Connect with Ferrilli at the Great Lakes Users Group Conference, September 26, 2022, in Livonia, Michigan!
Stop by our booth to learn about our broad range of Ellucian Colleague consulting services. And don’t miss our live Data Security Essentials session in Room 205 at 1:15 pm ET, as Ferrilli’s Kelly Sinacola and Christopher Mallory share actionable advice on how to avoid the devastating effects of a cyberattack.
We look forward to seeing you there.
Attending the Mississippi Banner Users Group conference in Tupelo, Mississippi, on September 11-13, 2022?
If so, be sure to connect with Ferrilli’s Steven Terry and Ashleigh Mayer to learn how our expert team can help maximize your institution’s Ellucian Banner investment!
Our functional and technical Banner ERP consultants have been in your shoes – having used and managed Banner as on-campus technology leaders, admissions and enrollment directors, marketing specialists, financial aid directors, bursars, finance leaders, and more!
We’re committed. We care. We do whatever it takes. And we look forward to seeing you at MBUG!
Watch as Ferrilli’s Security, Cloud & Infrastructure team share expert advice on how to meet the requirements of the updated GLBA Safeguards Rule.
Haddonfield, NJ – We are excited to announce that Ferrilli has been named to the 2022 Inc. 5000 list of the fastest-growing privately held companies in America.
This is the 4th year that Ferrilli has been named to the prestigious list (2009, 2017, 2018 & 2022).
“Being named to the Inc. 5000 list is national recognition of our hard work as an organization. It is a testament to the talent and dedication of everyone at Ferrilli,” said Ferrilli CEO Robert Ferrilli. “I am incredibly proud of what we have accomplished.”
Continue reading “Ferrilli Named to 2022 Inc. 5000 List of Fastest-Growing Private Companies in America”Watch as Ferrilli Senior Consultant Erik Potzmann shares expert advice on Active Directory security protections.
Watch Ferrilli Senior Consultant Erik Potzmann share expert advice on optimizing your Microsoft 365 A5 licensing.
We’re excited to be an exhibiting sponsor at the NACUBO 2022 Annual Meeting, July 16-19, in Aurora, Colorado!
Stop by Booth 523 to take a shot on our state-of-the-art golf simulator and connect with Ferrilli’s Senior Vice President Carol Thomas, Chief Client Officer Marcia A. Daniel and Executive Vice President Steven Christian.
Our team of talented higher education technology caddies will be there to cheer you on … and, of course, answer any questions you have about maximizing your institution’s technology investment.
We look forward to connecting with you.
We’re excited to be a sponsor at Anthology Together 2022, July 11-14, in Orlando, Florida!
Stop by Booth 115 to connect with the Ferrilli team and learn how to maximize your technology investment. We want to hear about what’s going right, what needs improvement, and what you hope to accomplish going forward.
You can also attend a live session hosted by Ferrilli’s Anthology Services Director, Dan Mongeluzi, on Mastering Business Processes via Health Checks.
We look forward to seeing you at AT22!
Watch Ferrilli Financial Aid Consultants Amy Christen and Susan Kannenwischer share actionable tips to enhance aid office efficiency while short-staffed.
We’re excited to be attending the Technolutions Slate Summit in Nashville from June 16-17, 2022!
As a Slate Gold Preferred Partner, we empower admissions teams to get the most out of Slate.
Connect with Ferrilli’s Ashleigh Mayer, Kelly Sinacola, Dixie McNally, Joshua Flick, Bethann Corey, and Joshua Weiler at the summit to find out how.
We look forward to seeing you there!
We’re excited to be attending the 29th annual Community Colleges of Appalachia Conference this Sunday, June 5th, through June 7th, in Asheville, NC!
Connect with Ferrilli’s Robert Ferrilli, Marcia A. Daniel and Ashleigh Mayer during the event to learn about our tireless commitment to enhancing institutional effectiveness and enriching the student experience both in the region and across the country.
We look forward to seeing you there!
Attending the Arizona Community Colleges Technical Conference at Yavapai College, June 1-2, 2022?
Be sure to connect with us throughout the event. Ferrilli is committed to providing the services Arizona Community Colleges need to streamline operations, reduce costs and position students for success.
We look forward to seeing you there!
Check out Ferrilli Chief Client Officer Marcia A. Daniel’s latest article in the ACCT Trustee Quarterly: Diminishing the Cyber Threat: A conversation with cybersecurity legal expert Allen Sattler reveals key steps colleges must take to minimize the impact of breaches.
Thank you to Allen Sattler, Partner and Vice Chair of Data Privacy & Cybersecurity at Lewis Brisbois Bisgaard & Smith LLP, for contributing his knowledge and expertise to this timely piece on the steps colleges must take to minimize the impact of cyber attacks.
At Ferrilli, security is never secondary. If your institution has fallen victim to a cyber attack, please click here to receive 100 hours of complimentary security services.
UBUG 2022 attendees, make sure to stop by and see us during the conference on Friday, May 13th at Utah State University!
We’ll be standing by to address all your Banner-related questions. As an Ellucian Platinum Services Partner we have the knowledge and expertise to help your institution maximize its Ellucian Banner investment.
You can also check out our breakout session at 11am MT in Room 311, ‘A Cloud 360 Approach: Meeting the Demands of a Digital-First Era’ with Ferrilli Senior Vice President Carol Thomas.
We look forward to seeing you there!
We’re excited to be appearing at the Maryland Education Enterprise Consortium (MEEC) Member Conference and Vendor Showcase on Wednesday, April 27, at Martin’s West!
Stop by Booth 38 to learn how Ferrilli, as an official MEEC IT professional consulting services vendor, is uniquely positioned to help your institution maximize its technology investment.
We will also be hosting a live session during the conference:
Cloud 360: Addressing the Demands of Cloud Service Delivery
Session Time: 1:30 – 2:20 pm ET
Session Location: Camelia
We look forward to connecting with you!
We’re excited to be a sponsor at the Salesforce.org Education Summit 2022, starting April 20th!
As a Salesforce Consulting Partner, we are here to help institutions grow enrollment, improve retention, support fundraising and advancement, and foster productive relationships with constituents both on and off campus.
Click here to access the virtual conference and connect with us.
By: Armando D’Onorio (CISSP, GSLC, GCCC), Ferrilli’s Chief Information Security Officer & Senior Consultant
We’re alerting our higher education community to act quickly and patch the latest vulnerabilities from Google and Microsoft:
Note: While our focus is on getting the academic systems updated, please remind your faculty, staff, and students to patch their personal devices.
More info about the vulnerabilities:
Google Chrome
Microsoft RDP: CVSS:3.1 9.8 / 8.5
What Version Should You Be on Google Chrome?
The latest fix will bring Chrome to version 100.0.4896.127 across Windows, Linux, and Mac platforms. Remind your users to close their browsers so the Chrome updates will be applied in the coming days and weeks, as Chrome automatically installs the latest patch when the browser is closed and relaunched.
If you have any questions or need assistance, please click here.
We’re going for the green at Ellucian Live 2022!
Stop by Booth 501 on Sunday, April 10th – Tuesday, April 12th, to play Ferrilli’s $50,000, hole-in-one challenge!
We’ll also be raffling off a once-in-a-lifetime trip to the beautiful Pebble Beach Resorts, located between picturesque Monterey and Carmel, California.
Our team of talented higher education technology experts will be there to cheer you on … and, of course, answer any questions you have about optimizing your institution’s Ellucian technology.
You do not want to miss this! Just look for the massive, state-of-the-art golf simulator and come over to take your shot!
Ferrilli Live Sessions at eLive 2022!
We’re excited to be presenting three live sessions at Ellucian Live 2022:
Solution Showcase Demo: Ferrilli’s Automated Degree & Certificate Evaluator for Colleague
Monday, April 11th – 2:30 PM – 2:45 PM (MDT)
Lead Presenter: Kelly Sinacola, Executive Vice President, Ferrilli
Go Serverless and Take Off to the Cloud with Ferrilli, Ellucian, and AWS
Tuesday, April 12 – 3:45 – 4:30 PM (MDT)
Lead Presenter: Robert Ferrilli, CEO, Ferrilli
Rethinking Student Affairs Roles: Dynamic Technology and Student Populations
Wednesday, April 13 – 9:00 – 9:45 AM (MDT)
Lead Presenter: Kathryn Starkey, Associate Dean of Adult Learning, Colorado State University Pueblo
Co-Presenters: Linda Bloom, Senior Consultant, Ferrilli & Carol Larson, Registrar, Colorado State University Pueblo
We’re following up from our Russian Cyber Activity webinar earlier this month to provide our higher education community with the latest updates and advice on the Russian cyber threat:
The U.S. Government has called the current moment “critical” in working towards enhancing its cybersecurity defenses and believes the threat of cyberattack from Russia is looming against the United States.
Government officials stated this reinforces the urgent need for all organizations, large and small, and even individuals to act now to protect themselves against malicious cyber activity.
The following information can help you be prepared:
Report anomalous cyber activity and/or cyber incidents as soon as possible!
The CISA is working closely with federal and industry partners to monitor the threat environment 24/7 and they stand ready to help organizations respond to and recover from cyberattacks.
Visit CISA.gov/Shields-Up for information on how to protect your network(s) and how to report anomalous cyber activity and/or incidents. When cyber activity/incidents are reported quickly, it can contribute to stopping further attacks.
What Can Be Done?
Cybersecurity advice to share with co-workers, family and friends
Thank you and please stay safe!
With the passage of the Fiscal Year 2022 Federal budget on March 15, 2022, new Pell entitlement figures have been approved, increasing the maximum Pell grant award $400, to $6,895 for the 2022-23 award year.
While this increase is beneficial for students, it will also require action for Financial Aid Offices that have already begun packaging students for the upcoming year.
Impacts for Previously Award Students
The increase to the maximum Pell grant award may have several impacts to the aid packages of students who have previously been awarded for the 2022-23 award year.
How to Prepare for Updating Student Pell Awards and Award Packages
There are several steps Financial Aid Offices can take to prepare to implement these changes in their SIS/ERP systems and repackage previously awarded students.
Please don’t hesitate to contact us if you require assistance updating student Pell awards and award packages. We’re here to help!
Our emergency webinar addressed the rise in Russian-Ukraine themed threats and cyber-attack activity. This webinar helps institutions “Know What Their Attackers Know,” and position themselves for defense.
We’re excited to be a Diamond Sponsor at the 2022 CISOA Technology Summit in Ontario, CA, March 20-23, 2022!
Stop by Booth 301 & 302 to learn how Ferrilli can help your institution maximize its technology investment.
And don’t forget to check out our live session on Monday, March 21st from 11:15 a.m. to 12:15 p.m. PT: Learn about SJECCD’s Cloud Experience with Ferrilli, Ellucian, & AWS with San Jose Evergreen Community College District’s Director of Enterprise Applications Sergio Oklander.
We look forward to connecting with you!
We’re excited to be a sponsor at the 2022 NERCOMP Annual Conference in Providence, Rhode Island, March 14-16!
Stop by Booth 402 throughout the event to connect with our knowledgeable higher education technology experts and learn about the special benefits we offer to NERCOMP members.
And be sure to check out our live session on Tuesday, March 15th from 8:30-9:15am (ET) in Room 553: A Different Approach – How One College Took its IT Services to the Next Level.
We look forward to seeing you at the conference and sharing how Ferrilli can help your institution maximize its technology investment!
To learn more about our services and the special benefits we offer to NERCOMP members, please visit our vendor page on the NERCOMP website.
By: Armando D’Onorio (CISSP, GSLC, GCCC), Ferrilli’s Chief Information Security Officer & Senior Consultant
Higher education institutions should be more on guard than ever for cyber attacks. Due to the current political climate, we are seeing an increase in attacks, especially attacks originating from Russia.
In the past week, our security team has seen two Russian attacks on U.S. institutions; as well as two other institutions hit hard by phishing schemes.
We will be holding an emergency webinar on Thursday, March 17th, 2022, to discuss the threat and provide action steps for protection. Stay tuned for more details. And please stay safe!
By: Armando D’Onorio (CISSP, GSLC, GCCC), Ferrilli’s Chief Information Security Officer & Senior Consultant
As the U.S. imposes sanctions on Russia for its ongoing aggression with Ukraine; security experts at the Wall Street Journal’s virtual CIO Network Summit this week recommended that the U.S. should prepare for possible cyber retaliation.
Recommendations and Awareness
Recommendations that came from the Summit included locking accounts after two or three failed login attempts and being aware that the Russian operatives could be using password spraying attacks; recycling passwords from past password data dumps; and may likely be using artificial intelligence to access networks.
Russia has been known to use hybrid warfare strategies and utilize cyberattacks against their adversaries. Professionals who monitor cyber threats, both for governments and corporations, are concerned that the worst is yet to come, in the form of both direct attacks by Russia and collateral damage from their cyber attacks.
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has issued a warning to U.S. business that says they should be prepared to defend against cyber attacks originating from Russia. “Every organization—large and small—must be prepared to respond to disruptive cyber activity.”
Russian Hackers began at least as early as January targeting Ukraine with “wiper” malware which is designed to destroy hard drive data by wiping their contents completely. Professionals who monitor cyber threats, both for governments and corporations, are on high alert because Russia has a history of unleashing cyberweapons that wreak havoc far beyond the computers and networks that were their original targets.
What Can You Do to Protect Your Student and Employee Data?
The House Armed Services Committee recommends institutions be testing procedures for backups and restoring data, enabling multifactor authentication on devices connected to their networks, and ensuring software is up to date on patching to protect their networks from known vulnerabilities.
Here are Some Additional Mitigating Tips and Helpful Layers of Defense
Attending ACE 2022 this weekend (March 5-7, 2022) in San Diego?
If so, be sure to stop by our booth to learn how Ferrilli can help unlock your technology’s true potential.
We look forward to connecting with you!
By: Armando D’Onorio (CISSP, GSLC, GCCC), Ferrilli’s Chief Information Security Officer & Senior Consultant
VMware is urging customers to patch bugs in ESXi, Workstation, Fusion and Cloud Foundation running in on-premises or co-located settings.
The ramifications of the combined vulnerabilities are serious, especially if attackers have access to workloads inside your environments.
The patches fix a total of five (5) CVEs in those products that were disclosed during the Tianfu Cup, a Chinese security event that VMware participates in.
We’re increasing awareness for our higher education community
Knowing that most academic institutions have increased their use of VMware to help with the increase of remote work and labs from home for their employees and students.
Ferrilli is increasing the awareness and recommending that institutions pay extra close attention to failed VMware patches on their systems. Double-check that all systems have been properly patched (servers, workstations, and laptops).
**Remind all your users to patch their personal devices.**
More info about the vulnerabilities
The VMware vulnerabilities include use-after-free (UAF) bugs, double-fetch, unauthorized access, and denial of service bugs. While the individual bugs don’t reach the critical level, VMware says the combined bugs should be treated as such because they can be combined to result in higher severity.
For more information on workarounds and patching these vulnerabilities, read VMware’s advisory and the company’s associated blog.
If you have any questions or need assistance, please click here to get help.
By: Armando D’Onorio (CISSP, GSLC, GCCC), Ferrilli’s Chief Information Security Officer & Senior Consultant
Google has released a NEW update for the Chrome browser for Windows, Mac, and Linux, to fix a high-severity, zero-day vulnerability used by threat actors in attacks.
“Google is aware of reports that an exploit for CVE-2022-0609 exists in the wild.”
It is it strongly recommended that everyone install yesterday’s (2/15/2022) Google Chrome update as soon as possible.
We’re increasing awareness for our higher education community
Ferrilli is recommending that academic institutions pay close attention to failed patches on their systems and double-check that all systems have been patched (workstations, laptops, and servers). Please remind your faculty, staff, and students to patch their personal devices.
More info about the vulnerability
This is the first Chrome zero-day fix for this year . This vulnerability was discovered by Google’s Threat Analysis Group. While Google said they have detected attacks exploiting this zero-day, it did not share any additional info regarding these incidents or technical details about the vulnerability.
Very few details of the security flaw have been revealed but UAF vulnerabilities typically facilitate attacks such as arbitrary code execution and data corruption in unpatched software and can lead to the takeover of a victim’s machine.
The zero-day, tracked as CVE-2022-0609 is carrying a CVSSv3 score of 9.8/10.
What Version Should You Be On?
The latest stable build (98.0.4758.102) for Windows, Mac, and Linux brings with it a total of 11 security fixes, with many of the highest-severity flaws relating to use after free (UAF) vulnerabilities.
If you have any questions or need assistance, please click here to get help.
By: Armando D’Onorio (CISSP, GSLC, GCCC), Ferrilli’s Chief Information Security Officer & Senior Consultant
A zero-click attack surface for the popular video conferencing solution Zoom has yielded two security vulnerabilities that could have been exploited to crash the service, execute malicious code, and even leak arbitrary areas of its memory.
The weaknesses have been addressed by Zoom as part of their updates. Failure to patch all your systems could provide the needed pivot-point for threat actors to gain access into your network environment.
We’re increasing awareness for our higher education community:
Ferrilli is recommending that academic institutions pay close attention to failed patches on their systems and double-check that all systems have been patched (workstations, laptops, and multimedia router (MMR) servers). Also, remind your faculty, staff, and students to patch their personal devices.
More info about the vulnerabilities:
A zero-click attack against the Windows Zoom client was revealed at Pwn2Own (a security event designed to identify and flag vulnerabilities before they’re exploited by threat actors) showing that it does indeed have a fully remote attack surface. This resulted in two vulnerabilities being reported to Zoom. One was a buffer overflow that affected both Zoom clients and MMR servers, and one was an info leak that is only useful to attackers on MMR servers.
Here are the CVE numbers associated with the two flaws that were identified:
Goal of a zero-click attack:
For threat actors to stealthily gain control over the victim’s device without requiring any kind of interaction from the user (such as clicking on a link). A key trait of zero-click hacks is their ability not to leave behind traces of malicious activity, making them very difficult to detect.
If you have any questions or need assistance, please click here.
By: Armando D’Onorio (CISSP, GSLC, GCCC), Ferrilli’s Chief Information Security Officer & Senior Consultant
We’re alerting our higher education technology community that yesterday’s (1/11/2022) Microsoft Patch Tuesday released critical security updates for Exchange and Windows OS that addresses several serious security vulnerabilities.
In the updates there are fixes for 97 total vulnerabilities, 9 of these are remote code exploits (RCE), 6 of them are classed as Zero-Day, and 1 of them is Wormable.
A wormable exploit means that it could self-propagate through a network with no user interaction. This vulnerability exploits how the OS processes unauthenticated HTTP traffic and carries a severity rating of 9.8 on a scale of 10. Windows Server 2019 and 2022, plus Windows 10 and 11 are affected.
Microsoft suggests patching all affected Windows versions as soon as possible, publicly facing servers with open HTTP and HTTPS ports are the most critical. The security updates for Exchange affect 2013, 2016, and 2019 and this includes hybrid servers for Office 365.
The update has only been released for the latest Cumulative Update (CU) for Exchange Server 2013 (CU23), and the last two CUs for 2016 (CU21 and CU22) and 2019 (CU10 and CU11). This means you will need to patch to one of these CUs before being able to apply this security update.
If you have any questions or need assistance, please click here.
For your reference, click here to read the Microsoft Exchange Team posted a blog about the update and patch process.
