This month is another important month for Microsoft Patch Tuesday and subscribers of our Cyber Thursday blog, with 75 vulnerabilities reported, 8 of which are considered “Critical” (RCE or LPE) vulnerabilities.

The Chinese-backed Hafnium hacking group has been linked to a piece of a new malware that's used to maintain persistence on compromised Windows environments. Check out two great takes on Tarrask: here and here.

Tune in as our team of security experts dive into critical information you need to know. We're unpacking critical vulnerabilities, recapping Microsoft patch Tuesday, highlighting zero-days and other patch information, and much more. 

Cyber Advisors, a trusted advisor for IT solutions, is proud to announce that CRN®, a brand of The Channel Company, has named Cyber Advisors on its 2022 Tech Elite 250 list. Cyber Advisors is also named on the Managed Service Provider (MSP) 500 list in the Pioneer 250 category for 2022.

The Tech Elite 250 list recognizes solution providers across the U.S. and Canada that have earned the highest level of technical certifications from leading technology suppliers. Companies chosen for the Tech Elite 250 list have distinguished themselves as dedicated and passionate solution providers willing to go above and beyond for their customers by ensuring they have the training and technical know-how necessary to provide expert-level service.

The CRN’s annual MSP 500 list identifies the leading service providers in North America whose forward-thinking approaches to managed services are changing the landscape of the IT channel, helping end users increase efficiency and simplify IT solutions, while maximizing their return on investment.

Cyber Advisors is extremely proud of this accomplishment and has continued to invest in our organization, talent and security to better serve our valued customers. 

The conflict in Eastern Europe has global implications, including with respect to global cyber security.  The concepts of Advanced Persistent Threat (APT) and foreign threat actors have taken on a very real and current meaning and will continue to impact the world in various ways for years to come. From a purely cyber security perspective, the most important takeaway: We recommend staying focused on fundamentals of Information Security such as following Change Management, patching systems, Security Training & Awareness, having a solid Passphrase (Password) policy, and implementing two-factor authentication -- it is critical to stick to the fundamentals of Information Security. If there was ever a day to start securing your network, today is that day. 

Tune in as our team of security experts dive into critical information you need to know. We're unpacking critical vulnerabilities, recapping Microsoft patch Tuesday, highlighting zero-days and other patch information, and much more. 

Microsoft (MS) announces Office users will no longer be able to enable VBA (Visual Basic for Applications, a programming language used to create macros) macros with a click of a button after the change rolls out in April 2022. A huge win for organizations and home users alike, a new Security Risk banner will inform users that MS has blocked macros downloaded from the Internet. MS provides further information about the security risks of macros, safe practices, and instructions on a support page.  (NOTE that the support page link will appear as the actual Microsoft warning landing page that reads, “A potentially dangerous macro has been blocked”). VBA macros embedded in malicious Office documents are very popular among phishing and malware attacks.

There is an incredible crew on the Cyber Advisors Service Desk and we are excited for you to get to know them more. Once a month there will be an individual Service Desk spotlights to highlight the people behind the computer.

This week we're featuring Marty LeMay! Marty joined the Cyber Advisors team in 2013 and is going on nine years with the company.

Tune in as our team of security expects dive into critical information you need to know. We're unpacking critical vulnerabilities, recapping Microsoft patch Tuesday, highlighting zero-days and other patch information, and much more. 

Typically Microsoft releases Patch Tuesday information the second Tuesday of the month. However, this January 2022 there was a slight hiccup and Microsoft released some bad patches which have since been revoked. Our team has updated our recommendations and we apologize for the late release of our Cyber Thursday Security Updates. 

Back in the early 2000s Microsoft had a reputation for inconsistent patching. However, recently, Microsoft has been doing a better job which has lead some admins to have a false sense of security. Testing patches is critical before deployment. Check out the updated patch information below. 

Cyber Advisors Inc. has created a list of recommendations and a services package in response to Log4Shell vulnerability, that affects a significant number of systems and applications:

Let's Chat About Microsoft Zero-Day and Patch Tuesday

With Microsoft zero-day under attack and a series of patches released to remediate, here's what you need to know…