Computer Safety & News

https://www.cnet.com/news/lastpass-fixed-a-major-exploit/

Password manager LastPass had an exploit that could be abused to reveal a user’s credentials. The company has fixed the issue in its latest update, according to a blog post Monday. For a hacker to take advantage of the bug, victims would have to be using the Chrome or Opera browser with the LastPass extension … LastPass v4.33.0 went live for all browsers on Friday and contains the fix for the bug. 

CIS Security has just released a “Security Event Malware primer” that shares important prevention controls & awareness for the latest malware attacks

Security Event Primer – Malware

2.1 Maintain Inventory of Authorized Software
2.2 Ensure Software is Supported by Vendor
2.7 Utilize Application Whitelisting
3.4 Deploy Automated Operating System Patch Management Tools
3.5 Deploy Automated Software Patch Management Tools
4.1 Maintain Inventory of Administrative Accounts
4.3 Ensure the Use of Dedicated Administrative Accounts
4.4 Use Unique Passwords
4.8 Log and Alert on Changes to Administrative Group Membership
7.1 Ensure Use of Only Fully Supported Browsers and Email Clients
7.2 Disable Unnecessary or Unauthorized Browser or Email Client Plugins
9.4 Apply Host-based Firewalls or Port Filtering
16.8 Disable Any Unassociated Accounts
16.9 Disable Dormant Accounts

Below are key resources documenting this recent monthly Microsoft Patch Tuesday release

https://isc.sans.edu/forums/diary/Microsoft+September+2019+Patch+Tuesday/25310/

https://blog.talosintelligence.com/2019/09/microsoft-patch-tuesday-sept-2019.html

https://www.thezdi.com/blog/2019/9/10/the-september-2019-security-update-review

https://patchtuesdaydashboard.com/

https://portal.msrc.microsoft.com/en-us/security-guidance/summary

This month, Microsoft released security patches for 80 CVEs plus two advisories. The updates cover Microsoft Windows, Internet Explorer, Microsoft Edge, ChakraCore, Office and Microsoft Office Services and Web Apps, Skype for Business and Microsoft Lync, Visual Studio, .NET Framework, Exchange Server, Microsoft Yammer, and Team Foundation Server. Of these 80 CVEs, 17 are listed as Critical, 62 are listed as Important, and one is listed as Moderate in severity.

https://www.us-cert.gov/ncas/current-activity/2019/09/09/fbi-safe-online-surfing-challenge

The Federal Bureau of Investigation (FBI) has launched the Safe Online Surfing (SOS) Challenge, encouraging educators to promote web literacy and safety for students during the 2019-20 school year.  The Cybersecurity and Infrastructure Security Agency (CISA) encourages users to review the FBI SOS Challenge Announcement and the CISA Tip Keeping Children Safe Online.

The Cybersecurity and Infrastructure Security Agency (CISA) warns to be vigilant of Hurricane Dorian scams and malware attacks actively circulating.  It is a best practice to always use well established charities like Red Cross or Salvation Army rather than brand new sites for example.

https://www.us-cert.gov/ncas/current-activity/2019/09/04/potential-hurricane-dorian-cyber-scams

The Cybersecurity and Infrastructure Security Agency (CISA) warns users to remain vigilant for malicious cyber activity targeting Hurricane Dorian disaster victims and potential donors. Fraudulent emails commonly appear after major natural disasters and often contain links or attachments that direct users to malicious websites. Users should exercise caution in handling any email with a hurricane-related subject line, attachment, or hyperlink. In addition, users should be wary of social media pleas, texts, or door-to-door solicitations relating to severe weather events.

To avoid becoming victims of malicious activity, users and administrators should review the following resources and take preventative measures:

• • Staying Alert to Disaster-related Scams
  • Before Giving to a Charity
  • Staying Safe on Social Networking Sites
  • Avoiding Social Engineering and Phishing Attacks

If you believe you have been a victim of cybercrime, file a complaint with the Federal Bureau of Investigation Internet Crime Complaint Center at www.ic3.gov.

The Wi-Fi 6 standard support is now starting to appear in new devices.   Also Wi-Fi 7 designs are now starting for possible implementation around 2024.

https://www.cnet.com/news/wi-fi-6-and-what-it-means-for-you-wifi-routers/

https://www.cnet.com/news/wi-fi-6-is-barely-here-but-wi-fi-7-is-already-on-the-way/

Wi-Fi 6 is just now arriving in phones, laptops and network equipment. But engineers are already turning their attention to what’ll come next: Wi-Fi 7. With speeds as high as 30 gigabits per second, the next generation of Wi-Fi promises better streaming video, longer range and fewer problems with traffic congestion — with expected arrival of Wi-Fi 7 in 2024.

Microsoft’s Extended File Allocation Table (exFAT) features supports huge files that are over 4GB and this extension is being added as part of the official Linux kernel in future

https://redmondmag.com/articles/2019/08/30/microsoft-exfat-in-linux-kernel.aspx

https://cloudblogs.microsoft.com/opensource/2019/08/28/exfat-linux-kernel/

Microsoft has agreed to the addition of its Extended File Allocation Table (exFAT) technology to the Linux kernel, according to a Wednesday announcement.

The exFAT code was submitted for “staging” on the Linux kernel, according to this August 28 Linux kernel maintainers post.  Microsoft’s exFAT technology, introduced in 2006, is code that serves as a file system for handling files larger than 4GB. It’s typically used in portable storage devices, such USB drives and Secure Digital memory cards.

Some warnings are circulating for fraudulent scams, malicious websites, email attachments and other attacks that can be disguised & taken advantage of if Hurricane Dorian impacts are experienced.  Well established charities like Red Cross or Salvation Army are often safer for example than a special new charity just established.  

https://www.wtsp.com/article/weather/tropics/charitable-scam-warning-tips-hurricane-tropical-storm/67-ec07ceff-2b15-4d5d-a254-4efbd9e1b6aa

There are some important tips you should know before you donate to any charity that claims it will help people likely to be affected by Hurricane Dorian. The Federal Trade Commission says many scammers use natural disasters to take advantage of generous donors. Sometimes scammers will even set up fake charities to make a quick buck.  In order to figure out what is fake and what is real, the FTC said donors should always ask for detailed information about the charity, like its name, address and telephone number.  Government officials say donors should also be wary of charities that may be created within days of a disaster.

https://www.pcworld.com/article/3433926/hands-on-with-the-next-microsoft-edge-microsofts-revamped-chromium-based-browser.html

Microsoft’s fusion of the Chromium browser and the traditional Microsoft Edge is worth trying out, though the current beta version is a bit heavier than the traditional Edge.  Last week, Microsoft announced a stable beta channel for what it’s calling the next version of Microsoft Edge. Microsoft’s Edge browser will now be designed around Chromium, the open-source version of Google Chrome.