January Updates 2019

Executive Summary

The Cyber Tech Cafe Managed Services (MyIT) continue to be an overwhelming success.  It’s exciting to see organizations taking a proactive approach when it comes to their IT Infrastructure and it’s incredibly rewarding to hear those organizations comment about how “things just seem to work”. 

A new version of our website / blogging software brings a new format to these posts, all the same content you know and love with a fresh coat of paint to hopefully make consumption more enjoyable and pleasing. As always, we welcome comments, feedback, concerns, etc.


News


Update Info

Microsoft

Microsoft reported 48 vulnerabilities, 7 of which were classified [by Microsoft] as CRITICAL with the remaining 41 rated important, moderate or low. Once again a vulnerability with an unusually high CVSS rating of 9.8 (out of a max 10) is being patched this month, though again no known exploits have been seen and this is the first public disclosure of the vulnerability. Finally, Microsoft happily moves their board to “3” months without deleting users data via an update, and sources say that to further mitigate these types of issues in the future, Microsoft will begin reserving 7GB of drive space for updates.

Additional details on Windows Updates are available HereHere, and Here.


Adobe

Adobe released four (4) bulletins this month, one in Flash Player, one in Acrobat / Reader and the other two in lesser known Adobe products.

Like Microsoft, Adobe (for the most part) now releases updates to their products on the second Tuesday of each month. Adobe will also release ‘out of band’ updates if necessary to address critical vulnerabilities in their products. Adobe products include Adobe Reader (for viewing PDF files), Adobe Flash Player (often used to watch videos, for interactive content like games, etc.), Adobe Shockwave and the Adobe Creative Suite (Photoshop, Illustrator, Acrobat, Lightroom, etc.).

Additional details are available from Adobe Here including links to download the update(s) and instructions for installation.


Java / Oracle

The latest update for Java is (still) Version 8 Update 191, released on 16 October 2018.

Java is a tool that’s widely used by banks, online service providers and even security companies for SSL VPN connections. Java’s ‘official’ release cycle is approximately quarterly but Oracle is notorious for out of band updates. It’s worth noting again that, if you don’t absolutely need Java on your computer, it’s not a bad idea to remove it altogether.

Additional details are available from Oracle here.


Security News

Assume breach.  The City of Atlanta didn’t do this and was completely shut down by a ransomware attack for days.  Marriott didn’t do this and the personal information on more than 500 million customers was in the wind for a number of years before anyone ever noticed (to be fair, the breach happened to Starwood before Marriott acquired them).  Gone are the days when organizations can trust that their [security] controls are 100% (or even 90%, 80%, etc.) effective.  In today’s always-on, always-connected environment, we have to assume that our perimeter has been breached, that the wolf is through the door and we’re one second away from an attacker encrypting half of our data and posting the other half to pastebin for all of the world to see.  Once that reality is accepted, the next step is to understand what your organization looks like to a threat actor and what opportunities (vulnerabilities) are you making available that could be used against you.  Piratica has a proven track record of identifying these vulnerabilities and working with client organizations and their support personnel to develop a mitigation roadmap to avoid being the next successful ransomware or data breach attack.

Piratica is a risk management firm. We work with client organizations to help them identify and understand the risks to their organizations so that those metrics can be incorporated into the organizations overall security strategy. We believe that the first step in any solution is to correctly and completely identify the problem. Additional information is available on our website, Facebook and Twitter or via our free email newsletter (signup available on our website here).


These updates will be automatically reviewed, approved and installed for MyIT Customers. If you would like more information about the Cyber Tech Cafe MyIT services for your business, please let us know. The Cyber Tech Cafe MyIT services are available in three different levels (Bronze, Silver and Gold) and can provide updates only (Bronze), updates and proactive network auditing and monitoring (Silver) or updates, proactive auditing and monitoring and up to 10 hours of priority support at a significantly discounted rate (Gold). Pricing is based on the number of physical locations, servers and workstations that you have.