Computer Safety & News

WIndows 10/11 & the latest versions of Server, SQL-Server, Office, etc. all have improved security over past versions.  There was a 47% reduction in CRITICAL security patches during 2021 & the same trend seems to be holding into 2022.

Microsoft ‘Critical’ Flaw Total Drops 47 Percent — Redmondmag.com

Microsoft Vulnerabilities Report 2022 | BeyondTrust

Last year saw a significant decrease in “critical” security flaws in Microsoft software and a drop in overall vulnerabilities, according to a report released Friday by security firm BeyondTrust.  The firm’s “Microsoft Vulnerabilities Report” takes a look at the total number of security bulletins issued in a year to provide a snapshot of Microsoft’s security landscape. The latest report found that the total number of Microsoft flaws (1,212 bulletins) fell 5 percent and that critical flaws saw a year-over-year decrease of 47 percent in 2021 — the largest decline BeyondTrust has seen since issuing this report.

While the overall amount of security flaws decreased, there was an uptick in elevation-of-privilege issues. Last year saw 588 reported flaws, compared to 2020’s 559. Further, security feature bypass saw a slight uptick to 44 flaws in 2021, compared to 30 from the previous year. Here’s the full breakdown of Microsoft’s vulnerability category totals for 2021:

• • • Remote Code Execution: 326
    • Elevation of Privilege: 588
    • Information Disclosure: 129
    • Denial of Service: 55
    • Spoofing: 66
    • Tampering: 3
    • Security Feature Bypass: 44

The CISA and other GOVT cybersecurity agencies have release an excellent risk management guide for 5G security to promote best practices for mobile devices. 

CISA and DoD Release 5G Security Evaluation Process Investigation Study | CISA

CISA, DHS S&T, DoD Introduce Results of an Assessment into the 5G Security Evaluation Process  | CISA

https://csrc.nist.gov/Projects/Risk-Management

CISA and the Department of Defense (DoD) have released their 5G Security Evaluation Process Investigation Study for federal agencies. The new features, capabilities, and services offered by fifth-generation (5G) cellular network technology can transform mission and business operations; and federal agencies will eventually be applying different 5G usage scenarios: low-, mid-, and high-band spectrum.

The study provides an overview of the proposed 5G Security Evaluation Process and applies the process to a private 5G network use case to demonstrate considerations for each step within the overarching process. The study is a joint effort among CISA, the Department of Homeland Security’s Science and Technology Directorate, and DoD’s Under Secretary of Defense for Research and Engineering.

The proposed process detailed in the study can support government agency activities during the Risk Management Framework system-level “Prepare” step for 5G-enabled systems; and federal program and project managers should use the study’s repeatable methodology in their required evaluations.

Citrix HDX adds advanced capabilities for high-end graphic & other user needs.  It integrate Citrix access capabilities with the Azure cloud as described below:

Windows 365 Subscribers To Get Citrix HDX Option This Year — Redmondmag.com

Citrix extends Windows 365 Cloud PC to new audiences – Microsoft Tech Community

The two long-time partners announced HDX support for Windows 365 in a Wednesday Microsoft announcement and Citrix announcement. The integration is expected to happen “later this year,” and Citrix has published this sign-up page for interested parties to get notifications.  Microsoft, for its part, is promising that IT pros will have access to “streamlined Citrix user licensing” with the coming Citrix HDX option. Moreover, it’ll be possible to carry out a “seamless switch to Citrix clients through Microsoft Endpoint Manager and windows365.microsoft.com,” Microsoft promised. Citrix described the kind of improvements that HDX technology will bring to Windows 365 as follows:

• • High-end graphics technology;
  • Support for a broader range of endpoint devices and peripherals;
  • Advanced security and policy controls; and
  • Third-party identity integrations.

HDX is Citrix’s suite of technologies, built on top of the Independent Computing Architecture (ICA) remoting protocol, that supports high-definition experiences for virtual desktop users, including 3D graphics applications support, according to this Citrix HDX description. HDX is the central component in Citrix’s virtual apps and desktops offerings, including Citrix Workspace.

Microsoft BUILD is the key conference to attend for developers, ADMINS, and other IT professionals (replacing the older “Tech Ed” conferences of past).  These are valuable sessions to attend or review as they share future directions for key products.

Nadella Highlights AI and Cloud Native Apps at Build Event for Developers — Redmondmag.com

The Microsoft Build keynote talk by CEO Satya Nadella on Tuesday stressed Microsoft’s role as a builder of platforms that other organizations can use to build their own platforms.  To that end, Nadella highlighted 10 general technologies that Microsoft has fostered to make life easier for developers. They are:

• • • Developer flow
    • Cloud ubiquity
    • App ubiquity
    • Cloud native
    • Unified data
    • Models as platforms
    • Hybrid AI
    • Low code/no code
    • Collaborative apps
    • Metaverse

SANS ISC shares awareness of embedded PE files designed to evade AV detection & even appears a more legitimate “digitally signed” object.    Malware can be embedded within zipped files & larger objects as discussed in this informative article.  

Huge Signed PE File – SANS Internet Storm Center

Xavier’s diary entry “A ‘Zip Bomb’ to Bypass Security Controls & Sandboxes” reminded me of something. I’ve seen huge PE files like Xavier saw, but I’ve also seen a couple of huge PE files that are signed. I will explain here how you can reduce their size.  I’ve seen PE files like this. What I’ve also seen a couple of times, is a huge PE file like this (again, picture not to scale).

To recover the original PE file, and make it much smaller, suitable for analysis, one removes the NULL block.   The file is huge: 400 MB. But when you look at the sections, they are in total less than 2 MB with a 398 MB nulls section

Key links for this key virtual conference are noted below:

Microsoft Build 2022: 10 Key Products Hitting General Availability — Redmondmag.com

Microsoft Build 2022

https://mybuild.microsoft.com

Microsoft’s annual Build conference for developers kicked off on Tuesday as a virtual event with the usual deluge of product announcements. Below we’ve distilled Microsoft’s lengthy “Book of News” to spotlight the general availability release milestones of 10 of the most interesting Microsoft technologies for IT pros and developers.

1. Single-Node Azure Stack HCI
2. Microsoft Intelligent Data Platform
3. Azure Container Apps
4. .NET MAUI
5. Teams Toolkit for Visual Studio Code
6. Azure DCsv3 VMs with Intel Software Guard Extensions
7. Azure Communication Services Mobile UI Library
8. Azure App Service Landing Zone Accelerator
9. Service Bus Explorer in Azure Portal
10. MySQL Flexible Server ‘Business Critical’ Tier

An improved version of OneNote will integrate classic & modern designs into a single product in forthcoming future release

Microsoft’s New OneNote for Windows Looks Great (howtogeek.com)

Microsoft confirmed last year that it was merging the modern (“OneNote for Windows 10”) and classic (Win32) OneNote applications on Windows into one combined application, and now the company has detailed its recent and upcoming changes.   The updated OneNote app has a similar layout as the classic OneNote app, but with a completely refreshed look and feel to match Windows 11 (and Microsoft’s other modern apps). There’s still a ribbon interface at the top with tabs for switching between tools, just like all the other Office applications. For anyone used to the simpler view in OneNote for Windows 11, there’s a toggle to switch to a simplified ribbon with fewer buttons.

As crime does not pay long term, a major arrest has just occurred for the leader of a major Nigerian cybercrime group

Interpol Nabs Nigerian Man Behind Massive Email Phishing Campaigns | PCMag

Suspected head of cybercrime gang arrested in Nigeria (interpol.int)

The unnamed 37-year-old suspect allegedly launched phishing schemes and business email compromise attacks on thousands of companies and individual victims.  Interpol identified the head of a Nigerian cybercrime gang responsible for launching phishing email attacks on four continents.  Interpol arrested the 37-year-old Nigerian man with the help of local police in his country and IT security firms, including Palo Alto Networks, Group-IB, and Trend Micro. The unnamed man allegedly orchestrated phishing attacks and business email compromise schemes targeting thousands of companies and individual users, according to Group-IB.

Palo Alto Networks added it was able to identify 240 internet domains the Nigerian man allegedly used in his phishing schemes. “Of that number, over 50 were used to provide command and control for malware. Most notably, this actor falsely provided a street address in New York City associated with a major financial institution when registering his malicious domains,” the company wrote in its report.

The FTC shares an awareness of active scams, while baby formula supply is in process of being increased.  As some parents may be desperate for needed supplies, scammers can unfortunately take advantage of folks.  Please be careful in only using safe & reliable mainstream resources. 

Not enough baby formula means plenty of scammers | Consumer Advice (ftc.gov)

Scammers exploiting the high demand for baby formula have sunk to new lows. They’re popping up online and tricking desperate parents and caregivers into paying steep prices for formula that never arrives.  Scammers may set up fake websites or profiles on social media platforms with product images and logos of well-known formula brands — all to make you think you’re buying products from the companies’ official websites.

Best practices to avoid SCAM attacks

• Check out the company or product by typing its name in a search engine with terms like “review,” “complaint,” or “scam.” See what other people say about it.
• Consider how you pay. Credit cards often give you the strongest protections, so you can sometimes get your money back if you ordered something but didn’t get it. But anyone who demands payment by gift card, money transfer, or cryptocurrency is a scammer.
• Know your rights. When you shop online, sellers are supposed to ship your order within the time stated in their ads, or within 30 days if the ads don’t give a time. If a seller can’t ship within the promised time, it has to give you a revised shipping date, with the chance to either cancel your order for a full refund or accept the new shipping date.
• Search for local resources. Call your pediatrician to see if they have formula in stock. Pediatricians often get samples of different formulas and may be able to help. If you are a participant in the Women, Infants and Children (WIC) nutrition assistance program, contact your local office to find formula.

The FTC shares an awareness of scam approaches for those seeking employment … never pay for special services offered as noted in awareness below

Applying for jobs? Be on the lookout for scams | Consumer Advice (ftc.gov)

You might have just graduated from college, but there’s still more to learn when you’re on the job hunt. Not every posting or job recruiter is legit. Learn how to spot the scams.  We’ve been getting reports about a scam that starts out with a job recruiter reaching out to ask for your resume. Sounds normal — right?   Well, that’s where “normal” ends. After you send that over, you’re told that the format is “incompatible.” The next thing you know, you’re asked to send your resume to a website to “reformat” it — for a fee. In other words, they’re asking you to pay for a job.

To avoid job scams

• Do an online search. Look up the name of the company or the person who’s hiring you, plus the words “scam,” “review,” or “complaint.” You might find out they’ve scammed other people.
• Talk to someone you trust. Describe the offer to them. What do they think? You don’t want to be rushed into a decision.
• Don’t pay for the promise of a job. Legitimate employers, including the federal government, will never ask you to pay to get a job. Anyone who does is a scammer.