Executive Summary
The Cyber Tech Cafe Managed Services (MyIT) continue to be an overwhelming success. It’s exciting to see organizations taking a proactive approach when it comes to their IT Infrastructure and it’s incredibly rewarding to hear those organizations comment about how “things just seem to work”.
A new version of our website / blogging software brings a new format to these posts, all the same content you know and love with a fresh coat of paint to hopefully make consumption more enjoyable and pleasing. As always, we welcome comments, feedback, concerns, etc.
News
- DC770 – Cyber Tech Cafe is a proud supporter and co-sponsor of the DC770 DEF CON group that meets monthly at 7:00pm ET at Jefferson’s restaurant in Cartersville on the first Tuesday of each month. More information is available at https://dc770.org .
- Tech News
- Adobe warns users they could be sued for using old versions of Photoshop and other Creative Cloud applications
- 3 top US Anti-Virus companies (McAfee, Symmantec, and Trend Micro) were breached by russian hacking group Fxmsp
- A major security flaw was revealed in the Facebook owned WhatsApp messaging application
- For the first time in 2 years (since WannaCry) Microsoft releases updates for long unsupported Windows XP and Server 2003 operating systems to fix a particularly nasty vulnerability (read more about it on our blog here).
Update Info
Microsoft
Microsoft reported 89 vulnerabilities this month, 23 of which were classified [by Microsoft] as CRITICAL with the remaining 66 rated important, moderate or low. This month we saw the aforementioned and highly publicized CVE-2019-0708 which caused Microsoft to release its first Windows XP update in over 2 years. We were also introduced to another critical Processor vulnerability in the same family as Heartbleed and Spectre, this one, aptly named ZombieLoad allows the exfiltration of data as it is being processed by a computers CPU. As always, don’t be be the low hanging fruit and remember, all the cool kids update!
Additional details on Windows Updates are available Here, Here, and Here.
Adobe
Adobe released three (3) bulletins this month, one each in Reader/Acrobat, Flash Player, and Media Encoder. All three are listed by Adobe as “Critical”.
Like Microsoft, Adobe (for the most part) now releases updates to their products on the second Tuesday of each month. Adobe will also release ‘out of band’ updates if necessary to address critical vulnerabilities in their products. Adobe products include Adobe Reader (for viewing PDF files), Adobe Flash Player (often used to watch videos, for interactive content like games, etc.), Adobe Shockwave and the Adobe Creative Suite (Photoshop, Illustrator, Acrobat, Lightroom, etc.).
Additional details are available from Adobe Here including links to download the update(s) and instructions for installation.
Java
Oracle released it’s July 2020 Patch Update Advisory , patching a total of 433 vulnerabilities. Additional information is available from the Oracle website here.
Oracle announced at the beginning of 2019 that Java SE would no longer be free for commercial customers. For more information read our article here.
Security News
PCI DSS is the Payment Card Industry Data Security Standard. It is used to establish a security baseline for merchants who process, store or transmit payment card data. If you accept credit cards, PCI DSS applies to you. Starting with PCI DSS v3.2, in addition to the external vulnerability scans (typically provided by the ASVs and included as part of the self-assessment), merchants are also required to conduct quarterly audits of wireless access points, quarterly internal vulnerability scans and annual internal penetration tests. Failure to complete these requirements (11.1, 11.2 and 11.3 respectively) means failing to maintain compliance with the PCI DSS. Piratica offers a simple, unobtrusive and cost effective remote scanning option to help merchants meet or exceed PCI DSS v3.2 requirements. If your organization accepts credit cards and is not currently conducting the required quarterly wireless and vulnerability scans or annual penetration tests and would like more information, you can contact us here.
Piratica is a risk management firm. We work with client organizations to help them identify and understand the risks to their organizations so that those metrics can be incorporated into the organizations overall security strategy. We believe that the first step in any solution is to correctly and completely identify the problem. Additional information is available on our website, Facebook and Twitter or via our free email newsletter (signup available on our website here).
These updates will be automatically reviewed, approved and installed for MyIT Customers. If you would like more information about the Cyber Tech Cafe MyIT services for your business, please let us know. The Cyber Tech Cafe MyIT services are available in three different levels (Bronze, Silver and Gold) and can provide updates only (Bronze), updates and proactive network auditing and monitoring (Silver) or updates, proactive auditing and monitoring and up to 10 hours of priority support at a significantly discounted rate (Gold). Pricing is based on the number of physical locations, servers and workstations that you have.