PC Security and Other Useful Information

Security Mailer Volume 21 Number 52

• Open Source patches
  • OpenJDK
  • log4j12
  • OpenSSH
• Linux updates and patches
• Microsoft breaks Exchange Server with faulty anti malware update
• General Security reviews last week
• Wireshark updates

Security Mailer Volume 21 Number 49

• Mozilla updates
  • Firefox
  • Firefox ESR
  • Thunderbird
• Cisco security advisories
  • Apache Log4j affecting Cisco
• Open Source
  • Mozilla Network Security Service Library
  • VIM
  • mailman
• Linux updates and patches
• General Security reviews last week
• Apache Log4j Java Logging
• Sonic Wall VPN Appliance Vulnerabilities

Security Mailer Volume 21 Number 47

• Cisco security advisories
• Open source
  • Thunderbird
  • Axis
  • NTFS-3G
• Linux updates and patches
• Microsoft updates revised
• General section reviews last week
• Wireshark new version release

On October 17, 2021, I upgraded my Surface Laptop 4 from Windows 10 Pro to Windows 11 Pro. The actual upgrade went smoothly with no apparent problems or error. All my apps and hardware worked as before.

After almost 2 weeks, I’ve seen the following issues or problems.

• Let’s start with the obvious.. The Start menu. While it takes a bit getting used to, it’s not hard to adjust. Just tedious.
  
  My problems with it are:
  • Why populate it with a load of built-in/default programs?? It required deleting almost all of them and adding the programs that were there in Windows 10.
  • Why only show 21 apps??
  • Why include the “Recommended” section??? It’s completely useless to me
  • The menu can’t be adjusted.
  • The old list of apps requires an additional click.
• Next, The toolbar. Lots to dislike here.Probably haven’t seen all of it.
  
  • Location is fixed at the bottom. WHY??? Every previous version of Windows allowed me to move it to the top and hide it. After two weeks, I’m still moving the mouse to the top of the desktop before I remember.
  • Icons are in the middle or the left of the toolbar.
  • Can’t drag & drop objects onto the toolbar programs.
    • First off, I may need to describe pinned quick items.
      
    • Previously, I was able to select an icon on the desktop or in a folder and drag it to the appropriate program icon on the taskbar. It would show up in the “Pinned list when I right clicked on the icon.
    • Now, I get the “Not” symbol. I depend on this ability to allow me to have a clean desktop and not have to use menus or sub-menus.
    • When I would right click on the blank area of the toolbar, I would get a menu which included “Task Manager”. I use this a lot. Now, all I get is “Taskbar Settings”. I had to search for “Task Manager”. Right click on the item and select “Pin to taskbar”
      

• Windows 10 automatically hid most of the icons that would appear in the right-hand corner and put them into the “overflow corner”. Windows 11 puts almost none in there, making the toolbar that much more cluttered. You have to go to Taskbar settings, select the “Tab Corner overflow” option and select the icons to “hide”.
• I have two options for speakers: the laptop and the external display. I prefer the external display, but it’s an older display and it will often cut out, requiring I switch to the laptop. With Windows 10, I clicked on the sound icon in the corner and switched. With Windows 11, I had to pin the Settings icon to the taskbar. Then I could select it, select “sound settings” and, finally, switch.

Bottom Line

As I said, everything I’ve described can be adjusted, recreated or done in an alternate way. After 2 weeks, though, I still find them annoying. I expect over time I’ll get less and less annoyed (hopefully as they update and change the OS). However, I have to say that I haven’t seen a single thing that I would consider reason enough to upgrade from Windows 10. In old terms, it’s kind of like a “Service Pack”.

For the average user, I don’t see any reason to leap unless there is some new or “improved” function that is needed or wanted. Windows 10 will be supported until October 14th, 2025 .Needless to say, a lot about Windows 11 will change over the next 4 years!!

Security Mailer Volume 21 Number 40

• Mozilla updates
  • Firefox
  • Firefox ESR
• Cisco security advisories
• Linux updates and patches
• General security reviews last week
• Wireshark updates

FBI Issues Alert on Hive Ransomware

“Hive “uses multiple mechanisms to compromise business networks, including phishing emails with malicious attachments, to gain access and remote desktop protocol (RDP) to move laterally once on the network,” the alert states (see: 7 Emerging Ransomware Groups Practicing Double Extortion).

“After compromising a victim network, Hive ransomware actors exfiltrate data and encrypt files on the network. The actors leave a ransom note in each affected directory within a victim’s system, which provides instructions on how to purchase the decryption software. The ransom note also threatens to leak exfiltrated victim data on the Tor site, HiveLeaks,” the alert notes.

Every encrypted file gets saved with a .hive extension appended, the FBI says. The Hive operators then drop a hive.bat script into the directory, which enforces an execution timeout delay of one second to perform cleanup after the encryption is finished by deleting the Hive executable and the hive.bat script, the alert notes.

“A second file, shadow.bat, is dropped into the directory to delete shadow copies, including disc backup copies or snapshots, without notifying the victim, and then deletes the shadow.bat file. During the encryption process, encrypted files are renamed with the double final extension of *.key.hive or *.key.*,” according to the alert.

Later, a ransom note, “HOW_TO_DECRYPT.txt,” gets dropped into the affected directory and warns against attempting to modify, rename or delete the key file, saying that doing so will make encrypted files unrecoverable.

“The note contains a ‘sales department’ link, accessible through a Tor browser, enabling victims to contact the actors through live chat. Some victims reported receiving phone calls from Hive actors requesting payment for their files,” the alert says.

The alert states that the initial deadline for payment fluctuates between two to six days, although it can vary.”

Security Mailer Volume 21 Number 23

• Adobe security updates for Acrobat and Reader, many other products
• Cisco security advisories
• Linux updates ands patches
• Linux Synopsis
• Microsoft
  • Patch Tuesday updates and patches,
  • Security Advisories
  • Security Update Releases
• General Security reviews last week
• Android security bulletin,
• New TLS attack,
• Google patches 0-day for Chrome

Adobe Patches Slew of Critical Security Bugs in Bridge, Photoshop

“The security bugs could open the door for arbitrary code-execution and full takeover of targeted machines.