PC Security and Other Useful Information

Security Mailer Volume 22 Number 17

• Cisco security advisories
• Open Source security updates for
  • Zlib
  • Linux Kernel
  • Bash
• Linux updates and patches
• Microsoft updates for Edge
• General Security section reviews last week
• Misc. news entries
• CISA Known Exploited Vulnerabilities Catalog
  • In EXCEL spreadsheet form CSV, XLS, and XLSX versions are provided

Security Mailer Volume 22 Number 12

• Cisco security advisory
• Open Source
• Open SSL
• Libre Office
• Firefox
• Linux updates and patches
• General & Misc reviews last week
• Google fixes Chrome 0-day
• Wireshark updates
• Misc news entries

Security Mailer Volume 22 Number 2

• Adobe security updates including Reader
• Apple iOS and iPadOS update
• Mozilla updates
  • Firefox,
  • Firefox ESR,
  • Thunderbird
• Cisco security advisories
• Open source latest updates
  • Apache Log4j
  • Apache HTTP Server
  • Singularity
• Linux updates and patches;
• Microsoft Tuesday fixes 026 vulnerabilities, 6 0-day, later pulls problem updates for Server 2012 2016 and 2019
• General security reviews last week, general news items including QNAP devices
• EXCEL spreadsheet listing all the updates released by Microsoft on Tuesday. Both XLS and XLSX versions are provided

5 common VPN myths busted

“Virtual Private Networks (VPNs) are popular but often misunderstood. There are many misconceptions about them—misconceptions that may be stopping people from adding a useful layer to their security and privacy defenses.”

DNSpooq bugs let attackers hijack DNS on millions of devices

“Israel-based security consultancy firm JSOF disclosed today seven Dnsmasq vulnerabilities, collectively known as DNSpooq, that can be exploited to launch DNS cache poisoning, remote code execution, and denial-of-service attacks against millions of affected devices.

Dnsmasq is a popular and open-source Domain Name System (DNS) forwarding software regularly used that adds DNS caching and Dynamic Host Configuration Protocol (DHCP) server capabilities to Internet-of-Things (IoT) and various other embedded devices.”

Security Mailer Volume 20 Number 25

• Adobe released a series of security updates out of cycle
• Browser Pale Moon released security update
• Cisco security advisories
• Linux updates and patches
• Microsoft
  • Security updates released
  • Out of cycle update for printing problems
  • More Windows 10 2004 problems
  • Will bundle Edge with Windows
• General Security reviews last week

Zyxel Fixes 0-day in Network Storage Devices

“Networking hardware vendor Zyxel today released an update to fix a critical flaw in many of its network attached storage (NAS) devices that can be used to remotely commandeer them. “

Sprint Exposed Customer Support Site to Web

“Fresh on the heels of a disclosure that Microsoft Corp. leaked internal customer support data to the Internet, mobile provider Sprint has addressed a mix-up in which posts to a private customer support community were exposed to the Web.”

Thousands of QNAP NAS devices have been infected with the QSnatch malware

“Hackers have infected thousands of network-attached storage (NAS) devices from Taiwanese vendor QNAP with a new strain of malware named QSnatch

An analysis of the malware’s code revealed the following capabilities:

Modify OS timed jobs and scripts (cronjob, init scripts)
Prevent future firmware updates by overwriting update source URLs
Prevents the native QNAP MalwareRemover App from running
Extracts and steals usernames and passwords for all NAS users“

Microsoft Edge and other Microsoft Store apps might not connect to the Internet after installing the Windows 10 October 2018 update

Turns out the fix is simple…. Enable IPV6…. Yup….That simple… 🙁