Happy Independence Day
From all of us at Cyber Tech Cafe to all of you and yours, we hope you have a happy Independence Day.God Bless you and yours and God Bless the United States of America.
Microsoft issues emergency security update
A private security researcher discovered two bugs affecting Windows 10 and Windows Server 2019 that can allow a remote attacker to take remote control of a computer if a user opens a specially crafted image. The bug was reported to Microsoft and updates to fix the bugs were issued earlier today. Additiinal information is available here .
Can I use Windows 7 and / or Windows Server 2008 and still be HIPAA compliant?
On 14 January of this year, Microsoft ended support for its Windows 7 and Windows Server 2008 workstation and server operating systems. This meant that neither Windows 7 or Windows Server 2008 would receive any additional security updates or support from Microsoft. Based on this, I believe that the short answer is no. The HIPAA Security Rule requires that all software used by Covered Entities and their Business Associates be kept up to date with updates from the [software] manufacturer. This means the Electronic Medical Records (EMR), Electronic Health Records (EHR), Practice Management software as well as the Operating Systems. In the case of Windows 7 and Windows Server 2008, since the manufacturer [Microsoft] no longer provides support or updates, this simply is not possible, even if your EMR, EHR,…
June 2020 News & Updates
Executive Summary Criminals continue to take advantage of remote workers connecting to work resources via home networks with (often) lax security controls. In many cases, these unprotected home networks that are connected via VPN connections back to the office are giving attackers an opportunity to completely bypass the corporate firewall.Based on number of bugs patched, June 2020 marks Microsoft's largest Patch Tuesday to date with 129 (or 130, depending on who you ask) bugs patched, with 115 in March 2020 and 113 in April 2020 pulling a close second and third.Adobe released significant security updates for Flash Player and Framemaker that could allow an attacker remote access to vulnerable systems.Windows 7 and Windows Server 2008 are now six months out of support from Microsoft, meaning they are no longer being…
Another day, another phishing scam (or two)
As more and more people continue to work from home, we are seeing attackers leveraging social engineering tactics like phishing even more frequently, knowing that these teleworkers are typically not behind a corporate firewall that would likely block their malicious payloads. With that in mind, I received two emails today that highlight some of the ways that we can identify phishing and avoid becoming a statistic. Both emails appear to be from very different senders with very different approaches but, ultimately, with the same end game; get me to click on a malicious link. The sample below is a simple based email attempting to capitalize on the users fear that their email is about to go away and, if they don't act fast, they will lose data. Note that the…
Serious flaw in Microsoft Windows – CISA recommends patch now
The Cybersecurity and Infrastructure Security Agency (CISA) has released a warning that Proof of Concept (PoC) code has been published to exploit a vulnerability in Windows that can be executed remotely, is wormable and can give an unauthenticated attacker full SYSTEM level privileges on unpatched systems. It is reasonable to assume the PoC code will be weaponozed very quickly if it has not been already. Microsoft released an update on March of 2020 to patch this vulnerability and organizations are encouraged to patch now if they have not already. This vulnerability also underscores the need for organizations to block and log inbound and outbound SMB traffic between their internal network(s) and the Internet. If you do not have a patch management system or would like information on how Cyber Tech…
Phishing Emails. What to look for to protect yourself, your team and your organization.
Phishing has long since been a go-to for the bad guys as an easy way to get malware on or access to victim computers. The trick for the bad guy / attacker is to make the email look like something legitimate and trigger some sort of fear response. The trick for the good guy / target is to be able to spot the scam, and that's the point of this quick post. The email below is one that I just received that's trying to get me to click on a link to confirm my email address. Let's take a look. In the email above, the goal of the attacker is to get the target to click the link to 'prove your email account ownership'. The email looks real enough. It…
Closed Monday, 25 May 2020 for Memorial Day
Cyber Tech Cafe will be closed Monday, 25 May 2020 in observance of Memorial Day. We would like to extend our heartfelt gratitude to all of the men and women that have made the ultimate sacrifice for our great nation. God Bless you and yours.
May 2020 News & Updates
Executive Summary COVID-19 Response - The health and safety of our team, our clients and our business partners is of paramount importance to us at Cyber Tech Cafe. We are still offering on-site service, however, we have a number of clients who have opted for remote support only for a time to minimize the risk of spreading the virus. We will continue to monitor and heed the recommendations of the CDC and other subject matter experts on this topic and will post any policy changes to our website and social media pages. Our thoughts and prayers go out to those affected by this virus and to those working so diligently to fight it.We are still seeing Windows 7 and Windows Server 2008 Servers in use. It's important to note that…
Open for Business
We're excited to announce that the Cyber Tech Cafe office is back open for business and back to normal operating schedule and operating hours.