Monday, July 26, 2021

Apple updates 26-July-2021

 iOS 14.7.1  iPadOS 14.7.1 update issued today

BigSur 11.5.1

Posted by at No comments:

Tuesday, July 20, 2021

D-Link router vulnerabilities - Patch available

  D-Link DIR-3040 wireless router vulnerabilities fixed by Hotfix released by D-Link. 

 A plea to keep routers, cable modems, wireless access points and other perimeter devices, firmware, and systems updated.

 Check then double check for external access to your local area network devices.

 Secure these devices before someone finds and then exploits that access.

Posted by at No comments:

Summer of SAM Windows HIVE permission vulnerability

  Recent research has revealed that Microsoft Windows 10 and 11 versions may have left or changed permissions on the SYSTEM and SAM hives in the Windows registry such that any local user can access the information stored in these registry hives. The SAM hive contains hashes of users on that windows system! Including the Administrator account(s). 

 The discovery is hitting security news sites today (July 20, 2021) so attackers are or will soon be aware.



 The above commands will indicate if your versions of Windows has the misconfiguration. Most users are reporting the problem has existed since Windows 10 version 1809.

 While Windows is running these hives are locked.

BUT Volume Shadow Copy has read these hives and abusers CAN read those volume copies.


Methods to read the contents of these hives and obtain hashed passwords and other security configuration settings involve some knowledge that attackers have.

The hive permissions, the still unpatched (third time) Print Spooler vulnerability kinda makes a bad period for Microsoft.

Posted by at No comments:

Monday, July 19, 2021

iOS 14.7 released today 19-July-2020

 Updates to iPhone iOS 14.7

AppleTV, iWatch

BUT no iPadOS?  Me neither

Might be rush to support MagSafe?

Might be residual problem(s) with iPadOS?

Posted by at No comments:

Wednesday, July 14, 2021

Firefox Version 90 release

 Firefox browser update to Release 90 Yesterday July 13, 2021.

Features:

Windows users can have updates applied in background without Firefox running. What could possible go wrong?

Version 2 of Firefox SmartBlock feature.

Various security issues fixed.


Posted by at No comments:

Friday, July 9, 2021

US Presidential Execurity Order 9-July-2021

 Technology based. 72 provisions:

Hearing aids over the counter sales

FTC ban on non-compete clauses (or restrict?)

Internet subscribers to get more choices & better service

Right to repair - all electronics not just farm equipment

More rules or surveillance

Patent policy reform

and more

An example of Broadband disclosure:






Posted by at No comments:

Tuesday, July 6, 2021

Microsoft emergency patch for PrintNightmare released today July 6

 Microsoft today released patches for CVE-2021-34527, the vulnerability also known as "PrintNightmare". Patches are currently available for these versions of Windows:

  • Windows 10 Version 21H1 (32-bit, x64, ARM64)
  • Windows 10 Version 2004 (32-bit, x64, ARM64)
  • Windows 10 Version 1909  (32-bit, x64, ARM64)
  • Windows 10 Version 1809  (32-bit, x64, ARM64)
  • Windows 10 (32-bit and x64)
  • Windows RT 8.1
  • Windows 8.1 (32-bit and x64)
  • Windows 7 SP1 (32-bit and x64)
  • Windows Server, version 20H2 (ARM, 32-bit, x64, Server Core)
  • Windows Server, version 2004 (ARM, 32-bit, x64, Server Core)
  • Windows Server 2019 (including Server Core)
  • Windows Server 2012 R2 (including Server Core)
  • Windows Server 2008 R2 SP1 and SP2
Interesting inclusion   Windows 7
Interesting exclusion  Windows 10

If you have a printer shared from a Windows machine and have not disabled the print spooler service, consider the patch.

Interesting that Microsoft recognizes and auto corrects PrintNightmare
Posted by at No comments:

Microsoft PowerShell PATCH ASAP

  Available at Microsoft Store.

Recommended version 7.2 or higher.

CVE score 9.8




Posted by at No comments:

Western Digital woes increase

  The older MyBook Live network attached storage appliances surprised their users with a wiped network storage device. 

 The devices affected had support stopped some years ago. The devices still functioned as network attached storage - BUT the devices may have been hosting botnets, spam forwarders, and storage of malware as well. Some theorize a rival botnet gang is responsible for remotely wiping (removing ALL files using Internet access) the devices to block a rival botnet group.

 Newer Western Digital devices running MyCloud OS 5 should be ok.

A series of Western Digital devices can't run MyCloud OS 5. Thus those devices are vulnerable. Those devices can be used to run botnets, spam forwarders, and malware hosts.

 Disconnecting any Western Digital devices from the Internet is a good first step. Updating the MyCloud OS to at least version 5 (if possible) as a next step. Do these steps AFTER securing a known good backup. Malware loaded onto another system on your home network which is then capable of wiping your files and folders is a possibility even with the Western Digital updates.


This release from Western Digital:


Western Digital has determined that Internet-connected My Book Live and My Book Live Duo devices are under attack by exploitation of multiple vulnerabilities present in the device. In some cases, the attackers have triggered a factory reset that appears to erase all data on the device. To help customers who have lost data as a result of these attacks, Western Digital will provide data recovery services, which will be available beginning in July. My Book Live customers will also be offered a trade-in program to upgrade to a supported My Cloud device. The My Book Live firmware is vulnerable to a remotely exploitable command injection vulnerability when the device has remote access enabled. This vulnerability may be exploited to run arbitrary commands with root privileges. Additionally, the My Book Live is vulnerable to an unauthenticated factory reset operation which allows an attacker to factory reset the device without authentication. The unauthenticated factory reset vulnerability has been assigned CVE-2021-35941. We have heard concerns about the nature of this vulnerability and are sharing technical details to address these questions. We have determined that the unauthenticated factory reset vulnerability was introduced to the My Book Live in April of 2011 as part of a refactor of authentication logic in the device firmware. The refactor centralized the authentication logic into a single file, which is present on the device as includes/component_config.php and contains the authentication type required by each endpoint. In this refactor, the authentication logic in system_factory_restore.php was correctly disabled, but the appropriate authentication type of ADMIN_AUTH_LAN_ALL was not added to component_config.php, resulting in the vulnerability. The same refactor removed authentication logic from other files and correctly added the appropriate authentication type to the component_config.php file. We have reviewed log files which we have received from affected customers to understand and characterize the attack. The log files we reviewed show that the attackers directly connected to the affected My Book Live devices from a variety of IP addresses in different countries. Our investigation shows that in some cases, the same attacker exploited both vulnerabilities on the device, as evidenced by the source IP. The first vulnerability was exploited to install a malicious binary on the device, and the second vulnerability was later exploited to reset the device.

For customers who have lost data as a result of these attacks, Western Digital will provide data recovery services. My Book Live users will also be offered a trade-in program to upgrade to a supported My Cloud device. Both programs will be available beginning in July, and details on how to take advantage of these programs will be made available in a separate announcement.



Posted by at No comments:

Saturday, July 3, 2021

Bad Bad Android Apps!!

 At least 9 Apps available on the Google Play store have been removed from the Google Play store due to embedded malicious code that stole user's Facebook credentials in addition to performing the app the user loaded.

 These are the known Android apps:

  • Processing Photo
  • PIP Photo
  • Rubbish Cleaner
  • App Lock Keep
  • App Lock Manager
  • Lockit Master
  • Horoscope Pi
  • Horoscope Daily
  • Inwell Fitness
 These apps would offer to limit ads and provide more features if the user would authenticate to Facebook. Providing Facebook login credentials were then stolen and the App functioned as intended - other than stealing Facebook credentials and providing those credentials to the criminals.

 So, if you have or have had any of the listed Apps, you might consider changing your Facebook credentials and removing the infected Apps.
Posted by at No comments:
Subscribe to: Posts (Atom)