Computer Safety & News

Apple has recently introduced the new M2 CPU which offers high-end capabilities for it’s workstation & laptop products.

First Tests of Apple M2: How This New CPU Charts Apple Silicon’s Future | PCMag

Apple Revamps MacBook Air, 13-Inch MacBook Pro With New M2 Chip | PCMag

What Is the Apple M2 Processor?

Confused by all the M2 and M1 talk you’ve been seeing around Apple products lately? Here’s a quick refresher. In early June, Apple held its annual Worldwide Developers Conference, WWDC 2022. During the opening keynote for the multi-day event, the company announced the first second-generation Apple Silicon processor for Macs, the M2 processor.

The new CPU benefits from a new production process, which Apple calls its “second-generation 5-nanometer process.” We’ll dig into the specifications in a moment, but the new M2 chip offers several advancements over the M1 processor from 2020, including more transistors, higher memory bandwidth, and support for higher allotments of RAM.

40 Years of PCMag: An Illustrated Guide

40 Years of PCMag: An Illustrated Guide | PCMag

PCMag’s four decades of uninterrupted publication have included many highs and lows—along with the day-to-day work that comes with testing 2,000-plus products and services each year, dispensing endless buying advice, and covering important news as we chronicle the fast-paced world of technology. As the years wear on, even we’ve forgotten about a few major milestones.

Thankfully, the 27 years of PC Magazine in print (archived at Google Books(Opens in a new window)) and the subsequent 13 years of being online-only, plus the many years of paper and pixel overlap, are all still available. For this anniversary, we took a trip down memory lane to pull out some of the biggest events in PCMag history and the major tech milestones we’ve covered. Follow along for a fun 40-year ride.

A new zero-day Ransomware attack was discovered on a LINUX VoIP phone where very limited AV & other security controls were in place.  This illustrates new areas of attack there previously thought were more safe.

Ransomware Hacker Spotted Using Zero-Day Exploit on Business Phone VoIP Device | PCMag

Ransomware attacks often occur through phishing emails or poorly-secured computers. But in this case, the hacker had enough know-how to uncover a new vulnerability in a Linux-based VoIP appliance from the business phone provider Mitel.  The resulting zero-day exploit allowed the hacker to break into the company’s network through a VoIP device, which had limited security safeguards onboard. The attack was designed to essentially hijack the Linux-based VoIP appliance so that the hacker could infiltrate other parts of the network.

CISA shares best practices in using PowerShell that reduce manipulations during malware, monitors the tool, and hardens overall security.

Keeping PowerShell: Measures to Use and Embrace | CISA

CSI_KEEPING_POWERSHELL_SECURITY_MEASURES_TO_USE_AND_EMBRACE_20220622.PDF (defense.gov)

The CIS provides recommendations for proper configuration and monitoring of PowerShell, as opposed to removing or disabling it entirely due to its use by malicious actors after gaining access into victim networks. These recommendations will help defenders detect and prevent abuse by malicious cyber actors, while enabling legitimate use by administrators and defenders.  CISA urges organizations to review Keeping PowerShell: Measures to Use and Embrace and take actions to strengthen their defenses against malicious cyber activity.

During July 2022, Windows 8.1 users will begin to see end of support notifications for JAN 10 2023.  Like Windows 7 & earlier O/S, Windows 8 will continue to run, but it is always best to be on latest O/S where best levels of security & support are present.

Microsoft To Notify Windows 8.1 Users That End of Support Is Approaching | PCMag

Still running Windows 8.1? Microsoft plans on notifying you about the operating system’s approaching end of support, which will occur next year on January 10th.   Microsoft is preparing a campaign to send the reminder alerts, according(Opens in a new window) to ZDNet, which was first to report the news. The company also told PCMag the notifications will start arriving for Windows 8.1 users next month.

The end of support means that while Windows 8.1 will continue to run, Microsoft will no longer provide security patches, software updates or technical support to the OS. This could leave your device vulnerable in the event a serious flaw is uncovered in the software. So you may want to consider upgrading your device with Windows 10 or 11, although you’ll have to pay up.

CISA shares recent Citrix product updates that are important to install for improved corporate security protection.

Citrix Releases Security Updates for Hypervisor | CISA

Citrix Hypervisor Security Update

Citrix has released security updates to address vulnerabilities that could affect Hypervisor. An attacker could exploit one of these vulnerabilities to take control of an affected system.  CISA encourages users and administrators to review Citrix Security Update CTX460064 and apply the necessary updates

Citrix Releases Security Updates for Application Delivery Management | CISA

Citrix Application Delivery Management Security Bulletin for CVE-2022-27511 and CVE-2022-27512

Citrix has released security updates to address vulnerabilities in Application Delivery Management. An attacker could exploit these vulnerabilities to take control of an affected system.  CISA encourages users and administrators to review Citrix Security Update CTX460016 and apply the necessary updates.

The GOVT has issued version 3.0 for the Trusted Internet Connections guidelines designed to strengthen cloud security endpoint controls

CISA Requests Public Comment on CISA’s TIC 3.0 Cloud Use Case | CISA

TIC Guidance | CISA

MEMORANDUM FOR HEADS OF EXECUTIVE DEPARTMENTS AND AGENCIES (whitehouse.gov)

https://www.cisa.gov/blog/2022/06/16/serving-service-tic-releases-draft-use-cases-covering-cloud-services

CISA has released Trusted Internet Connections (TIC) 3.0 Cloud Use Case for public comment. TIC is a federal cybersecurity initiative intended to secure federal data, networks, and boundaries while providing visibility into agency traffic, including cloud communications.  TIC use cases provide guidance on the secure implementation and configuration of specific platforms, services, and environments, and are released on an individual basis. TIC 3.0 Cloud Use Case defines how network and multi-boundary security should be applied in cloud environments.  

ADDITIONAL RESOURCES:  CISA encourages federal government stakeholders to review: OMB Memorandum M-19-26 and Executive Assistant Director Goldstein’s blog post and TIC 3.0 Cloud Use Case

Redmond Magazine has an in-depth article on the recent disabling of the IE 11 browser for certain Windows 10 products.

Internet Explorer 11 To Live On as ‘IE Mode’ After June 15 — Redmondmag.com

While Microsoft is planning to disable the IE 11 browser for certain Windows 10 semiannual channel releases, IE 11 functionality will still live on with IE Mode in the Edge browser.  As an example, here are just a few of the dates from the FAQ, which includes a table showing the end-of-support dates for IE Mode for multiple Windows operating systems:

• • • Windows 10 Enterprise version 20H2: IE Mode support ends on May 9, 2023.
    • Windows 10 Enterprise version 2004: IE Mode support ends on Dec. 14, 2021.

Those same IE Mode end dates also pertain to the Windows 10 IoT products having those version numbers. See the table in the FAQ for other Windows OS IE Mode end-of-support dates.  This disablement doesn’t actually remove the IE 11 desktop browsers from these Windows 10 systems “as the IE11 engine is required for IE mode to function,” the FAQ explained.

The FTC warns of scammers who are making threatening robo-calls pretending to be GOVT officials.  US Custom & Border patrol never contacts by phone in manner used in these scams

Has the U.S. Border Patrol called you? No, they haven’t. But a scammer might have. In fact, scammers often pretend to be from government agencies to trick you into sending them money or sharing personal information.   The latest twist is imposters who pose as agents and officers from U.S. Customs and Border Protection (CBP). Here’s how the ruse might play out. Scammers send you a recorded message saying illegal items were shipped in your name and have been intercepted. Or they might talk about a “diplomatic pouch.” Or tell you a warrant is out for your arrest. 

BEST PREVENTION & SAFETY PRACTICES

• CBP won’t call you out of the blue with promises of money or threats. Is the caller asking you to pay a fee or share your Social Security, credit card, or bank account numbers over the phone? Hang up. It’s a scam.
• CBP never uses gift cards, cryptocurrency, or wire transfers. If someone asks you to pay this way, it’s a scam. Always.
• Don’t trust caller ID. Scammers can make their phone numbers look real even if they’re not.
• Check with CBP if you’re unsure about whether a call or email is real. Never call back phone numbers in caller ID, or left in voicemails, emails, or social media messages. Instead, type the agency name into a search bar and click on their webpage to find contact information.

SAP is a leading application hosting platform used by many major corporations.  This month security updates have been recently issued as follows:

SAP Releases June 2022 Security Updates | CISA

Digital Library (sap.com)

SAP has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.    CISA encourages users and administrators to review SAP Security Patch Day – June 2022 and apply the necessary updates.  On 14th of June 2022, SAP Security Patch Day saw the release of 10 new Security Notes.