Computer News & Safety tips  – Harry Waldron MVP Rotating Header Image

Samsung – Galaxy Book 12 launches MAY 2017

Samsung is also introducing the “Galaxy Book 12” as a laptop/tablet (2-in-1 device) to compete with Microsoft and Apple models. This Windows 10 based device has some of best display technology available — but smaller battery size was noted as one weakness

https://www.digitaltrends.com/laptop-reviews/samsung-galaxy-book-12-review/

The Galaxy Book hits the reset button on Samsung’s 2-in-1 line, with Windows 10, two size options, Intel Core i5 processors, and an improved Super AMOLED screens that promise deep black levels and unmatched contrast. Pricing starts at $1,130 for the 12-inch version, which has 4GB of RAM and a 128GB solid state drive. Our review unit, upgraded to 8GB of RAM and a 256GB SSD, retails for $1,330.  For some users, the OLED screen will be the killer feature, and admittedly, there’s a lot of appeal to a system that makes watching movies and music videos an absolute pleasure. Yet you might not watch for long, because the tablet’s battery life is a sore spot.

Microsoft – New Surface Pro launches MAY 2017

Microsoft is introducing the “New Surface Pro” to replace the “Surface Pro 4” as latest model.  Several improvements have been made and it’s more re-branded to be of a laptop or notebook computing device, rather than a tablet.  State of art INTEL Kaby Lake CPU chips also consume less power, generate less heat, and extend battery life while in use.

https://www.forbes.com/sites/haroldstark/2017/05/26/fans-rejoice-microsoft-has-reinvented-the-surface-pro-4/#4a7ddee63100

Microsoft has launched a new Surface Pro. Microsoft’s new machine makes subtle and important upgrades in many areas.

1. Design – It’s Now A Laptop — New Surface Pro has more rounded corners, redesigned heat venting, an improved 165 degree kickstand

2. Display – Old Dog, New Tricks — The native resolution remains 2736 x 1824 pixels (267 ppi) and there’s the same support for 10 point multi-touch. However, New Surface Pro has native support for the Surface Dial which will be added in near future

4. Performance – Laptop Class — moves to Intel’s ‘Kaby Lake’ chipsets for improved speed, cooling, and reduced power consumption

5. Software – Windows 10 Pro or Windows 10 S — will ship with Windows 10 Pro, but Microsoft has confirmed it will with more limited Windows 10 S eventually

6. Connectivity – One Step Forward, One Step Back — Microsoft is finally adding the option for integrated 4G LTE. USB Type-C is nowhere to be seen on the New Surface Pro other than via a supplied dongle.

7. Battery Life – The Best Change –The shift to Kaby Lake is a big deal and with it comes Microsoft’s bold claim that the New Surface Pro will last up to 13.5 hours on a single charge. This compares to nine hours with the Surface Pro 4 (increase of 50%)

8. Price – More Through Less — On paper Microsoft is retaining the same pricing with the New Surface Pro as the Surface Pro 4 with prices starting from $799. And yet the reality is Microsoft’s charging more because the Surface Pen ($99) is no longer included

Ransomware – Jaff uses PDFs with malicious embedded Word documents

A new major ransomware attack called “Jaff” has surfaced which is being massively spammed in the wild. It uses PDFs with malicious macros embedded in Word documents to avoid detection by many email scanners (as users may have to open documents to trigger AV detection due to the deep nesting of the malicious code within the PDF). Users must continue to avoid all unusual and unexpected attachments.  

http://blog.talosintelligence.com/2017/05/jaff-ransomware.html

https://isc.sans.edu/forums/diary/Jaff+ransomware+gets+a+makeover/22446/

Since 2017-05-11, a new ransomware named “Jaff” has been distributed through malicious spam (malspam) from the Necurs botnet.  This malspam uses PDF attachments with embedded Word documents containing malicious macros.  Victims must open the PDF attachment, agree to open the embedded Word document, then enable macros on the embedded Word document to infect their Windows computers.

Similar to what we saw with recent Locky campaigns, when the PDF attempts to open the embedded Microsoft Word document, the victim is prompted to approve the activity. Requiring user interaction to continue the infection process could be an attempt to evade automated detection mechanisms that organizations may have deployed as no malicious activity occurs until after the user approves. In sandbox environments that are not configured to simulate this activity, the infection may never occur, and could result in the sandbox determining that the file is benign when the reality is that it is malicious, the infection was just simply not triggered.

Microsoft Security Updates – MAY 2017

Below are key resources documenting this recent monthly Microsoft Patch Tuesday release

https://isc.sans.edu/forums/diary/Microsoft+Patch+Tuesday+and+Adobe/22396/

http://blog.talosintelligence.com/2017/05/ms-tuesday.html

https://portal.msrc.microsoft.com/en-us/security-guidance

Today, Microsoft has release their monthly set of security updates designed to address vulnerabilities. This month’s release addresses 56 vulnerabilities with 15 of them rated critical and 41 rated important. Impacted products include .NET, DirectX, Edge, Internet Explorer, Office, Sharepoint, and Windows.

Windows 10 — Troubleshooting basics using Event Viewer

While the Windows Event Viewer is more widely used by technicians, this PC Magazine article shares some basics in using this as a tool to troubleshoot hardware or software issues in Windows.

http://www.pcmag.com/news/353803/how-to-troubleshoot-problems-in-windows-via-event-viewer

Are you bumping into a problem with your Windows PC but not sure what’s causing it? Windows Event Viewer might be able to help. This tool records all events that occur on your PC, whether they’re benign or nasty. But Event Viewer isn’t the most user-friendly feature in Windows. So how do you decipher the findings in Event Viewer to see if they can help you resolve an actual problem? To open Event Viewer in any version of Windows, go to Control Panel and change the view to Large or Small icons if the view is not already set that way. Click on the icon for Administrative Tools. From the Administrative Tools screen, double-click on the shortcut for Event Viewer. The Event Viewer window pops up.

Internet Service Providers – PC Magazine 2017 awards

Eighteen ISPs were evaluated and ranked in the 2017 PC Magazine annual survey

http://www.pcmag.com/article/353825/readers-choice-awards-2017-internet-service-providers

In the midst of Triple Crown season, the horse racing metaphors come easy when talking broadband.   Eighteen ISPs showed up at our survey starting gates for 2017, but two were in a class of their own, leaving all the rest in their dust.  Those two ISPs, RCN and Verizon FiOS, are neck-and-neck to the finish line, and we decided to hand each of them a Readers’ Choice award

WannaCry Malware Outbreak – Lessons Learned actually are old Best Practices

This is an excellent article documenting weaknesses that led to many organizations suffering major outages.

SANS ISC — What did we Learn from WannaCry? – Oh Wait, We Already Knew That! 

1. Patch ASAP —  Plain and simple, when vendor patches come out, apply them.  In a lot of cases, Patch Tuesday means “Reboot Wednesday” for a lot of organizations, or worst case “Reboot Saturday”

2. Unknown Assets are waiting to Ambush You — Real time detailed inventory of every device in network are needed (e.g., are there any W2003 servers or XP clients)

3. Watch the News — Actively monitor breaking security developments

4. Segment your network, use host firewalls — Set up “deny” rules on the network or on host firewalls for the things that people don’t need

5. Have Backups — Any server or user workstation can be lost due to malware, hardware failure, etc.  Best practices of storage, privacy, security & recoverability are always needed in corporate world

6. Have a Plan — Advanced contingency planning before a major event, on how to contain, protect, and recover are tools for future events

7. Security is not an IT thing — Corporate security protection is important for everyone from janitor to CEO … Security awareness must be active

WannaCry Ransomeware protection — Download MS17-010 Standalone patches for XP and WIN-2003 server

Microsoft has made a rare out-of-band patch even for non-supported operating systems to help stop the spreading   

STANDALONE PATCH FOR MS17-010 (that protects against the WANNA CRY) — Go toward bottom & find this link and carefully click on either 32 or 64 bit installs for your O/S.  This only needs to be done on XP PCs or any WIN7 PC which is out-of-date (if last Windows security update is less than MAR-2017)

https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/

WINDOWS XP, WINDOWS 2003, WINDOWS 7 or WINDOWS 8 — Further resources: 

Download English language security updates: Windows Server 2003 SP2 x64, Windows Server 2003 SP2 x86, Windows XP SP2 x64, Windows XP SP3 x86, Windows XP Embedded SP3 x86, Windows 8 x86, Windows 8 x64

WannaCry Ransomeware worm attack — Valuable SUMMARY post from ISC

SANs has created a summary post  “WannaCry Ransomeware Worm” with numerous resources to help protect and mitigate this new threat:

https://isc.sans.edu/forums/diary/WannaCryWannaCrypt+Ransomware+Summary/22420/

* Apply MS17-010 to Windows Vista and later (Windows Server 2008 and later)
* Apply Friday’s SPECIAL out-of-band patch for Windows XP or Window Server 2003 (as these out-dated operating systems are among the most vulnerable exposures).
* Verify correct patch application
* Make sure the “kill switch” domain and website is reachable from your network without proxy. If not, setup an internal DNS sinkhole and redirect to an internal website. Do not block access to the website.
* Deploy the registry key inoculation (special software to prevent encryption)
* Disable SMB version 1.0 protocol (and use SMB 2.0 or higher)
* Make sure systems are running up to date anti-malware
* Share easy-to-understand “all employees bulletin” to promote awareness
* Best security practices helpful

WannaCry Ransomeware Worm – Remove 30 year old SMB 1.0 protocol from servers

Microsoft shared awareness in SEP-2016 to disable this 30 year old protocol with MS16-114 protective release.  

The original SMB 1.0 protocol is nearly 30 years old, and like much of the software made in the 80’s, it was designed for a world that no longer exists. A world without malicious actors, without vast sets of important data, without near-universal computer usage. Frankly, its naiveté is staggering when viewed though modern eyes.  Legacy applications may still be active as follows:
  1. You’re still running XP or WS2003 under a custom support agreement.
  2. You have some decrepit management software that demands admins browse via the ‘network neighborhood’ master browser list.
  3. You run old multi-function printers with antique firmware in order to “scan to share”.