June 2016 News and Updates

Monthly Newsletters, Uncategorized
   What's New Windows 10 - Microsoft's aggressive push to get every Windows 7 and Windows 8 computer upgraded to Windows 10 has gone from light speed to ludicrous speed.  Per Microsoft, Windows 7 is still supported until January of 2020 and we have had very good results with the Never10 utility from GRC.  If you have Windows 8, Windows 10 may be a better option.  Otherwise, it may be worth delaying the Windows 10 upgrade. Helpdesk Changes - We are excited to announce that the changes that we mentioned a few months ago to the Cyber Tech Cafe helpdesk are going well.  If all goes well, we should have some exciting news in the next 10 to 14 days. DEF CON 24 - Piratica has invited the crew from Cyber…
Read More

Beware, Windows 10 updates now apparently being installed with or without permission

Uncategorized
We are seeing a disturbing trend of Windows 7 computers being involuntarily upgraded to Windows 10 and even trying to trick users into installing Windows 10 by using the red "X" button at the top right of the screen (historically used to close a window with no action but frequently abused by viruses and other malware to confirm an install), documented here by BBC.   Windows 7 is still supported by Microsoft until 14 January 2020, documented here on the Microsoft website. Windows 10 is a significant change from previous versions ('rolling' updates, new user interface and [not the least] privacy concerns) Like any major upgrade, the upgrade to Windows 10 is not flawless or error free and could cause downtime or compatibility problems with hardware and software not designed…
Read More

May 2016 News and Updates

Monthly Newsletters, Uncategorized
   What's New DEF CON 24 - Piratica has invited the crew from Cyber Tech Cafe to join them at DEF CON 24 this year (4 August to 7 August) in Las Vegas.  Most of us will be leaving Thursday evening but we will be leaving a skeleton crew behind Friday to cover things.  Everyone will be back for normal business hours Monday. Updates Executive Summary - May delivered several updates from Microsoft to patch critical vulnerabilities in Windows, Internet Explorer, Edge, Office and .NET.  I've noticed it a few times and more frequently lately, but MS16-064 was an update to Adobe Flash Player for Windows 8.1, Server 2012, Server 2012 R2, RT 8.1 and Windows 10.  Two important things to note here is that Microsoft is issuing Flash Player updates…
Read More

April 2016 News and Updates

Monthly Newsletters, Uncategorized
   What's New Disable Windows 10 Notification - Our policy regarding Operating System (or any other major) upgrade has always been to proceed with caution and upgrade when a) you have a need to, b) your environment (hardware, software, etc.) supports it and c) it's stable.  Microsoft has been pushing Windows 10 since it's release and has gotten more and more aggressive with the rollout with each monthly update cycle.  Our policy is still, if you are currently on Windows 7 and have no business requirement to upgrade, stay with Windows 7.  If you have Windows 8.x, Windows 10 is a slight upgrade but Windows 7 is battle tested, well supported by third parties and is scheduled to be supported by Microsoft until January of 2020.  All of that said,…
Read More

Oracle re-issues Java patch from 2013 to patch a vulnerability considered ‘trivially exploitable’

Uncategorized
Emergency Java Patch Re-Issued for 2013 Vulnerability According to this article on ThreatPost, Oracle has re-released an update for a vulnerability initially reported and believed to be patched in 2013.  Details on the flaw are publicly available and, due to the ease of weaponizing it, it's expected to be integrated into attacks soon if not already.    Updates are available and all users are encouraged to update as soon as possible. The update can be downloaded from Oracle here. Cyber Tech Cafe MyIT clients are currently being updated automatically.
Read More

March 2016 News and Updates

Monthly Newsletters, Uncategorized
   What's New Hacker Playdate - The Q2 2016 Hacker Playdate "Business Edition" is scheduled for 23 April 2016 at the Bartow County Library.  Huge thank you to the Bartow County Library for all of their support and for the new venue.  Additional details are available here. Ransomware & Rogue Tech - We continue to see computers that are infected with ransomware that encrypts the data and demands a ransom (generally payable by Bitcoin) and rogue tech support calls.  Backup your data.  Don't let strangers onto your computer.  That is all (for now) :)  Windows 10 -  We are seeing a LOT of folks who are installing Windows 10 'accidentally'.  Two very important things to note on this are that you have 30 days from the time you do the…
Read More

February 2016 News and Updates

Monthly Newsletters, Uncategorized
   What's New Hacker Playdate - The Q1 2016 Hacker Playdate, despite some weather concerns, was a huge success.  Many thanks again to our sponsors and participants Cisco ASA Vulnerabilit - A vulnerability in Cisco ASAs (firewalls) was disclosed last week that could allow a remote attacker full access to an affected Cisco ASA.  Scans for vulnerable devices have been very aggressive since the disclosure Cisco, to my knowledge, has not released an update to patch the hole.  Some sites have reportedly disabled host-to-site IPSec VPNs as a result.  Additional information is available at SANS here. DMA Locker - We have reported on ransomeware (I believe that this was our first article on it back in 2013) and it looks like the genre has experienced another evolution.  This latest variant encrypts…
Read More

January 2016 News and Updates

Monthly Newsletters, Uncategorized
   What's New Hacker Playdate - The Q1 2016 Hacker Playdate is right around the corner and we're starting to get excited.  We're doing this one a little different and are specifically targeting the presentations and the villages toward business owners, managers and IT professionals.  One of the new things that we're trying this time is a CTF village with multiple vulnerable machines and several 'attack' laptops setup to give attendees an opportunity to try the tools and tactics that attackers are using in the wild (and we'll have solutions available for those who just want to get to the end).  As always, it's free and open to anyone.  We will be in the meeting room at Primo's Mexican Cocina from 12:00pm EST to 5:00pm EST on Saturday, 23 January…
Read More

Q1 2016 Hacker Playdate Scheduled for 23 January 2016 – Real World Security for the SMB

Uncategorized
.:23 January 2016 Hacker Playdate:. Real-World Information Security for the Small to Medium Business    The first Hacker Playdate of 2016 has been scheduled for 23 January.  While the event is free and open to anyone, we are targeting business owners, leaders and IT professionals with presentations and demonstrations on real-world threats and countermeasures in the small to medium business.    Where, When and How Much? When - Saturday, 23 January 2016 from 12:00pm to 5:00pm EST Where - Cyber Tech Cafe & Primo's Cantina, 148 West Main Street, right across from Findley's Butcher Shop on Main Street.  We will be using the meeting room at Primo's. How Much - FREE Who should attend: Business owners, leaders and managers.  Do you own a business or are you responsible for managing…
Read More