April 2018 News and Updates

Cyber Tech Cafe

Executive Summary – There were significant updates from Microsoft and Adobe this month as long as a minor update to Java.  The most interesting updates that I’ve seen thus far address a vulnerability in the Windows Font Library (CVE-2018-1010, -1012, -1013, -1015, -1016).  These could be exploited remotely by an attacker via social engineering attack (phishing, etc.) to get access as the logged-on user and then chained together with a privilege escalation vulnerability (like CVE 2018-1034) to gain administrative or system level access.
  • Managed Firewall Services – We are considering offering a managed firewall solution and are looking for 3 to 5 clients that would be interested in helping us to pilot the program.  Test sites would need to have a minimum of 5 workstations and a maximum of 10 with no more than 2 servers.  Test sites would receive a managed firewall and regular reports on activity from the firewall for a discounted monthly price.  If you would like more information or would like to be considered for the trial, please let us know.
  • DC770 – Cyber Tech Cafe is a proud supporter and co-sponsor of the DC770 DEF CON group that meets monthly at 7:00pm ET at Jefferson’s restaurant in Cartersville on the first Tuesday of each month.  More information is available at https://dc770.org .
  • City of Atlanta breachLessons Learned – On 22 March 2018, we learned that the City of Atlanta had fallen victim to a ransomware attack, likely the SamSam worm, that crippled the city for approximately nine days.  This is unfortunate for the City of Atlanta but is an excellent opportunity to review (or develop) your organizations Incident Response Plan.  Much of the important work to be done in an incident response plan is in the preparation phase, before there’s a security incident.  All too often though, organizations fail to consider incident response until there’s already been an incident and are caught with an unclear picture of their organization (what do we have, what has changed), insufficient (or no) disaster recovery, no plan for communications, no plan for handling the media;  what is a bad situation is made worse because everyone’s operating in a fog.  Do you have a plan and, if so, does that plan address [at least] the CIS Top 20 Security Controls?
  • MyIT Monitoring Only – We are excited to announce a new addition to the MyIT Services, MyIT Overwatch.  As many of you know, the MyIT Services typically include monthly updates only (MyIT Bronze), monthly updates plus proactive monitoring (MyIT Silver) and monthly updates, proactive monitoring and 10 hours of support at a heavily discounted rate (MyIT Gold).  We have a number of clients with internal patch management processes in place but they would still like to have a second set of eyes keeping watch over critical systems.  If you would like more information on the Network Ninja or the MyIT program, let us know.

MicrosoftMicrosoft – Microsoft patched 66 different vulnerabilities in the April 2018 updates, including 24 rated as critical and 42 rated as important.  A number of the vulnerabilities are remotely exploitable and can lead to remote code execution on vulnerable hosts.

Additional details are available Here and Here.

AdobeAdobe – Adobe released APSB18-08, APSA18-10, APSB18-11, APSB18-12, APSB18-13, APSB18-14 and APSB18-15 affecting a number of Adobe products with ratings ranging from important to critical.  Users are encouraged to review the installation of any Adobe products in their organization and update as soon as possible.

Like Microsoft, Adobe now releases updates to their products on the second Tuesday of each month. Adobe will also release ‘out of band’ updates if necessary to address critical vulnerabilities in their products. Adobe products include Adobe Reader (for viewing PDF files), Adobe Flash Player (often used to watch videos, for interactive content like games, etc.), Adobe Shockwave and the Adobe Creative Suite (Photoshop, Illustrator, Acrobat, Lightroom, etc.).

Additional details are available from Adobe Here including links to download the update(s) and instructions for installation.

JavaJava / Oracle – The latest update for Java is Version 8 Update 171, released on 17 April 2018.

Java is a tool that’s widely used by banks, online service providers and even security companies for SSL VPN connections. Java’s ‘official’ release cycle is approximately quarterly but Java updates have been ‘fast and furious’ in recent months. It’s worth noting again that, if you don’t absolutely need Java on your computer, it’s not a bad idea to remove it altogether.

Additional details are available from Oracle here.


Security News, Sponsored by Piratica – We have talked at length about the role that social engineering is playing in large scale breaches.  The ransomware attack on the City of Atlanta though is a stark reminder that it’s still not safe to leave unsecured devices connected to our networks (and exposed to the network), that vulnerability assessments can be a valuable tool in maintaining the security of our networks and that ignoring the findings recommendations of a vulnerability assessment can have dire consequences.  The response to our free vulnerability scan has been overwhelming.  More overwhelming though has been the organizations that took advantage of the free scan, found vulnerabilities (exposed servers, unpatched firewalls, thought-to-be retired Remote Desktop servers and more) and addressed them.  To that end, we are happy to extend the free vulnerability scan (we haven’t set an end date yet).  If you would like to take advantage of this free scan, complete the request form on our website.

Piratica is a risk management firm. We work with client organizations to help them identify and understand the risks to their organizations so that those metrics can be incorporated into the organizations overall security strategy. We believe that the first step in any solution is to correctly and completely identify the problem. Additional information is available on our website, Facebook and Twitter or via our free weekly email newsletter (signup available on our website here).

These updates will be automatically reviewed, approved and installed for MyIT Customers. If you would like more information about the Cyber Tech Cafe MyIT services for your business, please let us know. The Cyber Tech Cafe MyIT services are available in three different levels (Bronze, Silver and Gold) and can provide updates only (Bronze), updates and proactive network auditing and monitoring (Silver) or updates, proactive auditing and monitoring and up to 10 hours of priority support at a significantly discounted rate (Gold). Pricing is based on the number of physical locations, servers and workstations that you have.