Cyber Thursday: Cyber Advisors Security Updates February 2022

Posted by Kate Drankoff on Feb 9, 2022 4:25:31 PM

Tune in as our team of security experts dive into critical information you need to know. We're unpacking critical vulnerabilities, recapping Microsoft patch Tuesday, highlighting zero-days and other patch information, and much more. 

 

Microsoft (MS) announces Office users will no longer be able to enable VBA (Visual Basic for Applications, a programming language used to create macros) macros with a click of a button after the change rolls out in April 2022. A huge win for organizations and home users alike, a new Security Risk banner will inform users that MS has blocked macros downloaded from the Internet. MS provides further information about the security risks of macros, safe practices, and instructions on a support page.  (NOTE that the support page link will appear as the actual Microsoft warning landing page that reads, “A potentially dangerous macro has been blocked”). VBA macros embedded in malicious Office documents are very popular among phishing and malware attacks.

Read More

Topics: security, Microsoft, MSP, Log4j

Cyber Thursday: Cyber Advisors Security Updates January 2022

Posted by Kate Drankoff on Jan 18, 2022 4:08:52 PM

Tune in as our team of security expects dive into critical information you need to know. We're unpacking critical vulnerabilities, recapping Microsoft patch Tuesday, highlighting zero-days and other patch information, and much more. 

 

Typically Microsoft releases Patch Tuesday information the second Tuesday of the month. However, this January 2022 there was a slight hiccup and Microsoft released some bad patches which have since been revoked. Our team has updated our recommendations and we apologize for the late release of our Cyber Thursday Security Updates. 

 

Back in the early 2000s Microsoft had a reputation for inconsistent patching. However, recently, Microsoft has been doing a better job which has lead some admins to have a false sense of security. Testing patches is critical before deployment. Check out the updated patch information below. 

Read More

Topics: security, Microsoft, MSP, Log4j

Cyber Advisors Apache Log4j Recommendations and Services Package

Posted by Kate Drankoff on Dec 27, 2021 9:33:17 AM

Cyber Advisors Inc. has created a list of recommendations and a services package in response to Log4Shell vulnerability, that affects a significant number of systems and applications:

Read More

Topics: security, MSP, Log4j

Apache Log4j

Posted by Kate Drankoff on Dec 23, 2021 9:30:41 AM

Two Common Vulnerability and Exposures (CVEs) were released for Apache Log4j on December 10th, 2021, and have dominated headlines in the Information Technology and Security industries. Log4j, a Java-based 'logging utility' within the Apache Logging Services, is embedded throughout widespread technologies and products depended on every day by businesses and consumers alike. The initial discovery stemmed from the popular video game, Minecraft. These particular CVEs are not only trivial to exploit, but are actively being exploited in the wild via a race condition and allow remote attackers to gain control of compromised systems.

 

Cyber Advisors Inc. has created a list of recommendations and a services package in response to Log4Shell vulnerability, that affects a significant number of systems and applications. More information can be found here.

Read More

Topics: security, MSP, Log4j

About this blog

Welcome to the Cyber Advisors Blog.  Please take a moment to read through our content.  If you would like more information on any of these topics, simply reach out to us via contact information below.  If you find our content valuable, please subscribe.  

 

 
 
Would you like to hear from us? Click Below!
Learn More

Subscribe Here!

Recent Posts

Posts by Tag

See all