August 2017 News and Updates

Cyber Tech Cafe

Updates

Executive Summary – In addition to the normal Microsoft, Adobe and Oracle / Java updates, Google released an update to patch 10 critical bugs in the Android operating system and Mozilla released an update to patch 29 vulnerabilities in Firefox including making Adobe Flash objects Click-To-Enable.  The excitement from WannaCry and Petya / Not-Petya seems to be calming down but it looks like the Mamba ransomware (gained fame in the end of 2016 by taking the San Francisco transit system offline) seems to be making a comeback.  It only seems to be impacting Saudi Arabia and Brazil at the moment but it would be wise for blue teams to take note and make sure that you’re ready (Are you all patched up?  Network segmented to minimize the damage of a successful attack?  Backups?).

MicrosoftMicrosoft – Microsoft released a total of 48 patches today with 25 rated critical and 27 of the updates addressed remote code execution vulnerabilities.  In addition to the usual suspects (Windows, Internet Explorer, Edge, Office, Windows Scripting Engine, etc.), there were updates released this month for a number of interesting components including the Windows Subsystem for Linux, Windows Search (which can be attacked via unauthenticated SMB but *is not* related to the recent SMB vulnerabilities that led to the WannaCry and Petya attacks) and the Windows IME (Input Method Editor).

Microsoft releases regular updates the second Tuesday of each month, often referred to as ‘Patch Tuesday’. These updates are categorized as Low, Moderate, Important or Critical. Details on the categories are available here. The updates can include any supported Microsoft product from Windows to Office to Internet Explorer and server products like Exchange and SQL Server. If you have one or more of these products installed, especially if the update is listed as Important or Critcial, it’s important that the updates are installed.

Additional details are available ThreatPost and SANS.

AdobeAdobe – Adobe released four updates this month (APSB17-23, APSB17-24, APSB17-26 and APSB17-27, no information on what happened to APSB17-25).  The updates addressed issues in Adobe Flash Player (critical, all platforms), Adobe Acrobat and Reader (critical, Windows and Macintosh), Adobe Experience Manager (important / moderate, all platforms) and Adobe Digital Editions (critical / important, all platforms).

Like Microsoft, Adobe now releases updates to their products on the second Tuesday of each month. Adobe will also release ‘out of band’ updates if necessary to address critical vulnerabilities in their products. Adobe products include Adobe Reader (for viewing PDF files), Adobe Flash Player (often used to watch videos, for interactive content like games, etc.), Adobe Shockwave and the Adobe Creative Suite (Photoshop, Illustrator, Acrobat, Lightroom, etc.).

Additional details are available from Adobe Here including links to download the update(s) and instructions for installation.

JavaJava / Oracle – The latest update for Java is version 8 Update 144, released on 26 July 2017.

Java is a tool that’s widely used by banks, online service providers and even security companies for SSL VPN connections. Java’s ‘official’ release cycle is approximately quarterly but Java updates have been ‘fast and furious’ in recent months. It’s worth noting again that, if you don’t absolutely need Java on your computer, it’s not a bad idea to remove it altogether.

Additional details are available from Oracle here.

Piratica

Security News, Sponsored by Piratica – Offensive security can be a difficult concept for many traditional organizations to understand.  In most cases, the concept of risk is a relatively easy concept to understand and doing things like having gates and locks for access control, locked file cabinets to secure sensitive records and cameras or security guards is commonplace.  Identifying these vulnerabilities (unlocked doors, etc.) is relatively easy and the mitigation (lock the doors, etc.) is usually equally easy.  They’re physical.  When it comes to identifying vulnerabilities and threats in the digital world though and then quantifying the risk that that combination of threats and vulnerabilities pose to an organization, it’s not quite so easy.  We can’t see or touch a SQL Injection vulnerability but, if an attacker finds one on our website and is able to use it to download PII or ePHI, it becomes very real.  We can’t see a remote code execution vulnerability in the file server that was accidentally exposed to the Internet but, if an attacker spots it and uses it to encrypt all of our data, that too becomes very real.  Recent events (WannaCry and Petya specifically) have helped to bring the importance of offensive security to light (and into the C-Suite) but there’s still a way to go.

Piratica is a risk management firm and we work with client organizations to help them identify and understand the risks to their organizations from cyber criminals.. We believe that the first step in any solution is to correctly and completely identify the problem. Additional information is available on our website, Facebook and Twitter or via our free weekly email newsletter (signup available on our website here).

These updates will be automatically reviewed, approved and installed for MyIT Customers. If you would like more information about the Cyber Tech Cafe MyIT services for your business, please let us know. The Cyber Tech Cafe MyIT services are availalbe in three different levels (Bronze, Silver and Gold) and can provide updates only (Bronze), updates and proactive network auditing and monitoring (Silver) or updates, proactive auditing and monitoring and up to 10 hours of priority support at a significantly discounted rate (Gold). Pricing is based on the number of physical locations, servers and workstations that you have.