Good afternoon and Happy New Year! We have remotely patched an Adobe PDF Reader software on your PC after a reported vulnerability that allows an attacker to gain access when a user opens a malicious PDF file. We do not block PDF files sent by email since PDF has generally been considered safe. For this reason, it's important to make sure that this patch was successfully installed.
To make sure that the patch was successfully applied to your computer, please open Adobe Reader, accept the license agreement, then select 'check for updates' from the help menu. Adobe update should indicate that there are no new updates available.
If you are not fully updated, please call the helpdesk to have a manual update installed before opening any PDF files sent to you via Email or from a Web site.
I also recommend that you check your personal/home computer to see if you have Adobe Reader installed. If so, visit the Adobe Web site and download the latest version in order to patch this vulnerability.
This is a serious flaw that has just been discovered and pretty soon you will start to see spammers/hackers trying to take advantage of this flaw. Let's make sure that we are fully patched before this happens.
A description of the vulnerability is linked below:
-Miguel Fra / Falcon IT Services
SonicWall recently released a mid-year update to their 2018 Cyber Threat Report.
In it, they cover increases in malware attacks, encrypted attacks, and cryptojacking attacks. But one of the most prominent attacks remains a constant threat – ransomware.It feels like ransomware is old news - with so many stories in the news, and vendors claiming to have a handle on it, it's natural to feel like it's no longer a really-real threat. But the truth is ransomware is alive and kicking.The SonicWall report brings to light the reality of just how serious you need to take the threat of ransomware:
The new criminal king of the hill GandCrab Ransomware is now rapidly adapting in real-time to security solutions offered by security vendors. GandCrab is a strain which targets mainly English-speaking countries. GandCrab is distributed via the RIG and GrandSoft exploit kits, as well as phishing attacks. The malware is operated in an affiliates program, with those joining the program paying 30%-40% of the ransom revenues to the GandCrab author. In return, affiliates get a full-featured web panel and technical support. This news highlights the importance of ensuring your users are as vigilant as ever. Maintaining a constantly elevated culture of security is necessary to reduce the attack surface within your organization. This is accomplished through frequent and effective new-school security awareness training used to both educate the user on methods and techniques used by bad guys, but also about security-minded browsing and email habits.
Please contact to schedule an on-site cybersecurity awareness training if you have not done so this year. As always, we recommend that our clients take our on site course every year and require new hires to take the on-line version on YouTube.