Computer Safety & News

The “Cancel SPAM” act allow allows users to unsubscribe from marketing emails within a 10 day window.  A visible and easy to use “opt out link” must also be present at the end of each regular email sent.

FTC lawsuit reminds businesses: CAN-SPAM means CAN’T spam | Consumer Advice

Oh, the joy of clicking “unsubscribe” when your email inbox overflows with spam messages trying to sell you stuff you DO NOT WANT! But what if there’s no “unsubscribe” link and the emails won’t stop?   The CAN-SPAM Act gives you the right to stop companies from sending you email that primarily advertises commercial products or services. Among other things, it requires companies that send marketing emails to include a clear and conspicuous notice that you have the right to opt out of getting future marketing emails. They also must give you an “unsubscribe” link or other internet-based way to opt out.  If you get unwanted marketing emails, opt out of getting them. The company must honor your request within 10 business days. If there’s no way to opt out or if you still get unwanted email from the company after 10 business days, tell the FTC

The FTC shares awareness in the difficulty of recovering stolen $$$ once they are sent in payment apps.

Do you use payment apps like Venmo, CashApp, or Zelle? Read this | Consumer Advice (ftc.gov)

Ever send money through an app like Venmo, CashApp, or Zelle? They make it easy to send money fast to friends or family. But what happens when it’s a scammer on the other end?   Once you link a payment app to your debit card, credit card, or bank account, you’ll be able to send money to your friend’s or family member’s account through the app (or with Zelle, from your bank account to theirs). Typically, you’re sending money to people you know. So how do scammers convince you to send them money, too?

The truth is, sending money through a payment app is like sending cash — it’s very hard to get it back. Make sure you know who you’re sending money to when you use a payment app. If you’re not sure whether you’re dealing with a scammer, contact the person, bank, or business at a phone number you know to be real to ask if they sent you the request. And know that your bank will never contact you to tell you to transfer money or to ask for personal information or passcodes.  And don’t pay someone who insists that you can only pay with a gift card, cryptocurrency, payment app, or a wire transfer service like Western Union or MoneyGram.

The latest Firefox v117 should update automatically & transparently for most users.  Key new features & security improvements can be found in latest release.

Mozilla Releases Security Updates for Firefox and Firefox ESR | CISA

Security Vulnerabilities fixed in Firefox 117 — Mozilla

Firefox 117.0, See All New Features, Updates and Fixes (mozilla.org)

Version 117.0, first offered to Release channel users on August 29, 2023

• Support for credit card autofill has been extended to users running Firefox in the IT, ES, AT, BE, and PL locales.
• macOS users can now control the tabability of controls and links via about:preferences.
• To avoid undesirable outcomes on sites which specify their own behavior when pressing shift+right-click,
• Support for improved CSS nesting is now enabled by default.
• Firefox now supports RTCRtpScriptTransform .
• ReadableStream.from is now supported, allowing creation of a ReadableStream from an (async) iterable
• Firefox now supports the math-style and math-depth CSS properties and the font-size: math value.

The sophisticated Qakbot network has just been taken offline by authorities.  It was one of the most prolific malware distribution networks.  It infected 700,000+ computers, deployed Ransomware, and Caused Hundreds of Millions of $$$ in Damage

Central District of California | Qakbot Malware Disrupted in International Cyber Takedown | United States Department of Justice

Qakbot: Takedown Operation Dismantles Botnet Infrastructure | Symantec Enterprise Blogs (security.com)

Always carefully donate through mainstream organizations that have a good track record of ensuring most of $$$ will be received by those in need. 

How to make sure your donations count when weather disasters strike | Consumer Advice (ftc.gov)

First, know that when there’s a natural disaster, scammers are quick to follow. Some research and planning before you donate will help make sure your money helps people in need, not charity scammers.

• Donate to charities you know and trust with a proven track record with dealing with disasters.
• Research the organization yourself — especially if the donation request comes on social media. Search the name plus “complaint,” “review,” “rating,” or “scam.” And check out the charity on the Better Business Bureau’s (BBB) Wise Giving Alliance, Charity Navigator, Charity Watch, or Candid. If the message was from a friend, ask them if they know the organization themselves. Find out exactly how much of every dollar you donate goes directly to the charity’s beneficiaries.
• Be cautious about giving to individuals on crowdfunding sites. If you’re considering it, giving to someone you personally know and trust is safest. Also, review the platform’s policies and procedures. Some crowdfunding sites take measures to check out postings asking for help after a disaster. Others don’t.
• Don’t donate to anyone who insists you can only pay by cash, gift card, wiring money, or cryptocurrency. That’s how scammers tell you to pay. If you decide to donate, pay by credit card, which gives you more protections.
• Confirm the number before you text to donate. Go straight to the charity. Is it their number?

A briefcase icon change for Microsoft Edge signifies the new Business browser mode.  It is designed to better restrict workplace v. personal usage & improve security for corporate PCs & laptops.  As a version 1.0 release & noted in FAQ there may be some fine tuning ahead to better accommodate a balance of work v. personal controls

Microsoft Edge for Business Now Arriving Automatically — Redmondmag.com

Microsoft Edge for Business is now available, helping organizations maximize productivity and security – Microsoft Edge Blog (windows.com)

Microsoft Edge for Business FAQ – Microsoft Community Hub

Microsoft this week announced that Microsoft Edge for Business was released for “all supported platforms, including mobile.”   Edge for Business also is “currently in preview” for unmanaged devices. This new capability will arrive automatically for Edge browser users that also use Entra ID (formerly called “Azure Active Directory”) for sign-ins. It’s tied to the “stable version 116” release of the Edge browser, which get updated automatically.  Microsoft Edge for Business is designed to separate work and personal uses of the Microsoft Edge browser. Users signing into the browser with Microsoft Entra ID accounts will be using the Microsoft Edge for Business browser, while users with a Microsoft account get the Edge browser for personal use.

From an IT perspective, all policies, settings, and configurations previously set by an organization will be automatically transitioned to Edge for Business, and IT will maintain full control over policy and feature management and configuration with Edge for Business. And with the Microsoft Edge management service now available, customers can manage Edge for Business in one, easy-to-navigate place.

Windows 365 and VMware users can access their cloud-hosted Windows 11 or Windows 10 desktops from multiple devices, besides traditional laptop or desktop implementations.

Windows 365 on VMware Horizon Cloud Now Available as a Preview Release — Redmondmag.com

VMware extends Windows 365 Cloud PCs to new audiences – Microsoft Community Hub

Microsoft on Monday announced that its Windows 365 desktop-as-a-service offering is now integrated with the VMware Horizon Cloud virtual desktop infrastructure (VDI) service.    Support for Windows 365 on VMware Horizon Cloud will expand the ability of Windows 365 Cloud PC users and VMware users to access “persistent, cloud-hosted Windows 11 or Windows 10 desktops from anywhere on any device,”  It’ll also be possible to “handle the provisioning and configuration of these Cloud PCs” using Microsoft Intune, which is Microsoft’s mobile management service.  VMware brings value-added features such as simplified delivery for on-premises and legacy applications through App Volumes and support for peripherals. Together, these technology solutions deliver an end-user Cloud PC experience that is also familiar to existing VMware Horizon users.

Through an expanded collaboration with Microsoft, VMware is able to augment the Microsoft Windows 365 experience with our Horizon capabilities, including using the VMware Blast high-definition protocol, a rich set of remote experience features, and a broad range of client support to deliver an enhanced employee experience.

The best solution for Ransomware attacks is to always recover from backups & not pay the attackers.  However, comprehensive backups may not be present, and this study looks at lowering ransom amounts via negotiation.  

Haggling With Hackers: Surprising Lessons From 50 Negotiations With Ransomware Gangs | PCMag

Ransomware negotiations are usually shrouded in secrecy, but some security experts think that we should make them public and analyze them to glean insights. So that’s exactly what we did.  For example, Cyber Threat Intelligence Analyst Calvin So’s recent research report on the data uses stylometric analysis (essentially, the science of writing styles) to help identify individuals and patterns based on their text dialogue.  To aid in this effort, we analyzed a sample set of 50 negotiation transcripts from Marchive’s archives, and some noteworthy patterns and key takeaways emerged.

We looked at the starting ransom demands by hackers and compared them to the lowest negotiated amount from 50 attacks from eight different hacker groups, after which one thing became apparent: People who paid the full ransom amount forked over far more than may have been necessary to appease the gangs.

Another interesting pattern among the hacking groups was their adoption of a professional and sometimes semi-congenial dialogue with their victims. Ransomware hackers at times present themselves as Robin Hood types who expose your security vulnerabilities and force you to pay them for the “service” of sharing how they got in and, of course, releasing encrypted data and/or deleting personal identifiable information.

An extended deadline is probably the easiest thing for victims to negotiate. It costs the hackers nothing, so long as the victim appears willing to come to the table and consider paying. With that, a big tell for hackers was how often they proposed to reduce the ransom as long payment was posted quickly.

The US Cybersecurity and Infrastructure Security Agency (CISA) offers an official Stop Ransomware Guide with plenty of helpful tips to avoid falling victim to hackers. It also provides free vulnerability scanning to help identify and address potential threats. Additionally, the FBI offers resources in prevention and where you can report cybercrime and get assistance.

The August 2023 Security updates were reissued for Exchange servers.  It addresses an issue on non-English version of the software.  The reissued updates only need to be applied for organizations experiencing issues with the server not processing email efficiently (as per FAQ below)  

Microsoft Reissues August Security Patch for Exchange Servers — Redmondmag.com

Re-release of August 2023 Exchange Server Security Update packages – Microsoft Community Hub

Microsoft this week announced that it reissued August security update packages for Exchange Server 2016 and Exchange Server 2019.  Today we are re-releasing the August 2023 SUs for Exchange Server. The original release of the SUs (released on 8/8/2023) had a localization issue with Exchange Server running on a non-English OS that caused Setup to stop unexpectedly, leaving Exchange services in a disabled state.  The updated SUs resolve the localization issue, but if you were affected by the issue and used the workaround to install the original release, you need to act.

To help you understand the actions needed, we use the following naming convention to distinguish between the original August 2023 SU and the re-release:

• Aug SUv1: original August 2023 SU (released on 8/8/2023 with article KB5029388)
• Aug SUv2: re-released August 2023 SU (released on 8/15/2023 with article KB5030524)

We installed the original Aug SUv1 manually and had no problems. Do we need to install Aug SUv2? — No. In environments that have manually installed original release (Aug SUv1) and installation completed with no errors, installation of Aug SUv2 is optional.

We installed the original Aug SUv1 through Microsoft / Windows Update and had no problems. Will our server install Aug SUv2 automatically? — Yes. The version of re-released August SU package is higher than the version of the original August SU release and servers enrolled into getting updates through Windows Update will automatically get the new re-released version.

What are the differences between Aug SUv2 and Aug SUv1 update packages? — The only difference between original release and re-release of August 2023 SU package is the resolution of the localization issue that was causing the original release of August SU to fail on non-English OS servers. There are no other changes. The original release blog post, CVEs, and post-installation recommended actions still apply.

Social engineering and scam attacks are more sophisticated in 2023 & QR codes offer immediate easy payment techniques attackers are now using, esp. for mobile phones

A Gentle Reminder: The Evolving Nature of Digital Scams – SANS Internet Storm Center

Considering the global turbulence from destabilizing events such as physical conflicts, freak weather and pandemics, financial wealth has never been more critical for a nation and its citizens so that daily life can continue. Money is needed for daily necessities such as food, medication, appropriate clothing and fuel. When faced with unexpected events such as retrenchment and newly detected health issues, citizens would also have to tap on the monetary buffer that should have been built up during less challenging times. Considering the current state of international affairs and employment prospects, one potential way to disrupt a nation’s peace and stability could be stealing their citizens’ monetary savings via financial scams and fraud.

There have been a few notable case studies where adversaries do not simply send phishing messages but also pray on victims’ psychological weaknesses and informational blind spots. I was made aware of such an incident that was reported to me privately about 60 hours ago, where an adversary attempted to masquerade as a charitable organization. In this particular incident, the charitable organization had a legitimate and actual event that had been scheduled. There were also corresponding marketing materials with Quick Response (QR) codes embedded in the posters. Participants could register for the event by donating any amount via the QR code 

Another recent attack that led to victims losing their money was the installation of third-party mobile applications that were not downloaded from legitimate and trusted mobile application stores. For example, in this unfortunate incident, the victim was left with only about ~US$2.95 (S$4) in the bank account after unknowingly installing a purported update to a mobile application

References:

1. https://www.asiaone.com/singapore/only-4-left-single-mum-loses-28k-after-phone-gets-hacked-realises-she-has-2-chromes
2. https://www.ic3.gov/Media/Y2023/PSA230814
3. https://isc.sans.edu/podcastdetail.html?podcastid=8618