December 2021 News & Updates
The holiday season is also prime season for other criminal activity like porch pirating, charity and phishing scams. If you’ll be having packages delivered when you aren’t home, it may be worth asking a trusted neighbor to watch for delivery (and then grab the package), getting a temporary mailbox (PO Box, UPS Store, etc.) or investing in one of the doorbell cameras to safeguard the delivery (or provide proof that it was stolen). If you’re looking to give to charity, checking with a local Church or other charitable organization in your community may be a better option than replying to an email solicitation for donation or giving to a random but well-intentioned-looking stranger asking for a donation at a stoplight.
- Details on the Log4Shell Vulnerability – Log4Shell is a vulnerability that’s being actively exploited in the Apache Log4j library that’s used in a wide variety of products from Amazon and Azure to Zabbix and Zesty and literally everything in between. It can allow an attacker to easily take control of vulnerable systems and, in many cases, the owner of the system may have no idea that they have vulnerable software installed. The lists below are being actively maintained and we recommend checking your software periodically against both lists. It’s likely that we will not know the full impact of the Log4j vulnerability for some time.
- List of Vendor Bulletins – https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592
- List of Vulnerable Software – https://github.com/NCSC-NL/log4shell/tree/main/software
- New Pricing effective 1 January 2022 – We will be updating our pricing effective 1 January 2022 for residential, commercial and MyIT customers. Details on the changes are available for review on our FAQ Page.
- Windows 11 is Here – Microsoft is wasting no time getting it’s new flagship desktop operating system Windows 11 rolled out to (often) unsuspecting Windows 10 users. If you find yourself the recipient of an unexpected / involuntary upgrade to Windows 11, How-To Geek has put together an excellent article on downgrading back to Windows 10.
- The MyIT Program is proving to be a huge win for clients who are signing up for or renewing their Ransomware / Cyber Insurance plans. The MyIT Program is designed to address those important (but, sometimes, not as urgent) issues that seem to go undone until there’s a problem (like testing your backup before a ransomware attack). In many cases, the regular maintenance items addressed by the MyIT Silver program address all of these (and more). Two things that really set the MyIT Program apart from other MSP type offerings is that a) there is no term agreement, cancel at any time and b) it’s priced based on the number of workstations and servers in your environment so it can easily scale up or down as your needs change. Additional information is available here.
- 2021 Holiday Schedule. Below is our holiday schedule for 2021. The office will be closed but emergency IT Support will be available during these times to commercial and MyIT clients at holiday rates.
- Christmas – Closing Friday, 24 December 2021 and returning Monday, 27 December.
- New Year – Closing Friday, 31 December 2021 and returning Monday, 3 January 2022
Microsoft patched 67 bugs this month, with at least six rated critical (at least one of those are being actively exploited to spread the Emotet/Trickbot/Bazaloader malware) and the remaining currently listed as important. It’s worth noting that 26 of the vulnerabilities are Remote Code Execution that could be used to run malicious software remotely and 21 are privilege escalation vulnerabilities that could allow an attacker to “upgrade” their access from guest to admin or potentially system level access.
Microsoft releases regular updates the second Tuesday of each month, often referred to as ‘Patch Tuesday’. These updates are categorized as Low, Moderate, Important or Critical. Details on the categories are available here. The updates can include any supported Microsoft product from Windows to Office to Internet Explorer and server products like Exchange and SQL Server. If you have one or more of these products installed, especially if the update is listed as Important or Critical, it’s important that the updates are installed.
Additional details on this months Microsoft updates are available from the Patch Tuesday Dashboard, ZD Net and Bleeping Computer.
Adobe, after a very quiet month last month (and patching basically their entire fleet in October) is back with eleven updates this month covering an impressive array of their products from Adobe Premier Rush to Photoshop to Premier Pro. Notably missing though are any updates to Adobe Acrobat or Acrobat Reader.
Like Microsoft, Adobe now releases updates to their products on the second Tuesday of each month. Adobe will also release ‘out of band’ updates if necessary to address critical vulnerabilities in their products. Adobe products include Adobe Reader (for viewing PDF files), Adobe Flash Player (often used to watch videos, for interactive content like games, etc.), Adobe Shockwave and the Adobe Creative Suite (Photoshop, Illustrator, Acrobat, Lightroom, etc
Additional details are available from Adobe Here including links to download the update(s) and instructions for installation.
Need IT Support for your Home or Business? We’d love to help!
Are you a small to medium sized business looking to leverage technology and enable your business and workforce to work smarter and more efficiently? Do you already have computers, servers, firewalls, VPNs or other technology that you’re not taking full advantage of? Are you looking for an IT Service Provider who understands small to medium sized businesses needs and the challenges that we face that can work with you to grow your business rather than just sell you time?
Cyber Tech Cafe an IT Service Company with a focus on helping small to medium business get the most out of their technology investment. As a small business ourselves, we understand the challenges you face and have designed our service offerings to help you get the most out of your technology dollar. We offer on-call, as needed support if you just need a quick fix or extra set of hands right now. We also offer maintenance plans that we call “MyIT” that are designed to address the most common concerns (patch management, disaster recovery / backup, log review, etc.) that are based on the number of workstations and servers that you have and have no term contract. We believe that, if you find value in what we’re doing, you’ll find a way to keep us around without contract saying that you have to.
If you have questions about the MyIT plans or have an IT need that you need addressed right now, let us know. We look forward to the opportunity to earn your business.