July 2018 News and Updates

Cyber Tech Cafe


Executive Summary – The Cyber Tech Cafe Managed Services program was, by all metrics, an overwhelming success.  It’s always good to see organizations taking a more proactive role in securing their infrastructure and even better to be able to play a part in it.  There were significant updates from Microsoft and Adobe this month but Adobe certainly took the cake with over 100 patches issued.
News
  • Managed Firewall Services – We announced in April that we were considering offering a managed firewall option.  The initial offer was very well received and we’d like to expand it to 5 additional clients.  The price for the base package is $169 per month and includes a firewall and daily reporting on it’s performance and activity.  All of the routine management (license renewals, firmware updates, etc.) and a next-business-day replacement for faulty hardware are included in the $169.  We are currently limiting the offer to environments with 5 to 10 workstations and 0 to 2 servers.  If you would like more information or would like to be considered for the trial, please let us know.
  • DC770 – Cyber Tech Cafe is a proud supporter and co-sponsor of the DC770 DEF CON group that meets monthly at 7:00pm ET at Jefferson’s restaurant in Cartersville on the first Tuesday of each month.  More information is available at https://dc770.org .
  • MyIT Monitoring Only – We are excited to announce a new addition to the MyIT Services, MyIT Overwatch.  As many of you know, the MyIT Services typically include monthly updates only (MyIT Bronze), monthly updates plus proactive monitoring (MyIT Silver) and monthly updates, proactive monitoring and 10 hours of support at a heavily discounted rate (MyIT Gold).  We have a number of clients with internal patch management processes in place but they would still like to have a second set of eyes keeping watch over critical systems.  If you would like more information on the Network Ninja or the MyIT program, let us know.

MicrosoftMicrosoft – Microsoft reported 53 bugs, 17 of which were classified [by Microsoft] as critical, 34 as important, 1 moderate and 1 low.  A number of the vulnerabilities are remotely exploitable and can lead to remote code execution on vulnerable hosts.  The SANS diary mirrors the Microsoft data and includes a note that CVE-2018-0808 and CVE-2018-0940 have been publicly disclosed (though no known exploits are available at this time).

Additional details are available Here and Here.


AdobeAdobe – Adobe released patches for a whopping 112 vulnerabilities in products including Flash Player, Reader, Acrobat and others (the link below has a list).  More than fifty critical vulnerabilities were patched in Arobat and Reader alone.

Like Microsoft, Adobe now releases updates to their products on the second Tuesday of each month. Adobe will also release ‘out of band’ updates if necessary to address critical vulnerabilities in their products. Adobe products include Adobe Reader (for viewing PDF files), Adobe Flash Player (often used to watch videos, for interactive content like games, etc.), Adobe Shockwave and the Adobe Creative Suite (Photoshop, Illustrator, Acrobat, Lightroom, etc.).

Additional details are available from Adobe Here including links to download the update(s) and instructions for installation.


JavaJava / Oracle – The latest update for Java is Version 8 Update 171, released on 17 April 2018.  I have to imagine that, at this point, Oracle is enjoying not being Adobe (it wasn’t really long ago that it was the other way around).

Java is a tool that’s widely used by banks, online service providers and even security companies for SSL VPN connections. Java’s ‘official’ release cycle is approximately quarterly but Java updates have been ‘fast and furious’ in recent months. It’s worth noting again that, if you don’t absolutely need Java on your computer, it’s not a bad idea to remove it altogether.

Additional details are available from Oracle here.


Piratica

Security News, Sponsored by Piratica – Security and compliance are often two very different things.  Being secure doesn’t necessarily mean that you’re compliant and, being compliant often doesn’t mean that you’re secure.  We see this a lot in the area of data protection and put together this article to try to shed some light on the topic.

The response to our free vulnerability scan has been overwhelming.  More overwhelming though has been the organizations that took advantage of the free scan, found vulnerabilities (exposed servers, unpatched firewalls, thought-to-be retired Remote Desktop servers and more) and addressed them.  To that end, we are happy to extend the free vulnerability scan (we haven’t set an end date yet).  If you would like to take advantage of this free scan, complete the request form on our website.

Piratica is a risk management firm. We work with client organizations to help them identify and understand the risks to their organizations so that those metrics can be incorporated into the organizations overall security strategy. We believe that the first step in any solution is to correctly and completely identify the problem. Additional information is available on our website, Facebook and Twitter or via our free weekly email newsletter (signup available on our website here).

These updates will be automatically reviewed, approved and installed for MyIT Customers. If you would like more information about the Cyber Tech Cafe MyIT services for your business, please let us know. The Cyber Tech Cafe MyIT services are available in three different levels (Bronze, Silver and Gold) and can provide updates only (Bronze), updates and proactive network auditing and monitoring (Silver) or updates, proactive auditing and monitoring and up to 10 hours of priority support at a significantly discounted rate (Gold). Pricing is based on the number of physical locations, servers and workstations that you have.