- COVID-19 Response – The health and safety of our team, our clients and our business partners is of paramount importance to us at Cyber Tech Cafe. We are still offering on-site service, however, we have a number of clients who have opted for remote support only for a time to minimize the risk of spreading the virus. We will continue to monitor and heed the recommendations of the CDC and other subject matter experts on this topic and will post any policy changes to our website and social media pages. Our thoughts and prayers go out to those affected by this virus and to those working so diligently to fight it.
- Microsoft released patches for at least 115 vulnerabilities, including 26 that are rated as critical and two specific vulnerabilities that can easily give an attacker remote access to unpatched systems.
- We are still seeing Windows 7 and Windows Server 2008 Servers in use. It’s important to note that these operating systems are no longer supported by Microsoft and, as such, will receive no more security updates. The presence of these operating systems in your environment constitute significant risk and, if you have regulatory compliance requirements (e.g., HIPAA, GLBA, PCI, etc.), likely mean that you are currently non-compliant.
- DC770 – Currently, DC770 is still scheduled as normal on Tuesday, 7 April 2020. That said, DC404 switched to an online ‘virtual meeting’ to mitigate the risk of spreading COVID-19. We will be monitoring the situation closely and will make a final decision closer to the meeting.
- MyIT – The response to the enhanced MyIT Services has been overwhelmingly positive. For our MyIT Silver and Gold clients, we’re now able to alert in real-time on potential indications of compromise that could lead to things like ransomware. Some of these new capabilities include the ability to alert in real-time on events like failed logins, newly created users or users added to new groups or the installation of new software (like ransomware). If your organization doesn’t currently have these capabilities and is concerned about attacks on your IT infrastructure, we’d love an opportunity to earn your business.
Microsoft – Microsoft has released updates to patch at least 115 vulnerabilities, with 26 rated as critical. One of the vulnerabilities patched is in Microsoft Word (CVE-20202-0852) where an attacker could gain remote access to a vulnerable system with no user interaction required beyond the user previewing a malicious Word document (e.g., no requirement to open it and / or enable macros). One other significant concern is a (thus far) unpatched vulnerability in SMBv3. This vulnerability could also allow an attacker remote access to a vulnerable machine, either client or server. While there is no patch currently available, we are currently mitigating the remote exploitation of this vulnerability by ensuring that SMB traffic is stopped (inbound and outbound) at the firewall.
Additional details on this month’s Patch Tuesday are available on the sites below:
- Patch Tuesday Dashboard – https://patchtuesdaydashboard.com/
- SANS – https://isc.sans.edu/forums/diary/Microsoft+Patch+Tuesday+March+2020/25886/
- Krebs on Security – https://krebsonsecurity.com/2020/03/microsoft-patch-tuesday-march-2020-edition/
- ThreatPost – https://threatpost.com/microsoft-patches-bugs-march-update/153597/
Adobe – A bit of an anomaly, there are no updates (yet) out of Adobe.
Like Microsoft, Adobe now releases updates to their products on the second Tuesday of each month. Adobe will also release ‘out of band’ updates if necessary to address critical vulnerabilities in their products. Adobe products include Adobe Reader (for viewing PDF files), Adobe Flash Player (often used to watch videos, for interactive content like games, etc.), Adobe Shockwave and the Adobe Creative Suite (Photoshop, Illustrator, Acrobat, Lightroom, etc.).
Additional details are available from Adobe Here and Here including links to download the update(s) and instructions for installation.
Security News, Sponsored by Piratica – The response to our free vulnerability scan has been overwhelming. More overwhelming though has been the organizations that took advantage of the free scan, found vulnerabilities (exposed servers, unpatched firewalls, thought-to-be retired Remote Desktop servers and more) and addressed them. To that end, we are happy to extend the free vulnerability scan (we haven’t set an end date yet). If you would like to take advantage of this free scan, complete the request form on our website.
Piratica is a risk management firm. We work with client organizations to help them identify and understand the risks to their organizations so that those metrics can be incorporated into the organizations overall security strategy. We believe that the first step in any solution is to correctly and completely identify the problem. Additional information is available on our website, Facebook and Twitter or via our free weekly email newsletter (signup available on our website here).
These updates will be automatically reviewed, approved and installed for MyIT Customers. If you would like more information about the Cyber Tech Cafe MyIT services for your business, please let us know. The Cyber Tech Cafe MyIT services are available in three different levels (Bronze, Silver and Gold) and can provide updates only (Bronze), updates and proactive network auditing and monitoring (Silver) or updates, proactive auditing and monitoring and up to 10 hours of priority support at a significantly discounted rate (Gold). Pricing is based on the number of physical locations, servers and workstations that you have.