Computer Safety & News

A security & privacy software add-on is being now offered by Microsoft as noted in links below

Privacy Management for Microsoft 365 Commercially Released — Redmondmag.com

Simplifying the complex: Introducing Privacy Management for Microsoft 365 – Microsoft Security Blog

Privacy Management Software | Microsoft Security

Find and visualize personal data in privacy management – Microsoft Privacy | Microsoft Docs

To begin, go to the privacy management section of the Microsoft 365 compliance center and view these pages:

• Overview: Provides an overall view into your organization’s data in Microsoft 365. Privacy administrators can monitor trends and activities, identify and investigate potential risks involving personal data, and springboard into key activities like policy management or subject rights request actions.
• Data profile: Provides a snapshot of the personal data your organization stores in Microsoft 365. This page helps you visualize where personal data lives, what types are the most prevalent in your organization, and how many different types exist across locations in your Microsoft 365 environment. You can also explore personal data from this location.

Windows 11 cummulative security updates are 40 percent smaller due to new packaging approach

Microsoft Shrinks Windows 11 Updates by 40 Percent — Redmondmag.com

How Microsoft reduced Windows 11 update size by 40% – Microsoft Tech Community

Microsoft explained this week that Windows 11 has an improved cumulative update (CU) technology that is said to reduce the CU size by “about 40 percent.”    CUs arrive monthly, and include quality and security patches for Microsoft’s client operating systems. The “cumulative” term means they contain past months’ updates, as well as new updates, so they tend to grow in size month to month. Having smaller CUs arrive promises to save bandwidth, both for Microsoft and its customers. Microsoft has long had a technology that just delivers the changed bits, which are called “differentials,” and that’s now been improved with Windows 11.

The 40 percent CU size reduction claim can be found in this article by Jonathon Ready, a software engineer and program manager at Microsoft. There’s also a longer article by Steve DiAcetis, a member of the Windows fundamentals team. The article by DiAcetis also includes details notable for IT pros using the Windows Standalone Installer tool with Windows 11, as well as language packs.

The 2nd annual Microsoft Digital Defense Report can viewed for free here. The Microsoft Digital Defense Report is 134 pages & covers the period from July 2020 to June 2021 … it replaces valuable SIR report of the past.

Ransomware and Nation-State Attacks: Microsoft Releases ‘Digital Defense Report’ — Redmondmag.com

Russian cyberattacks pose greater risk to governments and other insights from our annual report – Microsoft On the Issues

Microsoft Digital Defense Report – Microsoft Security

Microsoft on Thursday announced the release of its annual “Digital Defense Report,” which catalogs nation-state and criminal attacks, as well as some countermeasures to take. This year’s report, at 134 pages, is quite detailed, with sections on cybercrime, nation-state threats, supply-chain attacks and Internet of Things attacks. The report includes security suggestions for organizations with remote workforces. It has a section describing the use of social media to spread disinformation, as well.

Microsoft has a lot of its operations devoted to cybersecurity, with $20 billion announced recently, and its “Digital Defense Report” reads like something that the U.S. FBI or NSA might issue. Microsoft currently monitors “over 24 trillion daily security signals,” blocking 32 billion e-mail threats, 31 billion identity threats and 9 billion endpoint threats.

This report apparently is the second of its type. Microsoft had released a “Digital Defense Report” last year, which seems to have evolved from its earlier “Security Intelligence Report” (SIR) format.

These are just a few of the insights in the second annual Microsoft Digital Defense Report, which we released today and can be viewed for free here. The Microsoft Digital Defense Report covers the period from July 2020 to June 2021, and its findings cover trends across nation-state activity, cybercrime, supply chain security, hybrid work and disinformation.  

Windows 11 IoT Enterprise Commercially Released — Redmondmag.com

Windows for IoT now goes to 11 with Windows 11 IoT Enterprise – Microsoft Tech Community

Microsoft announced the release of Windows 11 IoT Enterprise on Oct. 4, per an announcement.  The new operating system will be “delivered as an upgrade to eligible devices running Windows 10 IoT Enterprise, beginning on October 5, 2021,” Microsoft explained in a “What’s New” document. Arrival of Windows 11 IoT Enterprise is controlled through tools such as “Windows Update for Business and Microsoft Endpoint Manager,” but the OS will arrive via the Windows Update service for eligible unmanaged devices, the document indicated. Nothing was mentioned in Microsoft’s announcement about a Windows 11 IoT Core product. Microsoft had released its Windows Server IoT 2022 product last month.

The IoT (Internet of things) products previously were known as Microsoft’s “Windows Embedded” operating systems. These OSes are typically used by software and original equipment manufacturing (OEM) partners to build specialized devices.

New advanced Ransomware attacks continue, where attackers gain knowledge of company & can target it with a new attack called “Yanluowang” & even discourages any contact to authorities or security repair teams

Underdeveloped New Ransomware Yanluowang Identified — Redmondmag.com

New Yanluowang Ransomware Used in Targeted Attacks | Symantec Blogs (security.com)

In a recent attempted ransomware attack against a large organization, Symantec obtained a number of malicious files that, upon further investigation, revealed the threat to be a new, if somewhat underdeveloped, ransomware family.

The Threat Hunter Team first spotted suspicious use of AdFind, a legitimate command-line Active Directory query tool, on the victim organization’s network. This tool is often abused by ransomware attackers as a reconnaissance tool, as well as to equip the attackers with the resources that they need for lateral movement via Active Directory. Just days after the suspicious AdFind activity was observed on the victim organization, the attackers attempted to deploy the Yanluowang ransomware.

Before the ransomware is deployed on a compromised computer, a precursor tool carries out the following actions:

• • Creates a .txt file with the number of remote machines to check in the command line
  • Uses Windows Management Instrumentation (WMI) to get a list of processes running on the remote machines listed in the .txt file
  • Logs all the processes and remote machine names to processes.tx

The Yanluowang ransomware is then deployed and carries out the following actions:

• • Stops all hypervisor virtual machines running on the compromised computer
  • Ends processes listed in processes.txt, which includes SQL and back-up solution Veeam
  • Encrypts files on the compromised computer and appends each file with the .yanluowang extension
  • Drops a ransom note named README.txt on the compromised computer

The ransom note dropped by Yanluowang warns victims not to contact law enforcement or ransomware negotiation firms. If the attackers’ rules are broken the ransomware operators say they will conduct distributed denial of service (DDoS) attacks against the victim, as well as make “calls to employees and business partners.” The criminals also threaten to repeat the attack “in a few weeks” and delete the victim’s data.

Oracle provides a popular data base & application development vendor for many organizations & several products have had recent security updates.

Oracle Releases October 2021 Critical Patch Update | CISA

Oracle Critical Patch Update Advisory – October 2021

Oracle has released its Critical Patch Update for October 2021 to address 419 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.  This Critical Patch Update contains 419 new security patches across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at October 2021 Critical Patch Update: Executive Summary and Analysis.

Several GOVT agencies have issued alerts for BlackMatter Ransomware attacks that have increased in recent months.  Critical national infrastructure attacks have prompted this alert.

CISA, FBI, and NSA Release Joint Cybersecurity Advisory on BlackMatter Ransomware | CISA

BlackMatter Ransomware | CISA

CISA, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) have released joint Cybersecurity Advisory (CSA): BlackMatter Ransomware.  Since July 2021, malicious cyber actors have used BlackMatter ransomware to target multiple U.S. critical infrastructure entities, including a U.S. Food and Agriculture Sector organization. Using an analyzed sample of BlackMatter ransomware and information from trusted third parties, this CSA provides cyber actor tactics, techniques, and procedures and outlines mitigations to improve ransomware protection, detection, and response.

To reduce the risk of BlackMatter ransomware, CISA, FBI, and NSA encourage organizations to implement the recommended mitigations in the joint CSA and visit StopRansomware.gov for more information on protecting against and responding to ransomware attacks.

Apple iOS v15 has a recent update to address exploits in the wild. Users on all devices should update promptly

Apple Releases Security Update to Address CVE-2021-30883 | CISA

https://support.apple.com/en-us/HT212846

Apple has released a security update to address a vulnerability—CVE-2021-30883—in multiple products. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability has been detected in exploits in the wild.  CISA encourages users to review the Apple security page for iOS 15.0.2 and iPadOS 15.0.2 and apply the necessary updates as soon as possible.

Apache offers a popular server hosting facility & has had recent security updates to better address exploits in the wild.  ADMINS should pilot test & update promptly.

https://us-cert.cisa.gov/ncas/current-activity/2021/10/07/apache-releases-http-server-version-2451-address-vulnerabilities

Apache HTTP Server 2.4 vulnerabilities – The Apache HTTP Server Project

On October 7, 2021, the Apache Software Foundation released Apache HTTP Server version 2.4.51 to address Path Traversal and Remote Code Execution vulnerabilities (CVE-2021-41773, CVE-2021-42013) in Apache HTTP Server 2.4.49 and 2.4.50. These vulnerabilities have been exploited in the wild.  CISA urges organizations to patch immediately if they haven’t already—this cannot wait until after the holiday weekend.

Cisco is a key network & security vendor for many organizations & several products have had recent security updates

Cisco Releases Security Updates for Multiple Products | CISA

https://tools.cisco.com/security/center/publicationListing.x