March 2015 News and Updates
What’s New
- Resurgence of Crypto style malware – It looks like the Cryptowall style malware is making another round. There are some details on one variant here but the biggest thing to keep in mind is that, if you get hit with this, you need to consider whatever data is encrypted gone. There may be a chance that you may get it back if you send a large sum of money via untraceable currency (Moneypak, bitcoin, etc.) to an anonymous person likely in a non-extradition country but a much better (and cheaper) plan is to maintain good backups that you test regularly and make certain to install updates regularly and keep up-to-date antivirus.
- Facebook Campaign – We continue to get good feedback on the Facebook page and appreciate you folks spreading the word. You can find us on Facebook here.
- 2015 Focus on Security – I noted in the January 2015 newsletter that we would be renewing our focus on security in 2015 and thought it proper that the first item in the 2015 newsletter gave more detail on the plans.
- Better Communication – We are going to make better use of our website, newsletter and Facebook Page to keep you better informed.
- We will publish important but low-priority / non-urgent stories to the website and link to them on the Facebook page.
- We will post important / urgent stories to the website and newsletter and link to them on the Facebook page.
- We will continue posting informational stories and news to the Facebook page.
- In addition to the monthly news and updates email, we also plan to post (roughly) one short story or case study per month (more on that below).
- Short Stories and Case Studies – Still working on Episode Two and hope to have it out before the end of March. If you haven’t already though, take a moment to check out Episode One and get up-to-speed on Myles and Ian.
- Focus on Proactive Security – As the threat landscape and cyber criminals evolve, security countermeasures must evolve as well. We are working with a number of test clients now on a number of proactive and more aggressive security products and services and hope to extend the test base in the second quarter of this year. If your company is a HIPAA covered entity or is required to be PCI-DSS compliant and would be interested in participating, please reply to this email and let us know.
- Better Communication – We are going to make better use of our website, newsletter and Facebook Page to keep you better informed.
- New, shorter domain Name – At long last, we have a new, shorter and easier to remember (and spell) domain name. Our old domain name (cybertechcafe.net) and all of the email addresses on that domain will continue to work but, effective immediately we also have the ctc.co (note, it’s not ctc.com but ctc.co, 5 letters). You can continue to reach us at www.cybertechcafe.net or support@cybertechcafe.net but, now, you can also simply go to www.ctc.co or help@ctc.co and get us there as well.
Updates
Executive Summary – There were updates from all of the major players this month but Microsoft is the only one that I see that really had any heavy hitters. As usual, Rapid7 did an excellent write-up on the updates from Microsoft for those wanting more detail. So far, all seems clear on the Adobe front and Java has gone from v8u31 to v8u40, so something changed.
Microsoft – Microsoft released 14 bulletins in February (MS15-018 through MS15-031). Five addressed critical vulnerabilities in Window (all supported versions), Internet Explorer (all supported versions) and Microsoft Office that could allow a remote attacker to run programs on your computer without your knowledge (remote code execution). The remaining 9 bulletins were rated as Important and addressed vulnerabilities that could lead to a range of attacks from Information Disclosure to privilege escallation and a spoofing vulnerability in teh NETLOGON service for domain-connected computers.
Microsoft releases regular updates the second Tuesday of each month, often referred to as ‘Patch Tuesday’. These updates are catagorized as Low, Moderate, Important or Critical. Details on the categories are available here. The updates can include any supported Microsoft product from Windows to Office to Internet Explorer and server products like Exchange and SQL Server. If you have one or more of these products installed, especially if the update is listed as Important or Critial, it’s important that the updates are installed.
Additional details are available Microsoft Here.
Adobe – Adobe had a pretty tough month last month and we’re seeing a LOT of computers in the shop with virus and malware problems that can be attributed to the recent Adobe vulnerabilities. I don’t see any updates listed since 19 February but the zero days hit just after the February Patch Tuesday, so keep your eyes peeled.
Like Microsoft, Adobe now releases updates to their products on the second Tuesday of each month. Adobe will also release ‘out of band’ updates if necessary to address critical vulnerabilities in their products. Adobe products include Adobe Reader (for viewing PDF files), Adobe Flash Player (often used to watch videos, for interactive content like games, etc.), Adobe Shockwave and the Adobe Creative Suite (Photoshop, Illustrator, Acrobat, Lightroom, etc.).
Additional details are available from Adobe Here including links to download the update(s) and instructions for installation.
Java – The most up-to-date release version of Java, as of the time of this newsletter, is still Java 8 update 40. We’ve noticed that the Java installer / updater doesn’t consistently remove previous versions of Java (including Java 7 and even Java 6). That said, even if you have the most up-to-date version [of Java] installed, it’s possible that you still have an older version installed as well. In Windows, you can check this by going to Add / Remove Programs and looking for older versions.
Java is a tool that’s widely used by banks, online service providers and even security companies for SSL VPN connections. Java’s ‘official’ release cycle is approximately quarterly but Java updates have been ‘fast and furious’ in recent months. It’s worth noting again that, if you don’t absolutely need Java on your computer, it’s not a bad idea to remove it altogether.
Additional details are available from Oracle here.
These updates will be automatically reviewed, approved and installed for MyIT Customers. If you would like more information about the Cyber Tech Cafe MyIT services for your business, please let us know. The Cyber Tech Cafe MyIT services are availalbe in three different levels (Bronze, Silver and Gold) and can provide updates only (Bronze), updates and proactive network auditing and monitoring (Silver) or updates, proactive auditing and monitoring and up to 10 hours of priority support at a significantly discounted rate (Gold). Pricing is based on the number of physical locations, servers and workstations that you have.