Computer Safety & News

Below are key resources documenting this recent monthly Microsoft Patch Tuesday release

https://isc.sans.edu/forums/diary/Microsoft+December+2019+Patch+Tuesday/25592/

https://blog.talosintelligence.com/2019/12/microsoft-patch-tuesday-dec-2019.html

https://www.thezdi.com/blog/2019/12/10/the-december-2019-security-update-review

https://patchtuesdaydashboard.com/

https://portal.msrc.microsoft.com/en-us/security-guidance/summary

This month we got patches for 36 vulnerabilities total. From those, seven are rated critical and one is already being exploited according to Microsoft. The exploited vulnerability (CVE-2019-1458) may allow a local attacker to elevate privileges and run arbitrary code in kernel mode. This vulnerability was reported by Kaspersky Labs and, according to Zero Day Initiative

https://redmondmag.com/articles/2019/12/03/microsoft-releases-net-core-3-1.aspx

https://devblogs.microsoft.com/dotnet/announcing-net-core-3-1/

Described as a “small and short release,” .NET Core 3.1 focuses on two of the biggest features highlighted in the release of .NET Core 3.0 earlier this fall — Blazor (for C# Web development instead of JavaScript) and desktop development (Windows Forms and Windows Presentation Foundation).

Computer scams & other associated crimes continue to be of major concern in the 2018 statistics captured by the FBI

https://www.fbi.gov/news/pressrel/press-releases/fbi-releases-2018-nibrs-crime-data-as-transition-to-nibrs-2021-continues

In 2018, 7,283 law enforcement agencies, whose jurisdictions covered more than 117.1 million U.S. inhabitants, submitted NIBRS data to the UCR Program. These agencies comprised 43.7 percent of the 16,659 law enforcement agencies that submitted data to the UCR Program in 2018. Based on NIBRS submissions, the FBI compiled aggregate tables on 5,617,945 incidents involving 6,586,140 offenses, 6,944,242 victims, 5,652,156 known offenders, and 3,480,625 arrestees. (Currently, the FBI does not estimate for agencies that do not submit NIBRS data.)

Of the reported offenses, 59.5 percent were crimes against property, 24.1 percent were crimes against persons, and 16.4 percent were crimes against society. Among these categories, the offenses most reported include larceny/theft offenses, assault offenses, and drug/narcotic offenses, respectively.

• The full NIBRS, 2018 report is available online.
• Information about the NIBRS transition is available on the NIBRS web page at fbi.gov/nibrs.
• Related story: 2018 NIBRS Crime Data Released

A new release of this valuable network tracing tool has been released as follows

https://www.wireshark.org/docs/relnotes/wireshark-3.0.7.html

https://isc.sans.edu/forums/diary/Wireshark+307+Released/25584/

It has a vulnerability fix and bug fixes. The vulnerability in the CMS dissector can be abused to cause a crash: CVE-2019-19553

FBI offers highly informative safety tips to avoid Holiday scams in 2019

https://www.fbi.gov/news/stories/avoid-holiday-shopping-scams-112719

‘Tis the season for holiday gifting, and many shoppers will go online this time of year to find the best deals on popular items. But the sellers you buy from may not be what they seem. According to the FBI’s Internet Crime Complaint Center (IC3), thousands of people become victims of holiday scams every year. Scammers can rob you of hard-earned money, personal information, and, at the very least, a festive mood. The two most prevalent of these holiday scams are non-delivery and non-payment crimes.

In a non-delivery scam, a buyer pays for goods or services they find online, but those items are never received. Conversely, a non-payment scam involves goods or services being shipped, but the seller is never paid. In 2018 alone, the IC3 estimates that non-delivery and non-payment scams together affected more than 65,000 victims, causing almost $184 million in losses.

Do your part to avoid becoming a victim. These simple tips from the IC3 can help you look out for scammers during the holiday season or any other time of year:

• • Always get a tracking number for items purchased online so you can make sure they have been shipped and can follow the delivery process.
  • Be wary of sellers who post an auction or advertisement as if they reside in the U.S., then respond to questions by stating they are out of the country on business, family emergency, or similar reasons.
  • Avoid sellers who post an auction or advertisement under one name but ask that payment be sent to someone else.
  • Consider canceling your purchase if a seller requests funds be wired directly to them via a money transfer company, pre-paid card, or bank-to-bank wire transfer. Money sent in these ways is virtually impossible to recover, with no recourse for the victim. Always remember that anyone who asks you to use one of these forms of payment might be a scammer. A credit card is generally the safest way to pay for an online purchase.
  • Avoid sellers who act as authorized dealers or factory representatives of popular items in countries where there would be no such dealers.
  • Verify the legitimacy of a buyer or seller before moving forward with a purchase. If you’re using an online marketplace or auction website, check their feedback rating. Be wary of buyers and sellers with mostly unfavorable feedback ratings or no ratings at all.
  • Avoid buyers who request their purchase be shipped using a certain method to avoid customs or taxes inside another country.
  • Be suspect of any credit card purchases where the address of the cardholder does not match the shipping address. Always receive the cardholder’s authorization before shipping any products.
  • Always be wary of deals that seem too good to be true.

If you do become the victim of a holiday scam, contact your bank immediately. You should also inform your local law enforcement agency, and file a complaint with the IC3 at ic3.gov.

Some good security videos related to Black Friday and Cyber Monday 2019 e-commerce safety

Linux Ubuntu 19.10 offers improved performance as shared in this review

https://arstechnica.com/gadgets/2019/11/ubuntu-19-10-quite-simply-the-best-ubuntu-canonical-has-ever-released/

The first reason I like 19.10 so much is that it feels insanely fast. Everyday tasks like opening applications, dragging windows, activating the search interface, and even just moving the cursor around are all noticeably faster than in 19.04. The speed boost is immediately noticeable from the minute you pop in the live CD, and it’s even faster once you have 19.10 installed.

Most improvements in 19.10 can be attributed to the latest release of GNOME 3.34, the default desktop for Ubuntu. However, GNOME 3.34 is faster largely because of work Canonical engineers put in.

Announcing Windows 10 Insider Preview Build 19033

If you want a complete look at what build is in which Insider ring, head over to Flight Hub. You can also check out the rest of our documentation here including a complete list of new features and updates that have gone out as part of Insider flights for the current development cycle.   To avoid confusion with Windows Server 2003, Microsoft made the decision to make Windows 10 version 2004 the next feature update for the operating system.

https://www.neowin.net/news/microsoft-surface-pro-x-review-its-the-perfect-portable-pcfor-me

Processor Microsoft SQ1
GPU Microsoft SQ1 Adreno 685
Display 13 inches, 2880×1920, 267ppi, 3:2, 450 nits
Body 11.3×8.2×0.28in (287x208x7.3mm), 1.7lbs (774g)
RAM 16GB LPDDR4x RAM at 3733Mbps
Storage 256GB removable SSD
Ports (2) USB 3.1 Gen 1 Type-C
(1) Surface Connect
(1) Nano-SIM
Surface Keyboard connector
Battery life Up to 13 hours
Windows Hello IR camera
OS Windows 10 Home
Color Black
Material Aluminum
Price $1,499

QUOTE —The first Surface PC to use an ARM processor was actually the original Surface, but things have changed a lot since then. At Snapdragon Technology Summit in 2016, Qualcomm and Microsoft announced their plans to bring full Windows 10 to ARM processors, running native ARM apps like Windows RT did, but filling in a key gap by offering support for x86 apps through emulation.

It’s been a long road since then though. The first two generations, the Snapdragon 835 and 850, weren’t powerful enough for premium PCs. And then came the Snapdragon 8cx, a chipset built from the ground up for PCs, with Qualcomm promising performance on par with an eighth-generation Intel Core i5.

Now, it seems like Windows on ARM is ready for prime time. Microsoft’s Surface Pro X legitimizes Windows 10 on ARM, using its custom SQ1 processor. The new chip architecture brings with it a design overhaul from the Intel models, packing a slimmer design that’s possible with the smaller chipset and lack of a need for a fan.

I’ve always been a fan of Windows on ARM PCs, for their slim and light designs, integrated 4G LTE connectivity, instant-on functionality, and frankly, it’s nice to see a little bit of diversity in the processor lineup with Windows PCs.