Firma I.T. Solutions - Penetration Testing

05/27/2026

05/21/2026

🚨 If your environment runs UniFi OS (UDM/UDR/Cloud Key/UNVR/UCG, etc.), today’s Security Advisory Bulletin 064 should be on your radar.

It outlines multiple high-impact vulnerabilities—several rated CVSS 10.0—spanning improper access control, path traversal, and command injection. Translation: a vulnerable controller/gateway can become an attacker’s front door.

Yes, patching is step one. (Most environments should be moving to UniFi OS 5.1.12 and the associated fixed releases.) Step two is the part most teams skip: prove nothing else is exposed—management interfaces, credentials, misconfigurations, legacy devices, and lateral paths inside the network.

That’s where a real pe*******on test pays off. It’s an independent, realistic simulation that shows what a motivated attacker can do before they do it—so your team can fix the right things, fast.

If you’re UniFi-heavy and want a rapid risk check + validation test, message me. I’ll tell you what we’d test, what you’ll learn, and how quickly you’ll have answers.

Contact Firma IT Solutions for a Pe*******on Test
- 303-209-0386

05/20/2026

🚨 1.8 MILLION PATIENTS. ONE HEALTH SYSTEM. ONE BREACH.

Let that sink in.

A recent NYC healthcare breach exposed:
✔ Medical records
✔ Social Security numbers
✔ Financial data
✔ Even fingerprints

And here’s the part that should concern every healthcare executive:

👉 The attackers were inside the network for months before being detected.
👉 The entry point? A third-party vendor.
👉 The data? Impossible to fully recover from once stolen.

This is no longer about if your organization will be targeted—it’s about how prepared you are when it happens.

In healthcare, your environment is uniquely complex:

- EHR systems
- Medical devices
- Legacy infrastructure
- Third-party integrations everywhere

That complexity is exactly where attackers thrive.

💡 A pe*******on test isn’t a compliance checkbox.
It’s a real-world simulation of how an attacker will actually move through your environment—before they do.

Here’s what most organizations miss:
- Unknown attack paths
- Privilege escalation risks
- Misconfigured access controls
- Vendor-induced exposure

And those gaps are where breaches are born.

I’ll say it plainly:

If you haven’t tested your defenses the way an attacker would… you don’t know your risk.

The NYC incident is a warning shot for the entire industry.

Not fear. Not hype. Just reality.

✅ Know your exposure
✅ Validate your controls
✅ Strengthen your resilience

Because in healthcare cybersecurity, trust is everything—and it only takes one breach to lose it.

05/11/2026

Thank you Denver7 for reaching out to me regarding the recent Canvas Cyberattack. It was great to meet the team and have you film my portion of this segment at the Denver Metro Chamber of Commerce.

This should be a warning to colleges and universities in Colorado and across the country to take these threats seriously.

This was a ransomware attack on a third party system but trust me, they are coming directly for the schools as well. This is a financial priority that requires your immediate attention before it is too late. Reach out to me for Pe*******on Testing while you still have time.

For the schools explicitly called out in this segment, I hope to hear from you. www.firmaitss.com - 303-209-0386

SEE THE FULL SEGMENT HERE - https://www.youtube.com/watch?v=mwKJJAOe4Wo

A cyberattack on the widely used Canvas learning platform disrupted students nationwide right around finals. Denver7 spoke with a cybersecurity expert who warns more are likely coming.

05/08/2026

The recent cyberattack against Canvas should be a wake-up call for every college and university in America.

Thousands of educational institutions were impacted after cybercriminal group ShinyHunters allegedly breached Instructure’s Canvas platform. Reports indicate possible exposure of student IDs, email addresses, faculty communications, and billions of messages.

But here’s what university leadership must understand:

Just because this started as a THIRD-PARTY breach does NOT mean your institution is safe.

Attackers are now looking for the next opportunity.

PowerSchool was breached. Now Canvas. Educational institutions are becoming prime targets because universities hold enormous amounts of valuable data:
• Research
• Financial records
• Student information
• Intellectual property
• Administrative systems
• Healthcare and medical research data

I’ve spoken directly with IT Directors and CISOs at higher learning institutions who told me pe*******on testing has not been treated as a financial priority by university leadership.

That mindset must change.

Cybersecurity is no longer just an IT issue. It is an operational, financial, and reputational risk to the entire institution.

A Pe*******on Test helps identify the weaknesses attackers are looking for BEFORE they exploit them.

The implications of the current Canvas cyberattack could become much worse if colleges and universities continue delaying proactive security testing.

Now is the time to act.

📞 303-209-0386
🌐 https://firmaitss.com/pe*******on-testing-statement-of-work/

04/22/2026

🚨 AI will compress attacker timelines from weeks → minutes.🚨

If you have been playing with the idea of getting a Pen Test, NOW IS THE TIME!

Most of your companies are not prepared for a cyberattack. Let us help you before it is too late.

Great leadership is protecting your organization from threats that you have been made aware of.

☎️ Give us a call - 303-209-0386
🌐 Request a Quote - https://firmaitss.com/pe*******on-testing-statement-of-work/

Firma IT Solutions
Proud member of the Denver Metro Chamber of CommerceDenver Metro Chamber of Commerce

04/14/2026

Your business is exposed. Right now!!

It doesn’t matter if you’re in Denver, Colorado Springs, Aurora—or anywhere else. Cybercriminals don’t care about your location, your size, or your industry. They care about one thing: your vulnerabilities.

And every environment has them.

Attackers are no longer just skilled hackers sitting behind keyboards. With AI, even low-level threat actors can launch highly sophisticated attacks—faster, cheaper, and more effectively than ever before. They only need one way in. Once they find it, they move fast.

Most companies don’t realize they’ve already been compromised until it’s too late.

This is why proactive action is critical.

Pe*******on Testing isn’t an “IT task.” It’s a leadership decision. Officers and boards must take responsibility for understanding the real risk to the organization. Your IT team—internal or outsourced—needs independent validation to ensure your defenses actually work under real-world attack conditions.

Trust your IT. But verify.

A Pen Test gives you exactly that:
• Real-world attack simulation
• Identified vulnerabilities before attackers find them
• Clear, actionable remediation steps
• Executive-level insight into your true risk posture

The threat landscape is accelerating. Waiting is a strategy—and it’s the wrong one.

Be proactive. Get ahead of it.

📞 303-209-0386
🌐 www.firmaitss.com

*******onTesting BusinessLeadership DenverBusiness ColoradoBusiness

04/13/2026

Your business is exposed. Right now!!

It doesn’t matter if you’re in Denver, Colorado Springs, Aurora—or anywhere else. Cybercriminals don’t care about your location, your size, or your industry. They care about one thing: your vulnerabilities.

And every environment has them.

Attackers are no longer just skilled hackers sitting behind keyboards. With AI, even low-level threat actors can launch highly sophisticated attacks—faster, cheaper, and more effectively than ever before. They only need one way in. Once they find it, they move fast.

Most companies don’t realize they’ve already been compromised until it’s too late.

This is why proactive action is critical.

Pe*******on Testing isn’t an “IT task.” It’s a leadership decision. Officers and boards must take responsibility for understanding the real risk to the organization. Your IT team—internal or outsourced—needs independent validation to ensure your defenses actually work under real-world attack conditions.

Trust your IT. But verify.

A Pen Test gives you exactly that:
• Real-world attack simulation
• Identified vulnerabilities before attackers find them
• Clear, actionable remediation steps
• Executive-level insight into your true risk posture

The threat landscape is accelerating. Waiting is a strategy—and it’s the wrong one.

Be proactive. Get ahead of it.

📞 303-209-0386
🌐 www.firmaitss.com

*******onTesting

04/03/2026

🚨 Cisco Got Hacked… So What Does That Mean for You? 🚨

If your business is running Cisco equipment, you need to pay attention—right now.

Cybercriminals now have what they need to potentially gain admin-level access to affected systems. Yes, Cisco is releasing patches… but here’s the uncomfortable truth:

👉 Patches only work if they’re actually installed.

And I can tell you from firsthand experience…

I’ve seen companies paying for outsourced IT support where critical patches haven’t been applied in YEARS.

Let that sink in.

Executives assume they’re protected.
They trust their IT team.
But behind the scenes… things are being missed.

I’m not here to tell you NOT to trust your IT.

👉 You SHOULD trust your IT.

But just like anything else that matters in business:

Trust… but VERIFY.

You run financial audits every year, right?
Why wouldn’t you do the same for your cybersecurity?

Because here’s the reality:

💥 There are vulnerabilities your IT team will never see.
💥 There are exposures already sitting in your environment.
💥 And when attackers find them first… it’s already too late.

At Firma IT Solutions, we simulate real-world cyberattacks against your company—safely, without disruption—to uncover what’s actually exploitable.

We will find what others miss.

📞 303-209-0386
🌐 www.firmaitss.com

Don’t wait until you’re the next headline.