Newsletter Archives

• Tasks for the weekend – June 12 – Let’s look at Autoruns

  Posted on June 12th, 2021 at 23:46 Susan Bradley Comment on the AskWoody Lounge

  [Youtube here]

  This week we’re following up with June 5th’s  look at programs that launch on startup  and this time we’re looking at the “uber” version of a tool that allows you to review what’s starting up on your machine.

  Sysinternals Autoruns

  Most of time it’s self explanatory… until it’s not. And then remember just ask.

  The colors mean different things:

  Pink – this means that no publisher information was found, or if code verification is on, means that the digital signature either doesn’t exist or doesn’t match, or there is no publisher information.

  Green – this color is used when comparing against a previous set of Autoruns data to indicate an item that wasn’t there last time.

  Yellow – the startup entry is there, but the file or job it points to doesn’t exist anymore.

   

  Tech Help, Windows Security Patch Lady Posts

• June updates bring news

  Posted on June 9th, 2021 at 01:05 Susan Bradley Comment on the AskWoody Lounge

  It’s been a little bit funny seeing some of the reactions online to the News and Interests feature that is included in the June updates. As Askwoody readers know, this first started to trickle out in May but in the June security updates they are included in everyone’s Windows 10 including Enterprises.

  Just a reminder, you can right mouse click on the weather info, go up to news and interests, and either adjust the options (as it does take up a bit of real estate) or turn it off completely.

  Optionally you can use this registry key to do so. To use it, simply click on the download in the upper right, click to run the file, it will warn you it’s not digitally signed, click through that, next click through the UAC prompt and you’ll get to this page warning you about adding it to your registry.

  

  Click yes and it will turn off the News feature. You’ll need to reboot (I had to) to get it to turn it off.

  I’m keeping an eye on the early beta testers in the forums, so far I’m not seeing anything trending.  As always full details of the updates will be in the Newsletter, in the meantime if anyone needs assistance or help, you know where we are.

  In other patching news, keep an eye out for Apple 14.6 for your iphone/ipad and remember that Apple 15 will be offered up to even iphone 6 models. Androids, keep an eye out for your updates as well.

  Windows 10, Windows 7, Windows Security June 2021 Black Tuesday, Patch Lady Posts

• DarkSide ransomware servers taken down

  Posted on May 14th, 2021 at 14:26 Susan Bradley Comment on the AskWoody Lounge

  After reportedly receiving $5 million for the pipeline and $4 for another victim, the DarkSide servers have been shut down per Bleeping computer.

  Note that I’ve heard that the de-encryption tool was so slow that the Pipeline Company kept on with the recovery process. I can’t stress it enough.. make sure you have a backup. Ransomware is not fun.

  Windows Security Patch Lady Posts

• Tasks for the weekend – February 27, 2021 Check your DNS

  Posted on February 27th, 2021 at 22:36 Susan Bradley Comment on the AskWoody Lounge

  Youtube video here

  There is one command that I have used for many years. It’s the command ipconfig /all. With that command I can see what network I’m on by reviewing the Internet protocol address that the system has.

  It’s also a quick and dirty way of determining what DNS provider I’m using. Often with ISP provided routers you don’t have the ability to adjust your DNS settings. DNS or domain name service settings are how your computer system knows where to  connect to web sites. DNS settings can also better protect your system. Often using something like OpenDNS can automatically protect your system while surfing.

  Some of the key DNS settings that you can choose are

  Google DNS 8.8.8.8 and 8.8.4.4

  Cloudflare 1.1.1.1

  OpenDNS 208.67.222.222 and 208.67.220.220

  Quad9 9.9.9.9

  You can follow the instructions here to manually change the DNS settings on your local machine – or you can make a change up on your router – assuming it allows you to.

  So what DNS settings do you use?

  Windows 10, Windows Security Patch Lady Posts

• Feb 2021 patches so far

  Posted on February 9th, 2021 at 21:51 Susan Bradley Comment on the AskWoody Lounge

  We are still in watch and wait mode for February updates.  I’ll be waiting and testing and let you know what we find.

  So far I don’t see 1909’s being offered up today’s security update. For those of you on 1909 are you seeing that as well?

  For those of you that are business patchers here are some links to follow:

  Microsoft Windows Security Updates February 2021 overview – gHacks Tech News

  Zero Day Initiative — The February 2021 Security Update Review

  Microsoft February 2021 Patch Tuesday (sans.edu)

  The zero day bug that I talked about yesterday is an elevation of privilege bug.

  The other bug that everyone is buzzing about is this one: Multiple Security Updates Affecting TCP/IP:  CVE-2021-24074, CVE-2021-24094, and CVE-2021-24086 – Microsoft Security Response Center  “Customers might receive a blue screen on any Windows system that is directly exposed to the internet with minimal network traffic.”

  For you and I, I don’t see this one has being horrific.  Blue screens of death while not something any of us want, doesn’t mean that the attacker has gotten our data. And we normally do not have our machines straight on the Internet but rather behind routers and firewalls. For now, just make sure you have a backup and look for the full analysis in this week’s Plus newsletter.

  Action plan as of right now:

  • Waiting/Backing up mode for home users.
  • Testing mode for business users.

  Note:  They’ve released the .NET patch with a known crashing issue February 9, 2021-KB4601050 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10, version 2004, Windows Server, version 2004, Windows 10, version 20H2, and Windows Server, version 20H2 (microsoft.com) that impacts Visual Studio 

  Windows Patches/Security, Windows Security February 2021 Black Tuesday, Patch Lady Posts

• Are you a MSP or use a MSP?

  Posted on December 13th, 2020 at 18:32 Susan Bradley Comment on the AskWoody Lounge

  Edit:  At this time, we are not aware of an impact to our SolarWinds MSP products including RMM and N-central.

  Looks to be only to their enterprise customers at this time.

  Edit:  A twitterized version of the write up on the Microsoft threat analytics site can be read here:

  https://threadreaderapp.com/thread/1338305089597964290.html

  Here’s the key takeaway:

  we do not know how the backdoor code made it into the library..research indicates…the attackers might have compromised internal build or distribution systems of SolarWinds, embedding backdoor..into a legitimate SolarWinds library” – SolarWinds.Orion.Core.BusinessLayer.dll

  Another good write up at Fireeye

  If you are a managed service provider or use a managed service provider to support you and your IT… read on…

  If you’re a SolarWinds customer & use the below product, assume compromise and immediately activate your incident response team. Odds are you’re not affected, as this may be a resource intensive hack. Focus on your Crown Jewels. You can manage this. https://t.co/YvSGTv926a https://t.co/WFe89831Dj

  — Chris Krebs (@C_C_Krebs) December 13, 2020

  Word is coming out tonight that SolarWinds was the entry point into various targeted attacks that have been in the news lately including FireEye.

  Just got this from @solarwinds:https://t.co/30EClmPXqw pic.twitter.com/1yjYp6lUyf

  — Raphael Satter (@razhael) December 13, 2020

  

  Windows Security Patch Lady Posts

• Shopping online safely?

  Posted on November 28th, 2020 at 13:17 Susan Bradley Comment on the AskWoody Lounge

  Just this morning I received a funky phone call from “San Diego” telling me about several transactions on my “credit card” and that I needed to call them back to approve the transactions.

  Needless to say I didn’t call them back.

  The CISA page reminds us to be wary of scams this time of year.

  CISA recommends these three simple steps to keep consumers safe when shopping:

  • Check your devices – Before starting your hunt for the best deal, make sure your devices are up-to-date and all of your accounts have strong passwords. If you purchase an internet connected device or toy, change the default password and check the device’s privacy and security settings to make sure you’re not sharing more information than you want.
  • Shop through trusted retailers – Before making a purchase and providing any personal or financial information, make sure you’re using a reputable, established vendor. Similarly, if you’re planning to make a charitable donation, be sure to research who or where your donation is going, to ensure it’s a legitimate organization.
  • Using safe methods for purchases – If you can, use a credit card or other forms of digital payments as opposed to a debit card as credit cards often have better fraud protections.

  So what are you doing to ensure you are safe online this year?

  Windows Security Patch Lady Posts

• Easiest way to make it easy for attackers

  Posted on November 18th, 2020 at 21:37 Susan Bradley Comment on the AskWoody Lounge

  https://www.zdnet.com/article/the-worst-passwords-of-2020-show-we-are-as-lazy-about-security-as-ever/

  We are really bad at picking passwords.  Truly we are.  I’ve also seen that many folks use the same passwords in many web sites.  So attackers only have to get a data dump from one hacked database and then they can try to reuse these passwords in other places.

  Do yourself a big favor:  Over the holiday season see if you can 1. pick better passwords (passphrases) and 2. see if the site allows you to add two factor authentication.

  Windows Security 2FA, Passphrases, passwords, Patch Lady Posts, Two-factor authentication

• Security shouldn’t be political

  Posted on November 17th, 2020 at 23:40 Susan Bradley Comment on the AskWoody Lounge

  Tonight I heard on the news that President Trump fired Chris Krebs (no relation to Brian Krebs) who was head of the Cybersecurity and Infrastructure Security Agency.  If you aren’t familiar with CISA they send out a ton of good security information – most of which inspires me to write security articles.

  Mr. Krebs first came to government from Microsoft and was instrumental in developing relationships between business and government.

  Given the HUGE HUGE risk we all have from ransomware we need more people like Chris Krebs in government, not less.

  Then there's #Ransomware – we’re focused on ramping up a national strategic effort to combat this global scourge. We MUST improve defenses, break the business model, and take the bad guys out of the game. This is the most visible, disruptive cyber threat as I see it right now.

  — Chris Krebs #Protect2020 (@CISAKrebs) November 16, 2020

  Tonight, we fired that guy.  We need more defenses against ransomware.  We still make it way way too easy for attackers to get us.  Not a day goes by that bleepingcomputer.com doesn’t post up another ransomware nailed yet another business post.  I still see way too many malicious emails wiggle in.  Too many malicious sites.  Too many attacks.  We need more people pushing for solutions, not less.

  We need good people to help us in protecting us against ransomware.  Comments now turned off at this time and apologies for doing so.

   

  Windows Security Patch Lady Posts

• Patch side effects November updates – Domains only

  Posted on November 17th, 2020 at 23:05 Susan Bradley Comment on the AskWoody Lounge
  Hat’s off to EP for spotting these:
  https://support.microsoft.com/en-us/help/4594439/kerberos-authentication-and-ticket-renewal-issues
  https://support.microsoft.com/en-us/help/4594438/kerberos-authentication-and-ticket-renewal-issues

  Addresses issues with Kerberos authentication related to the PerformTicketSignature registry subkey value in CVE-2020-17049, which was a part of the November 10, 2020 Windows update. The following issues might occur on writable and read-only domain controllers (DC) :

  • Kerberos service tickets and ticket-granting tickets (TGT) might not renew for non-Windows Kerberos clients when PerformTicketSignature is set to 1 (the default).
  • Service for User (S4U) scenarios, such as scheduled tasks, clustering, and services for line-of-business applications, might fail for all clients when PerformTicketSignature is set to 0.
  • S4UProxy delegation fails during ticket referral in cross-domain scenarios if DCs in intermediate domains are inconsistently updated and PerformTicketSignature is set to 1.

  The issue ONLY effects those with domains (businesses).  It will not impact peer to peer or standalone computers.  I expect to see more of these fixes for other platforms.

  Spotted another one… https://support.microsoft.com/en-us/help/4594442  November 17, 2020—KB4594442 (OS Build 17763.1579) for 1809 Out-of-band  (uh no that’s not an out of band patch for security the way I define out of band…)
  And more (thanks EP):KB4594441 for Win10 v1607:
  https://support.microsoft.com/help/4594441

  KB4594443 for Win10 v1903 & 1909:
  https://support.microsoft.com/help/4594443/

  KB4594440 for Win10 v2004 & 20H2:
  https://support.microsoft.com/help/4594440/

  Windows Security Patch Lady Posts

• Patch Lady – make sure you are protected

  Posted on October 28th, 2020 at 21:14 Susan Bradley Comment on the AskWoody Lounge

  To specifically target hospitals and healthcare with ransomware is pure evil.

  Brian Krebs reports that the “CISA, FBI, and HHS have credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers.”  Earlier today a webcast was also talking about this risk.

  I’ve installed the October patches.

  I’ve checked to make sure backups are working (and not backing up to a drive that is accessible by the user making the backup – look to your backup vendor/ask them if their solution does this).

  I’ve made sure that my email has spam filters and email hygiene turned on.

  I’ve repositioned my tinfoil hat so my paranoia is turned full on.

  If you work for healthcare or know of someone in healthcare reach out to them and warn them that they are being targeted by cyber attackers and be extra careful.

   

  Windows Security Patch Lady Posts

• Patch Lady – saying goodbye to Flash

  Posted on October 27th, 2020 at 18:15 Susan Bradley Comment on the AskWoody Lounge

  https://support.microsoft.com/en-us/help/4577586/update-for-removal-of-adobe-flash-player

  Saying unofficial goodbye to Flash.  Note this is on the catalog site at this time so that folks can be testing the removal process.  Those behind Windows update will get this later (Decemberish) those on WSUS will get it in 2021.

   

  Windows Security KB 4577586, Patch Lady Posts
• « Older Entries