Newsletter Archives

• Dell computers put at risk

  Posted on May 6th, 2021 at 14:21 Susan Bradley Comment on the AskWoody Lounge

  So today’s headline that I wrote above is one that I see too often. It gets you to be worried about something that I honestly don’t think attackers will use as a means to attack us.

  Here’s the background (thanks to reader RougeSec58 for the links:)

  Dell support article

  Reddit thread with N-Able script to remove it.

  So the other day I read this twitter post….

  Due to the introduction of Driver Signature Enforcement & Kernel Patch Protection, it’s become increasingly rare for attackers to create and execute #Windows rootkits.

  All of these firmware/rootkit headlines make me ponder… gee… why is it that attackers use phishing lures so much? Because that’s the low hanging fruit. It’s not easy to attack us to go after Spectre style attacks. I see this Dell issue in the same way. It’s way easier to get us with phishing lures and click baits than it is with these sort of attacks.

  “there is no evidence at this time that its flaws have been exploited in the wild.”

  Just because there is a possibility of attack doesn’t mean it is probable that it’s  being attacked.

  As always, feel free to disagree with me and educate me that I’m in the wrong. That’s what security is all about anyway ….weighing the risks and trying to determine if THAT is going to get me or if it’s just headlines to make me worry.

  Security Patch Lady Posts

• Inside tech support scams

  Posted on April 10th, 2021 at 12:03 Susan Bradley Comment on the AskWoody Lounge

  My Dad spotted this article in the latest AARP bulletin:

  Inside an International Tech-Support Scam (aarp.org)

  It’s an interesting read.

  As he says… “What’s the ultimate solution to this growing fraud menace? Realistically, it will require a mix of tough law enforcement, tighter regulations and increased education to warn consumers of these evil practices.”

  Just a reminder, if you have any stories or tips you can send them to Brian Livingston, Public Defender as scams and tricks are what he loves to investigate best.

  Security Patch Lady Posts

• March patching madness begins

  Posted on March 9th, 2021 at 14:19 Susan Bradley Comment on the AskWoody Lounge

  EDIT 3/10/2021:  We are seeing issues with printing after the March updates. Ghacks reports BSODs are  being triggered after printing. It’s unclear if it’s all of the March operating system updates or just the Windows 10 versions.  The Windows 10 updates include this fix:

  Addresses an elevation of privilege security vulnerability documented in CVE-2021-1640 related to print jobs submitted to “FILE:” ports. After installing Windows updates from March 9, 2021 and later, print jobs that are in a pending state before restarting the print spooler service or restarting the OS will remain in an error state. Manually delete the affected print jobs and resubmit them to the print queue when the print spooler service is online.

  Note it appears that Microsoft has pulled the updates from Windows update but NOT from WSUS or the catalog site.

  It’s that time of the month that I take a quick look at the patches that are released to see if there are any that I think we need to quickly act on. I used to joke that there were times that I would slam my Mountain Dew can on my desk and run screaming to the server to patch. These days I can just take remote control of systems and patch remotely.

  Nothing in the March security updates (besides the Exchange ones released last week) is causing me to want to urge you to go running to your machines and patch at this time. That said if I change my mind I will let you know.  A full “Askwoody-ized” analysis of the updates will be in the Plus newsletter. Until then if you are a small business running an on premises Microsoft Exchange email server, you can use this site to check to see if you are vulnerable.

  For those of you that want a bit of early reading here are various sites that I turn to:

  Zero Day blog

  Ghacks blog

  Zdnet

  Security week

  Bleepingcomputer

  Remember for those of you that don’t want to read, just stay tuned and we’ll do the research and reading on your behalf and will let you know of any side effects we spot.

  Security, Windows Patches/Security March 2021 Black Tuesday, Patch Lady Posts

• Tasks for the weekend March 6 – check your logins

  Posted on March 6th, 2021 at 23:32 Susan Bradley Comment on the AskWoody Lounge

  Youtube video here

  For those of you that do use Microsoft accounts, do you check your log in history?

  I mean your ONLINE log in history?

  Go here – sign in – and see if you see any suspicious activity. Do you recognize all of those log ins and where they came from?

  If you do see unusual activity, investigate if anyone got into your accounts. Change your password and investigate two factor protection. Consider shutting down whatever access you don’t want.

   

  Security, Tech Help Patch Lady Posts

• Do you still patch on premises Exchange servers?

  Posted on March 2nd, 2021 at 16:29 Susan Bradley Comment on the AskWoody Lounge

  Do you still patch a Microsoft Exchange server in your network?  If you do, heads up. There is limited/targeted attacks  widespread attacks underway. Microsoft has released patches for it. While they say “Exchange online is not impacted”… my guess is that it’s already patched and/or mitigated for the issue.

  What’s interesting to me is that the attackers are coming FROM the United States. It’s like the SolarWinds attacks, they aren’t coming from outside the USA, but inside. Thus geo blocking no longer works to keep the bad guys out.

  https://techcommunity.microsoft.com/t5/exchange-team-blog/released-march-2021-exchange-server-security-updates/ba-p/2175901

  https://krebsonsecurity.com/2021/03/microsoft-chinese-cyberspies-used-4-exchange-server-flaws-to-plunder-emails/

  Note this is no longer “limited attacks”.  Many small businesses have been impacted as well.

   

  Microsoft has detected multiple 0-day exploits being used to attack on-premises versions of Microsoft Exchange Server in limited and targeted attacks. Microsoft Threat Intelligence Center (MSTIC) attributes this campaign with high confidence to HAFNIUM. https://t.co/tdsYGFICML

  — Microsoft Security Intelligence (@MsftSecIntel) March 2, 2021

  Security Exchange 0day, Patch Lady Posts

• Here’s looking at you, kid: the child-cam scam

  Posted on March 1st, 2021 at 01:06 Brian Livingston Comment on the AskWoody Lounge

  ---

  PUBLIC DEFENDER

  Here’s looking at you, kid: the child-cam scam

  By Brian Livingston

  It’s terrible when no one is paying attention to you. But it’s much worse when someone is paying attention to you whom you don’t WANT to be paying attention to you.

  Around the world, millions of nursery schools, daycare centers, and private homes have installed “child cams.” These are intended to allow parents to see what their kids and caregivers are doing at daycare, how their infants are sleeping in a crib room, and so on. Many of the systems allow the video to be viewed from a distance across the Internet.

  Read the full story in AskWoody Plus Newsletter 18.8.0 (2021-03-01).

  AskWoody Plus Newsletter, Public Defender, Security AskWoody Plus Newsletter, Internet of Things, privacy, Public Defender

• Emotet malware disrupted

  Posted on January 27th, 2021 at 10:31 Susan Bradley Comment on the AskWoody Lounge

  https://www.europol.europa.eu/newsroom/news/world%E2%80%99s-most-dangerous-malware-emotet-disrupted-through-global-action

  https://krebsonsecurity.com/2021/01/international-action-targets-emotet-crimeware/

  Woo hoo!! What does that mean to you and me?  A slight lowering of attacks until…. well until they figure out a new way to attack us.

  Security Patch Lady Posts

• What does the SolarWinds attack mean to us?

  Posted on January 4th, 2021 at 11:12 Susan Bradley Comment on the AskWoody Lounge

  Heard about the SolarWinds attack and how attackers had access to Microsoft’s source code?  Here’s my views on the SolarWinds attack.

  I don’t think it means that attackers can inject things into Windows.  I don’t think it gives them any more information than they probably already had.

  But I think that over time Microsoft will make the Attack Surface Reduction rules to be easier to use to add protection even down to us lowly home and small businesses.

  I currently do not enable these rules on my home computers.  But I’m keeping an eye on them for sure.  And patching my machines, but just not immediately.

  More at Computerworld.

  Security Patch Lady Posts

• Today’s the day – Flash EOL has arrived

  Posted on December 30th, 2020 at 18:02 Kirsty Comment on the AskWoody Lounge

  Today’s the day – Flash EOL has arrived

  Back in 2017, Adobe announced it was “planning to end-of-life Flash”. Yes, this has been posted about before… Well, the time has now come. Pop-ups have been seen in those machines still using it, for a bit now.

  If you have questions about what happens next, Adobe has a page full of questions and answers here.

  If you’re looking for articles on how to uninstall, check out Martin Brinkmann’s ghacks post.

  (and yes, only half the world is having New Year’s Eve already – Happy New Year to all)

  Security EOL, Flash

• Tech support scams want you

  Posted on December 29th, 2020 at 22:43 Susan Bradley Comment on the AskWoody Lounge

  One of the items that came out of the first ever Askwoody survey is that most of the readers are older.  You’ve been around technology for a long time.  And that’s a good thing as you have experience with a lot of technology.  But that also puts you in the “sweet spot” of scams.  Meaning that the attackers see you as a good target to attempt to scam.  And one of those classic scams is the Microsoft support scam not to be outdone by the increasingly used Apple iphone support scam.

  This headline caught my eye:

  Dept. of Justice credits Microsoft with identifying tech-support fraud scheme that targeted seniors

  No kidding.  Of course if you are a savvy senior (which most readers are) you may do the trick where you pretend to be a stupid user just to draw that person on the phone line on so as to waste their time so they don’t try to go after another person.  I’ve often played the dumb blonde routine until the very end where I tell the person on the other end of the call that they should be ashamed of themselves.

  What do you do?  Do you hang up?  Do you keep them on the phone?

  Security Patch Lady Posts, Tech Support Scams

• Windows 7 ESU for 2021

  Posted on December 23rd, 2020 at 10:07 Amy Babinchak Comment on the AskWoody Lounge

  UPDATE: Purchasing is now open. https://www.askwoody.com/2020/windows-7-esu-for-2021/

  About 3,000 of you purchased the Windows 7 ESU from Harbor Computer Services last year. We offered to make this available to Woody readers after so many IT firms recklessly said that they wouldn’t. My feeling is that while I’d prefer that no one was running Windows 7 anymore, for those that are they need access to updates to retain some degree of security on those systems. We aren’t here to judge. My firm is also an advocate for healthy IT communities and so we agreed to sell the ESU license to all comers even though there’s no money in it for us to speak of. In our regular business, selling stuff is not our thing. We’re a services business.

  We’ve been getting a lot of email recently asking about the year two ESU license and we’ve been letting everyone know that we didn’t have any information yet from Microsoft or distribution. But just yesterday, we got word from our distributor that the license should be ready for purchase beginning on January 5th 2021. Keep that should in mind because this date is dependent on Microsoft hitting thier deadlines. It appears that the price will be $142 all in. This is less than the predicted $150-$200 so that’s some good news.  Keep in mind that last year Microsoft changed the pricing during the first month creating some chaos, so we’re braced for a sudden price change and will keep you posted.

  The process for making this purchase will be the same as last year. We’ll open a form on which you’ll provide all of the information needed for the purchase to take place. Then you’ll get an email from Ted@harborcomputerservices.net with your ESU license code and instructions for installing it.

  To prepare for your license purchase you will need:

  • Your tenant information from last year. Find that email from Ted. It’s in there and you were instructed to keep it in a safe place.
  • Credit card
  • Number of licenses needed
  • email address

  Keep an eye on this space in January for the URL to the purchase form.

  If you’d like to know more about the behind-the-scenes process. Please see this article from last year. How we automated the Win7 ESU-purchase process @ AskWoody

  – Amy Babinchak, president Harbor Computer Services, Third Tier and Woody contributor

   

  Security, Windows 7, Windows Patches/Security Win7 ESU

• A few smallish gremlins still infest Win10 20H2 and 2004

  Posted on November 8th, 2020 at 21:05 Tracey Capen Comment on the AskWoody Lounge

  ON SECURITY

  By Susan Bradley

  With the release of Windows 10 20H2, May’s Version 2004 has moved into an elder-sibling role.

  But that doesn’t mean that the spring update no longer has growing pains. Currently in the process of upgrading my systems to Version 2004, I’ve not run into any significant problems. But that’s not the case for everyone.

  Read the full story in AskWoody Plus Newsletter 17.44.0 (2020-11-09).

  AskWoody Plus Newsletter, Security AskWoody Plus Newsletter, group policy, Win10 2004, Win10 20H2, Windows upgrades
• « Older Entries