April 2015 News and Updates
What’s New
- Episode Two, The Mobile Threat – The latest episode was released on 19 March and follows our attackers Myles and Ian as they use an executives mobile phone to gain access to (at least) one corporate network, completely under the radar. Episode Two can be found here.
- Resurgence of Crypto style malware (REPOST) – It looks like the Cryptowall style malware is making another round. There are some details on one variant here but the biggest thing to keep in mind is that, if you get hit with this, you need to consider whatever data is encrypted gone. There may be a chance that you may get it back if you send a large sum of money via untraceable currency (Moneypak, bitcoin, etc.) to an anonymous person likely in a non-extradition country but a much better (and cheaper) plan is to maintain good backups that you test regularly and make certain to install updates regularly and keep up-to-date antivirus.
- Facebook Campaign – We continue to get good feedback on the Facebook page and appreciate you folks spreading the word. You can find us on Facebook here.
- 2015 Focus on Security – I noted in the January 2015 newsletter that we would be renewing our focus on security in 2015 and thought it proper that the first item in the 2015 newsletter gave more detail on the plans.
- Better Communication – We are going to make better use of our website, newsletter and Facebook Page to keep you better informed.
- We will publish important but low-priority / non-urgent stories to the website and link to them on the Facebook page.
- We will post important / urgent stories to the website and newsletter and link to them on the Facebook page.
- We will continue posting informational stories and news to the Facebook page.
- In addition to the monthly news and updates email, we also plan to post (roughly) one short story or case study per month (more on that below).
- Short Stories and Case Studies – Still working on Episode Two and hope to have it out before the end of March. If you haven’t already though, take a moment to check out Episode One and get up-to-speed on Myles and Ian.
- Focus on Proactive Security – As the threat landscape and cyber criminals evolve, security countermeasures must evolve as well. We are working with a number of test clients now on a number of proactive and more aggressive security products and services and hope to extend the test base in the second quarter of this year. If your company is a HIPAA covered entity or is required to be PCI-DSS compliant and would be interested in participating, please reply to this email and let us know.
- Better Communication – We are going to make better use of our website, newsletter and Facebook Page to keep you better informed.
- New, shorter domain Name – At long last, we have a new, shorter and easier to remember (and spell) domain name. Our old domain name (cybertechcafe.net) and all of the email addresses on that domain will continue to work but, effective immediately we also have the ctc.co (note, it’s not ctc.com but ctc.co, 5 letters). You can continue to reach us at www.cybertechcafe.net or support@cybertechcafe.net but, now, you can also simply go to www.ctc.co or help@ctc.co and get us there as well.
Updates
Executive Summary – April 2015 brought updates from Microsoft, Adobe and Java but the one that got the most attention (so far) seems to be the an update from Microsoft for Microsoft Windows that could allow an attacker remote access to affected machines (MS15-034). Most of the reports that we saw of attacks against this vulnerability were denial of service (DoS) attacks but, according to the Security Bulletin from Microsoft, the vulnerability could allow remote code execution. There were also updates from Adobe that were rated critical as well as a minor update to Java but Microsoft seems to have taken the cake this month.
Microsoft – Microsoft released 11 bulletins in February (MS15-032 through MS15-042). Four addressed critical vulnerabilities in Window (all supported versions), Internet Explorer (all supported versions) and Microsoft Office that could allow a remote attacker to run programs on your computer without your knowledge (remote code execution). The remaining 7 bulletins were rated as Important and addressed vulnerabilities that could lead to a range of attacks from Information Disclosure to privilege escallation and a Denial of Service vulnerability on Hyper-V hosts.
Microsoft releases regular updates the second Tuesday of each month, often referred to as ‘Patch Tuesday’. These updates are catagorized as Low, Moderate, Important or Critical. Details on the categories are available here. The updates can include any supported Microsoft product from Windows to Office to Internet Explorer and server products like Exchange and SQL Server. If you have one or more of these products installed, especially if the update is listed as Important or Critial, it’s important that the updates are installed.
Additional details are available Microsoft Here.
Adobe – The last few months have been tough on Adobe with vulnerabilities in most popular Adobe products. As of 14 April, there are 3 bulletins posted (APSB15-06, APSB15-07 and APSB15-08) affecting Adobe Flash Player, Adobe ColdFusion and Adobe Flex. Realistically, the only one that most of our clients will need to be worried about is APSB15-06, rated as Critical. Additional details on ths are available from Adobe here.
Like Microsoft, Adobe now releases updates to their products on the second Tuesday of each month. Adobe will also release ‘out of band’ updates if necessary to address critical vulnerabilities in their products. Adobe products include Adobe Reader (for viewing PDF files), Adobe Flash Player (often used to watch videos, for interactive content like games, etc.), Adobe Shockwave and the Adobe Creative Suite (Photoshop, Illustrator, Acrobat, Lightroom, etc.).
Additional details are available from Adobe Here including links to download the update(s) and instructions for installation.
Java – The most up-to-date release version of Java, as of the time of this newsletter, is still Java 8 update 45. We’ve noticed that the Java installer / updater doesn’t consistently remove previous versions of Java (including Java 7 and even Java 6). That said, even if you have the most up-to-date version [of Java] installed, it’s possible that you still have an older version installed as well. In Windows, you can check this by going to Add / Remove Programs and looking for older versions.
Java is a tool that’s widely used by banks, online service providers and even security companies for SSL VPN connections. Java’s ‘official’ release cycle is approximately quarterly but Java updates have been ‘fast and furious’ in recent months. It’s worth noting again that, if you don’t absolutely need Java on your computer, it’s not a bad idea to remove it altogether.
Additional details are available from Oracle here.
These updates will be automatically reviewed, approved and installed for MyIT Customers. If you would like more information about the Cyber Tech Cafe MyIT services for your business, please let us know. The Cyber Tech Cafe MyIT services are availalbe in three different levels (Bronze, Silver and Gold) and can provide updates only (Bronze), updates and proactive network auditing and monitoring (Silver) or updates, proactive auditing and monitoring and up to 10 hours of priority support at a significantly discounted rate (Gold). Pricing is based on the number of physical locations, servers and workstations that you have.