Uncategorized

https://www.us-cert.gov/ncas/current-activity/2019/03/19/Microsoft-Ending-Support-Windows-7

All software products have a life-cycle. After January 14, 2020, Microsoft will no longer provide security updates or support for PCs running the Windows 7 operating system. After this date, this product will no longer receive free:

•         Technical support for any issues
•         Software updates
•         Security updates or fixes

Computers running the Windows 7 operating system will continue to work even after support ends. However, using unsupported software may increase the risks from viruses and other security threats.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to upgrade to a currently supported operating system. For more information, see the Microsoft End of Support FAQ.

https://redmondmag.com/articles/2019/03/13/windows-7-support-notices.aspx

Microsoft plans to issue regular notices starting next month that will inform Windows 7 Service Pack 1 (SP1) users that the operating system will reach its end-of-support phase on Jan. 14, 2020.    These notices will be sent as a “courtesy reminder” to users and will recur “a handful of times in 2019,” unless the end users selects an option to not get notified again, according to a Tuesday announcement by Matt Barlow, corporate vice president for Windows. Microsoft did a similar thing years ago when Windows XP was nearing its end-of-support phase.   End of support means that Microsoft will no longer issue security updates for the 10-year-old Windows 7. It would be a potential security risk for individuals and organizations to continue to run that OS unpatched.

Mozilla Firefox version 66 has added automatic video-play blocking as a default security setting in this new release

https://www.engadget.com/2019/03/19/firefox-66-blocks-auto-playing-videos/

https://www.mozilla.org/en-US/firefox/66.0/whatsnew/

As promised, Mozilla is about to make web videos decidedly less annoying. Its newly released Firefox 66 blocks auto-playing videos by default, preventing web ads or video sites from startling you when you’re not ready (or willing) to watch. Some sites will still play the video regardless, Mozilla said, but will stay muted until you choose otherwise.

The new version also addresses another web quirk: slow-loading ads and images that yank you out of position on a page. Firefox now includes scroll anchoring that should keep you in place even as content pops in and potentially disrupts your reading.  Other improvements include multi-tab searching (including across other synced devices), searching in private browsing mode, clearer warnings for insecure pages and Windows Hello support for the password-free Web Authentication standard. Some of these additions aren’t new to web browsers, but they might be welcome if you’re looking for an alternative browser that respects your intentions… and your ears

Major events are often used as themes for fake donations, email scams, and to spread malware.  Users should be cautious as US CERT shares a warning below

https://www.us-cert.gov/ncas/current-activity/2019/03/15/New-Zealand-Related-Scams-and-Malware-Campaigns

In the wake of the recent New Zealand mosque shootings, the Cybersecurity and Infrastructure Security Agency (CISA) advises users to watch out for possible malicious cyber activity seeking to capitalize on this tragic event. Users should exercise caution in handling emails related to the shootings, even if they appear to originate from trusted sources. Fraudulent emails often contain links or attachments that direct users to phishing or malware-infected websites. Emails requesting donations from duplicitous charitable organizations are also common after tragic events. Be wary of fraudulent social media pleas, calls, texts, donation websites, and door-to-door solicitations relating to the event.

To avoid becoming a victim of malicious activity, users and administrators should consider taking the following preventive measures:

• • Use caution when opening email attachments, and do not click on links in unsolicited email messages. Refer to CISA’s Tip on Using Caution with Email Attachments.
  • Review CISA’s Tip on Staying Safe on Social Networking Sites.
  • Refer to CISA’s Tip on Avoiding Social Engineering and Phishing Attacks.
  • Review the information from the Federal Trade Commission on Before Giving to a Charity.

https://www.pcmag.com/news/367232/myspace-loses-12-years-of-music

The data loss apparently extends to any audio, photos, or video uploaded between 2003 and 2015, which means over 50 million songs from over 14 million artists have been lost.  MySpace is probably a distant memory for internet users today and a complete unknown to younger generations, but for a time it was the place to be online. Now it seems, even though MySpace still exists, a lot of the content it holds has been lost during a server migration.

As CNET reports, a message has appeared across the top MySpace, which reads, “As a result of a server migration project, any photos, videos, and audio files you uploaded more than three years ago may no longer be available on or from MySpace. We apologize for the inconvenience. If you would like more information, please contact our Data Protection Officer”

The new 2019 Apple iMac models feature several new options.  The top model users the Intel i9 core CPU providing 2X throughput of past workstations.

https://www.pcmag.com/news/367249/apple-brings-intels-core-i9-to-the-2019-imac

https://www.pcmag.com/review/358585/apple-imac-pro

At the top end, the iMac is now an attractive alternative to the iMac Pro as a powerhouse all-in-one. The entry-level version gets no update, and middle models go 8th and 9th Gen Core.  The iMac updates, announced today, are minor. The new models look exactly the same as the old ones from the outside—there are no physical changes other than the memory, CPU, and graphics-processor options. Still, they will likely be very attractive to shoppers who are torn between the entry-level model and the midrange 4K version, or the top-of-the-line 27-inch version and the Intel Xeon-powered iMac Pro.

If you need more power, you can now configure a 21.5-inch Retina iMac with a six-core 8th Generation Core i7 CPU and a more powerful Radeon Pro Vega graphics card. Aside from switching to the latest DDR4 memory specification, all of the other options for the 21.5-inch Retina machine remain the same. That includes the 1TB hard drive in the $1,299 version, which you’ll almost certainly want to upgrade to a speedier SSD or Fusion Drive.  For the ultimate power in a non-Pro iMac, you can now also configure a 27-inch iMac with a 9th Generation Intel Core i9 CPU, complete with eight cores, 16 threads, and a maximum 5GHz clock speed. Apple says this will deliver up to 2.4 times more performance than its predecessor.

Wireshark & Npcap are excellent tools to support network PENTEST & monitoring needs.  The SANS ISC shares an FAQ for the new version 3.0 toolset

https://isc.sans.edu/forums/diary/Wireshark+300+and+Npcap+Some+Remarks/24758/

I received a couple of questions regarding Wireshark and Npcap.  First of all, it’s not a requirement to install Npcap if you want to upgrade to Wireshark 3.  Johannes also remarked that the Npcap license allows free use of Npcap on up to 5 Windows machines. If you have more in your organisation, you need to obtain a commercial license.  f you install Wireshark with Npcap, and you use Npcap exclusively with Wireshark and/or Nmap, then the standard license still applies even with more than 5 machines.

Android Test 2019 – 250 Apps

To help owners of Android devices to distinguish between genuine, effective Android antivirus apps on the one hand, and dubious/ineffective ones on the other, AV-Comparatives have again tested the effectiveness of antimalware programs for Android, in the 2019 Android Test.

Android Test 2019 – 250 Apps
Date January 2019 PDF Download
Language English
Last Revision March 12th 2019

Methodology — The test was performed in January 2019, mostly on Samsung Galaxy S9 devices running Android 8.0 (“Oreo”). As some security apps did not work properly on Android 8.0, those apps were tested on Nexus 5 devices running Android 6.01 instead (see page 17 for details). Each security app was installed on a separate physical test device. Before the test was started, the software testbed on all test devices – Android itself, stock Android apps, plus testing-specific third-party apps – was updated. After this, automatic updates were switched off, thus freezing the state of the test system. Next, the security apps to be tested were installed and started on their respective devices, updated to the latest version where applicable, and the malware definitions brought fully up to date.

Below are key resources documenting this recent monthly Microsoft Patch Tuesday release

https://isc.sans.edu/forums/diary/Microsoft+March+2019+Patch+Tuesday/24742/

https://blog.talosintelligence.com/2019/03/microsoft-patch-tuesday-march-2019.html

https://patchtuesdaydashboard.com/

https://portal.msrc.microsoft.com/en-us/security-guidance/summary

Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday covers 64 vulnerabilities, 17 of which are rated “critical,” 45 that are considered “important” and one “moderate” and “low” vulnerability each. This release also includes two critical advisories — one covering security updates to Adobe Flash Player and another concerning SHA-2. This month’s security update covers security issues in a variety of Microsoft’s products, including the VBScript scripting engine, Dynamic Host Configuration Protocol and the Chakra scripting engine

Both exploited vulnerabilities (CVE-2019-0808 and CVE-2019-0797) affects win32k component on multiple Windows versions, from Windows 7 to 2019, and may lead to privilege escalation. An attacker who successfully exploited this vulnerability could run arbitrary code in kernelmode.  Amongst 17 critical vulnerabilities this month, it’s worth mentioning CVE-2019-0697 which affects DHCP Client and may lead to remote code execution (RCE). This is the second critical vulnerability in DHCP client this year both scoring 9.8 CVSS v3. The other one was patched in January (CVE-2019-0547).

https://isc.sans.edu/forums/diary/Wireshark+300+and+Npcap/24730/

Starting with version 3.0.0, the Wireshark for Windows installation programs are distributed with Npcap in stead of WinPcap. Prior Wireshark Windows versions already supported Npcap, but the installer still came bundled with WinPcap.  Npcap is a library for packet capturing and sending on Windows, developed by the Nmap project, and is actively maintained, while WinPcap is no longer actively maintained (unless WinPcap’s community steps in).  If you have a prior version of Wireshark installed on Windows (like 2.6.7), and you perform an upgrade to 3.0.0, Npcap will be installed by default: