May 2021 is proving to be a busy month (already) from a technology perspective. Between massive ransomware attacks on critical infrastructure (and $5M USD ransoms paid) to newly patched wormable vulnerabilities (that could easily be weaponized and used against other critical infrastructure targets) to the latest Windows Feature Release, IT Pros have certainly been tested.
- Regular site visits return – When we saw the potential for a fuel shortage and the subsequent rush on gas stations, we halted all non-critical site visits. With the fuel supply stabilizing, I’m happy to report that site visits are back to normal.
- Enhanced Patch Management –
- Cyber Security impacting the physical world – We have two cases where cyber attacks had real world impacts on the physical world
- Colonial Pipeline Breach – Details are still sparse but what we know is that some portion(s) of the Colonial Pipeline IT infrastructure was hit with ransomware and, out of an abundance of caution, the operational systems (approximately 5,500 miles of pipeline) were taken offline effectively shutting off the flow of refined petroleum products to the eastern seaboard.
- Waikato District Health Board (New Zealand) – A healthcare system in New Zealand was hit with ransomware that took all IT Services except email (including patient notes, phones and more) offline. Additional information is available here.
- Multiple significant bugs patched
- Adobe patched multiple bugs, including some in Reader that are being exploited in the wild
- Wormable bug in Windows 10 and Windows Server
- Threat actors are evolving – According to this article, the bad guys seem to be doing a better job of applying lessons learned to evolve. Not only are ransomware attacks on the rise but the attackers are changing tactics (for example, rather than just locking data, threatening to expose it) in an attempt to sure that victims pay up.
- Microsoft releases the 21H1 Windows 10 Feature Update
Microsoft released updates to address 55 vulnerabilities this month including 4 that are considered critical, meaning that an attacker could exploit the vulnerability remotely with no user interaction required and 3 have been previously disclosed. According to Microsoft, none of the vulnerabilities are currently being publicly exploited. Included in the critical vulnerabilities are a wormable bug in Windows 10 and Windows server (CVE-2021-31166 CVSS Score 9.8) and (CVE-2021-28476) affecting Hyper-V on virtually all supported versions. There was also a patch for a bug (CVE-2020-24587) in the Windows Wireless Networking that was originally documented back in 2020. Also worth mentioning are additional bugs in Microsoft Exchange Server and Internet Explorer.
Microsoft releases regular updates the second Tuesday of each month, often referred to as ‘Patch Tuesday’. These updates are categorized as Low, Moderate, Important or Critical. Details on the categories are available here. The updates can include any supported Microsoft product from Windows to Office to Internet Explorer and server products like Exchange and SQL Server. If you have one or more of these products installed, especially if the update is listed as Important or Critcial, it’s important that the updates are installed.
Adobe released patches for 44 CVE recognized flaws, including a number rated critical in the Adobe Acrobat and Reader products that are currently being exploited in the wild.
Like Microsoft, Adobe now releases updates to their products on the second Tuesday of each month. Adobe will also release ‘out of band’ updates if necessary to address critical vulnerabilities in their products. Adobe products include Adobe Reader (for viewing PDF files), Adobe Flash Player (often used to watch videos, for interactive content like games, etc.), Adobe Shockwave and the Adobe Creative Suite (Photoshop, Illustrator, Acrobat, Lightroom, etc.).
Additional details are available from Adobe Here including links to download the update(s) and instructions for installation.
Need IT Support? We’d love to help!
Are you a small to medium sized business looking to leverage technology and enable your business and workforce to work smarter and more efficiently? Do you already have computers, servers, firewalls, VPNs or other technology that you’re not taking full advantage of? Are you looking for an IT Service Provider who understands small to medium sized businesses needs and the challenges that we face that can work with you to grow your business rather than just sell you time?
Cyber Tech Cafe an IT Service Company with a focus on helping small to medium business get the most out of their technology investment. As a small business ourselves, we understand the challenges you face and have designed our service offerings to help you get the most out of your technology dollar. We offer on-call, as needed support if you just need a quick fix or extra set of hands right now. We also offer maintenance plans that we call “MyIT” that are designed to address the most common concerns (patch management, disaster recovery / backup, log review, etc.) that are based on the number of workstations and servers that you have and have no term contract. We believe that, if you find value in what we’re doing, you’ll find a way to keep us around without contract saying that you have to.
If you have questions about the MyIT plans or have an IT need that you need addressed right now, let us know. We look forward to the opportunity to earn your business.