Sage Advice - Cybersecurity Blog

US-CERT released a warning on Thursday 2/2/2017 about a Microsoft Windows vulnerability caused by a memory corruption bug in the handling of SMB traffic.  This vulnerability may allow a remote, unauthenticated attacker to cause a denial of service (crash or reboot) in a vulnerable system.

2016 has seen widespread use of a new type of ransomware known as MSIL / Samas.A. Attackers are actively scanning the Internet for vulnerable systems, and exploiting systems to gain access to the internal network. One tool being used is JexBoss, this tool discovers and exploits vulnerable JBoss servers.

Ransomware cyberattacks are on the rise. If your computer is infected with ransomware, a type of malware (malicious software), you are not able to access data until a ransom is paid to the attacker. After the ransom is paid the data will usually be released.

Ransomware is opportunistic in nature; computers are typically infected by a user clicking on a malicious email attachment or visiting an infected website.

On February 10, 2016, details of a serious buffer overflow vulnerability were released by Cisco and Exodus Intelligence affecting the Cisco ASA software.

Being aware of Internet Explorer lifecycle support, and how it impacts your organization are important.  Beginning January 12, 2016, only the most current version of Internet Explorer available for a supported operating system will receive technical support and security updates.  For systems running Windows 7 SP1 this means only Internet Explorer 11 will be supported.  The table shown below lists the most current version of Internet Explorer by operating system.