December 2021 News & Updates

CTC NEWS, Industry News, Tech news
The holiday season is also prime season for other criminal activity like porch pirating, charity and phishing scams. If you'll be having packages delivered when you aren't home, it may be worth asking a trusted neighbor to watch for delivery (and then grab the package), getting a temporary mailbox (PO Box, UPS Store, etc.) or investing in one of the doorbell cameras to safeguard the delivery (or provide proof that it was stolen). If you're looking to give to charity, checking with a local Church or other charitable organization in your community may be a better option than replying to an email solicitation for donation or giving to a random but well-intentioned-looking stranger asking for a donation at a stoplight. Details on the Log4Shell Vulnerability - Log4Shell is a vulnerability…
Read More

November 2021 News and Updates – The Holidays are Upon Us

CTC NEWS, Industry News, Monthly Newsletters, Tech news
The November "Patch Tuesday" updates are often the last "big push" before the holidays with many shops preparing to take time off over the next several weeks. These often unattended systems can be a tempting and lucrative target for attackers, making it even more important to make certain that any and all available updates have been applied to everything from the workstations to the firewalls. The upcoming holiday season is also prime season for other criminal activity like porch pirating, charity and phishing scams. If you'll be having packages delivered when you aren't home, it may be worth asking a trusted neighbor to watch for delivery (and then grab the package), getting a temporary mailbox (PO Box, UPS Store, etc.) or investing in one of the doorbell cameras to safeguard…
Read More

Windows 11, time to install / upgrade?

CTC NEWS, Industry News, Tech news
Microsoft recently released Windows 11, it's latest flagship desktop operating system as a "free" upgrade and are aggressively recommending that users with potentially compatible hardware upgrade. Our standard policy with any major upgrade (operating system or otherwise) is to wait until at least the first major update to the product (service pack, feature update, etc.), until there's a need (your productivity software requires it, etc.) or the current version is being retired. If you are a home / residential user, the potential risk is generally low. The worst case is often that a piece of hardware (often a graphics or audio device) is not supported by the new version. Checking the system requirements will typically tell you if you'll run into problems or not (not always) but the "free" software…
Read More

October 2021 News & Updates

CTC NEWS, Industry News, Monthly Newsletters, Tech news
Microsoft and Apple (oddly enough) released updates to bugs that are being actively attacked. Adobe released updates to a number of products including Reader, Acrobat, Commerce and Connect.The MyIT Program is proving to be a huge win for clients who are signing up for or renewing their Ransomware / Cyber Insurance plans. The MyIT Program is designed to address those important (but, sometimes, not as urgent) issues that seem to go undone until there's a problem (like testing your backup before a ransomware attack). In many cases, the regular maintenance items addressed by the MyIT Silver program address all of these (and more). Two things that really set the MyIT Program apart from other MSP type offerings is that a) there is no term agreement, cancel at any time and…
Read More

Global outage impacting Facebook, Instagram, ZoHo and others

CTC NEWS, Industry News, Tech news
Details are still a bit sketchy but there's currently a global outage that's impacting major sites including Facebook, Instagram, WhatsApp, ZoHo and others. Additional details are below. https://downdetector.com/ https://www.northcentralpa.com/business/worldwide-internet-outage-takes-out-everything-almost/article_3f9d605c-252b-11ec-8ec2-771391c82d6e.html https://nypost.com/2021/10/04/facebook-instagram-and-whatsapp-hit-by-global-outage/
Read More

September 2021 News & Updates

CTC NEWS, Industry News, Monthly Newsletters, Tech news
Executive Summary Lots going on in September including updates from the usual suspects (Microsoft and Adobe) but also a couple of significant releases from Apple and Chrome this month. Test your backup - Many organizations, especially in the wake of so many ransomware attacks, have implemented backups. Few though think to test those backups to make sure that they're working. Simply restoring something from the backup to make certain that a) the backup is running and b) you can recover what it's backing up is usually sufficient. If you don't have a backup or aren't sure when the last time it was tested (if ever) was, we'd love to help. A monthly test of your backup is included as part of all of our MyIT Plans.Cyber Risk Insurance - If…
Read More

June 2021 News & Updates

CTC NEWS, Industry News, Monthly Newsletters, Tech news
Executive Summary So far, June 2021 is a bit of a reprieve from the massive oil pipeline breach that we were looking at this time just a month ago. That said, there are a couple of things to keep your eyes on. Threat actors, including nation states, are targeting vaccine and virology organizations as well as pharmaceutical companies. If you're in these verticals or do business with these verticals (supply chain, customers, etc.), be on the lookout for targeted attacks.Multiple significant bugs patchedMicrosoft patched six zero-day vulnerabilities, including a Remote Code Execution (RCE) vulnerability and a privilege escalation vulnerability that are being actively exploited in the wild.Threat actors are evolving - According to this article, the bad guys seem to be doing a better job of applying lessons learned to…
Read More

May 2021 News & Updates

CTC NEWS, Industry News, Monthly Newsletters
Executive Summary May 2021 is proving to be a busy month (already) from a technology perspective. Between massive ransomware attacks on critical infrastructure (and $5M USD ransoms paid) to newly patched wormable vulnerabilities (that could easily be weaponized and used against other critical infrastructure targets) to the latest Windows Feature Release, IT Pros have certainly been tested. Regular site visits return - When we saw the potential for a fuel shortage and the subsequent rush on gas stations, we halted all non-critical site visits. With the fuel supply stabilizing, I'm happy to report that site visits are back to normal.Enhanced Patch Management - Cyber Security impacting the physical world - We have two cases where cyber attacks had real world impacts on the physical worldColonial Pipeline Breach - Details are…
Read More
But the HIPAA Security Rule doesn’t explicitly say anything about patches and updates!?!?

But the HIPAA Security Rule doesn’t explicitly say anything about patches and updates!?!?

Industry News, Tech news
Technology is a requirement for business and is deeply embedded in modern healthcare. Although no specifics for patch management is available in the HIPAA Security Rule, healthcare providers who fall victim to threats like phishing, malware, ransomware or other cyber criminals may be subject to significant fines if they do not have a documented patch management program in place. Most of the software that powers the technology used in healthcare contains "bugs" that can negatively affect how the software works and create risks to the confidentiality, integrity and availability of the data. These "bugs" are regularly fixed with updates and patches by the manufacturers, but it's generally the users responsibility to test, approve and install these updates and patches. While the HIPAA Security Rule doesn't explicitly detail a patch management…
Read More

March 2021 News & Updates

CTC NEWS, Industry News, Monthly Newsletters, Tech news
Executive Summary A number of Windows Users, after installing the latest security updates, found that they were unable to print. In some cases, the symptom was simply that blank pages were printed and in some cases the computers would blue screen (crash) or freeze (requiring a power cycle). Additional information is available here.Four zero day vulnerabilities were published and publicly exploited in Microsoft Exchange servers including Exchange Server 2013, 2016 and 2019. The vulnerabilities were used extensively to target and attack US targets including healthcare, government and more. Additional information is available here.Microsoft's Azure Platform (Azure AD, AAD) suffered a pretty significant outage on 15 March starting at apparently 19:15 UTC and finally ending at approximately 09:37 UTC on the following day. Impacted users were unablet o access Azure resources…
Read More