Computer Safety & News

Cisco is a key vendor for corporate entities & several products are patched in the OCT 2020 security updates

https://tools.cisco.com/security/center/publicationListing.x

https://us-cert.cisa.gov/ncas/current-activity/2020/10/22/cisco-releases-security-updates-multiple-products

Cisco has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Cisco security page and apply the necessary updates.

Several excellent & informative videos can be found on u-tube for in-depth information on the WIN10 20H2 Fall tune up release.

So far, the Fall 2020 features update is working well with no issues as an “early adopter” … It installed quickly from WU.   The Fall release is more of a “tune up” & much easier to install than the more complex & feature rich Spring release.  The migration to the Edge Chrome based browser is main feature & have been using early versions of Edge chrome as even preview versions were much improved over the original.  A lot of key fixes are included that may help with past WIN10 issues in certain vendor configurations. 

https://redmondmag.com/articles/2020/10/20/windows-10-windows-server-20h2.aspx

Details for IT pros about the Windows 10 version 20H2 release can be found in this Windows IT pro post by Joe Lurie, a senior product marketing manager at Microsoft. Features for end users were announced in this Windows post by Aaron Woodman, general manager of the Windows consumer business.  Also, Microsoft offered information about how to get Windows 10 version 20H2. Those nuances are described in this Windows announcement by John Cable, vice president of program management for Windows servicing and delivery.

Office 2010 recently reached EOL and users should be on Office 2013 or higher to replace existing suite.  The Office 365 family is also a popular option for business users so they continuously stay on latest product capabilites.

https://redmondmag.com/articles/2020/10/14/support-ends-office-2010-office-for-mac-2016.aspx

Microsoft on Monday noted the end of support for Office 2010 and Office 2016 for Mac, which are “perpetual-license” versions of Microsoft’s productivity suite software.  The end-of-support phase means that no more software updates arrive from Microsoft for those products, including security patches. Perpetual-license Office products follow Microsoft’s traditional 10-year support model, called the “Fixed Lifecycle Policy.”  Microsoft 365 applications follow the “Modern Lifecycle Policy,” where support is contingent upon the software staying up to date and there are no long-term product lifecycle servicing promises extended to organizations.

Checkpoint security has released an interesting & comprehensive research study of Phishing Attempts attempted during the 3rd quarter.

https://www.globenewswire.com/news-release/2020/10/19/2110233/0/en/Microsoft-is-Most-Imitated-Brand-for-Phishing-Attempts-in-Q3-2020.html

In Q3, Microsoft was the most frequently targeted brand by cybercriminals. 19% of all brand phishing attempts related to the technology giant, as threat actors sought to capitalize on large numbers of employees still working remotely during the Covid-19 pandemic. The most likely industry to be targeted by brand phishing was technology, followed by banking and then social network.

Top phishing brands in Q3 2020 — The top brands are ranked by their overall appearance in brand phishing attempts:

1. 1. 1. Microsoft (related to 19% of all brand phishing attempts globally)
      2. DHL (9%)
      3. Google (9%)
      4. PayPal (6%)
      5. Netflix (6%)
      6. Facebook (5%)
      7. Apple (5%)
      8. Whatsapp (5%)
      9. Amazon (4%)
      10. Instagram (4%)

On October 16th, Microsoft released “out-of-band” (OOB) security updates to address vulnerabilities affecting Windows Codecs Library and Visual Studio Code.

https://redmondmag.com/articles/2020/10/19/microsoft-patches-window-codec.aspx

https://us-cert.cisa.gov/ncas/current-activity/2020/10/16/microsoft-releases-security-updates-address-remote-code-execution

Microsoft issued two “out-of-band” security updates late last week.  The two security bulletins were released outside Microsoft’s usual “update Tuesday” security patch-release cycle. Microsoft’s October security bundle had arrived on Oct. 13 (the second Tuesday of the month).  CISA encourages users and administrators to review the Microsoft security advisories for CVE-2020-17022 and CVE-2020-17023 and apply the necessary updates.

While there are no known “exploits in the wild” all ADMINs should ensure their Sonic Wall VPN facilities have the latest OCT-2020 security updates in place.  SANS ISC rates this vulnerability as a “PATCH NOW” security issue

https://isc.sans.edu/forums/diary/CVE20205135+Buffer+Overflow+in+SonicWall+VPNs+Patch+Now/26692/

SonicWall released updates last week which fix this vulnerability and several others. Although no known exploit has been detected in the wild. I expect, give recent historical attacks on VPNs, I would expect this one will get a lot of interest from bad guys. I strongly recommend updating as soon as reasonable. Discovered by Tripwire VERT, CVE-2020-5135 is a buffer overflow vulnerability in the popular SonicWall Network Security Appliance (NSA) which can permit an unauthenticated bad guy to execute arbitrary code on the device.

The following versions of SonicWall are vulnerable:

SonicOS 6.5.4.6-79n and earlier
SonicOS 6.5.1.11-4n and earlier
SonicOS 6.0.5.3-93o and earlier
SonicOSv 6.5.4.4-44v-21-794 and earlier
SonicOS 7.0.0.0-1

https://us-cert.cisa.gov/ncas/current-activity/2020/10/16/ncsc-releases-alert-microsoft-sharepoint-vulnerability

The United Kingdom (UK) National Cyber Security Centre (NCSC) has released an Alert to address a vulnerability—CVE-2020-16952—affecting Microsoft SharePoint server. An attacker could exploit this vulnerability to take control of an affected system. Applying patches from Microsoft’s October 2020 Security Advisory for CVE-2020-16952 can prevent exploitation of this vulnerability.   The Cybersecurity and Infrastructure Security Agency (CISA) encourages administrators to review the NCSC Alert and the Microsoft Security Advisory for CVE-2020-16952

CORPORATE VPN SOLUTIONS

https://www.pcmag.com/news/business-choice-awards-2020-vpn-services-for-work-remote-access

It doesn’t matter whether you’ve been working from home for years or started this year due to the pandemic: if you’re working remotely, you better have a virtual private network (VPN) to keep your internet traffic safe and protect company resources. The best solution for this kind of remote access scenario can be either a dedicated business VPN client or a consumer VPN service purchased using a business license.  The upside of a business VPN client is that your IT department will set it up with the same protections you get in the office. It’s like being in the office without the commute.

HOME VPN SERVICE SOLUTIONS

https://www.pcmag.com/news/readers-choice-awards-2020-vpn-services

You need a virtual private network (VPN) to keep your internet traffic to yourself. However, not all VPN services are created equal. We always offer a rundown of our top VPN picks, but in this story, we turn to you, the readers, to share your favorite (or least favorite) VPNs. Your top choices remain consistent.

The October 2020 Harvard Business review has an excellent article “How to Shine in Virtual Meetings“.  Virtual video meetings using ZOOM, Teams, and other technologies still require professionalism & making good impressions to others.  It is important to use many of the best practices virtually, that we use in-person.  

https://hbr.org/2020/10/how-to-shine-in-the-virtual-spotlight

Over the last six months, like so many others, we’ve been forced to move our work online. It’s been a tough transition. Principles we once used to capture our audiences — like the manipulation of space, sound, and scene — were initially difficult to master virtually. Even after hours of prep, we would record shows and workshops only to find that our hands or feet fell out of the frame, our expressions were not clear, or our lighting was dim.

After countless failed attempts, we finally came to a realization. We can apply the same principles we use onstage to shine in the virtual realm, and when we do, our presence is just as strong. While they have roots in the performing arts, we have found a few practices are especially effective at enhancing our presentation onscreen — and anyone can use them.

Create a frame that highlights the actor. (Yes, that’s you.)
Check your lighting
Fix the camera
Plan your costume (dress for success)
Add depth (background if possible)
Prepare your voice
Don’t speak too fast:
Focus on your pitch
Adjust the volume
Use facial expressions
Stay in the moment
Listen deeply
Build a conversation