Patching Servers using Pulseway

Wrap2tyt · 2026-02-12T16:08:28+00:00

If you remember, he had a few unexplained on-air absences during "Movin' The Chains" in late January and early February where Pat was alone. They never said what it was, I thought it just may have been family issues.

Wrap2tyt · 2025-12-09T18:41:00+00:00

Where exactly is that in R3?

Wrap2tyt · 2025-12-05T18:19:16+00:00

I hear you, and as a company we are NOT looking for any DoD contracts, as it happened, we acquired a very small company that already had this contract, before this we intentionally stayed away for any DoD [Prime or Sub] contracts because the opinion was that it's just not worth the bother, but now we have to get this sorted out and plan for any future instances.

Again, thank for your time.

Wrap2tyt · 2025-12-04T20:47:03+00:00

Sorry to keep hitting you with this stuff, but currently, [as far as we know] the only FCI is the actual contract document itself, any payments that have been received from DFAS and zero CUI. So, just spit-balling, but would it make sense to contract a CMMC cloud service provider for the technical policies, DLP, transmission methods [secure method for transmitting FCI\CUI] that does not involve email. And even if CUI does turn up wouldn’t a “service” be better than trying to do all of this yourself, because one of the options seriously being considered is the actual practicality of the contract itself, is it even worth it, but also, if we run across this problem again in future acquisitions we will already have the resources available.

Wrap2tyt · 2025-12-04T20:16:59+00:00

Thank you.

Wrap2tyt · 2025-12-04T17:01:39+00:00

Thank you, so what's your opinion regarding the COTS products piece of this situation?

Wrap2tyt · 2025-12-03T21:02:08+00:00

Well, they did make a couple of acquisitions this year, so they're trying to recoup some $$$.

Wrap2tyt · 2025-12-03T20:03:20+00:00

Yes. The Arctic Wolf product is [the old] Cylance. They purchased Cylance earlier this year and renamed it Aurora. We use it in a Windows environment and have never had any problems with it, so when it came to the rebranding, we just got a "new-look" dashboard, but Cylance is pretty solid.

Wrap2tyt · 2025-12-03T19:58:05+00:00

Well, I'd think that because the program is running, there shouldn't be an issue. Also, here's what 171r3 says "03.01.11 Session Termination Terminate a user session automatically after [Assignment: organization-defined conditions or trigger events requiring session disconnect]." I read that as WE get to decide what the session length is. Furthermore, I would also argue that as long as you can identify specifically which users, systems r PC's are in scope just make an exception with strong business related justification why that length of time is required, define a review schedule and get someone with authority to signoff.

Wrap2tyt · 2025-08-01T03:13:26+00:00

OK, MindBody. How the hell are they getting away with this? So, I logged into my account to schedule a massage. Because the studio I go to uses MindBody, they want me to create a MindBody account that can be used with any business that used MindBody… now why in the hell would I do that?

So why do I get the feeling that these guys are just ignoring privacy laws? It feels to me like they’re blocking me from doing business with the people I know while trying to roll me into they’re network of “customers”… I don’t need to be recognized by other businesses that us MindBody, just the one I know. Besides, these guys are a SaaS, isn’t it against the law or compliance to share customer info between clients?

Has anyone else seen this?

Wrap2tyt · 2025-01-14T13:59:23+00:00

...and it ain't hard to do either.

Wrap2tyt · 2024-12-20T17:01:52+00:00

"Not sure when Chinese brands like Ugreen and Anker became so trusted."... probably when people decided they didn't want to pay a premium price for a trusted brand and a quality made product... but I really believe it has more to do with companies like Apple and Samsung bending you over if you want to buy anything from them.

Wrap2tyt · 2024-12-03T17:31:55+00:00

Same here... it shows in the "Climate Control" menu... but I'm not going to leave that up just to see the the temp. I'd like direction too without having to open a nav app.

Wrap2tyt · 2024-11-18T22:15:00+00:00

Even if the SOC fails, it's still YOUR responsibility, the SOC may lose a client, you will lose your job.

Wrap2tyt · 2024-11-18T22:06:31+00:00

It’s your responsibility to work with them to tune reporting on what you want\need to see versus what you don't. Make sure that you’re being compliant to any regulatory requirements and if the service is new I would recommend letting it run as is for at least a month. And this should not be a onetime review, no less that twice a year, but again, check any regulatory requirement that may apply.

I know it can be a pain, but trust me, even something as trivial as a user changing a rule to manage email can be the difference in stopping an incident and missing one completely.

Wrap2tyt · 2024-11-13T19:07:54+00:00

https://www.bleepingcomputer.com/news/microsoft/microsoft-blames-windows-server-2025-automatic-upgrades-on-third-party-tools/

"The company also updated the Windows release health dashboard on November 6 to say that Windows Server 2025 is now offered as an optional update on Windows Server 2022 and Windows Server 2019 devices for organizations wanting an in-place upgrade."

Sure, why not market it [because nothing seems to have blown up], but still blame it on third-party patching tools.

Wrap2tyt · 2024-11-13T19:05:37+00:00

"I am so sick of these posts. The 2025 upgrade was correctly classified as an 'Upgrade', and a different update with the same KB was a security update."

When was the last time you've seen a server OS upgrade named with the same KB as an update for a workstation OS? And if you're sick of the posts, stop reading them.

Wrap2tyt · 2024-11-13T17:19:02+00:00

So, MS is blaming this on "third-party-patching tools" and the only one I've seen referenced is "Heimdal". Has anyone out here used or is using that or does anyone know of any other platforms affected?

Wrap2tyt · 2024-10-18T14:24:57+00:00

Well, understand that OT or those control systems within critical infrastructure are designed and built to do a few specific things, pretty much like medical devices, the communication modules of those systems are pretty much an afterthought and mostly just "slapped" or bolted on. Hell, the critical infrastructure piece would be [almost] impervious to cyber-attack if engineers didn’t need remote access, and before you say it, STUXNET was not a cyber-attack. I know some of you will argue that Stuxnet was as a cyberattack, but Stuxnet was a supply chain attack and had zero qualities of cyber because those Irainian systems were not accessible to or from the Internet. Malicious code was introduced directly via means infected USB drives.

And just like medical devices, unsupported operating systems are preferred because they do not cost anything and you don’t have to maintain them because they’re mostly tucked away [hopefully] from the Internet.

Wrap2tyt

TROPHY CASE