RSS Feed
Latest Updates
Apr
12
April 2017 News and Updates
Posted by Nathan Underwood on 12 April 2017 05:03 PM

Cyber Tech Cafe

  

News

  • New Cyber Tech Cafe Helpdesk - The new helpdesk is online and ready to go live.  We're working on some final tweaks with the integration with our new website and still expect to have both live before the end of this month.
  • Locks Needed - Cyber Tech Cafe is a sponsor of DC770 (DEF CON Group for Northwest Georgia, additional information available on our website here) and, for the May 2017 meeting, they will be hosting a lockpicking workshop.  We currently have several lock pick sets, some test locks (including 2 clear ones) and I believe some barrel locks (like on vending machines).  We aren't sure what kind of turnout to expect though so, if you have unused locks that you'd like to part with (Master locks, door locks [especially door locks], etc.), please drop them by Cyber Tech Cafe before the next DC770 meeting (2 May 2017).
  • Bye bye bulletins - The Security Bulletins (that we've linked to for years) from Microsoft are now, officially (I believe) gone.  It has been replaced with the Security Update Guide.  I could probably make a compelling case for or against it but, ultimately, that's what we've got.

Updates

Executive Summary - Microsoft released a number of updates today to patch vulnerabilities that are being actively exploited to spread malware (among the malware being distributed is the Dridex banking trojan). Adobe released updates for a number of products to patch vulnerabilities ranging from important to critical and Oracle saw fit to leave Java right where it was.

 

MicrosoftMicrosoft - Probably the biggest news out of the Microsoft camp today (there are 3 big ones) were the patches for multiple vulnerabilities that have been exploited in the wild over the past few days.  The next biggest was (I believe) the move from security bulletins to the Security Update Guide and the release of the Windows 10 Creators Update.

Microsoft releases regular updates the second Tuesday of each month, often referred to as 'Patch Tuesday'.  These updates are categorized as Low, Moderate, Important or Critical.  Details on the categories are available here.  The updates can include any supported Microsoft product from Windows to Office to Internet Explorer and server products like Exchange and SQL Server.  If you have one or more of these products installed, especially if the update is listed as Important or Critcial, it's important that the updates are installed.

Additional details are available Microsoft here , the Zero Day Initiative here and Here (Threatpost).

AdobeAdobe - Adobe released two updates affecting Adobe Campaign (APSB17-09, rated Important), Adobe Flash Player (APSB17-10, rated Critical), Adobe Acrobat and Reader (APSB17-11, rated Critical), Adobe Photoshop CC (APSB17-12, rated Critical) and Adobe Creative Cloud Desktop (APSB17-13, rated Critical).

Like Microsoft, Adobe now releases updates to their products on the second Tuesday of each month.  Adobe will also release 'out of band' updates if necessary to address critical vulnerabilities in their products.  Adobe products include Adobe Reader (for viewing PDF files), Adobe Flash Player (often used to watch videos, for interactive content like games, etc.), Adobe Shockwave and the Adobe Creative Suite (Photoshop, Illustrator, Acrobat, Lightroom, etc.).

Additional details are available from Adobe Here including links to download the update(s) and instructions for installation.  Additional information is available here (Threatpost).

 

JavaJava - All seems quiet on the Java front, still holding at Version 8 Update 121.  Also, we're still seeing that the installation of newer versions of Java don't remove the older (often vulnerable) versions so, while you're installing the latest update, check for older versions that may still be there.

Java is a tool that's widely used by banks, online service providers and even security companies for SSL VPN connections.  Java's 'official' release cycle is approximately quarterly but Java updates have been 'fast and furious' in recent months.  It's worth noting again that, if you don't absolutely need Java on your computer, it's not a bad idea to remove it altogether.

Additional details are available from Oracle here.

 

Piratica

Security News, Sponsored by Piratica - This month starts our 'official' countdown to DEFCON 25 in July.  This will be a significant milestone for DEF CON, marking the 25th anniversary of the largest hacker conference on the planet.  We're already booked and looking forward to this years conference and the new venue.  If you're interested in going but aren't booked yet, rooms are still available at Caesar's and surrounding hotels with the DEF CON rate.  Right on the heels of DEF CON in July will be our favorite conference, DerbyCon in September.  This will be a significant milestone for DerbyCon because this will be the last year that it's the Hyatt and this DerbyCon will be significant for Piratica because our own Nathan Underwood will be submitting a talk for the conference.  The DerbyCon Room rate links haven't been published yet but the ticket sales officially start on 6 May so, if you're interested in going, act fast because they'll likely be sold out before the end of the day.

If you're planning to go to either DEF CON or DerbyCon, let us know!

Piratica is a risk management firm and we work with client organizations to help them identify and understand the risks to their organizations from cyber criminals..  We believe that the first step in any solution is to correctly and completely identify the problem.  Additional information is available on our websiteFacebook and Twitter or via our free weekly email newsletter (signup available on our website here).

 

These updates will be automatically reviewed, approved and installed for MyIT Customers.  If you would like more information about the Cyber Tech Cafe MyIT services for your business, please let us know.  The Cyber Tech Cafe MyIT services are availalbe in three different levels (Bronze, Silver and Gold) and can provide updates only (Bronze), updates and proactive network auditing and monitoring (Silver) or updates, proactive auditing and monitoring and up to 10 hours of priority support at a significantly discounted rate (Gold).  Pricing is based on the number of physical locations, servers and workstations that you have.


Read more »



Mar
20

Cyber Tech Cafe

  

News

  • New Cyber Tech Cafe Helpdesk - We are excited to announce that we will be launching our new helpdesk and website in April!  This has been a long time coming but it's finally here.  The new website will offer better searching for previous articles (all prior articles, stories, etc. will be available) and the new helpdesk will offer much better ticket management and searching. 
  • Free Vulnerability Scan - For a limited time, Piratica is offering a free vulnerability scan.  Want to see what an attacker sees when they look at your network?  See below for additional details or click here to schedule yours.

Updates

Executive Summary - At the last minute, Microsoft delayed the monthly updates in February and rolled both the February and March updates into a single update.  The result is eighteen bulletins addressing a number of critical vulnerabilities, some of which have exploit code available and are being actively exploited (some  since January). 

 

MicrosoftMicrosoft - Microsoft released 18 bulletins this month (MS17-006 through MS17-023, MS17-005 addressed an Adobe vulnerability and was released on 21 February).  The Microsoft Executive Summary confirms nine bulletins rated as Critical and all address Remote Code Execution (RCE) vulnerabilities and the Internet Storm Center post confirms that there is exploit code available for at least three of them.

Microsoft releases regular updates the second Tuesday of each month, often referred to as 'Patch Tuesday'.  These updates are categorized as Low, Moderate, Important or Critical.  Details on the categories are available here.  The updates can include any supported Microsoft product from Windows to Office to Internet Explorer and server products like Exchange and SQL Server.  If you have one or more of these products installed, especially if the update is listed as Important or Critcial, it's important that the updates are installed.

Additional details are available Microsoft, Here, Here (SANS) and Here (Threatpost).

AdobeAdobe - Adobe released two updates affecting Adobe Flash Player and Adobe Shockwave player.  The Flash update is rated critical for all platforms and the Shockwave update is rated important.

Like Microsoft, Adobe now releases updates to their products on the second Tuesday of each month.  Adobe will also release 'out of band' updates if necessary to address critical vulnerabilities in their products.  Adobe products include Adobe Reader (for viewing PDF files), Adobe Flash Player (often used to watch videos, for interactive content like games, etc.), Adobe Shockwave and the Adobe Creative Suite (Photoshop, Illustrator, Acrobat, Lightroom, etc.).

Additional details are available from Adobe Here including links to download the update(s) and instructions for installation.  Additional information is available here (Threatpost).

 

JavaJava - Oracle quietly incremented Java from 8 update 111 to 8 update 121.  Also, we're still seeing that the installation of newer versions of Java don't remove the older (often vulnerable) versions so, while you're installing the latest update, check for older versions that may still be there.

Java is a tool that's widely used by banks, online service providers and even security companies for SSL VPN connections.  Java's 'official' release cycle is approximately quarterly but Java updates have been 'fast and furious' in recent months.  It's worth noting again that, if you don't absolutely need Java on your computer, it's not a bad idea to remove it altogether.

Additional details are available from Oracle here.

 

Piratica

Security News, Sponsored by Piratica - One of the most common responses that we have heard from client organizations during our After Action meetings is "We had no idea that that was there".  Sometimes it's a Windows XP or Server 2003 computer that's in a closet, sometimes it's a VM that was setup for testing and never taken down (or updates).  Often it's an asset that's behind the corporate firewall and somewhat protected but occasionally, more frequently than we expected, it's exposed to the Internet and completely forgotten by the client (until we found it or until an attacker found it).  As someone who cut my teeth in corporate IT on shoestring budgets and insane deadlines, I understand how easy it can be to spin up a server and get redirected mid-stream and completely forget that you've got an asset unprotected.  As a result, we would like to offer a free, no-obligation vulnerability scan for a limited time.  To schedule yours, click here.

Piratica is a risk management firm and we work with client organizations to help them identify and understand the risks to their organizations from cyber criminals..  We believe that the first step in any solution is to correctly and completely identify the problem.  Additional information is available on our websiteFacebook and Twitter or via our free weekly email newsletter (signup available on our website here).

 

These updates will be automatically reviewed, approved and installed for MyIT Customers.  If you would like more information about the Cyber Tech Cafe MyIT services for your business, please let us know.  The Cyber Tech Cafe MyIT services are availalbe in three different levels (Bronze, Silver and Gold) and can provide updates only (Bronze), updates and proactive network auditing and monitoring (Silver) or updates, proactive auditing and monitoring and up to 10 hours of priority support at a significantly discounted rate (Gold).  Pricing is based on the number of physical locations, servers and workstations that you have.


Read more »



Feb
20
February Microsoft Updates Delayed till March!
Posted by Scott Schilder on 20 February 2017 09:58 AM

Cyber Tech Cafe

  

[UPDATE] February Monthly Updates [UPDATE]

 

Microsoft has officially announced that February's updates will be released next month as part of the March regularly scheduled updates.

https://blogs.technet.microsoft.com/msrc/2017/02/14/february-2017-security-update-release/

 

We strongly recommend that users set a reminder and install the March updates as soon as possible following their March 14th release as there are several known vulnerabilities currently in the wild for several Microsoft products/services.

 

**Cyber Tech Cafe MyIT Customers**

To all MyIT customers, Java, Adobe, and other 3rd party software updates will continued to be installed this month as part of your regularly scheduled updates.

 

 


Read more »



Feb
14
Last Minute Delay from Microsoft in February 2017 Updates
Posted by Nathan Underwood on 14 February 2017 01:58 PM

Cyber Tech Cafe

  

Updates

Executive Summary  - For the first time that I can remember, Microsoft has delayed the monthly updates for February 2017 because of a last minute problem that was discovered in the new process.  Additional information is available here but there is no date (yet) for when the updates will be released.

 

MicrosoftMicrosoft - (crickets)

Microsoft releases regular updates the second Tuesday of each month, often referred to as 'Patch Tuesday'.  These updates are categorized as Low, Moderate, Important or Critical.  Details on the categories are available here.  The updates can include any supported Microsoft product from Windows to Office to Internet Explorer and server products like Exchange and SQL Server.  If you have one or more of these products installed, especially if the update is listed as Important or Critcial, it's important that the updates are installed.

Additional details are available Microsoft Here.

AdobeAdobe - Adobe released three updates addressing moderate (APSB17-06) and critical (APSB17-04 and APSB17-05) vulnerabilities across all supported platforms.

Like Microsoft, Adobe now releases updates to their products on the second Tuesday of each month.  Adobe will also release 'out of band' updates if necessary to address critical vulnerabilities in their products.  Adobe products include Adobe Reader (for viewing PDF files), Adobe Flash Player (often used to watch videos, for interactive content like games, etc.), Adobe Shockwave and the Adobe Creative Suite (Photoshop, Illustrator, Acrobat, Lightroom, etc.).

Additional details are available from Adobe Here including links to download the update(s) and instructions for installation. 

 

JavaJava - The latest version of Java is 8 update 121, with no updates released since October 18th of this year.  If you've got older versions, especially versions that start with 6 or 7, remove them.  Also, we're still seeing that the installation of newer versions of Java don't remove the older (often vulnerable) versions so, while you're installing the latest update, check for older versions that may still be there.

Java is a tool that's widely used by banks, online service providers and even security companies for SSL VPN connections.  Java's 'official' release cycle is approximately quarterly but Java updates have been 'fast and furious' in recent months.  It's worth noting again that, if you don't absolutely need Java on your computer, it's not a bad idea to remove it altogether.

Additional details are available from Oracle here, and here.

 

Piratica

Security News, Sponsored by Piratica - The newest scourge of the Internet seems to be ransomware targeting vulnerable Internet accessible databases.  These are easy targets for attackers and the very definition of low-hanging fruit with hundreds of victims in early January to now more than 56,000 according to Rapid 7.

Piratica is a risk management firm and we work with client organizations to help them identify and understand the risks to their organizations from cyber criminals..  We believe that the first step in any solution is to correctly and completely identify the problem.  Additional information is available on our websiteFacebook and Twitter or via our free weekly email newsletter (signup available on our website here).

 

These updates will be automatically reviewed, approved and installed for MyIT Customers.  If you would like more information about the Cyber Tech Cafe MyIT services for your business, please let us know.  The Cyber Tech Cafe MyIT services are availalbe in three different levels (Bronze, Silver and Gold) and can provide updates only (Bronze), updates and proactive network auditing and monitoring (Silver) or updates, proactive auditing and monitoring and up to 10 hours of priority support at a significantly discounted rate (Gold).  Pricing is based on the number of physical locations, servers and workstations that you have.


Read more »



Jan
10
January 2017 News and Updates
Posted by Nathan Underwood on 10 January 2017 03:26 PM

Cyber Tech Cafe

  

Updates

Executive Summary - 2017 is starting out with a relatively low number of updates with only four bulletins from Microsoft (Edge, Office and Windows [LSA]) and two updates from Adobe (Flash, Acrobat & Reader) but all resolve issues that could allow an attacker full access (remote code execution or RCE) to vulnerable systems.

 

MicrosoftMicrosoft - Microsoft released 4 bulletins this month (MS17-001 through MS17-004). The bulletins affect Microsoft Edge (oddly enough, nothing mentioned about Internet Explorer), Microsoft Office, Adobe Flash and an internal component of Windows called LSA (Local Security Authority).  The bulletins for Microsoft Office and Adobe Flash Player are rated critical and allow remote code execution (RCE) and the bulletins for Microsoft Edge and LSA are rated important allowing privilege escalation and denial of service respectively.  Multiple restarts will be required for these updates and it looks like, currently, the bulletins cover about 17 CVE's with exploitability ratings between 1 (exploitation likely) and 2 (exploitation less likely). 

Microsoft releases regular updates the second Tuesday of each month, often referred to as 'Patch Tuesday'.  These updates are categorized as Low, Moderate, Important or Critical.  Details on the categories are available here.  The updates can include any supported Microsoft product from Windows to Office to Internet Explorer and server products like Exchange and SQL Server.  If you have one or more of these products installed, especially if the update is listed as Important or Critcial, it's important that the updates are installed.

Additional details are available Microsoft, Here, and Here (SANS).

AdobeAdobe - Adobe released two updates affecting Adobe Flash Player, Adobe Acrobat and Adobe Reader to get 2017 started.  The Flash update addresses 13 vulnerabilities (12 of which enable RCE) and the Adobe Acrobat and Reader update addresses 29 vulnerabilities (28 of which enable RCE).  Google and Microsoft last month announced that they will be accelerating the deprecation of Flash in Chrome and Edge in an attempt to push users (and developers) to less vulnerability laden HTML5 alternatives.

Like Microsoft, Adobe now releases updates to their products on the second Tuesday of each month.  Adobe will also release 'out of band' updates if necessary to address critical vulnerabilities in their products.  Adobe products include Adobe Reader (for viewing PDF files), Adobe Flash Player (often used to watch videos, for interactive content like games, etc.), Adobe Shockwave and the Adobe Creative Suite (Photoshop, Illustrator, Acrobat, Lightroom, etc.).

Additional details are available from Adobe Here including links to download the update(s) and instructions for installation.  Additional information is available here (Threatpost).

 

JavaJava - The latest version of Java is 8 update 111, with no updates released since October 18th of this year.  If you've got older versions, especially versions that start with 6 or 7, remove them.  Also, we're still seeing that the installation of newer versions of Java don't remove the older (often vulnerable) versions so, while you're installing the latest update, check for older versions that may still be there.

Java is a tool that's widely used by banks, online service providers and even security companies for SSL VPN connections.  Java's 'official' release cycle is approximately quarterly but Java updates have been 'fast and furious' in recent months.  It's worth noting again that, if you don't absolutely need Java on your computer, it's not a bad idea to remove it altogether.

Additional details are available from Oracle here, and here.

 

Piratica

Security News, Sponsored by Piratica - If 2016 is any indication of what's to come, 2017 is going to be an interesting year.  I'm generally not one for predictions but there are a few that I think are probably safe to make.  First, ransomeware seems to be working very well (for the criminals) and will continue to evolve and plague the Internet.  One recent evolution is that  attackers are moving from encrypting files  to encrypting databases, significantly increasing the visibility of the attack and the motivation for the victim to pay up.  Second, as a result of the success of ransomware, the crimeware-as-a-service frameworks like Avalanche will continue to grow in popularity, complexity and demand.  Third, I believe that 2017 will be the year that we start to see the demise of the password as the primary and / or only means of authentication in favor of technologies like the Yubikey and U2F as the technologies continue to get cheaper, easier and more secure.  I could be wrong and it will be interesting to look back at this post in January 2018 but, for now, that's my story and I'm sticking to it. 

2016 was an incredible year for Piratica, taking us from the southeastern United States to Alaska and several .  I want to take this opportunity to say thank you to all of the people (clients, partner companies, etc.) who made it possible and that I'm looking forward to even bigger and better things in 2017. 

Piratica is a risk management firm and we work with client organizations to help them identify and understand the risks to their organizations from cyber criminals..  We believe that the first step in any solution is to correctly and completely identify the problem.  Additional information is available on our websiteFacebook and Twitter or via our free weekly email newsletter (signup available on our website here).

 

These updates will be automatically reviewed, approved and installed for MyIT Customers.  If you would like more information about the Cyber Tech Cafe MyIT services for your business, please let us know.  The Cyber Tech Cafe MyIT services are availalbe in three different levels (Bronze, Silver and Gold) and can provide updates only (Bronze), updates and proactive network auditing and monitoring (Silver) or updates, proactive auditing and monitoring and up to 10 hours of priority support at a significantly discounted rate (Gold).  Pricing is based on the number of physical locations, servers and workstations that you have.


Read more »




Help Desk Software by Kayako case