Executive Summary
- COVID-19 Response – The health and safety of our team, our clients and our business partners is of paramount importance to us at Cyber Tech Cafe. We are still offering on-site service, however, we have a number of clients who have opted for remote support only for a time to minimize the risk of spreading the virus. We will continue to monitor and heed the recommendations of the CDC and other subject matter experts on this topic and will post any policy changes to our website and social media pages. Our thoughts and prayers go out to those affected by this virus and to those working so diligently to fight it.
- We are still seeing Windows 7 and Windows Server 2008 Servers in use. It’s important to note that these operating systems are no longer supported by Microsoft and, as such, will receive no more security updates. The presence of these operating systems in your environment constitute significant risk and, if you have regulatory compliance requirements (e.g., HIPAA, GLBA, PCI, etc.), likely mean that you are currently non-compliant.
News
- DC770 – Currently, DC770 is still scheduled as normal on Tuesday, 5 May 2020. Last week’s online ‘virtual meeting’ went well and so we are expecting to repeat those actions in May. We will be monitoring the situation closely and will make a final decision closer to the meeting. Please check DC770.org for more details.
- MyIT – The response to the enhanced MyIT Services has been overwhelmingly positive. For our MyIT Silver and Gold clients, we’re now able to alert in real-time on potential indications of compromise that could lead to things like ransomware. Some of these new capabilities include the ability to alert in real-time on events like failed logins, newly created users or users added to new groups or the installation of new software (like ransomware). If your organization doesn’t currently have these capabilities and is concerned about attacks on your IT infrastructure, we’d love an opportunity to earn your business.
Tech News
- Popular meeting app Zoom has been under fire for security issues lately. (Though its not all bad)
- Google and Apple are working on some Black Mirror – esque software to help track the Coronavirus.
- In case COVID-19 isn’t already a huge bummer, the virus has delayed / cancelled the 2021 roll out of New Emojis 😢
Update News
Microsoft
Microsoft reported 113 vulnerabilities this month, 19 of which were classified [by Microsoft] as CRITICAL with the remaining 94 rated important, moderate or low.
With all the time saved now that your commute to work time is < 30 seconds, spend some time and make sure all those important updates get installed. Microsoft has released 200 updates in the last 2 months alone, more than double the amount of the previous 2 months.
As always, don’t be be the low hanging fruit and remember, all the cool kids update!
Additional details on this month’s Patch Tuesday are available on the sites below:
Adobe
Adobe has so far released 4 security bulletins for the month of April.
Like Microsoft, Adobe now releases updates to their products on the second Tuesday of each month. Adobe will also release ‘out of band’ updates if necessary to address critical vulnerabilities in their products. Adobe products include Adobe Reader (for viewing PDF files), Adobe Flash Player (often used to watch videos, for interactive content like games, etc.), Adobe Shockwave and the Adobe Creative Suite (Photoshop, Illustrator, Acrobat, Lightroom, etc.).
Additional details are available from Adobe Here and Here including links to download the update(s) and instructions for installation.
Java
Oracle released it’s July 2020 Patch Update Advisory , patching a total of 433 vulnerabilities. Additional information is available from the Oracle website here.
Oracle announced at the beginning of 2019 that Java SE would no longer be free for commercial customers. For more information read our article here.
Security News
Sponsored By Piratica
The response to our free vulnerability scan has been overwhelming. More overwhelming though has been the organizations that took advantage of the free scan, found vulnerabilities (exposed servers, unpatched firewalls, thought-to-be retired Remote Desktop servers and more) and addressed them. To that end, we are happy to extend the free vulnerability scan (we haven’t set an end date yet). If you would like to take advantage of this free scan, complete the request form on our website.
Piratica is a risk management firm. We work with client organizations to help them identify and understand the risks to their organizations so that those metrics can be incorporated into the organizations overall security strategy. We believe that the first step in any solution is to correctly and completely identify the problem. Additional information is available on our website, Facebook and Twitter or via our free weekly email newsletter (signup available on our website here).
These updates will be automatically reviewed, approved and installed for MyIT Customers. If you would like more information about the Cyber Tech Cafe MyIT services for your business, please let us know. The Cyber Tech Cafe MyIT services are available in three different levels (Bronze, Silver and Gold) and can provide updates only (Bronze), updates and proactive network auditing and monitoring (Silver) or updates, proactive auditing and monitoring and up to 10 hours of priority support at a significantly discounted rate (Gold). Pricing is based on the number of physical locations, servers and workstations that you have.