Newsletter Archives

  • How to use two-factor authentication the right way

    SECURITY

    Lance Whitney

    By Lance Whitney

    Two-factor authentication is still one of the best ways to protect your accounts. But there are right and wrong ways to use it.

    More websites and companies now offer two-factor authentication (2FA) to better protect your logins and accounts. The idea is to use a second form of authentication so that you’re not solely dependent on your password. The goal is to prevent your account from being accessed and compromised in case your password is ever leaked or stolen. And here’s how that can happen.

    Read the full story in our Plus Newsletter (19.19.0, 2022-05-09).

  • Are you prepared?

    It’s Saturday night or Sunday morning where you are and I’d like to challenge you to test that you can restore a file that has been damaged, deleted or removed or worse yet, you got hit by ransomware.

    So first step is to move a file to a different location on your computer. Next launch your backup software. Launch the recovery window and see if you can restore that file.

    Ransomware is now being used by commercial attackers and they are using zero days to gain access into systems.

    One-third of all hacking groups exploiting zero-days in 2021 were financially motivated criminals as opposed to government-backed cyberespionage groups, according to Mandiant’s research. During the last decade, only a very small fraction of zero-days were deployed by cybercriminals. Experts believe the rapid change has to do with the illicit, multibillion-dollar ransomware industry.

    For businesses, they are going after VPN software, Exchange on premises software among other vulnerabilities.

    So I challenge you tonight/tomorrow to test a backup and restoration process.

  • Ensuring your safety

    alert banner

    ISSUE 19.14.1 • 2022-04-05

    Susan Bradley

    By Susan Bradley

    MailChimp was compromised by attackers. Here’s what you should know.

    This is breaking news.

    An article at BleepingComputer on Monday, April 4, 2022, revealed the news that the MailChimp email and marketing service had been breached. The report has also been picked up by many different online services and will probably hit the bigger publishers by tomorrow. The attack focused on MailChimp’s internal tools, which allowed the bad guys to steal audience data and launch phishing attacks.

    Read the full Plus Alert (19.14.1, 2022-04-05).

  • Apple pushes updates for 2 new zero days

    watchOS 8.5.1
    This update has no published CVE entries.
    Apple Watch Series 3 and later 31 Mar 2022
    macOS Monterey 12.3.1 macOS Monterey 31 Mar 2022
    iOS 15.4.1 and iPadOS 15.4.1 iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) 31 Mar 2022
    tvOS 15.4.1
    This update has no published CVE entries.
    Apple TV 4K and Apple TV HD 31 Mar 2022

     

    – CVE-2022-22675 in AppleAVD

    – CVE-2022-22674 in Intel Graphics Driver

    2 zero-days in macOS Monterey 12.3.1

    1 zero-day in iOS and iPadOS 15.4.1

    Apparently actively exploited, used to hack iPhones, iPads and Macs.  It’s unsure if it’s merely targeted attacks or more widespread. Apple AVD is a media decoder file so watch (pun intended) what you are watching on your devices until they are patched.

  • The browser is your operating system – patch it!

    Tonight’s topic is …. are you up to date on the platform that is REALLY the one you should be worried about?  Your browser.  No matter what underlying operating system you use, you really need to pay attention to how patched your Browser is.

    With more and more things going to the web, with more and more things going through the web, it’s the browser that is the most important software to keep up to date.  And lately I’ve noticed that the one that gets the zero days most often is Google Chrome.  Don’t use Chrome, you say?  Not so fast. Much of the time the other platforms browsers are built on the Chromium engine and thus (for example) you may be using Brave browser but you still need to be aware of the issues as Brave is built on the Chromium engine.

    So which browsers use Chromium?

    • Chrome obviously.
    • Edge
    • Opera
    • Vivaldi
    • Brave
    • Colibri
    • Epic
    • Iron
    • Among others

    For Chrome you need to be on 99.0.4844.84 to be protected from this zero day bug that has been seen in use in attacks on the web.

    There are not a lot of details about who or what was using the bug but it appears that it was used in targeted attacks.

    While Firefox (and it’s versions) are not impacted, it’s still wise to check and make sure you are fully up to date. At this time you need to be on 98.0.2 for Firefox.

    For all of these browsers you can check if you are up to date by clicking on the help menu or about menu and that usually triggers them to download a new update if they are out of date. Alternatively you can go to their direct download site and download a new version and install over the top.

    For those of you that are Plus members I’ve put the versions or build numbers of the major Browsers on the Master patch listing that you need to be sure you are up to date on.  I’m not sure I’ll be able to keep up with every release of every browser, but for sure when there is a patch like this that is fixing a known in the wild and what appears to me to be a realistic risk of attack, I’ll be sure to flag it and also send out a tweet and a text message if you need to update your browser for known in the wild attacks.

    So remember, tonight or in the morning, launch your browser, click on (typically) the dot dot dot in the menu bar at the top, then on help and about.

    Make sure your browser is fully patched!

  • Falling for the scams

    So I got this text a little bit ago and figured it was a scam. But what sort of scam I wondered. Went online to search and sure enough… it’s a scam.

    But look at this… it’s a “pay us, get money out of you scam” they’ve been doing this since 2013!!!! Why are we still falling for this stuff this number of years later? Why can the bad guys still get money from us?

    Then again, the city where I live, the local government fell for a scam so clearly we’re got getting any smarter at all.

  • March Madness patching begins

    While over at Apple they are having a livestream event, Microsoft is releasing their updates. Will Apple release updates today as well?

    Windows 11 gets weather on the left hand side where start menu is in Windows 10.  You know you are getting old when moving the weather icon around annoys you.  While Microsoft said that Windows 11 would only get feature releases once a year, they are dribbling out these task bar changes constantly. Remember the changes that were in preview last time, will be in the Windows 11 updates this month. My advice?  Use Start11 or any of the other classic menu offerings if you are on Windows 11.

    Meanwhile, for those of us on Windows 10, 8.1, 7 and server operating systems, keep an eye out for the security updates releasing today.

    Also be aware that Windows 10 20H2 Home and Pro edition drops out of support on May 10, 2022 and Windows 10 1909 Enterprise and Education drops out on May 10, 2022 as well.

    For those on Linux, look out for “Dirty pipe” a vulnerability that recently came to light and has been fixed in Linux versions 5.16.11, 5.15.25, and 5.10.102 as of February 23, 2022.  A proof of concept has been released.

    As always, pop that popcorn, sit on the sidelines as we weed through the releases and see what side effects will occur.

    I’ll be adding links and resources as the patches and information is released. Of course, full analysis will be in next week’s newsletter.

    Updated info:

    92 vulnerabilities, 2 publicly disclosed, 3 critical

    If you have an on premises Exchange server – once again you want to test and patch as soon as you can.

    Remote Desktop client needs a patch- but it needs a malicious server to trigger the remote control execution.

    Windows 10 2004 and later (only) have a SMBv3 bug and Xbox has a bug unique to it and it alone.

    HEVC video extensions are getting a patch which means if you are one who blocks updates through the Microsoft store, you’ll need to manually update this.

    Gunther Born reports that Remote desktop connection role on Server 2022 is impacted. Note I am not seeing this on Server 2019 or earlier versions.

     

  • What can you do?

    Youtube video here

    I’m going to combine a bit of headlines with technology tonight. In watching the news tonight, it saddens me that we can’t all get along. That people tonight are having to fear for their lives and fear for their loved ones.  I know a lot of people that either have relatives, loved ones, technology team members in Ukraine.  So here are some thoughts tonight.

    First for home users and consumers, ensure that your edge device, your router, can’t be used in denial of service attacks. Michael Horowitz always has excellent resources on how to ensure your router is up to date and secured. If you bought your own router, ensure that it’s bios is up to date, your “from remote” password is strong, or better yet, that any remote access isn’t enabled, or is protected by two factor authentication.

    For businesses, do likewise with your firewall. Ensure that these edge devices are secured first and foremost.

    If you get hit by ransomware, know that chances are you are funding unsavory folks. So ensure that you aren’t a victim by having a backup. Always make sure that you can restore your data without having to give money to anyone who doesn’t have your best interests in mind.

    Finally, consider donating to help people who have had to flee their homes. As I’m in my nice warm house, with electricity and technology that I can depend on, it makes me wish and hope that everyone in the world can be as I am tonight. Warm. Safe. With a roof over my head. Here’s hoping that everyone can be content. Someday.

  • Let’s be careful out here

    Tonight as I’m seeing the news, once again our world is in a state of unrest.  Again.  Or still in unrest, depending on your point of view and where you live. For me, there’s a bit of added layer of concern.

    Ask you may be aware, Ukraine and the area around Ukraine has been in the news tonight for traditional attacks (tanks, soldiers, etc). But historically it’s been in the news for cyber style attacks. Often these types of attacks can and do inadvertently impact innocent businesses and individuals.

    Remember Maersk shipping that got hit by ransomware that originally targeted firms in Ukraine?  Cyber attacks don’t stop at borders but can hurt individuals and businesses all over the world.

    Already I’m reading reports of destructive malware that has been targeting businesses in Ukraine. Specifically, “The wiper abuses legitimate drivers from the EaseUS Partition Master software in order to corrupt data. As a final step the wiper reboot computer”

    While the CISA site is specifically about warning businesses about the impact of cyber attacks. I want to also give a warning for you, the individuals and small businesses reading this post. Ensure you HAVE A BACKUP. I cannot stress that enough. Ensure that you have an external hard drive, a spare hard drive, a cloud, a …. SOMETHING … that you can use to recover your information.

    As Sargeant Phil Esterhaus used to say “Let’s be careful out there“.  Be extra careful in your clicking and surfing.

  • Closing out January

    Patch Lady
    It’s nearly the end of the month and it’s time to recap and review our computer systems for the month. Updates have been disruptive this month to say the least.

    For those of you that are not Plus members, one of the key items I work on and update several times during the month is the “Master patch list”. In it I recap the updates released during the month and track if you should – or should not – install the updates.  I place the listing on an Excel spreadsheet and also save it in csv, pdf and html formats. For those of you that would like a sneak peak, you can see it hereNote I’ve opened it up for a sneak peek at the end of the month for your use and review for anyone – plus member or not – given that this has been a rough month.

    For those of you that are Plus members, remember that I update the spreadsheet on a regular basis and post additional notes on this page. (Plus members only)

    Currently we also send out an alert that gets emailed when we change the MS-DEFCON and alert you to patching issues. In addition, there is a twitter account you can follow as well as sign up for text alerts.

    Question for those that follow the twitter account and the blog?  Would you want me to post a new post when I update the Master Patch Listing?  I don’t want to send out an email or an alert as we reserve those actions for the newsletters and the MS-DEFCON alerts, but I can certainly put a note here so that you know when it’s updated. Please let me know in the comment section as to your preferences!

     

     

  • January 2022 patch day is here

    It’s that time of the month again for Windows updates where we all pause, ensure we have a GOOD backup of our machines and that we have deferrals in place in the form of “date deferrals”, or “metered”, or all the ways that we can hold back a bit.

    The raw MSRC guide is out, and it looks like this month we have .NET security patches. That means that this month I’ll recommend that you install them rather than being a bit wishy washy as to whether or not to hold back when they don’t contain security content. I know .NET patching is confusing.

    It’s unclear if these updates still trigger a problem with indexing in Outlook desktop.  Outlook searching has never been that great, if I really need an email I will launch outlook on the web and use that search box as well.

    Those of you that run desktop Exchange mail servers – there’s an update out for Exchange. Test and patch accordingly.

    There’s a couple of those “you need to update the store” as there’s a HEVC extension bug. So if you’ve disabled your Microsoft store updating, be aware we have another Store bug this month.

    Already seeing issues with L2TP vpn connections source:  —  KB5009543 – January 11, 2022 Breaks L2TP VPN Connections : sysadmin (reddit.com)  Note this is not consumer vpn software, but business style vpn software.

    Seeing issues with servers stuck in a boot loop   “So it sounds like the monthly Microsoft screw-up is going to be 2012 DCs getting stuck in boot loop?” ” Not just 2012R2’s, we also have a report of a 2019 in the mix.”   Source:  Patch Tuesday Megathread (2022-01-12) : sysadmin (reddit.com) and Patchday: Windows 8.1/Server 2012 R2 Updates (January 11, 2022), boot loop reported | Born’s Tech and Windows World (borncity.com)

    For those of you on Apple devices, by now you should make sure your December updates are installed.

    If you are one of the  “take one for the team” members that do have a backup and do early testing on behalf of the rest of us, as always I ask that you report patching successes as well as failures.

    Edit 1-13-2022 hearing that Microsoft has pulled updates from Windows update/Microsoft update – not sure if WSUS patches have been pulled.

  • Tip for the weekend – scanning for Log4j vulnerabilities

    Video here

    I wrote about this the other day in the newsletter to check your computer for the Log4j2 vulnerability. So far the good news is that I’ve not seen active attacks in consumer computers, but I have seen vendors taking action to patch their software in business software. Now comes word that the Federal Trade Commission is reaching out to warn vendors to step up and ensure that their software is patched.

    While I don’t see this as an issue for consumers, it’s still a concern for those of us in small businesses, as we don’t have the power to demand stuff from our vendors. For us, it is what it is.

    I’ve found a tool that does a better job of identifying if your system has vulnerable code. It’s from Qualys and can be downloaded here. 

    You download the zip file, extract it. Now open up a command window, right mouse click to run as admin and leave it open. (watch the video for a demonstration)

    Get yourself to where you downloaded the file (this is often the tricky part) and then run the command log4jscanner.exe

    Now wait for it to scan your drives. This may take some time. On my laptop it found nothing on the drive. On my machine that I am typing this up from, it found some old files on my spare E drive.  I can remove them with no issues. But on my office computers, it found files on some line of business vendor software that I use.

    So now what? It’s active software so I can’t uninstall it. But keep in mind that the attacker has to get on to your system first, unlike the cloud vendors I don’t have the vulnerable software exposed directly to the web. So they have to get on my system first. And that means to me that they can nail me lots of OTHER ways first. So while I am going to reach out to my vendor, I’m not panicking.  But it is interesting to see how the FTC is getting into the act of pushing our vendors to get better.

    So if you are a small business tech person like me?  Check your computers to see what vendors you need to push.