Computer Safety & News

NEW MS/Defender AV performance tuning commandlets are being added to PowerShell 5.1 to better measure & turn AV active scanning performance.  This will help tune overall WIN10/WIN11 performance by providing new measurement & problem identification capabilities.

New PowerShell Tools Assess Microsoft Defender Antivirus Performance — Redmondmag.com

Announcing performance analyzer for Microsoft Defender Antivirus – Microsoft Tech Community

Microsoft on Tuesday announced new PowerShell 5.1 cmdlets for analyzing the scanning performance of the Microsoft Defender Antivirus service.  IT pros with administrator privileges can run a performance recording cmdlet (New-MpPerformanceRecording) to collect performance information about Microsoft Defender Antivirus scans. They next run a performance report cmdlet (Get-MpPerformanceReport) that provides analysis based on the scan information that was collected.

The performance analysis for Microsoft Defender Antivirus cmdlets are getting released “in early September,” allowing IT pros to troubleshoot situations where anti-malware scans may be slowed down, perhaps. Microsoft explained that “there are times that scans can take a while to complete due to various factors such as environment configurations, longer processes, or unknown files.”

SANS ISC shares highly educational update on IPv6, which “on paper” is a superior 64 bit networking topology.  However, the older IPv4 standards will likely remain the main approach for foreseeable future

Why I Gave Up on IPv6. And no, it is not because of security issues. (sans.edu)

IPv6 adoption is growing. Around 30% of the Alexa Top 1000 websites support IPv6. Comcast, the ISP I am using, rolled out IPv6 to every customer, and according to some statistics, around 70% are actually using it [1]. About 35% of traffic reaching Google uses IPv6 [2]. I have been using IPv6 myself for probably over a decade by now.

No static IPv6 addresses, no /48 allocations, inability to do fail over to a different carrier, stability issues, and lack of support are why I now, after 10+ years, no longer use IPv6 in my network. There are pockets where I may still use it, but so far, there isn’t really a good reason to keep IPv6 enabled. Nothing “broke” so far. Lackluster implementations by ISPs that fix the current issue and no/limited use of ISPs by enterprise networks and cloud providers make it difficult to justify the time it takes. And maybe I am getting too old to play with my network configuration all the time.

[1] https://www.worldipv6launch.org/measurements/
[2] https://www.google.com/intl/en/ipv6/statistics.html
[3] https://www.rmv6tf.org/wp-content/uploads/2012/11/TCO-of-CGN1.pdf
[4] https://www.ripe.net/publications/docs/ripe-690
[5] https://datatracker.ietf.org/doc/html/rfc6877
[6] https://www.internetsociety.org/resources/deploy360/2014/case-study-t-mobile-us-goes-ipv6-only-using-464xlat/

Microsoft has released workarounds for a new MSHTML Remote Code Execution Vulnerability (CVE-2021-40444) in MS/Office that is actively being used in new attacks.  An ActiveX control can be disabled manually to protect users until an official patch is issued later. MSHTML is Internet Explorer’s Trident engine for special OFFICE processing.

Microsoft Releases Mitigations and Workarounds for CVE-2021-40444 | CISA

CVE-2021-40444 – Security Update Guide – Microsoft – Microsoft MSHTML Remote Code Execution Vulnerability

Microsoft Offers Workaround for 0-Day Office Vulnerability (CVE-2021-40444) (sans.edu)

Microsoft Warns of Active Attacks Using Malicious Office Documents — Redmondmag.com

Microsoft has released mitigations and workarounds to address a remote code execution vulnerability (CVE-2021-40444) in Microsoft Windows. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system. This vulnerability has been detected in exploits in the wild.   CISA encourages users and administrators to review Microsoft’s advisory and to implement the mitigations and workarounds.

Microsoft has released commercial preview versions of WIN11 and WIN10 v21H2 release so that corporations can start early pilot testing

Microsoft Releases ‘Commercial Previews’ of Windows 11 and Windows 10 Version 21H2 — Redmondmag.com

Microsoft on Thursday announced that “commercial previews” of Windows 11 and Windows 10 version 21H2 are available for testing by organizations opting into the Windows Insider Program for Business.  Windows 11 will only be available if a device meets Microsoft’s hardware requirements. Devices also need to have installed a Sept. 1 optional cumulative update, namely KB5005101.

Current Windows Insider Program for Business participants will get offered Windows 11 automatically as an optional update. They’ll have an option to “Stay on Windows 10 for now.” If they are staying, then they’ll be offered an optional update to Windows 10 version 21H2.

The FTC warns of dangers associated with malicious phone apps that can secretly turn on camera or voice recordings

SpyFone barred from selling stalking apps that secretly monitor phone activity | FTC Consumer Information

Phone monitoring apps designed to avoid detection by the owner of the phone don’t just invade your privacy — they make it possible for stalkers and domestic abusers to track the location of the person they are targeting in real-time. Stalkerware apps can give an abuser secret access to their target’s location, phone conversations, text and email messages, and photos. Some can even take pictures, turn on the microphone to record calls, and send commands by text to make the phone vibrate or ring.

The FTC sued a stalkerware app company Support King, LLC, which operated as SpyFone.com, and its CEO Scott Zuckerman. SpyFone, the company’s app, allowed users to secretly track another person’s mobile device. The FTC says the company secretly harvested and shared data on people’s physical movements, phone use, and online activities through a hidden device hack. According to the FTC, SpyFone failed to ensure people were using the app for legitimate purposes and didn’t protect the information it collected, allowing stalkers or domestic abusers to stealthily track their potential targets and exposing device owners to hackers, identity thieves, and other cyber threats.

The final builds for WIN11 are being solidified for the final release on 10-05-2021.  11 top features & improvements are noted by Microsoft below

Windows 11 available on October 5 | Windows Experience Blog

Here are 11 highlights of this release

1. The new design and sounds are modern, fresh, clean and beautiful, bringing you a sense of calm and ease.
2. With Start, we’ve put you and your content at the center. Start utilizes the power of the cloud and Microsoft 365 to show you your recent files no matter what device you were viewing them on.
3. Snap Layouts, Snap Groups and Desktops provide an even more powerful way to multitask and optimize your screen real estate.
4. Chat from Microsoft Teams integrated into the taskbar provides a faster way to connect to the people you care about.
5. Widgets, a new personalized feed powered by AI, provides a faster way to access the information you care about, and with Microsoft Edge’s world class performance, speed and productivity features you can get more done on the web.
6. Windows 11 delivers the best Windows ever for gaming and unlocks the full potential of your system’s hardware with technology like DirectX12 Ultimate, DirectStorage and Auto HDR. With Xbox Game Pass for PC or Ultimate you get access to over 100 high-quality PC games to play on Windows 11 for one low monthly price. (Xbox Game Pass sold separately.)
7. Windows 11 comes with a new Microsoft Store rebuilt with an all-new design making it easier to search and discover your favorite apps, games, shows, and movies in one trusted location. We look forward to continuing our journey to bring Android apps to Windows 11 and the Microsoft Store through our collaboration with Amazon and Intel; this will start with a preview for Windows Insiders over the coming months.
8. Windows 11 is the most inclusively designed version of Windows with new accessibility improvements that were built for and by people with disabilities.
9. Windows 11 unlocks new opportunities for developers and creators. We are opening the Store to allow more developers and independent software vendors (ISVs) to bring their apps to the Store, improving native and web app development with new developer tools, and making it easier for you to refresh the look and feel across all our app designs and experiences.
10. Windows 11 is optimized for speed, efficiency and improved experiences with touch, digital pen and voice input.
11. Windows 11 is the operating system for hybrid work, delivering new experiences that work how you work, are secure by design, and easy and familiar for IT to deploy and manage. Businesses can also test Windows 11 in preview today in Azure Virtual Desktop, or at general availability by experiencing Windows 11 in the new Windows 365

Microsoft Schedules Windows 11 Release for Oct. 5 — Redmondmag.com

Windows 11 available on October 5 | Windows Experience Blog

Windows 11, Microsoft’s next-gen desktop operating system, will begin rolling out on Oct. 5, Microsoft announced Tuesday.  On that date, Microsoft will start offering the upgrade for free to existing devices that meet Windows 11’s hardware requirements. The upgrade will be offered via Windows Update. New devices with Windows 11 will also hit retail shelves on Oct. 5.

A ‘Measured’ Rollout

Microsoft described its planned rollout of the Windows 11 upgrade as “phased and measured,” starting first with “new eligible devices.” It will then offer the upgrade to older devices depending on their “hardware eligibility, reliability metrics, age of device and other factors that impact the upgrade experience.” Microsoft expects all qualified devices will have the upgrade by mid-2022.

“While the cat is away – the mice will play” .. As alll in IT field need R&R — CISA shares it’s an optimal time frame to launch new innovative attacks as ADMINS may be more apt to be “out of office”

FBI-CISA Advisory on Ransomware Awareness for Holidays and Weekends | CISA

Ransomware Awareness for Holidays and Weekends | CISA

Today, the Federal Bureau of Investigation (FBI) and CISA released a Joint Cybersecurity Advisory (CSA) to urge organizations to ensure they protect themselves against ransomware attacks during holidays and weekends—when offices are normally closed.

Although FBI and CISA do not currently have any specific threat reporting indicating a cyberattack will occur over the upcoming Labor Day holiday, malicious cyber actors have launched serious ransomware attacks during other holidays and weekends in 2021. The Joint CSA identifies both immediate and longer term actions organizations can take to protect against the rise in ransomware, including:

• • Making an offline backup of your data.
  • Avoiding clicking on suspicious links.
  • Securing and monitoring Remote Desktop Protocol endpoints.
  • Updating OS and software.
  • Using strong passwords.
  • Using multi-factor authentication.

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have observed an increase in highly impactful ransomware attacks occurring on holidays and weekends—when offices are normally closed—in the United States, as recently as the Fourth of July holiday in 2021. The FBI and CISA do not currently have any specific threat reporting indicating a cyberattack will occur over the upcoming Labor Day holiday. However, the FBI and CISA are sharing the below information to provide awareness to be especially diligent in your network defense practices in the run up to holidays

CISA Adds Single-Factor Authentication to list of Bad Practices | CISA

https://www.cisa.gov/BadPractices

Today, CISA added the use of single-factor authentication for remote or administrative access systems to our Bad Practices list of exceptionally risky cybersecurity practices. Single-factor authentication is a common low-security method of authentication. It only requires matching one factor—such as a password—to a username to gain access to a system.  Although these Bad Practices should be avoided by all organizations, they are especially dangerous in organizations that support Critical Infrastructure or National Critical Functions.  CISA encourages all organizations to review the Bad Practices webpage and to engage in the necessary actions and critical conversations to address Bad Practices. For guidance on setting up strong authentication, see the CISA Capacity Enhancement Guide: Implementing Strong Authentication.

Many “flavors” of Ransomware are circulating as some of most dangerous active security threats

FBI Releases Indicators of Compromise Associated with Hive Ransomware | CISA

210825.pdf (ic3.gov)

The Federal Bureau of Investigation (FBI) has released a Flash report detailing indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) associated with ransomware attacks by Hive, a likely Ransomware-as-a-Service organization consisting of a number of actors using multiple mechanisms to compromise business networks, exfiltrate data and encrypt data on the networks, and attempt to collect a ransom in exchange for access to the decryption software.  CISA encourages users and administrators to review the technical details, IOCs, and TTPs in FBI Flash MC-000150-MW and apply the recommend mitigations.