May 2016 News and Updates
What’s New
- DEF CON 24 – Piratica has invited the crew from Cyber Tech Cafe to join them at DEF CON 24 this year (4 August to 7 August) in Las Vegas. Most of us will be leaving Thursday evening but we will be leaving a skeleton crew behind Friday to cover things. Everyone will be back for normal business hours Monday.
Updates
Executive Summary – May delivered several updates from Microsoft to patch critical vulnerabilities in Windows, Internet Explorer, Edge, Office and .NET. I’ve noticed it a few times and more frequently lately, but MS16-064 was an update to Adobe Flash Player for Windows 8.1, Server 2012, Server 2012 R2, RT 8.1 and Windows 10. Two important things to note here is that Microsoft is issuing Flash Player updates and there are fears of exploits against servers using Flash vulnerabilities. It’s time to take serious look at removing Adobe Flash Player from everything but, if you’ve got Adobe Flash Player on your server, there is absolutely no question as to whether or not it should be removed. Now.
Microsoft – Microsoft released 16 bulletins this month (MS16-051 through MS16-067). Eight of the bulletins are rated critical (by Microsoft) and all address vulnerabilities that could allow remote code execution. The remaining eight are rated important (by Microsoft) and range from information disclosure to remote code execution. The SANS summary basically mirrors Microsoft’s and lists the exploitability index for each of the vulnerabilities being patched. An important point to note, in addition to the large number of ones listed in the index is that CVE-2016-0189 has an exploitability index of 0.
Microsoft releases regular updates the second Tuesday of each month, often referred to as ‘Patch Tuesday’. These updates are catagorized as Low, Moderate, Important or Critical. Details on the categories are available here. The updates can include any supported Microsoft product from Windows to Office to Internet Explorer and server products like Exchange and SQL Server. If you have one or more of these products installed, especially if the update is listed as Important or Critial, it’s important that the updates are installed.
Additional details are available Microsoft Here, Here (SANS) and here (Threatpost).
Adobe – Adobe has posted APSA16-02 (Flash Player), APSB16-16 (ColdFusion) and APSB16-14 (Acrobat and Reader). The updates for Flash Player and Acrobat and Reader patch critical vulnerabilities and should be updated quickly. Adobe has all but confirmed what everyone else already knew, that Flash Player is in a death spiral. If you haven’t already, it’s time to consider removing it from everything. If not immediately, getting a plan together and getting it on the radar at least. HTML5?
Like Microsoft, Adobe now releases updates to their products on the second Tuesday of each month. Adobe will also release ‘out of band’ updates if necessary to address critical vulnerabilities in their products. Adobe products include Adobe Reader (for viewing PDF files), Adobe Flash Player (often used to watch videos, for interactive content like games, etc.), Adobe Shockwave and the Adobe Creative Suite (Photoshop, Illustrator, Acrobat, Lightroom, etc.).
Additional details are available from Adobe Here including links to download the update(s) and instructions for installation.
Java – The latest version of Java is 8 update 91. If you’ve got older versions, especially versions that start with 6 or 7, remove them. Also, we’re still seeing that the installation of newer versions of Java don’t remove the older (often vulnerable) versions so, while you’re installing the latest update, check for older versions that may still be there.
Java is a tool that’s widely used by banks, online service providers and even security companies for SSL VPN connections. Java’s ‘official’ release cycle is approximately quarterly but Java updates have been ‘fast and furious’ in recent months. It’s worth noting again that, if you don’t absolutely need Java on your computer, it’s not a bad idea to remove it altogether.
Additional details are available from Oracle here.
Security News, Sponsored by Piratica – According to the 2016 Verizon Data Breach Investigations Report (DBIR), not only is phishing still king but it’s more popular and more effective than ever. According to the DBIR, 23% of users opened phishing emails in 2015. A staggering number until you realize that 30% of users opened phishing emails in 2016, a 7% increase. With the increased effectiveness of phishing attacks, the potency of the payloads has also risen. In addition to ransomware, we’re seeing an interesting mix of attacks based on MS Office macros and, if file attachments prove ineffective, malicious links (“Oh no, your credit card was stolen, click here” or “Oh no, your bank account has been accessed” or “Oh no, there’s a problem with your payroll, etc.”). More than ever, incorporating phishing and other social engineering vectors into your offensive security should be a priority.
Now that we’ve covered the not cool stuff, DEF CON 24 in Las Vegas is just 86 days (or 85 and a wake-up, but who’s counting) away and DerbyCon is just a few weeks after that. The DC24 floorplan has been finalized and the chatter about talks, contests, etc. is definitely on the rise. In DerbyCon news, tickets for DerbyCon 6 ReCharge sold out in less than 12 hours! I think that everyone expected it to sell out and most expected it to sell out quick, but I don’t think that anyone expected it to happen as quick as it did. If you’re going to either, definitely let us know, we always like to meet up with local folks.
Piratica is a risk management firm and we work with client organizations to help them identify and understand the risks to their organizations from cyber criminals.. We believe that the first step in any solution is to correctly and completely identify the problem. Additional information is available on our website, Facebook and Twitter.
These updates will be automatically reviewed, approved and installed for MyIT Customers. If you would like more information about the Cyber Tech Cafe MyIT services for your business, please let us know. The Cyber Tech Cafe MyIT services are availalbe in three different levels (Bronze, Silver and Gold) and can provide updates only (Bronze), updates and proactive network auditing and monitoring (Silver) or updates, proactive auditing and monitoring and up to 10 hours of priority support at a significantly discounted rate (Gold). Pricing is based on the number of physical locations, servers and workstations that you have.