Get ready for a Spooktacular experience like no other!

Read More

TECHIES (formally known as South Jersey Techies) is proud to share our next chapter as we expand into Eastern North Carolina — a place that holds deep personal roots for our founder.

Read More

The Website Design team of South Jersey Techies has been constantly working on developing great looking websites using the latest web technologies. The most recent website developed by our team is for Camden County Partnership for Children who offer families in Camden County the help and care that they need. Camden County Partnership for Children works very closely with Family Partners to ensure their services are truly responsive to the needs of families.

Have questions?

Our Web Design team is here to help. Call us at: 856-745-9990 or visit: https://southjerseytechies.net.

South Jersey Techies, LLC is a full Managed Web and IT Services Company located in Marlton, NJ providing IT Services, Managed IT Services, Website Design Services, Server Support, IT Consulting, VoIP Phones, Cloud Solutions Provider and much more. Contact Us Today.

Google Chrome, Microsoft Edge, Mozilla Firefox and Apple’s Safari browser have all been impacted by a single zero-day vulnerability. The flaw, tracked as CVE-2023-4863, is caused by a heap buffer overflow in the WebP code library. Once exploited it can lead to system crashes and arbitrary code execution, where hackers can gain control over an infected device.

Where Does it Originate?

CVE-2023-4863 was first identified by researchers at The Citizen Lab, a research arm of the University of Toronto. The institution subsequently informed Google and Apple of the vulnerability’s existence. Both companies have now released patches. They were joined by Mozilla, which released its own advisory on CVE-2023-4863 yesterday and updates for several versions of its Firefox browser and Thunderbird email client, and Microsoft.

Vulnerability Originates In Webp Reader. Users of the affected browsers should update to the most up-to-date version in order to ensure the zero-day vulnerability is patched on their machines. The problem isn’t with the browsers — the vulnerability originates in the WebP Codec. Many applications use the WebP codec and libwebp library to render WebP images.

In more detail, a heap buffer overflow in WebP allowed attackers to perform an out-of-bounds memory write. A heap buffer overflow allows attackers to insert malicious code by “overflowing” the amount of data in a program. Since this particular heap buffer overflow targets the codec (essentially a translator that lets a computer render WebP images), the attacker could create an image in which malicious code is embedded. From there, they could steal data or infect the computer with malware. The vulnerability was first detected by the Apple Security Engineering and Architecture team and The Citizen Lab at The University of Toronto on September 6.

How Dangerous Is This Flaw?

Since many browsers, including Microsoft Edge, Brave, Opera, and Vivaldi are built on the Chromium platform, the same platform that Chrome is based on, this could affect their users as well. The same risk is also applicable for Firefox browser clones.

Such a widespread exploit in ubiquitously used software is dangerous, widening the attack surface for most organizations.

Patching will mitigate the risk, but users must act quickly as hackers will already be at work. Attackers will be working over the coming days and weeks to make the exploit more reliable meaning remote code execution will be more likely. Modern web browsers are exceptionally good at pushing out security updates rapidly and applying them as quickly as practicable, so users will shortly be protected.

The biggest risk is to organizations which don’t allow automatic updates and push out updates at their own release schedule.

What Steps Should You Take?

Google, Mozilla, Brave, Microsoft and Tor have released security patches for this vulnerability. Individuals running those apps should update to the latest version. In the case of other applications, this is an ongoing vulnerability for which patches may not exist; NIST noted that the vulnerability has not yet received full analysis.

If you are already a Managed Services client, please follow the steps below to check for updates

Google Chrome – Click the 3 dots in the top right corner for the menu and choose Help->About Google Chrome.  Chrome will check and install updates automatically from this screen.

Microsoft Edge – Click the 3 dots in the top right corner for the menu and choose Help and feedback->About Microsoft Edge.  Edge will check and install updates automatically from this screen.

Mozilla Firefox – Click the 3 lines in the top right corner for the menu and choose Help->About Firefox.  Firefox will check and install updates automatically from this screen.

If you have any questions, please email us at support@sjtechies.com or call us at (856) 745-9990

Microsoft Office 2013 was a popular productivity suite that included several essential tools such as Word, Excel, PowerPoint, and Outlook. It was released in 2013 and was widely used by individuals, businesses, and organizations of all sizes. However, like all software products, Microsoft Office 2013 has reached its end of life, and users are now advised to upgrade to Microsoft 365, the cloud-based version of Microsoft Office.

What Does End of Support Mean?

End of life, or EOL, refers to the point in time when a software product is no longer supported by the manufacturer. In the case of Microsoft Office 2013, this means that Microsoft will no longer provide technical support, bug fixes, security updates, or new features for this product. This makes the software more vulnerable to cyberattacks, viruses, and malware. Continuing to use Microsoft Office 2013 after the end of life date could result in data loss, security breaches, and other serious problems.

• This means that Microsoft will no longer provide any updates or support for this software product beyond this date. Users who continue to use Microsoft Office 2013 after this date do so at their own risk.

If you’re using Office 2013, it’s probably a good time to upgrade your version of Microsoft Office.

Upgrade Options

The best way to protect yourself and your organization is to upgrade to a newer version of Office:

• Cloud upgrade: Subscriptions to Microsoft 365
• Box Version: Microsoft Home And Business 2021

Microsoft 365

Microsoft 365 is an all-in-one cloud solution with a number of different licensing options to fit your organization’s needs. The best part about cloud-based applications is that you no longer have to worry about retirements, patches, and end of support. Cloud licenses are automatically updated with new features, new applications, and security updates. Many cloud subscriptions also include installed (or desktop) versions of the application, so you can have the same look and feel of the Office applications you are accustomed to using, but built with more robust features and benefits.

Microsoft Home And Business 2021

Office Home and Business 2021 is for families and small businesses who want classic Office apps and email. It includes Word, Excel, PowerPoint, and Outlook for Windows 11 and Windows 10. A one-time purchase installed on 1 PC or Mac for use at home or work.

If you have any questions, please email us at support@sjtechies.com or call us at (856) 745-9990.

To better serve our customers, we are pleased to announce that beginning Tuesday, March 1st, 2022, we will be extending our regular office hours to 8am-8pm, Monday-Friday. We will continue to have emergency support technicians available after-hours from 8pm-8am and weekends.

We appreciate our clients’ loyalty to South Jersey Techies over the last 18+ years. Whether a new, existing or soon-to-be client, we value your support and business to our team. As our business has grown, so has our team. This has given us the capacity to extend our regular office hours to provide your company the best possible support throughout the day.

Our hope is that the new extended hours will be more convenient for some of your users and allow us to provide support to those users at the regular rate.

If you or someone from the team needs support during those hours, please email support at support@sjtechies.com or call (856) 745-9990 to get scheduled with a member of our team

Microsoft has released emergency out-of-band (OOB) updates to address multiple issues caused by Windows Updates issued during the January 2022 Patch Tuesday.

This update addresses issues related to VPN connectivity, Windows Server Domain Controllers restarting, Virtual Machines start failures, and ReFS-formatted removable media failing to mount.

All OOB updates released are available for download on the Microsoft Update Catalog, and some of them can also be installed directly through Windows Update as optional updates. You will have to manually check for updates if you want to install the emergency fixes through Windows Update because they are optional updates and will not install automatically.

Windows 10 – KB5010793
Details Here

Option 1: Run Windows Update, KB5010793 will appear under optional download.

Option 2: Download the patch from there: Microsoft Update Catalog
Please download the matching Windows 10 Version.

Windows 11 – KB5010795 or KB5008353 (may vary based on Windows Edition)
Details Here

Option 1: Run Windows Update, KB5010795 will appear under optional download. Select and install.

Option 2: Download the patch from there: Microsoft Update Catalog

If you have any questions, please email us at support@sjtechies.com or call us at (856) 745-9990.

Update 1/28/2022: South Jersey Techies has released OOB updates to fix the Windows L2TP VPN connection issues.

Microsoft released Windows updates to fix security vulnerabilities and bugs as part of the January 2022 Patch Tuesday that came with fixes for six zero-day vulnerabilities and a total of 97 flaws.

These updates also included KB5009566 for Windows 11 and KB5009543 for Windows 10 2004, 20H1, and 21H1.

Problems are being reported rapidly from Windows 10 users and administrators who are trying to make L2TP VPN connections after installing the recent Windows 10 KB5009543 and Windows 11 KB5009566 cumulative updates and receiving the error below. L2TP VPN connections are being reported as broken when attempting to connect using the Windows VPN client by Windows users.

You will also receive an error code in the Event Log entries, code 789, stating that the connection to the VPN failed.

The bug is not affecting all VPN devices and seems only to be affecting users using the built-in Windows VPN client to make the connection. Some users have reported the bug affecting their Ubiquiti Site-to-Site VPN connections for those using the Windows VPN client. The bug also affects connections to SonicWall, Cisco Meraki, and WatchGuard Firewalls, with the latter’s client also affected by the bug.

How to fix the break?

Admins have been forced to remove the KB5009566 and KB5009543 updates, which immediately fixes the L2TP VPN connections on reboot.

However, you face the risk of removing all fixes for vulnerabilities patches released during the January 2022 Patch Tuesday when removing the update due to Microsoft’s bundling of all security updates in a single Windows cumulative update.

Weighing the risks of unpatched vulnerabilities versus the disruption caused by the inability to connect to VPN connections is something all Windows admins need to consider, carefully.

Microsoft’s January 2022 Patch Tuesday fixed numerous vulnerabilities in the Windows Internet Key Exchange (IKE) protocol (CVE-2022-21843, CVE-2022-21890, CVE-2022-21883, CVE-2022-21889, CVE-2022-21848, and CVE-2022-21849) and in the Windows Remote Access Connection Manager (CVE-2022-21914 and CVE-2022-21885) that could be causing the problems.

Unfortunately, there is no known fix or workaround for the L2TP VPN connection issues at this time.

If you have any questions, please email us at support@sjtechies.com or call us at (856) 745-9990.

Apple has updated its software for iPhones to address a critical vulnerability that independent researchers say has been exploited by notorious surveillance software to spy on a Saudi activist.

Researchers from the University of Toronto’s Citizen Lab said the software exploit has been in use since February and has been used to deploy Pegasus, the spyware made by Israeli firm NSO Group that has allegedly been used to surveil journalists and human rights advocates in multiple countries.

The urgent update that Apple (AAPL) released Monday plugs a hole in the iMessage software that allowed hackers to infiltrate a user’s phone without the user clicking on any links, according to Citizen Lab. The Saudi activist chose to remain anonymous, Citizen Lab said.

Apple credited the Citizen Lab researchers for finding the vulnerability.

“Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals,” Ivan Krsti?, head of Apple Security Engineering and Architecture, said in a statement.

Krsti? said Apple rapidly addressed the issue with a software fix and that the vulnerability is “not a threat to the overwhelming majority of our users.”

Still, security experts encouraged users to update their mobile devices for protection.

In a statement, NSO Group did not address the allegations, only saying, “NSO Group will continue to provide intelligence and law enforcement agencies around the world with life saving technologies to fight terror and crime.”

The firm has previously said its software is only sold to vetted customers for counterterrorism and law enforcement purposes.

Researchers, however, say they have found multiple cases in which the spyware was deployed on dissidents or journalists. In 2019, Citizen Lab analysts alleged that Pegasus was used on the mobile phone of the wife of a slain Mexican journalist.

In a lawsuit filed in 2019, Facebook accused NSO Group of being complicit in a hack of 1,400 mobile devices using WhatsApp. (NSO Group disputed the allegations at the time.)

The proliferation of easy-to-use mobile hacking tools has given governments around the world a new and stealthy means of targeting adversaries. Sophisticated spyware made by NSO Group and other vendors has been reportedly used from Uzbekistan to Morocco.

The surge in spyware prompted a United Nations panel of human rights experts in August to call for a moratorium on the sale of such surveillance tools. The UN panel said the ban should remain in place until governments have “put in place robust regulations that guarantee its use in compliance with international human rights standards.”

The breach is the latest targeting of a crucial supply chain and comes three weeks after the Colonial Pipeline hack disrupted fuel operations in the U.S.

Here’s what we know:

What is JBS?
JBS USA is part of JBS Foods, one of the world’s largest food companies. It has operations in 15 countries and has customers in about 100 countries, according to its website. Its customers include supermarkets and fast food outlet McDonald’s and in the US, JBS processes nearly one quarter of the county’s beef and one-fifth of its pork. JBS’s five biggest beef plants are in the US, and the shutdowns have halted a fifth of meat production there, according to Bloomberg.

Its brands include Pilgrim’s, Great Southern and Aberdeen Black. The US headquarters is based in Greeley, Colorado, and it employs more than 66,000 people.

What happened?
Hackers attacked the company’s IT system last weekend, prompting shutdowns at company plants in North America and Australia. IT systems are essential in modern meat processing plants, with computers used at multiple stages including billing and shipping.
JBS hack shuttered nine US beef plants but normal operations to resume Wednesday
The hack, which the White House described Tuesday as ransomware, affected all of JBS’s US meatpacking facilities, according to an official at the United Food and Commercial Workers union that represents JBS employees. The cyberattack resulted in the closure of all nine of the company’s US beef plants, which are located in states including Arizona, Texas, Nebraska, Colorado, Wisconsin, Utah, Michigan and Pennsylvania, the union official said. The company said on Monday that it suspended all affected IT systems as soon as the attack was detected, and that its backup servers were not hacked.

The White House has said that the ransomware attack was likely carried out by a Russia-based criminal organization, and that it is dealing with the Russian government on the matter.
JBS’ operations in Australia were also affected. The Australian Meat Industry Council, a major trade group, said in a statement that “there is no indication whatsoever that this cyberattack will cause a major impact on Australian domestic red meat and pork products supply.”

What is ransomware?
In a ransomware attack, hackers steal an organization’s data and lock its computers. Victims must pay to regain access to their network and prevent the release of sensitive information.
Some sophisticated ransomware hackers, such as the Russian hacker group Darkside, sell their ransomware technology and take a cut of any ransoms paid to their customers.

Experts generally encourage ransomware victims not to pay any ransom. But a company’s ability to get back online without paying hackers may depend on whether it has protected backups of its data. In some cases, hackers can delete their target’s backups before locking its files, leaving the victim organization with no recourse.

JBS did not comment to CNN about details of the ransomware attack, including whether it paid the ransom.

This kind of cyberattack sounds familiar. Where have I heard that?
The hack comes a few weeks after a ransomware attack targeted Colonial Pipeline, which forced a six-day shutdown of one of the United States’ largest fuel pipelines. That May attack resulted in gas shortages, spiking prices and consumer panic. Colonial Pipeline has confirmed it paid a $4.4m (£3.1m) ransom to the cyber-criminal gang responsible.

Similar to JBS, Colonial Pipeline’s systems were hit with ransomware. Once a company has been hit by ransomware, its first course of action is usually to take much or all of its systems offline to isolate the hackers’ access and make sure they can’t move into other parts of the network.
That may be among the reasons why JBS shut down its operations and Colonial shut down its pipeline — to disconnect the companies’ operations from the IT systems that hackers breached. People briefed on the Colonial attack have said that the company halted operations because its billing system was also compromised and feared they wouldn’t be able to determine how much to bill customers for fuel they received.
The pipeline has since returned to normal operations.

Don’t be the next victim of a ransomware attack. Contact South Jersey Techies to discuss how your critical information can be secure.

If you have any questions, please email us at support@sjtechies.com or call us at (856) 745-9990.