November 2019 Updates


News

  • Holiday Schedule – Cyber Tech Cafe will be closed on Thursday, 28 November 2019 and Friday, 29 November 2019 for Thanksgiving.
  • DC770 – Cyber Tech Cafe is a proud supporter and co-sponsor of the DC770 DEF CON group that meets monthly at 7:00pm ET at Jefferson’s restaurant in Cartersville on the first Tuesday of each month. More information is available at https://dc770.org

Executive Summary

In addition to the normal pressure of Patch Tuesday, we have more than dozen vulnerabilities that are listed as critical this month with at least one being actively exploited in the wild. November 2019 also brings us one month closer to the 14 January 2020 end of life (retirement) for Windows 7 and Windows Server 2008. If you or your organization still has Windows 7 or Windows Server 2008 computers in use, it’s important to get them upgraded or replaced prior to 14 January 2020, as Microsoft will no longer be providing feature or security updates after that. We have seen a number of organizations use this as an opportunity to replace old and aging gear and implement proactive maintenance programs like our MyIT Service to lighten the burden of routine maintenance.

Feel free to give us a call or use our contact form to setup a free, no obligation meeting to see if Cyber Tech Cafe can help.


Update Info

Microsoft

Microsoft reported 74 vulnerabilities this month, 15 of which were classified [by Microsoft] as CRITICAL with the remaining rated important, moderate or low. Two of the vulnerabilities had been disclosed previously and one has already been exploited in the wild. As always, don’t be be the low hanging fruit and remember, all the cool kids update!

Additional details on Windows Updates are available HereHere, and Here.


Adobe

Adobe has released eight updates (APSB19-48 through APSB19-53) to address vulnerabilities in Adobe Bridge, Media Encoder, Illustrator, Animate, Acrobat, Reader and more ranging from important to critical. All users of Adobe products are encouraged to update as soon as practical.

Like Microsoft, Adobe (for the most part) now releases updates to their products on the second Tuesday of each month. Adobe will also release ‘out of band’ updates if necessary to address critical vulnerabilities in their products. Adobe products include Adobe Reader (for viewing PDF files), Adobe Flash Player (often used to watch videos, for interactive content like games, etc.), Adobe Shockwave and the Adobe Creative Suite (Photoshop, Illustrator, Acrobat, Lightroom, etc.).

Additional details are available from Adobe Here including links to download the update(s) and instructions for installation.


Java

Oracle released it’s July 2020 Patch Update Advisory , patching a total of 433 vulnerabilities. Additional information is available from the Oracle website here.

Oracle announced at the beginning of 2019 that Java SE would no longer be free for commercial customers. For more information read our article here.


Security News

If your business accepts credit cards, you’ve probably heard the term PCI or PCI DSS and whoever does the credit card processing for you (your merchant provider) probably has you fill out a form regularly to verify your compliance with PCI DSS. So, what is PCI DSS Compliance?  What is the SAQ and what are you agreeing to by filling out the SAQ? In this article, I’ll try to answer each of these questions as well as help you determine what your specific PCI DSS requirements are.

Read more about Demystifying PCI DSS Compliance at Piratica.us

Piratica is a risk management firm. We work with client organizations to help them identify and understand the risks to their organizations so that those metrics can be incorporated into the organizations overall security strategy. We believe that the first step in any solution is to correctly and completely identify the problem. Additional information is available on our website, Facebook and Twitter or via our free email newsletter (signup available on our website here).


These updates will be automatically reviewed, approved and installed for MyIT Customers. If you would like more information about the Cyber Tech Cafe MyIT services for your business, please let us know. The Cyber Tech Cafe MyIT services are available in three different levels (Bronze, Silver and Gold) and can provide updates only (Bronze), updates and proactive network auditing and monitoring (Silver) or updates, proactive auditing and monitoring and up to 10 hours of priority support at a significantly discounted rate (Gold). Pricing is based on the number of physical locations, servers and workstations that you have.