What’s New
- Hacker Playdate – The Q2 2016 Hacker Playdate “Business Edition” is scheduled for 23 April 2016 at the Bartow County Library. Huge thank you to the Bartow County Library for all of their support and for the new venue. Additional details are available here.
- Ransomware & Rogue Tech – We continue to see computers that are infected with ransomware that encrypts the data and demands a ransom (generally payable by Bitcoin) and rogue tech support calls. Backup your data. Don’t let strangers onto your computer. That is all (for now) 🙂
- Windows 10 – We are seeing a LOT of folks who are installing Windows 10 ‘accidentally’. Two very important things to note on this are that you have 30 days from the time you do the upgrade to revert back to the previous version of Windows and that Windows 7 will still be supported until 14 January 2020. That said, unless you *need* to upgrade to Windows 10 (your software / hardware vendors require it), we recommend sticking with Windows 7 until a specific need to upgrade arises for production environments.
Updates
Executive Summary – The spotlight can be shared this month between Microsoft (with 13 bulletins), Cisco (with a massive, remotely exploitable bug in an extremely popular piece of network security gear) and the newest evolution of ransomware.
Microsoft – Microsoft released 13 bulletins this month (MS16-023 through MS16-035, MS16-022 was released 9 February 2016 and addressed a critical vulnerability in Adobe Flash Player). Five of the bulletins are rated critical, all contain Remote Code Execution vulnerabilities and contain CVEs that are have relatively high exploitability indexes (I did not see any zeros, but there are a number of ones). The remaining bulletins are rated important by Microsoft and the software affected by this months updates includes Windows & Windows Server (all supported versions), Internet Explorer (all supported versions), Edge, Office and the .NET Framework.
Microsoft releases regular updates the second Tuesday of each month, often referred to as ‘Patch Tuesday’. These updates are catagorized as Low, Moderate, Important or Critical. Details on the categories are available here. The updates can include any supported Microsoft product from Windows to Office to Internet Explorer and server products like Exchange and SQL Server. If you have one or more of these products installed, especially if the update is listed as Important or Critial, it’s important that the updates are installed.
Additional details are available Microsoft Here, Here (SANS) and here (Threatpost).
Adobe – Adobe has released bulletins APSB16-06 (Adobe Acrobat and Reader), APSB16-09 (Adobe Digital Editions). Details on each are available on the Adobe Security Advisories page (link below). Both updates are considered critical and update vulnerabilities that, if exploited, could give an attacker remote control of the affected system(s).
Like Microsoft, Adobe now releases updates to their products on the second Tuesday of each month. Adobe will also release ‘out of band’ updates if necessary to address critical vulnerabilities in their products. Adobe products include Adobe Reader (for viewing PDF files), Adobe Flash Player (often used to watch videos, for interactive content like games, etc.), Adobe Shockwave and the Adobe Creative Suite (Photoshop, Illustrator, Acrobat, Lightroom, etc.).
Additional details are available from Adobe Here including links to download the update(s) and instructions for installation.
Java – Oracle released Java 8 update 73 on 5 February 2016, and that seems to be holding. If you have additional (older) versions of Java installed, you should remove them. In Windows, you can check this by going to Add / Remove Programs and looking for older versions.
Java is a tool that’s widely used by banks, online service providers and even security companies for SSL VPN connections. Java’s ‘official’ release cycle is approximately quarterly but Java updates have been ‘fast and furious’ in recent months. It’s worth noting again that, if you don’t absolutely need Java on your computer, it’s not a bad idea to remove it altogether.
Additional details are available from Oracle here.
Security News, Sponsored by Piratica – Probably the biggest pattern that we’re starting to see emerge in security is high-profile phishing attacks like the ones that hit SnapChat and Seagate recently. In both cases, the attacker / fraudster was able to get sensitive information on employees (payroll data, Social Security data, tax data, etc.) by posing as senior executive / management for the respective company. Unfortunately, the target of the phishing attack didn’t verify the sender in either case but instead forwarded the information as requested. The good news though is that we’re also seeing a rise in the number of clients who are actively phishing their employees and using the results of those phishing engagements as a training tool.
We are also excited to announce the recent launch of the Piratica website at https://www.piratica.us . In addition to the website, we have a weekly opt-in mailing list that includes quick links to the stories posted to the Piratica website during the previous week as well as an RSS feed for those that don’t want to wait. We’d love your feedback on the new site and the blog posts that are being posted.
Lastly, the CON season is fast approaching. The DEFCON theme has been announced (Rise of the Machines), the floorplan (beta) has been released and updated and the interwebs are a flurry of activity. The Derby Con theme (ReCharge) has been announced and tickets will go on 1 May 2016 (get them fast if you’re going).
Piratica is a risk management firm and we work with client organizations to help them identify and understand the risks to their organizations from cyber criminals.. We believe that the first step in any solution is to correctly and completely identify the problem. Additional information is available on our website, Facebook and Twitter.
These updates will be automatically reviewed, approved and installed for MyIT Customers. If you would like more information about the Cyber Tech Cafe MyIT services for your business, please let us know. The Cyber Tech Cafe MyIT services are availalbe in three different levels (Bronze, Silver and Gold) and can provide updates only (Bronze), updates and proactive network auditing and monitoring (Silver) or updates, proactive auditing and monitoring and up to 10 hours of priority support at a significantly discounted rate (Gold). Pricing is based on the number of physical locations, servers and workstations that you have.