02 Jun 2022

Just a few weeks ago, we asked how many more patch Tuesdays we had left before pieces of the cookie began to crumble a bit. Microsoft answered the question by issuing an out-of-band update when one of their patches recently failed, and left users unable to authenticate.

For this specific situation, you must manually download the out-of-band update. You can find the update for your Windows version at the Microsoft Update Catalog.

We often talk to businesses who don’t prioritize good cyber hygiene, and generally have little understanding of how the Internet actually works. To say that it’s time to take Cybersecurity seriously is an understatement, and as that line was just typed there were thousands of attempts on American Critical Infrastructure.

All of us who participate in the network that is the Internet have a joint interest in keeping it secure. Additionally, those of us who live in the USA have a vested interest in protecting the nation’s Critical Infrastructure.

It seems a bit backwards to wait for another disaster such as the Colonial Pipeline attack. It also seems logical to reason that there likely are vulnerabilities already hiding in many organizations’ infrastructure. Hackers need dwell time, and each day we do nothing is giving them just that.

It’s not hard to find a new entry point, the Internet is called Cyber Space for a reason: it’s full of potential pathways. Bug hunters find new zero-day threats all the time, and the ones that were found last month didn’t just go away.

Just because you walked into the office today and didn’t see a ransomware screen demanding payment to decrypt your systems doesn’t mean your network is free of already-established-risk. It just means that whatever risks may be lurking have yet to be exploited, and that is the perfect time to tighten your defenses before a clean-up crew is the only option.

Hear Colonial Pipeline’s CEO Testify About Insufficient Cybersecurity Protections

Here’s a list of the most major updates and patches just this week:

Apple iOS & iPadOS 15.5 updates fix 34 vulnerabilities, including Kernel flaws

macOS

tvOS

Apple Watch

Apple AVD flaw allows an app to execute code with Kernel privileges 

Microsoft Windows patch (which failed) fixed 75 vulnerabilities 

Firefox 100.0.2

Firefox ESR 91.9.1

Thunderbird 91.9.1

Android patches fix 36 vulnerabilities including privilege escalation bug in Linux Kernel

Qualcomm components of Android

Android System

MediaTek components of Android

Google Pixel

Samsung

Chrome 102 fixes 32 issues including DevTools, UI foundations, and user education function

Cisco Enterprise NFV Infrastructure

Nvidia GPU display driver includes 10 vulnerabilities including Kernel on Windows & Linux

Zoom update fixes a vulnerability that allows attackers to connect users to a malicious server

VMWare patches fix privilege escalation and authentication bypass 
 

VMWare says the patches must be applied immediately as “the ramifications are serious.” Particularly alarming to us is how many times the word “Kernel” is used in the list of known vulnerabilities. In a nutshell, it pretty much doesn’t get any worse than a Kernel-level exploit. If the device is a body, the Kernel is the heart.

At&t recently launched a drone called COW (Cell On Wings) that blankets an area in 5G signal, and is experimenting with keeping it in the air for months without landing by harnessing Solar power. These days there’s no shortage of important people and various countries launching Global Satellite Internet systems. This helps to paint the picture of the emerging connectivity of the Internet-of-Things, and a simple reverse engineering of that concept reminds us that malware also benefits from the increasing connectivity. We’ve really all got to secure our own Cyber Space so that the coming connectivity is a positive experience for all of us. Building a castle on a shaky foundation is only good for the shaky foundation, which eventually consumes the castle when it collapses.

Please take patches and updates seriously, and consider a risk assessment to see what the current situation of your network is. It’s not true that what you don’t know can’t hurt you, it just adds insult to injury by surprising you. Be the first to know the state of your network, and just remember: as G.I. Joe correctly stated, knowing is half the battle.

The other half is taking actionable intelligence and using your tools strategically. This is a good time to remind our readers that Extended Detection & Response (XDR) is the smart AI-Driven pathway forward, as all of this is a whole lot for the human mind to stay ahead of. As always, we are here to help. Feel free to reply with questions, or to talk about fortifying your online presence with XDR-centric Cybersecurity.

Schedule an Appointment

Schedule an Appointment

    Our clients are awesome!

    Based on 55 reviews.
    Jeremy Richards
    Jeremy Richards
    2020-03-13
    Petronella provides great advanced digital marketing and automation solutions for my business!
    Kate Swenson
    Kate Swenson
    2020-02-14
    Highly recommended for CMMC certification assistance! Excellent and affordable options for secure data hosting on local infrastructure. 5 stars!
    Tom Matzen
    Tom Matzen
    2020-01-25
    Petronella Technology Group helped us setup our sales and marketing automation, cybersecurity and compliance for our new Blockchain startup. Great to work with! Craig in particular really knows his stuff, can translate into non-tech speak, and has wisdom beyond his years. Highly recommend them.
    Justin Summers
    Justin Summers
    2020-01-14
    Craig is awesome! He is very professional and efficient with his work. I would definitely recommend Petronella Technology to anyone who needs state of the art service.
    Blake Rea
    Blake Rea
    2020-01-14
    Craig is an expert in his field. Impressed by his knowledge, A true pioneer in Cybersecurity. My business is safer thanks to Petronella Tech!
    Robert Friedman
    Robert Friedman
    2020-01-10
    For the last five years Craig has been the Contributing Editor for Cybersecurity for NC Triangle Attorney Law Magazine which I publish. His base of knowledge is always leading edge, pragmatic and early to understand for our readers who are not techies. He is patient and easy to work with.
    Tammy Everett
    Tammy Everett
    2020-01-10
    Craig Petronella, CEO of Petronella Technology Group provided the members of the Defense Alliance of North Carolina expert advice on cybersecurity and NIST compliance. Eye opening experience! Thanks so much!
    Julie Brown
    Julie Brown
    2020-01-09
    Craig and the Petronella Technology Group, Inc. team made HIPAA compliance for my small practice so simple and easy! They helped me with all of my HIPAA training, HIPAA Security Risk Assessment, Penetration Test, and HIPAA secure hosting so I can rest easy.
    Pivot Point
    Pivot Point
    2020-01-03
    Petronella Technology Group helped us with our marketing strategy for our new web startup. Awesome experience!!!!
    Richard Brunet
    Richard Brunet
    2019-12-30
    Top