
CVE-2023-6548
Authenticated (low privileged) remote code execution on Management Interface
Access to NSIP, CLIP or SNIP with management interface access
CWE-94
5.5
CVE-2023-6549
Denial of Service
Appliance must be configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
CWE-119
8.2 ..read more
Kraft Kennedy - Technology and Management Consulting
2M ago
Citrix Session Recording Security Bulletin for CVE-2023-6184 Issue
A vulnerability has been discovered in Citrix Session Recording, which, if exploited, may result in an authenticated user being able to perform an RCE.
CVD-ID
Description
Pre-Requisites
CWE
CVSS
CVE-2023-6184
An authenticated user can perform RCE
Attacker must possess admin privileges to the Session Recording server
CWE-913
5
Additional Information
The following supported versions of Citrix Session Recording are affected by the vulnerability:
Current Release (CR)
Citrix Virtual Apps and Desktops before 2311
Long Term ..read more
Kraft Kennedy - Technology and Management Consulting
2M ago
Citrix StoreFront Security Bulletin for CVE-2023-5914 Issue
A vulnerability has been discovered in Citrix StoreFront, which, if exploited, may result in a Cross-site scripting (XSS) attack.
CVD-ID
Description
Pre-Requisites
CWE
CVSS
CVE-2023-5914
Cross-site scripting (XSS)
Requires victim to access an attacker-controlled link in the browserr
CWE-79
5.4
Additional Information
Affected Versions:
The following supported versions of Citrix StoreFront are affected by the vulnerability:
Current Release (CR)
Citrix StoreFront before 2308.1
Citrix StoreFront before 2311
Long Term Service Rel ..read more
Kraft Kennedy - Technology and Management Consulting
2M ago
Breaking Up is Hard to Do: 5 Reasons Law Firms Change IT Providers
In the nonstop world of law firms, technology has become a business-critical component of operations. The depth and breadth of expertise required to deliver seamless, secure law firm technology has resulted in an industry wide shift to enlisting Managed Service Providers (MSPs) for IT Support. While outsourced IT Management is increasingly common, the client experience is not always popular; not all MSPs are created equal. It’s not uncommon to wish for a better technology experience (appreciation for time sensitive nature of th ..read more
Kraft Kennedy - Technology and Management Consulting
4M ago
NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2023-4966 (Citrix Bleed) Issue
Additional action is recommended to address CVE-2023-4966, which is being called Citrix Bleed.
Timeline
October 10, 2023 – Citrix posted a security bulletin regarding CVE-2023-4966 and CVE-2023-4967 affecting NetScaler ADC and NetScaler Gateway.
October 17, 2023 – Citrix updated the bulletin to indicate that exploits of CVE-2023-4966 on unmitigated appliances have been observed.
October 18, 2023 – CISA added an entry for CVE-2023-4966 to it’s Known Exploited Vulnerabilities (KEV) catalog.
October 23, 2 ..read more
Kraft Kennedy - Technology and Management Consulting
4M ago
Update to Microsoft Authenticator App
In the past few weeks, the Kraft Kennedy Support Team received numerus reports of the Microsoft Authenticator App failing to send Authentication requests. It turns out this is an intentional change on the part of Microsoft. For organizations using this form of Multi Factor Authentication, we’re sharing the instructions we are providing to users looking for the missing notifications. If you find yourself waiting for an Authentication request that doesn’t arrive, open the Microsoft Authenticator app on your phone to locate the sign-in.
Why ..read more
Kraft Kennedy - Technology and Management Consulting
5M ago
Issue
Multiple vulnerabilities have been discovered in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway).
CVD-ID
Description
Pre-Requisites
CWE
CVSS
CVE-2023-4966
Sensitive information disclosure
Appliance must be configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
CWE-119
9.4
CVE-2023-4967
Denial of service
Appliance must be configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
CWE-119
8.2
Additional Information
Affected Versions:
The following supported versi ..read more
Kraft Kennedy - Technology and Management Consulting
5M ago
Extended Security Updates (ESUs) for Windows Server 2012/R2 via Azure Arc
Windows Server 2012 and 2012R2 will reach End of Support on October 10, 2023. Ideally you’ll have all Win2012/R2 servers decommissioned, upgraded, or replaced by then, but if you find yourself in a situation where they have to remain running, and you need to ensure that the servers receive Extended Security Updates (ESUs), Azure Arc may be an easy option. Among other things, Azure Arc allows non-Azure VMs to be managed via the Azure portal.
3 steps for onboarding VMs and adding ESUs
Run a script to onboard non-Azure VMs ..read more
Kraft Kennedy - Technology and Management Consulting
7M ago
While AI platforms such as ChatGPT are transforming the way we communicate, learn, and do business, they also pose major security risks.
ChatGPT aggregates data from various sources and uses that data to learn and improve. When you enter something into ChatGPT, it becomes part of the global ChatGPT knowledge base. If you enter sensitive information such as client data or trade secrets into ChatGPT, that information becomes openly available to all other ChatGPT users. In short – ChatGPT is not confidential. This is clearly untenable for businesses.
At Kraft Kennedy, security is at the forefront ..read more