We’re Moving
Cyber Tech Cafe will be moving our office to 319 North Tennessee Street, Cartersville GA on 15 March 2024. Our mailing address will remain the same.
- Urgent Update from Fortinet – Fortinet disclosed on 8 February 2024 a significant vulnerability in basically their entire firewall product line. The vulnerability can allow an attacker with access to the VPN interface on the affected device the ability to run code on the device. According to reports, the vulnerability is being actively exploited in the wild. If you are a MyIT Client, you should have received an email on Tuesday with details on the vulnerability and, in most cases, your firewall has already been updated. If you are not a MyIT Client, we would recommend installing the update immediately if at all possible. We have been tracking the rise in attacks against SSL VPN logins and have seen a significant rise in the last 30 days with the number of registered attacks going from less than 10 per day to more than 20,000 per day (image below). There are a number of excellent articles with additional information on the vulnerability and the current active attacks linked below the image.
- Election Year Antics – In the US, this year is an election year and it’s safe to assume that criminals will leverage election related topics in their pretexting for attacks (phishing, vishing, smishing, all of the ishings), so be sure to consider that when planning your security awareness training.
Updates
The February 2024 Patch Tuesday from Microsoft includes fixes for 73 vulnerabilities including two zero day vulnerabilities that are being actively exploited in the wild. There were also six web browser vulnerabilities that were published separately this month that were not included in that 73 vulnerability total.
Microsoft releases regular updates the second Tuesday of each month, often referred to as ‘Patch Tuesday’. These updates are categorized as Low, Moderate, Important or Critical. Details on the categories are available here. The updates can include any supported Microsoft product from Windows to Office to Internet Explorer and server products like Exchange and SQL Server. If you have one or more of these products installed, especially if the update is listed as Important or Critical, it’s important that the updates are installed.
Additional details on this months Microsoft updates are available from Krebs on Security, the Patch Tuesday Dashboard, Bleeping Computer and ZDI.
Adobe has published six security bulletins for this month in a number of products including Adobe Commerce, Substance 3D Printer, Adobe FrameMaker Publishing Serer, Adobe Audition and Adobe Acrobat and Reader products. We recommend keeping your Acrobat or Reader software up to date, you should be able to check/install updates by going to the “Help” tab, then “Check for updates”.
Like Microsoft, Adobe now releases updates to their products on the second Tuesday of each month. Adobe will also release ‘out of band’ updates if necessary to address critical vulnerabilities in their products. Adobe products include Adobe Reader (for viewing PDF files), Adobe Flash Player (often used to watch videos, for interactive content like games, etc.), Adobe Shockwave and the Adobe Creative Suite (Photoshop, Illustrator, Acrobat, Lightroom, etc
Additional details are available from Adobe Here including links to download the update(s) and instructions for installation.
Need IT Support for your Home or Business? We’d love to help!
Are you a small to medium sized business looking to leverage technology and enable your business and workforce to work smarter and more efficiently? Do you already have computers, servers, firewalls, VPNs or other technology that you’re not taking full advantage of? Are you looking for an IT Service Provider who understands small to medium sized businesses needs and the challenges that we face that can work with you to grow your business rather than just sell you time?
Cyber Tech Cafe an IT Service Company with a focus on helping small to medium business get the most out of their technology investment. As a small business ourselves, we understand the challenges you face and have designed our service offerings to help you get the most out of your technology dollar. We offer on-call, as needed support if you just need a quick fix or extra set of hands right now. We also offer maintenance plans that we call “MyIT” that are designed to address the most common concerns (patch management, disaster recovery / backup, log review, etc.) that are based on the number of workstations and servers that you have and have no term contract. We believe that, if you find value in what we’re doing, you’ll find a way to keep us around without contract saying that you have to.
If you have questions about the MyIT plans or have an IT need that you need addressed right now, let us know. We look forward to the opportunity to earn your business.