February 2015 News and Updates

17Feb 2015 by nathan

Cyber Tech Cafe

Like us on Facebook

What’s New

  • Facebook Campaign – Thanks to all of you guys, we have passed the 500 mark on our Facebook page and are using it to quickly get information out on things like out-of-band updates (like the 3 from Adobe) and general IT and security related topics (like the declaration of war by Anonymous on ISIS).  You can find us on Facebook here.
  • 2015 Focus on Security – I noted in the January 2015 newsletter that we would be renewing our focus on security in 2015 and thought it proper that the first item in the 2015 newsletter gave more detail on the plans.   
    • Better Communication – We are going to make better use of our website, newsletter and Facebook Page to keep you better informed.  
      • We will publish important but low-priority / non-urgent stories to the website and link to them on the Facebook page.  
      • We will post important  / urgent stories to the website and newsletter and link to them on the Facebook page.  
      • We will continue posting informational stories and news to the Facebook page.  
      • In addition to the monthly news and updates email, we also plan to post (roughly) one short story or case study per month (more on that below).
    • Short Stories and Case Studies – Episode Two took a bit of an unexpected turn but I hope to have it out before the end of February.  If you haven’t already though, take a moment to check out Episode One and get up-to-speed on Myles and Ian.  
    • Focus on Proactive Security – As the threat landscape and cyber criminals evolve, security countermeasures must evolve as well.  We are working with a number of test clients now on a number of proactive and more aggressive security products and services and hope to extend the test base in the second quarter of this year.  If your company is a HIPAA covered entity or is required to be PCI-DSS compliant and would be interested in participating, please reply to this email and let us know. 
  • New, shorter domain Name – At long last, we have a new, shorter and easier to remember (and spell) domain name.  Our old domain name (cybertechcafe.net) and all of the email addresses on that domain will continue to work but, effective immediately we also have the ctc.co (note, it’s not ctc.com but ctc.co, 5 letters).  You can continue to reach us at www.cybertechcafe.net or support@cybertechcafe.net but, now, you can also simply go to www.ctc.co or help@ctc.co and get us there as well.     

 

Updates

Executive Summary – There were updates from Microsoft, Adobe and Oracle (Java) this month, including some pretty interesting ones from Microsoft and at least two out-of-band updates from Adobe for Flash Player.  Rapid7 did an excellent write-up on the updates from Microsoft and, the thing to really look at from Adobe is the fact that the vulnerabilities were released almost immediately after the regular updates were released. This is a good indicator that they would be exploited for profit almost immediately, which ended up being the case.  Flash Player is used a lot for video and multimedia content for everything from YouTube to ad banners across many popular websites.  We’re also seeing attackers string together multiple vulnerabilities in multiple products to create some very effective attacks.  One that we noted on the Facebook page earlier was combining vulnerabilties in Internet Explorer and Adobe Flash Player in an attack that was launched from the Forbes website (details here).  The attack was targeted against defense contractors and financial institutions but could easily have targeted every visitor to the site.

 

MicrosoftMicrosoft – Microsoft released 9 bulletins in February (MS15-009 through MS15-017).  Three of the bulletins addressed critical vulnerabilities in Window and Internet Explorer that could lead to a remote attacker running programs on your computer without your knowledge (remote code execution).  The remaining 6 bulletins were rated as Important and addressed vulnerabilities that could lead to a range of attacks from Information Disclosure all the way to Remote Code Execution.  Two of the bulletins, MS15-009 and MS15-014 got the attention of the team over at Rapid7 in this article.  Definitely worth a read but one thing that I noted (that I didn’t see mentioned in the article) had to do with remote employees.  A successful exploit here means that an attacker is already ‘in’ (has knowledge of the landscape [knows the UNC paths], already has a MiTM and has write access to that UNC path or has the ability to spoof that path to the victim) and is now moving through the network.  

Microsoft releases regular updates the second Tuesday of each month, often referred to as ‘Patch Tuesday’.  These updates are catagorized as Low, Moderate, Important or Critical.  Details on the categories are available here.  The updates can include any supported Microsoft product from Windows to Office to Internet Explorer and server products like Exchange and SQL Server.  If you have one or more of these products installed, especially if the update is listed as Important or Critial, it’s important that the updates are installed.

Additional details are available Microsoft Here.

 

AdobeAdobe – Adobe got beat up pretty bad this month.  After the January updates, there have been multiple out-of-band updates addressing critical vulnerabilities that have been actively exploited in the wild almost since the January updates.  The English translation here, if you just update the day after Patch Tuesday and don’t pay attention to updates until the next Patch Tuesday, if you had Adobe Flash Player installed on your network, you likely got hit.  We have seen a spike in virus and other malware infections across the spectrum from residential, commercial and enterprise clients.  Very soon after the vulnerabilities were made public, we saw antivirus vendors (specifically ESET, since that’s the one that we use and the one that we see the most) flagging the attempted infections pretty quick, but those without the updates and without up-to-date antivirus got hit.  

Like Microsoft, Adobe now releases updates to their products on the second Tuesday of each month.  Adobe will also release ‘out of band’ updates if necessary to address critical vulnerabilities in their products.  Adobe products include Adobe Reader (for viewing PDF files), Adobe Flash Player (often used to watch videos, for interactive content like games, etc.), Adobe Shockwave and the Adobe Creative Suite (Photoshop, Illustrator, Acrobat, Lightroom, etc.).

Additional details are available from Adobe Here including links to download the update(s) and instructions for installation.

 

JavaJava – The most up-to-date release version of Java, as of the time of this newsletter, is still Java 8 update 31.  We’ve noticed that the Java installer / updater doesn’t consistently remove previous versions of Java (including Java 7 and even Java 6).  That said, even if you have the most up-to-date version [of Java] installed, it’s possible that you still have an older version installed as well.  In Windows, you can check this by going to Add / Remove Programs and looking for older versions.

Java is a tool that’s widely used by banks, online service providers and even security companies for SSL VPN connections.  Java’s ‘official’ release cycle is approximately quarterly but Java updates have been ‘fast and furious’ in recent months.  It’s worth noting again that, if you don’t absolutely need Java on your computer, it’s not a bad idea to remove it altogether.

Additional details are available from Oracle here.

 

These updates will be automatically reviewed, approved and installed for MyIT Customers.  If you would like more information about the Cyber Tech Cafe MyIT services for your business, please let us know.  The Cyber Tech Cafe MyIT services are availalbe in three different levels (Bronze, Silver and Gold) and can provide updates only (Bronze), updates and proactive network auditing and monitoring (Silver) or updates, proactive auditing and monitoring and up to 10 hours of priority support at a significantly discounted rate (Gold).  Pricing is based on the number of physical locations, servers and workstations that you have.