Old MAC

  With the release if the M1 Apple chip MACs you may have or plan to upgrade your MAC hardware. You have value in your old ro replaced hardware. 

 Before you do gift, recycle, or abandon your older hardware be aware the security of MacOS from Mojave on may prevent use by anyone else. This is the helpful <-> harmful aspect of most cyber security. If your MAC is stolen or misplaced you do NOT want others to access the data stored on that MAC. But you do want to put the hardware to use in an environmental responsible way.

 Step one. Sign out on the old hardware. Sign out of iMessage, iTunes, iCloud, and amy applications where you authenticate with your Apple ID.

BE SURE you are ready, really ready to proceed. After these next steps you will be able to recover. After these next steps others will not.

 Consider unpairing any Bluetooth devices.

To erase and re-install MacOS:

Shutdown and boot the MAC while holding down the Command + R keys                            Select the Disk Utility 

Select the system disk 

Click Erase 

Provide a name for the disk    consider APFS for the format

Erase any other internal disks and any Volume Groups 

Disable Find My if that ability was enabled 

After the format is complete quit the Disk Utility and select Reinstall MacOS from the utilities window.

After the re-install completes:

Next clear parameters you have set that are stored in the MAC hardware. These settings can be used to recover MACs for forensics. 

 Shutdown the MAC   Power on with the Option + Command + P + R                                      Not easily done  On purpose I would imagine                                                                            You will know if this step erased the settings in NVRAM and parameter RAM if your parameters are no longer available.

 Your MAC should boot into a fresh install of MacOS

Adrozek

  A cross browser campaign is currently on the Internet.

Affects all browsers, probably on all platforms.

As more and more is on our networks, there will be more and threats to steal or copy credentials for financial gain for the bad gals/guys and financial ruin for us.

 This one has been named Adrozek by researchers at Microsoft. 

 Is has been found to perform unwanted ad injection for search results. It is capable of much more. Credential stealing or copying as an example. If you have stored credentials in a browser for a digital wallet for digital currency, a financial institution, on-line shopping, etc. you might consider changing the passphrases/passwords and store the credentials in a more secure location. Password managers, password hints in a safe, etc.

 Monitor, monitor, monitor. Recognize all of the browser helper objects, browser extensions, browser add-ons in all of your browsers? Use separate and secured browser instances for financial access?
Keep your software, applications, firmware, alerts, security suite signatures, and other defenses up to date?

 Once discovered Adrozek was infecting 30,000 devices a day.

 Adrozek disables browser updates, establishes a windows service, and other harmful actions. Once a malware tool is released other actors can modify the actions to perform greater harm. 

 Microsoft Defender (formally known as Windows Defender) has had signatures to detect and attempt a clean of infected Windows PCs. Other browser platforms (MacOS, Linus, BSD, etc.) are vulnerable as well.

 To protect your platforms use standard and proven cyber defenses and hygiene.

 A suggestion for Windows: use Windows Update to obtain the most current Defender signature updates. Then perform a full scan of all volumes.

 Then Windows Security -> Virus and threat protection -> Full scan

 Be aware a full scan can take a loooong time on a disk with a lot of files.

Safer Holiday Shopping

 Use Digital wallets

 Apple Pay, Google Pay, etc. Merchants do not see your credit card info. Similar to PayPal without giving your information to PayPal. The technology uses a secure digital token based on cryptography.

Then protect those digital wallets, have a tested backup and recovery plan. Monitor those wallets.

Avoid public Wi-Fi

It is trivial to setup a Wi-Fi hotspot with known merchant or store network names. Once connected to these rogue Wi-Fi networks any and all data provided via Wi-Fi is at risk

Similarly, consider turning OFF your device Wi-Fi while away from your home networks. The network name your device "beacons" can be detected and spoofed.

Use VPN

Virtual Private Networks provide an encrypted tunnel from and to end points. This protects data in transit across the Internet. Choose your VPN provider with care, there are VPNs that steal data and sell your connection history.

A drawback to VPNs, your source IP address may rapidly change. Good for avoiding tracking. Not so good when your bank notices your device changing location.

Avoid storing Credit card info at sites

Convenient - true. Dangerous - also true. Breaches and ransomware are a danger to that information.

Be aware at points of sale

Near Filed Communication (NFC) on debit and credit cards uses radio. Radio. Try to avoid others near you at point of sale terminals. Consider a RFID shields for wallets and purses.

Consider turning credit cards Off

Most banks can and will disable your credit and debit cards, then enable when YOU re-enable them.

Review and Use banking alerts

Use the alert features on all your financial institutions. Once setup, take the time to check the alerts are sent to you, not an identity thief.

Employ virtual credit cards

Some banks, credit unions, etc. provide a one-time card number for on-line use

Prefer Credit over Debit

Credit cards transfer the bank's money to merchants. Debit cards transfer your money to merchants.

PayPal

Hides, to a degree, your credit & financial information. NOT FDIC insured, has fees, subject to insider theft.

Increase financial monitoring

Monitor your finances. Brokers, company IRAs, merchant accounts, ...

Report Identity theft

No matter how small. As each of are safer, we are all safer. The quicker the detection and reporting, the quicker your identity can be restored

Report suspicious activity

FTC site: 

Police:

Credit Reporting Agencies

Your bank

Again, the quicker the better

Beware social media Ads

Tis the season. The pandemic has affected cyber criminals. Bad recommendations, false claims, etc. Stolen social media accounts of friends are used as well. 

Avoid Phishing lures

 A expected and real increase at this time of year. These campaigns appear more real than real.

Be suspicious, be informed, be prepared.

Be very suspicious of unsolicited phone calls & messages

Thieves are using Artificial Intelligence to greatly increase the "pitch". Be wary of any urgency, threats, and other techniques. "To avoid this charge please call back at this number" 

Use your detective skills to investigate.

Internet down?

  Some sites hosted on Amazon Web Services (AWS) may appear to be down due to an outage at AWS>

11/25/2020  Not good for on-line shopping.

Cheap router equals Exploit?

  Recent research finds "backdoor" in several hone routers sold at Walmart and Amazon.

A "backdoor" is a port that ANYONE on the Internet can gain access to your home router, thus your home network from anywhere.

 The two KNOWN brands are Wavlink and Jetstream. If you have one of these brands or home routers, suggest you remove and purchase a more reputable brand.

Computer Club membership email fraud alert

 Received today (11/16/2020)from Sun City Computer Club to my member email address:

Received today (11/26/2020) yet another with different content

a note from a club board member asking i purchase gift cards in the amount of $600, forward the card number(s) to that board member with reimbursement this Wednesday.

 This is a fraud attempt. DO NOT purchase the gift cards. BE AWARE.

If you have received a similar email, report it to the FTC 

https://reportfraud.ftc.gov

Updates abound

 iOS 14.1

Safari 14.0.1 MAC  14.1 iDevice

Windows Codec HEVC Video Extension  1.0.32532.0  (Windows Store)

Chrome 86.0.4240.111

Firefox 82.0

MacOS 11.0 (20A5395g)

Windows 10 2004 KB4579311

Edge 86.0.622.51

Brave 1.15.76

Vivaldi 3.4.2066.76

Several / many VPNs and Security suites

Oracle, Linux (SMB update is important)

An extraordinary number released this week.  Be aware

Firefox on Android platforms

   VERY important. Firefox on Android platforms had a SERIOUS Local Are Network flaw that allowed attackers to force the Firefox browser to visit sites that held malicious content and/or take over the Android device.

 IMPORTANT to update Firefox. I show version 81.1.1 as the current release.

Internet down/slow 30-Aug-2020

  Some sites unresponsive. If you experience slowness, outage, be aware.

Adobe Lightroom version 5.4 for iOS devices DELETES customer photos!!

  Adobe  has announced that users who updated Lightroom to version 5.4 may have lost all photos, presets, edits, watermarks, etc.

 Adobe apologizes, says there is no way to recover unless costumers had backup in Adobe cloud or other backup.

We are aware that some customers who updated to Lightroom 5.4.0 on iPhone and iPad may be missing photos and presets that were not synced to the Lightroom cloud.

A new version of Lightroom mobile (5.4.1) for iOS and iPadOS has now been released that prevents this issue from affecting additional customers.

Installing version 5.4.1 will not restore missing photos or presets for customers affected by the problem introduced in 5.4.0.

We know that some customers have photos and presets that are not recoverable. We sincerely apologize to any customers who have been affected by this issue.

Is it Zoom, or is it me?

 Zoom is experiencing  widespread outages in parts of the USA today (24-Aug-2020).

Should be better now.

Microsoft Patch Tuesday 11-Aug-2020

 120 vulnerabilities patched,1 publicly disclosed, 17 critical. 

Not as bad as previous months. Several important updates from the Microsoft store.

NSA Guidance on Limiting Location Data Exposure

NSA Releases Guidance on Limiting Location Data Exposure

08/06/2020 10:33 AM EDT

Original release date: August 6, 2020

The National Security Agency (NSA) has released an information sheet with guidance on how to limit location data exposure for National Security System (NSS) / Department of Defense (DoD) system users, as well as the general public. NSA outlines mobile device geolocation services and provides recommendations on how to prevent the exposure of sensitive location information and reduce the amount of location data shared.  

The Cybersecurity and Infrastructure Security Agency (CISA) encourages administrators and users to review NSA's guidance on Limiting Location Data Exposure and CISA’s Security Tip on Privacy and Mobile Device Apps for information on protecting mobile location data.

Zoom update available

SANS Poster YOU ARE A TARGET

Home Router Woes

 Got D-Link and/or ASUS on your home network?

 Good: A total of 5 vulnerabilities in some D-Link routers allows external access to the router bypassing and/all authentication. You do not want anyone of the 5 billion folks on the internet to have access to your home router. For some D-Link routers a firmware update to address the vulnerabilities will not be made available. If your D-Link router has a firmware update available, update the firmware.

Visit the D-Link support page, find your router, download and update the firmware.

Bad: ASUS has another problem. Phishing, Pop-up, and drive-by campaigns are offering router firmware updates that then infect your ASUS router, then the network it is protecting.

To protect your ASUS router, visit the administrator page on the router, use the Advanced or Management page to apply an update.

Got VPN?

Good, maby

A VPN (Virtual Private Network) is a method of increasing privacy. With a VPN installed, enabled, and used Internet traffic travels through an encrypted tunnel thus limiting capture and analysis while in transit.

Choosing a VPN application from any of hundreds of VPN service providers can be a challenge. VPN offerings that are "free" will gain their revenue via ads and/or selling your traffic history and logs.

Sage advice is to use a VPN provider with a "NO LOG" policy and hosted in a country with some privacy policy.

This week 7 VPN providers with said "NO LOG" policies were found to not only capturing user's logs, but loosing control of those logs. Said logs were found on publicly accessible cloud servers.

The logs contained email addresses, clear text passwords, IP addresses, home addresses, billing addresses, phone models, device IDs, etc.

The VPN providers: UFO VPN, FAST VPN, Free VPN, Super VPN, Flash VPN, Secure VPN, and Rabbit VPN.

If you ever installed or used a VPN from any of the listed providers, be aware your private data was available on a public Internet cloud server this week (July 2020)

Internet NOT down

 Varied outages and reports of outages on the Internet today (17-July-2020).
Appears root cause was mis-configured router on Internet backbone.  Again.

Updates/Upgrades abound yet again

 Apple released iOS 13.6 and iPadOS 13.6 today as well as updates for tvOS 13.4.8, watchOS 6.2.8, and audioOS 13.4.8 for HomePod.

 Google released updates to Chrome and the browsers with Chromium engines have or will follow.

 Microsoft had patch Tuesday with 123 vulnerabilities patched, 17 critical.
Microsoft also patched a SERIOUS flaw in their server DNS service that was dreamed wormable.

 Apple released yet another beta for MacOS with the public beta for Big Sur soon.

 Firefox update as well.

 A few of our windows systems are now eligible for the 2004 feature update.

Windows 10 Version 2004 printer woes - solution?

 After the recent Windows 10 2004 feature update, users who applied that update suffered issues with printing. Not just printers but printing. Some user reverted to a previous Windows 10 version and the printing problems resolved.
 Some users desired to keep the features provided by the 2004 feature update, had no printing issues, or resolved to do workarounds until the July schedule B update was issued.
 If you are the few who wish to have the feature update and less printing problems, KB4567523 might be for you.

 The update/fix will not be available via Windows Update but users can "seek" the update, apply to their machines, and enjoy both feature updates and printing.

 Seek the cited KB4567523 at the Microsoft site.


NOTE: Searching for the KB4567523 patch via search engines will yield several non-Microsoft sites offering A KB4567523 patch, not THE patch. Better practice to get patches from the Microsoft Update Catalog.



You will need to choose the correct patch for your system.
Running the winver command may help

I hope you see the User Access Control popup then

Microsoft Patch Tuesday

Even though, even though Windows 10 version 2004 , Windows 10 Feature Update May 2010 is out for general release this week (if your system and hardware configuration meet or exceed the requirements) patch Tuesday schedule B still occurs.
  This month (June, 2020) the patches/updates are for 130 vulnerabilities.
Largest number of vulnerabilities to date.
  12 are rated critical
  Adobe flash and other Adobe products also get a security update.
  As before https://patchtuesdaydashboard.com for more detail.

Firefox version 77 released today 2-June-2020

https://www.mozilla.org/en-US/firefox/77.0/releasenotes/

eBay Chick-fil-A Citibank what are you doing?

 A LOT of port scanning occurs on the Internet.  A LOT.
The Internet accesses things via an IP address and the port at that IP address.
To get an HTTP web page you try to connect to the IP address on port 80. (A standard port number but it can be changed)
 So port scanning tries all the IP addresses and all of the 65536 TCP ports and all 65536 UDP ports.
This takes a lot of time and many "services" run these port scans and publish the results. If you watch a newly connected PC to the Internet it takes a few seconds until it will be port scanned.
 Firewalls, router settings, Windows Defender, IP tables, and many other defenses block these scans.

 It has come to light recently that eBay, Citibank, Chick-fil-A and many other sites will scan your devices to find open ports INSIDE your home network and send the results back to that site. Now all those sites know more about your network defenses and network capabilities than you.

 An explanation: Fraud detection. Most of the reported ports connect to remote access services like TeamViewer, VNC, etc. Criminals use these services to commit fraud. Use a user's open eBay connection to buy items using the user's credentials.

iOS Apps update crazy 26-May-2020

 A bug. Reports of many app updates on iOS devices.  Some report the apps are already updated so should not use a lot of bandwidth.  I has 11 updates.  Wife had 10.

Internet of Things

 Smart refrigerators, smart toasters, smart washers & dryers, smart beds  the list expands daily. The Internet of Things SIG provides methods and techniques to utilize these AND implement many more you may think of. A small investment in hardware, a bit of guidance from the IoT SIG and you too can monitor the soil for moisture from your home at your plot at the garden center.
 A recent article in Reader's Digest has some things getting smart(er).

 Rollbot can deliver a roll of toilet paper to the proximity of the user's smart phone with the app loaded. The Rollbot must be pre-loaded with the toilet paper roll which now has two problems. Loading the Rollbot and finding the toilet paper in stores.

 Socks & Shoes. Sensoria Smart Socks are fitted with  microelectronic chips that relays data on heart rate, pace, cadence, etc. to a smart phone app. Nike has self lacing shoes. After Back to the Future had self lacing shoes (they also flew?) for $400 you can have the latest in self lacing shoes to pair with your smart socks. Some wearable fabric changes color and pattern via microelectronics.

 Have pets? iFetch launches a tennis ball for the dog(s) to fetch and drop back into the device. For the felines ProFlight Panthers Cat Toy Drone flies around the room with the toy for the cat to chase.

You can watch the cat via video camera on drone, have the drone adjust altitude and do collision avoidance built into the drone. No user interaction required.

 News stories show how much pollution has lessened during the global virus measures. Air-Ink is a prototype pen you load up from car exhaust to make the ink.

 When we can travel again, Ovis Suitcase. A self propelled suitcase with facial recognition, collision avoidance, tracking to lessen the hassle we endure. Wondering how the device will track with owners with most everyone else wearing facial covering?  While travelling again Ambassador earpieces. Like air-pods but with microphones and translation software. You use one, the other party uses the other. Good for translating AND Covid-19 transmission.  Smart headphones that can differentiate car sounds from background sounds to warn of potential car-pedestrian contact. Not so good with electric cars i'd imagine.

 Recall Get Smart? The cone of silence? Bracelet of Silence is a wearable that jams Echos and similar smart speakers and other microphones. We have a device that responds with barking dogs by emitting a high frequency burst when a dog barks. It works.

 Ruggie is alarm clock that gets increasingly annoying and only shuts off when a floor mat is stood on for a period of 30 seconds.

 Motion Pillow -  for the people who snore and those who love them. The device has microphones on the bedside table. When these detect snoring noise, the pillow with inflatable airbags adjusts the snoring person's head to stop the snoring.   In the Helpful <> Harmful vain  a report of the spouse imitating snoring sounds to give the sleeping partner a head roller coaster ride.

May Microsoft Patch Tuesday B schedule Windows patch released today 12-May-2020

 111 Vulnerabilities, 16 rated critical.
For our machines the patch installation took over an hour.

We are patch seekers. If you are a patch avoider, set your Windows Update

Samsung smart phone vulnerability 0-click

ALL Samsung smart phones  All  since 2014    since Android 4.4.4  KitKat  have a flaw in the Skia image library that allows a hacker to take control of the attacked Samsung phones with out a user clicking on an image and in some cases, no user notification.

 The attack is involved, it might take many tries, but if successful the attacker can control any/all of the phone's functions. Most successful attacks take several hours of effort to exploit.

 Samsung has a May 2020 security update to address the vulnerability.

Caller ID spoofing ALERT

 We have been warned that fraudsters spoof CallerID so you are more prone to answer. Then they use the CallerID of  local law enforcement, neighbors,    your bank.
 Your bank. We have been warned to call the bank back if there is any doubt as to the authenticity of the call and not be so easily fooled by a spoofed CallerID.

 Now reports of the spoof going the other way. Fraudsters spoof YOUR CallerID and call your bank. If the CallerID matches the bank's records and the "normal" methods of verifying your IDentity pass, the bank will comply with the requests and you will not be happy. 
 Social media, big data, and prior phone calls to you might provide enough information to successfully pass the bank's fraud detection scripts and methods. 
 In our experience the bank may ask to verify or provide the last few transactions on the account. Often the bank's list has a few transactions you did not make - part of the procedure, you will not recognize or acknowledge these false transactions by design.
 Now fraudsters are successfully circumventing this method.
 How?
 They spoof your CallerID and use the automated systems to learn your last few transactions.
 I would think this would be a very targeted attack, but wanted to raise awareness.
 Awareness, preparedness, understanding.

Google Chrome Update

 Latest release as of  this writing   Version 81.0.4044.129

Got iPhone Got lock-ups, freezes, shutdowns?

 Have iPhone lockups, freezes, etc. lately? By sending eMail, Messages, and some other apps with Notification enabled a receiving iPhone, perhaps iDevices like iPads, can lockup.
The message, eMail, or other app just needs to send a crafted message with a special character set to cause the lockup. That crafted message has made it onto many forums so the lockups are becoming more and more common. 
 Apple is aware and says it has the fix. Until the fix is available you might consider disabling Notifications for some apps and features like Messenger, eMail, etc.
 It's not the app, its the Notification.
 Settings -> Notifications  then Notifications Off for Messages, etc.
Then re-enable Notifications once the problem is fixed.

Update: With out Notification Messages, eMails, and other Apps will need to be explicitly checked. The lockups, freezes, etc. are usually a nuisance.Balance that with having no notification. A power cycle, wait for automatic reboot, etc.

COVID-19 Cyber Safety

Safer  NOT Safe

 Major cyber security outlets cite 30,000% increase in Covid-19 scams, attacks, IDentity thefts, security breaches, and other criminal activity. The lock down has affected the criminal element, they are fighting back.

 Most of the financial damage to our cyber wealth has been using scams to which no amount of security hardening of our Internet connected devices would prevent.
Is your credit card number for sale on the Dark Web? Enter it here to find out. If it wasn't before, it will be now.

 All of the major browsers have had security updates recently. Most of the browser add-ons, banking applications, VPNs, zoom, etc. have several security updates. Microsoft, Apple, Linux   same efforts.

 Microsoft released KB4550945 out of band April 22. Very rare, Very important. As last Tuesday is non on a B schedule, you will need to use Windows Update to request it.
 Zoom has important updates to date and should update to release 5 very soon.

 We are feeling financial pain. The criminal element is feeling their financial pain. Take effort to not let their pain cause your pain.

Suddenlink BGP Safety

Linksys and D-Link routers and or Wireless Access Points

 All users of Linksys Smart Wi-Fi accounts had their passwords at that site reset 2-Apr-2020. Linksys found a large amount of traffic using a suspected credential stuffing attack to access that account's network. If successful the attackers changed the device's DNS settings to steer users to sites hosting COVID-19 related malware. The malware attempted to steal user's credentials for banking, financial, digital wallets, and others.
 If you have used Linksys Smart Wi-Fi web site to manage or monitor your Linksys or D-Link devices you should reset your account's password and check your device's DNS settings.

 It is good practice to have each device on your network use the local DNS settings on each network the device can connect to instead of the perimeter network devices like routers, cable modems, or Wireless Access Points.

Secret Consumer Score

 I recall getting a report card in school. Grades for the classes. Then a Deportment score. 
 The classes reports were understood and had a known range or score. A-F or 0-100 or similar. Deportment was free form and could be misunderstood. And verbose.

 Same now in the cyber world. We are aware of credit scores. Easily understood, though not always agreed.
 We might have a deportment score as well. I have yet to find a common name for this score or rating. Quite a few companies track and supply their customers with your consumer scores. The companies I have seen in reports:
 Sift
 Zeta Global
 Retail Equation
 Kustomer
 Riskified
 Consumer advocates who report on such matters tell interesting tales of the report contents. A reporter for the New York Times got a 400 page report on their activity that produced a customer score. The report included most of their messages to Airbnb, Yelp, etc. The report also included the date, time, device information, IP address, and more.
 Clients of these services use the information and consumer score to assess your trustworthiness. How long you have waited on hold, do you return items often, order take out late evenings, etc.
 For a period of time the companies might provide your report if you were under the GDPR protections. Now the response to a request for your data might be denied. The recent California Consumer Privacy Act has given some flux to the response requirements of these companies.
 The customers of these companies (You are the product, not a customer) use the reports and scores to help prevent fraud, flag big spenders, and perhaps give you the VIP treatment.
 A shock to the reports is how far back the data is kept. A shock is how arbitrary the scoring might be.

 I have requested my data. I will update this post if I obtain any.

Contact Tracing

 With the COVID-19 pandemic,  public and public health agencies are seeking ways to better control contagion.

 In 2017 BBC ran an experiment where British citizens were offered a smart phone application (app) to track their movements and correlate such movements with crowds to mathematically simulate a virus outbreak. 

 With the COVID-19 outbreak Singapore's government offered a smart device app TraceTogether.  Singapore has closed its borders, but business remains open. The app uses Bluetooth tracking with the user's permission to inform subscribers of potential contacts with known infections. Problem they found, not enough subscribers to be that effective.

 Now Apple and Google are working a similar method but the capability is to be built into the smart device's operating system. Thus iOS, iPadOS, Android would gain the capability with the normal smart device updates. This allows the capability to be turned off when the crisis passes, better control, regulation, and integration with public health technical capabilities.

 Warning about having smart devices with Wi-Fi enabled while away from the home network. The device will "beacon" its home network name as well as recent network names the device has associated with. The normal behaviour is to silently associate with any of these Wi-Fi network names. Convenient for home networks so no user actions needed to leave home and come back within Wi-Fi range. Not so safe as anyone with a radio can see these Wi-Fi beacons, name their Wi-Fi network name to match the beacon name, and you device will silently associate with this rogue network.

 Bluetooth has a shorter range with the integrated radio. Bluetooth randomizes its MAC address. The proposed tracking effort would further hash and change a Rolling Proximity Identifier every 15-20 minutes. These are received and recorded by any other Bluetooth device within range. The sending device can recreate these Identifiers.
Your device changes and sends these identifiers. Your device receives and records those other devices seen by the Bluetooth radio with an automatic delete after a preset interval. 
 When someone is diagnosed the public health authority issues that person a certificate which is added to the infected person list. If your device has been within Bluetooth proximity you will be informed so as to take the appropriate actions.

 Recall the HIPPA regulations and similar regulations, practices, and procedures are suspended during a pandemic. COVID-19 is a notifiable disease, health officials must inform the public. A contact tracing system can predict where the supplies needed should be deployed.

 Time will tell if this effort helps with the spread of COVID-19 and any follow-on contagions. 

 Our current efforts have been abused. People citing infection to have their workplace sent home, and all manner of other malformed behaviours.

 Then the issue of a difference between radio/Bluetooth proximity and virus transmit proximity. Apartment floors and walls as an example. And the reverse - virus spread via mutual touched surfaces and no radio proximity.

Microsoft Patch Tuesday 14-Apr-2020

 113 vulnerabilities patched with this patch Tuesday (2nd Tuesday of each month) session of updates.

The reported vulnerabilities in the Adobe Font Manager Library that missed last month's cycle is patched with today's update release. 

 There has been several Windows Defender signature updates recently as well.

 19 Critical updates, 3 with known active exploits. 

 patchtuesdaydashboard.com for more information.

Update: This patch update caused performance issues on one of our machines. Then on 22-Apr Microsoft released KB4550945 which resolved those issues. Rare for Microsoft to release out-of-band updates. The details have been slow in coming which prompted me to apply this update.

Stimulus funds

 Reports today (11-April) of stimulus checks arriving via direct deposit to banks.

 Recall the issues in the past wherein people have had their refund stolen by tax payer information stolen (recall information gives no indication of being stolen).

 The IRS is to use a number of external companies to capture information of our information to further guide the stimulus funds.
Intuit to capture and update information for non-filers, and another set of companies to change your bank routing and account information. Just in case you've changed accounts or have other issues since you have last filed a tax return.

then 

So asking the normal information, all available as public records or obtained via phishing, social media, etc.
Some/anyone else can file for your stimulus check(s) before you do, just as a very large number of us have had their tax refunds stolen.
You (or they) need to supply a phone number. Easily done by someone else. 
Then other security checks can currently be skipped.
Last years Adjusted Gross Income. Skip
PIN. Skip
State issued driver's License number or state issued ID: Leave blank

 As it is/was with tax refunds:
Be first to your stimulus funds before fraudsters.
BUT be real real sure you are at the real site and not a site created to steal your IDentity and stimulus funds.

Recall from last years Cyber Security SIG meetings, the city of San Marcos was a victim of a phishing attack where the tax details of all employees was sent to a external eMail address claiming to be a person in authority. Many of those employees were victim to a campaign to route federal tax refunds to other bank accounts or prepaid credit/debit cards.  With today's environment with workers working remotely or from home, the chance of a similar phishing attack increase AND the chance of such information being in transit over the Internet un-encrypted also is increased.

Chances of you being a victim are slight. But recovering your federal IDentity can take years.

 Awareness, Preparedness, Understanding.

Update: 15-April-2020

The IRS launched a website for tracking your stimulus payment.

https://sa.www4.irs.gov/irfof-wmsp/notice

MANY are reporting: Payment Status Not Available

Update:  25-Apr-2020   The first batch of 5 million paper checks due to arrive "soon" - this week. More checks are scheduled to be sent each week, about 5 million per week until September.

As stated above you may choose to provide the IRS with your bank direct deposit information to perhaps speed the process. Several sites that capture that information and have your stimulus payment information changed to their bank accounts have been found and taken down. Ability to capture your IRS interactions by manipulating DNS or BGP are in use  with new ones appearing daily. Phone scams, pop-up and browser ads and many other Covid-19 methods in use by criminals to steal your stimulus funds, sell you pandemic gear or treatments have increased by 30,000% in recent days. NOT a typo 30,000%
 Again, awareness, preparedness, and understanding to protect your financial wealth is a goal of the Cyber Security SIG>