Computer Safety & News

CISA has issued a new alert for the new TAIDOOR command-and-control botnet as follows:

https://us-cert.cisa.gov/ncas/current-activity/2020/08/03/chinese-malicious-cyber-activity

https://us-cert.cisa.gov/ncas/analysis-reports/ar20-216a

The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Defense (DoD) have identified a malware variant—referred as TAIDOOR—used by the Chinese government. FBI has high confidence that Chinese government actors are using malware variants in conjunction with proxy servers to maintain a presence on victim networks and to further network exploitation. CISA, FBI, and DoD are distributing this alert to enable network defense and reduce exposure to Chinese government malicious cyber activity.

CISA recommends that users and administrators consider using the following best practices to strengthen the security posture of their organization’s systems. Any configuration changes should be reviewed by system owners and administrators prior to implementation to avoid unwanted impacts.

• • Maintain up-to-date antivirus signatures and engines.
  • Keep operating system patches up-to-date.
  • Disable File and Printer sharing services. If these services are required, use strong passwords or Active Directory authentication.
  • Restrict users’ ability (permissions) to install and run unwanted software applications. Do not add users to the local administrators group unless required.
  • Enforce a strong password policy and implement regular password changes.
  • Exercise caution when opening e-mail attachments even if the attachment is expected and the sender appears to be known.
  • Enable a personal firewall on agency workstations, configured to deny unsolicited connection requests.
  • Disable unnecessary services on agency workstations and servers.
  • Scan for and remove suspicious e-mail attachments; ensure the scanned attachment is its “true file type” (i.e., the extension matches the file header).
  • Monitor users’ web browsing habits; restrict access to sites with unfavorable content.
  • Exercise caution when using removable media (e.g., USB thumb drives, external drives, CDs, etc.).
  • Scan all software downloaded from the Internet prior to executing.
  • Maintain situational awareness of the latest threats and implement appropriate Access Control Lists (ACLs).

As shared by Redmond magazine — Microsoft plans to change Cortana capabilities for some future versions of Windows 10

https://redmondmag.com/articles/2020/08/03/microsoft-to-end-some-cortana-capabilities.aspx

Microsoft on Friday announced plans to pull back on some of Cortana’s capabilities for U.S. consumers, while also promoting it as more of a personal digital assistant for Microsoft 365 business users.  A few details to that end were described in a support article. It described Cortana’s current development direction as aiming more toward an “AI-powered assistant experience in Microsoft 365.”

A new rootkit vulnerability called “Boothole has been discovered by security researchers for devices using GRUB boot loader (for dual booting to Linux or other O/S) … Rootkits that take over PCs during initial boot-up are less frequent than years ago due to improvements by Microsoft & the new UEFI standards — however multi-boot setups can introduce issues like this new threat below

https://redmondmag.com/articles/2020/07/30/microsoft-boothole-vulnerability.aspx

Microsoft on Wednesday issued Security Advisory ADV200011 concerning a security bypass vulnerability for the Secure Boot protection scheme in machines using the Grand Unified Boot Loader (GRUB).  GRUB, currently at version 2, is used in Linux operating system distributions. However, the vulnerability (CVE-2020-10713) is present in all Unified Extensible Firmware Interface (UEFI) client and server machines “where Secure Boot trusts the [Microsoft] third-party UEFI CA [certificate authority],” the advisory noted.

A successful attack using the vulnerability permits attackers to “run arbitrary boot code on the target device,” which enables them to load “executables and drivers” on the device. It essentially would let attackers bypass Secure Boot, a protection scheme in UEFI-based machines, early on championed by Microsoft, that was designed to prevent malware from loading at the boot-process level. Such malware is typically called a “rootkit.”

The discoverers of the vulnerability, Portland, Ore.-based device security firm Eclypsium, aptly dubbed this vulnerability “BootHole.”  Eclypsium researchers are planning to talk about BootHole in a coming online presentation, starting on Aug. 5, with sign-up accessible at this page.  In a must-read description of both Secure Boot and the BootHole flaw, Eclypsium indicated in a blog post that most devices, Linux-based or otherwise, are subject to these exploits:

In past years, early fall is usually Apple’s launch time frame for new versions of it’s smartwatch.  And version 6 may even add blood oxygen monitoring alerts which can possibly result from COVID-19, flu, or other respiratory illnesses.

https://www.pcmag.com/news/report-apple-watch-series-6-includes-a-blood-oxygen-sensor-smartwatches

One of the reasons the Apple Watch has proved to be such a popular smartwatch is the fact it doubles as a health monitor, and it’s apparently going to get even better at doing that when the Apple Watch Series 6 launches later this year.  As 9To5Mac reports, leaked information via Digitimes suggests Apple has managed to secure the required hardware to include blood oxygen monitoring as a standard feature of the next Watch. The human body requires a very specific oxygen mix in our blood, with a healthy adult having a 95-100 percent mix.  Blood oxygen is therefore a great thing to be able to monitor.

This is one of top leadership articles I’ve read so far in 2020 from Harvard Business Review:

How to Build a Company That (Actually) Values Integrity
https://hbr.org/2020/07/how-to-build-a-company-that-actually-values-integrity

For decades, leaders were expected to focus on one thing: financial results. But we are now in the midst of an ethical revolution. Leaders are increasingly held accountable for poor behavior, and companies are pushed by employees, governments, and customers to step up and adopt a multi-stakeholder approach that serves social purposes as well as investor demands. Canned codes of ethics that ask employees to check a box to certify that they’ve read the material and third-party online ethics training courses might be all that is required to comply with the law, but they don’t move the needle. Employees see them mostly as a nuisance they have to suffer through. Business leaders need to do more …

https://www.engadget.com/google-one-free-iphone-android-backup-170027360.html

Last year, Google added automatic Android phone backups to Google One, the company’s “membership” program that includes Drive storage, family sharing and a handful of other perks. It made sense for Google to bake that feature right into Android, but today the company announced it’ll soon do the same for iPhone users as well. And whether you use an Android device or iPhone, the phone backup feature will be free for everyone, regardless of whether or not you have a Google One subscription.

This means that people who aren’t paying for Google One’s extra Drive storage will have their base 15GB to split between Gmail, Drive, Photos and now phone backups. That’ll likely be tight for a lot of people, but if you aren’t using Drive or Photos much it should be workable. iPhone users can manage their phone backups through a new Google One app that’s coming out soon; it’ll store photos, videos, contacts and calendar events in your Google account. Given that Apple already has backup options for all those things (albeit with a paltry free 5GB of iCloud storage), it wouldn’t surprise me if this feature mostly goes unnoticed.

What Is Microsoft 365? — Microsoft 365 is a way for businesses, and now consumers as well, to subscribe to Office, Teams, and other Microsoft software.

https://www.pcmag.com/news/what-is-microsoft-365

Microsoft 365 is an umbrella offering of software and services for organizations that launched in the summer of 2017. Because some may be scratching their heads as to what precisely Microsoft 365 is, we provide an explanation of what it’s all about below. Microsoft representatives (who also call it M365) describe the product as Office 365 plus Windows 10 plus Enterprise Mobility.

Update: In March 2020, the company unveiled a version of Microsoft 365 for consumers. That offering differs from the business plans, and it replaces Office 365 plans. It includes not only the Office apps, but also OneDrive cloud storage, Outlook, Family Safety (including apps for Android and iOS), and Teams for Families. It also includes new consumer-targeted finance templates for Excel, and AI-powered style checking for Word.

The offering has been a success at attracting customers: At a recent Goldman Sachs conference last month, Microsoft Corporate Vice President Jared Spataro stated that “over a quarter of Office 365 licenses are being purchased through M365 or through Microsoft 365.”   Microsoft 365 is available in three flavors: Business, Enterprise, and Education. Pricing starts at $20 per user per month for the Business level, which gets you all of Office 365.

I enjoyed Microsoft Pinball, Golf & Flight Simulator during advent of PCs in early 1980s.  Latest version has advanced “AI” that interacts with “Bing Maps” & Azure for highest level of realism so far. 

https://www.theverge.com/21347809/microsoft-flight-simulator-2020-preview-interview-hands-on

Microsoft is releasing perhaps the biggest upgrade to the series in its 38-year history. Microsoft Flight Simulator, is an ambitious attempt to leverage Microsoft’s Bing Maps data and Azure-powered procedural generation technology to render our planet in unprecedented detail.  I’ve been playing a pre-release alpha version for a couple of weeks, and it’s frankly astonishing. This is a full-throttle effort from Microsoft to re-create the natural world and the magic of flight. And while it carries the weight of an iconic series, it feels like it came from nowhere. Why is Microsoft reviving Flight Simulator now?

https://us-cert.cisa.gov/ncas/current-activity/2020/07/29/mozilla-releases-security-updates-multiple-products

Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system.  CISA encourages users and administrators to review the following Mozilla Security Advisories and apply the necessary updates:

• • Firefox 79
  • Firefox ESR 68.11
  • Firefox ESR 78.1
  • Thunderbird 78.1
  • Firefox iOS 28

https://redmondmag.com/articles/2020/07/28/windows-virtual-desktop-support.aspx

The Windows Virtual Desktop (WVD) service now has Azure Portal integration, plus Audio/Video (A/V) Redirect support for Microsoft Teams client sessions, Microsoft announced on Monday.   Both capabilities are now at the “general availability” commercial-release stage for users of the WVD service, Microsoft indicated. The WVD service, which supports remotely accessing desktops and apps from Microsoft Azure datacenters, got commercially released by Microsoft back in September.