Dealing with a data breach

ON SECURITY

By Susan Bradley

Recently, the MOVEit system from Progress has been in the headlines, and not in a good way.

MOVEit is used by many businesses and governments to transfer files. Those same entities are now sending out notifications that your personal information may have been stolen by attackers using a vulnerability discovered in MOVEit.

Although the problem has now been patched, attackers had a window of opportunity for at least several days during which data was captured in the clear.

Read the full story in our Plus Newsletter (20.26.0, 2023-06-26).

Fixing Onyx’s RAID 1 failure — second drive

HARDWARE DIY

By Will Fastie

In our May bonus issue, I wrote about fixing Onyx’s RAID 1 failure.

There was one task left. I had replaced the failed drive in the mirror with a new Seagate FireCuda drive, but I did not want to install the second without giving the first drive time to burn in. In this brief article, I describe that final task.

It went as expected.

Read the full story in our Plus Newsletter (20.26.0, 2023-06-26).

Apple releases new security updates – June 21

📱 iOS and iPadOS 15.7.7 – 3 bugs fixed
💻 macOS Ventura 13.4.1 – 2 bugs fixed
📱 iOS and iPadOS 16.5.1 – 2 bugs fixed
⌚ watchOS 9.5.2 – 1 bug fixed
⌚ watchOS 8.8.1 – 1 bug fixed
💻 macOS Monterey 12.6.7 – 1 bug fixed

Apple pushed updates for 3 new zero-days that may have been actively exploited.

As we move to more and more of us using phones as our daily tool, so too are the attackers going after the phones with zero days

Working with the Intel Driver & Support Assistant

WINDOWS

By Ed Tittel

Intel’s share of the x86 processor market at the end of 2022 came out at nearly a two-to-one ratio for Intel vs. AMD.

The Statista survey ascribes 62.8% of that market to Intel and 35.2% to AMD; the remaining 2% presumably belongs to ARM and “other CPUs” sometimes found in PCs.

But other Intel devices, including PC chipsets and controllers, show up in PCs of all kinds. And that means Intel also supplies drivers to connect devices to Windows and allow them to do their jobs.

Read the full story in our Plus Newsletter (20.25.0, 2023-06-19).
This story also appears in our public Newsletter.

The Star Trek universal translator is here today

PUBLIC DEFENDER

By Brian Livingston

PARISOT, FRANCE — I’m working this month in Europe. During this time, I’ve found that handheld language translators have become truly useful in speaking with people when you don’t understand their native tongue.

My knowledge of French is fairly nonexistent. I can manage to say “oui,” “non,” and “un grand café noir, s’il vous plaît” (a large black coffee, please). So you can imagine my fear when I learned — as I’ll explain later— that I’d be spending 30 days in the land of le Louvre, which I can’t even pronounce correctly.

Read the full story in our Plus Newsletter (20.25.0, 2023-06-19).

How to get transcripts from Teams to OneNote

ONENOTE

By Mary Branscombe

If you have meeting recordings from Teams, you can get the text of what everyone said — if you know where to look.

The Windows version of OneNote has a transcription tool, but I’ve had a lot of problems getting it to work. I often use the Otter.AI service to turn my meetings and interviews into text by propping my phone up on the table or next to my laptop.

But if you’re using Teams for your meetings, you can usually get a better-quality transcription by doing it inside Teams.

Read the full story in our Plus Newsletter (20.25.0, 2023-06-19).

The case of the missing Registry key

PATCH WATCH

By Susan Bradley

Microsoft leaves it up to us to finish its job.

Once upon a time, there was a company that cared equally about the impact of patches on customers large and small. But in the past two months, something has happened. Some of you would argue that furthermore, Microsoft’s patching guidance has been primarily for the enterprise market segment from the start.

That’s not my experience.

Read the full story in our Plus Newsletter (20.25.0, 2023-06-19).

Intel rebrands

INTEL NEWS

By Will Fastie

To coincide with the upcoming release of new processors based on the Meteor Lake microarchitecture, Intel will institute a new branding scheme.

I’m inclined to say this happens too often with Intel and is confusing, but the amazing reality is that the “i” branding has been around for 15 years. That’s actually a pretty long run.

But the new branding is still confusing, at least for now.

Read the full story in our Plus Newsletter (20.25.0, 2023-06-19).

Is MoveIT a big thing to worry about?

If you’ve seen the news you may have heard about the MoveIT vulnerability. It’s a piece of software that many BIG businesses and goverments used to transfer data from one database to another. But attackers found a vulnerability in the code and was able to extract and exploit data.

I’ll be out in a future newsletter about how you can monitor your accounts for potential exposure and what actions you can take.  But for now know this:

1. It’s not a vulnerability that impacts YOUR home computer
2. It may impact the businesses you interact with.
3. Look for notifications from Governments and vendors if your data has been impacted.

One of the issues with software like MoveIT is that while it encrypts data, it doesn’t encrypt while in transit. So the attacker was able to gather the data as it got transported.

Once again, I’ll go more into detail about this, but be ready to put a freeze on your credit and log into your bank accounts to review activity.

Bottom line, don’t panic. But be aware and take action if you get notified.

Master Patch List as of June 13, 2023

I’ve updated the Master Patch list for the May releases.

Remember to always review the known issues we are tracking on the Master Patch List. I will keep the latest info there.

So far trending issues are:

Consumers:

Chrome may have some issues after the June updates – Triggered by malwarebytes – see their KB

Business side effects:

Users of Windows Hello may get an extra OOBE prompt.

Manual registry keys have to be deployed to be fully patched. Testing the impact and will report back. I do not see this as a concern for consumers just potentially targeted businesses.

June turns on Enforcement by Default comes with the June updates regarding CVE-2022-38023 ( KB5021130: How to manage the Netlogon protocol changes related to CVE-2022-38023 – Microsoft Support ).

I am recommending at this time that you install Apple updates, I’m not recommending Windows updates at this time. I’ll have more details in the newsletter on Monday.

• Windows 11 22H2: Not recommended
• Windows 11 21H2: If you have a Windows 11 PC, recommended
• Windows 10 22H2: Recommended
• Windows 10 21H2: Drops out of support this month
• Apple Ventura – Recommended for newer hardware – as always check with the applications you rely on if they recommend this release.

As always, thank you all for supporting the cause! Remember a donation will give you access and if you donate $50 or more you’ll get a special code to enable text messages sent to your phone each time the Master Patch List gets updated and when I change the MS-DEFCON level

Ready for June updates?

Remember this is the final month that Windows 10 22H1 will receive updates. This is the final time that version will receive a security update. So for Windows 10 I want you to be on 22H2.

But for Windows 11, unless you’ve recently purchased a Windows 11 machine and are already ON Windows 11 22H2 I still recommend staying on 21H2.

Remember you can use the SAME tools to control updates on Windows 11 as you can on 10. So InControl, works to keep that 11 on 21H2. The www.blockapatch.com tools all work.

So now, buckle our seatbelts, here comes June updates!

(As you can tell I STILL cannot name the dang versions worth a darn)

Random thoughts and notes for the upcoming newsletter:

There is a vulnerability that in order to fully enable the fix you have to enable a registry key that is different on each OS – see here. Say what?

Side effects being seen:  If you use the Windows hello for authentication – you’ll get a Windows hello “pop” after the installation of the patch.  Ignore it – appears to be a bug.

How to resolve synchronization problems in OneDrive

ONEDRIVE

By Lance Whitney

Sometimes OneDrive fails to properly sync your files. Here’s how to deal with these annoying issues.

I use Microsoft OneDrive to back up and sync my documents, photos, and other files. For me, it’s still the most seamless way to ensure that my files are not only backed up to the cloud but also synced and accessible across all my computers and mobile devices.

However, OneDrive can be glitchy.

Read the full story in our Plus Newsletter (20.24.0, 2023-06-12).
This story also appears in our public Newsletter.