LastPass Customer Cloud Based Password Vaults Breach

 From the LastPass blog Today December 23

"To date, we have determined that once the cloud storage access key and dual storage container decryption keys were obtained, the threat actor copied information from backup that contained basic customer account information and related metadata including company names, end-user names, billing addresses, email addresses, telephone numbers, and the IP addresses from which customers were accessing the LastPass service,"

The vaults are encrypted, BUT

the encryption is proprietary and a previous LastPass breach stole source code.

AND LastPass customers can expect an increase in phishing and other attacks

Apple Updates Everything December 13, 2022

 Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected device.

• iCloud for Windows 14.1
• Safari 16.2
• macOS Monterey 12.6.2
• macOS Big Sur 11.7.2
• tvOS 16.2
• watchOS 9.2
• iOS 15.7.2 and iPadOS 15.7.2
• iOS 16.2 and iPadOS 16.2
• macOS Ventura 13.1

WARNING PayPal scam

 More and more residents are being targeted with a PayPal scam.

Victims get an email from the actual PayPal email server.

The email has an invoice from PayPal. The invoice is for something you did NOT order.

The invoice is for a significant amount of money.

The email and invoice have a toll-free number to call if the invoice is in error.

Once the victim calls the toll-free number they are connected to a well trained "agent" that promises to resolve the error.

To stop the credit card charge "they" need your credit card number and details.

To help prevent any such incident in the future they offer to "clean-up" your computer. They help you install an app (usually AnyDesk). They offer a survey on how satisfied you are with your service call today.

THEN

They have access   total access  to your computer, thus total access to any and all accounts stored/saved to your computer.

So

Checking the email sender address does not help - it is PayPal's email servers

The effort from the victim is to prevent a credit card charge, not luring you to purchase anything.

Victims are manipulated.

Awareness:

This scam was detailed in the Cyber Security SIG presentation October 6.

Yet More Apple Updates for iPhone & iPad

 Now iOS and iPadOS Rapid Security Response 16.2 (b)    28-Nov-2022

This update for iOS and iPadOS versions 16.2 -  The beta versions

Google Chrome Browser Update November 25 0-day Patch/Update

 Tracked as CVE-2022-4135 as a high severity heap buffer overflow in the GPU component.

Versions after update:

Windows 107.0.5304.121/.122

macOS and Linux 107.0.,5304.121

Apple Updates for iPhone & iPad

 Today, November 21 for my beta instances for both iPhone and iPad i see this update available.

From the wording this update appears to have some urgency. Not many of run beta releases. If you do, consider this update.  16.2(a)

Apple Security Updates 10-Nov-2022

  Apple has released security updates for some products November 10, 2022.

Updates:

iOS and iPadOS 16.1.1

Ventura 13.0.1

Monterey 12.6.2

These updates follow closely recent updates. Some suggest this indicates the severity of the flaws and importance of the updates.

IMPORTANT iOS Update - Active exploits being reported

 Security updates are the norm.

Some more important than others.

Recent updates for Apple products this week are important.

iOS 16.1 is an important update.

Whats App down, then iMessage, Then FaceTime

 October 25  About 3am Eastern time

Services slowly being restored.

Microsoft Exchange Server zero day vulnerability being ACTIVLY Exploited

  This has happened before.

Microsoft Exchange Server (the service/server that sends, forwards, and receives eMail) has vulnerabilities that allow attackers to take control of that service.

 Thus we should use caution and investigation to eMails more so than in the past.

 Last time this happened many eMails were forged, email distribution lists were exploited, and people lost money.

Uber is reporting a data breach

 

Lenovo issues Emergency Security Patch for hundreds of its models

 Lenovo is a computer manufacturer. Lenovo has sold a very large number of desktops, laptops, tablets, and other devices.

 The EMERGENCY patch addresses 6 high severity flaws. So Important.

 The flaws can be abused to steal sensitive data, escalate privilege, be used in botnets for denial of service attacks, and/or allow arbitrary code execution.

 The Common Vulnerability and Exposures fixed/addressed by this emergency security patch:

CVE-2021-28216 pointer flaw in TianoCore EDK II BIOS Elevation of privilege & arbitrary code execution

CVE-2022-40134 Information leak flaw in SMI Set BIOS password SMI handler  allows SMM memory reading

CVE-2022-40135 information leak vulnerability in Smart USB SMI Handler  allows SMM memory reading

CVE-2022-40136 information leak flaw in SMI handler used for configuring platform settings over WMI  allows SMM memory reading

CVE-2022-40137 buffer overflow in WMI SMI handler  allows for arbitrary code execution

American Megatrends security enhancements   No CVE

The fixes for the above flaws are part of the latest BIOS update. Keeping your BIOS updated is one of the many updates users of todays complex cyber environments. Updates to Windows, macOS, apps, browsers, routers, wireless access points, smart phones, streaming devices, smartTVs, etc.

Lenovo states: Advise to update the BIOS update immediately. More patches/updates to be released by the end of September and some in October.

If your Lenovo devices utilizes UEFI instead, Lenovo has patched these CVEs.

CVE-2022-1890, CVE-2022-1891, and CVE-2022-1892. Usually UEFI flaws are more difficult to exploit, but exploitable.

To patch your affected device's BIOS navigate to Drivers & Software portal at Lenovo's web site.

Choose Manual Update. 

CISA Alert (AA22-257A)

 Iranian Islamic Revolutionary Guard Corps-Affiliated Cyber Actors Exploiting Vulnerabilities for Data Extortion and Disk Encryption for Ransom Operations | CISA

Alert (AA22-257A)

Iranian Islamic Revolutionary Guard Corps-Affiliated Cyber Actors Exploiting Vulnerabilities for Data Extortion and Disk Encryption for Ransom Operations

Original release date: September 14, 2022

Summary

Actions to take today to protect against ransom operations:

• Keep systems and software updated and prioritize remediating known exploited vulnerabilities.
• Enforce MFA.
• Make offline backups of your data.

This joint Cybersecurity Advisory (CSA) is the result of an analytic effort among the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), U.S. Cyber Command (USCC) - Cyber National Mission Force (CNMF), the Department of the Treasury (Treasury), the Australian Cyber Security Centre (ACSC), the Canadian Centre for Cyber Security (CCCS), and the United Kingdom’s National Cyber Security Centre (NCSC) to highlight continued malicious cyber activity by advanced persistent threat (APT) actors that the authoring agencies assess are affiliated with the Iranian Government’s Islamic Revolutionary Guard Corps (IRGC). Note: The IRGC is an Iranian Government agency tasked with defending the Iranian Regime from perceived internal and external threats. Hereafter, this advisory refers to all the coauthors of this advisory as "the authoring agencies."

This advisory updates joint CSA Iranian Government-Sponsored APT Cyber Actors Exploiting Microsoft Exchange and Fortinet Vulnerabilities in Furtherance of Malicious Activities, which provides information on these Iranian government-sponsored APT actors exploiting known Fortinet and Microsoft Exchange vulnerabilities to gain initial access to a broad range of targeted entities in furtherance of malicious activities, including ransom operations. The authoring agencies now judge these actors are an APT group affiliated with the IRGC.

Since the initial reporting of this activity in the FBI Liaison Alert System (FLASH) report APT Actors Exploiting Fortinet Vulnerabilities to Gain Access for Malicious Activity from May 2021, the authoring agencies have continued to observe these IRGC-affiliated actors exploiting known vulnerabilities for initial access. In addition to exploiting Fortinet and Microsoft Exchange vulnerabilities, the authoring agencies have observed these APT actors exploiting VMware Horizon Log4j vulnerabilities for initial access. The IRGC-affiliated actors have used this access for follow-on activity, including disk encryption and data extortion, to support ransom operations.

The IRGC-affiliated actors are actively targeting a broad range of entities, including entities across multiple U.S. critical infrastructure sectors as well as Australian, Canadian, and United Kingdom organizations. These actors often operate under the auspices of Najee Technology Hooshmand Fater LLC, based in Karaj, Iran, and Afkar System Yazd Company, based in Yazd, Iran. The authoring agencies assess the actors are exploiting known vulnerabilities on unprotected networks rather than targeting specific targeted entities or sectors.

This advisory provides observed tactics, techniques, and indicators of compromise (IOCs) that the authoring agencies assess are likely associated with this IRGC-affiliated APT. The authoring agencies urge organizations, especially critical infrastructure organizations, to apply the recommendations listed in the Mitigations section of this advisory to mitigate risk of compromise from these IRGC-affiliated cyber actors.

For a downloadable copy of IOCs, see AA22-257A.stix.

For more information on Iranian state-sponsored malicious cyber activity, see CISA’s Iran Cyber Threat Overview and Advisories webpage and FBI’s Iran Threat webpage.

Download the PDF version of this report: pdf, 836 kb

IMPORTANT Apple Updates for iPhone and MAC

  Apple released important security Updates fir iOS and macOS.

 Updates for actively exploited flaws.

iOS 15.7, iPadOS 15.7, macOS Monterey 12.6 and macOS Big Sur 11.7.

iOS 16.0 as scheduled to start being offered today.

iOS 12 update Releases by Apple

 Users with older iPhones and/or iPads

iPhone 5s, iPhone 6, iPad Air iPad mini2, iPad mini 3

still running iOS version 12 should update to iOS version 12.5.6.

This update to address the same vulnerability August 17, 2022.

Mozilla releases update to Firefox, Firefox ESR, and Thunderbird

 Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system. 

 August 24, 2022

WARNING!! That free Microsoft Office USB drive that arrived in the mail is bad for you to load.

 

 People are getting a USB drive delivered by mail that appears to be a installation for Microsoft Office. 

 USB is engraved, has a product code, looks more line a Microsoft product than a Microsoft product.

 But is not from Microsoft. If you attempt to install it you will be in contact with Microsoft   BUT not in a good way. You may be attempting to get your PC working again.

 Very tempting   BUT please no.

Got an older macOS? Then please get Safari update

 Apple has released Safari version 15.6.1 for some older macOS versions. Big Sur and Catalina. This Safari update addresses a currently exposited vulnerability in WebKit. 

 This vulnerability was patched by Apple Tuesday for current versions of macOS, iOS, iPadOS and watchOS.

Google Chrome security update issued today August 17, 2022

  Google issued an update to its Chrome browser in response to a reported actively used exploit for vulnerabilities. 

 Other chromium based browsers are expected to follow with updates for their browsers soon.

Apple Updates today August 17

  Press release indicates security and bug fixes for iOS 15.6.1 and iPadOS 15.6.1. 

 I find macOS 12.5.1 available.

 Press release indicates watchOS 8.7.1 to be available but i don't find that update as of this writing. This update for Apple Watch series 3 only.

 I checked tvOS and don't see an update.

 Strong indications these updates address actively exploited vulnerabilities.

 Note: Several browsers have recent updates available this date: 17-Aug-2022.

Zoom Manual update for macOS

  It is recommended that a manual update to zoom be applied for zoom on macOS. An attacker can use the zoom update process to either down rev the zoom application OR obtain root access.

Malicious Apps to find and remove from your MAC

 Malicious apps can and are installed in Apple Macs.

Below is a current list of apps to find and remove:

• PDF Reader for Adobe PDF Files - Sunnet Technology Inc
• Word Writer Pro - TeamIdentifier
• Screen Recorder - TeamIdentifier
• Webcam Expert - TeamIdentifier
• Streaming Browser Video player - TeamIdentifier
• PDF Editor for Adobe Files - TeamIdentifier
• PDF Reader - TeamIdentifier

The cited apps have been removed from the Apple store, but they may have been loaded prior to that removal.

Fake reviews added to the ability to alter their behaviour when reviewed by Apple had increased the popularity and download in the Apple store.

Hacktivism on rapid rise

  Political sites are reporting an increase in hacktivism due to recent events. 

 Hacktivism is using cyber techniques to promote and/or harm sites with a political agenda.

 This causes an increase in bandwidth used for these activities.

WARNING Kia and Hyundai Auto Thefts on the rise!!

  Auto thefts on great increase for 

Kia models 2011 - 2021

Hyundai models 2015 - 2021

Lack of anti-theft devices and TikTok videos on how-to using a cell phone charger to start and steal the car. Thieves either steal the car, take joy rides to be published on social media, or drive away to film extreme damage to the cars.

 Kia and Hyundai have publicly acknowledged the problem. 

For more information:

Kia  1 (800) 333-4542

Hyundai 1 (800) 633-5151

BE EXTRA AWARE. Lock your vehicle

AND Hondas are subject to key fob replay attacks

LibreOffice Update to patch vulnerabilities

  Security vulnerabilities patched in LibreOffice.

Update to version 727, 732, and 7.3.3

Apple Updates Everything 20-July-2022

 Apple released updates to most products 20-July-2022.

iOS and iPadOS 15.6

macOS 12.5

watchOS 9.7

tvOS 15.6

As before security issues are of concern. A bug fix for Safari.

AND

Big Sur 11.6.8   Catalina 10.15.7

Google updates Chrome 4-July-2022

  Unexpected update from Google for Chrome browser.

Reported vulnerability in WebRTC - component in use in real-time comms utilities.

 Active exploration is reported.

Current version after update 103.0.5060.114

Expect updates to chromium based browsers to follow.

Suggested good practice - check for browser updates before any important browser session.

 As expected other chromium based browses are releasing updates:

Brave, Opera today.

Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird

 

Google Releases Security Updates for Chrome - Other Chromium browsers sure to follow

 

Williamson County Officials reporting jury scam calls

  Williamson county district clerk's office reports that residents of Williamson county are receiving calls informing them they have failed to report for jury duty and must pay a fine to avoid arrest. The call tells the called party to report to district clerk Lisa David at the justice center to remove the warrants.

 The Williamson district clerk has indicated no authority to make such calls are authorized. 

 If you receive such calls, the Williamson county sheriff's office requests reporting the incident at 512-943-1300.

Chromium Based Browser Updates abound June 10

  Almost every Chromium based browser has security updates available. 

 Chrome, Brave, Opera, Vivaldi, Tor, Edge, Torch, ...

 Security Updates. Not much in media on the vulnerability. Which is usually a sign to update with urgency.

TAILS users advised to NOT use the Tor browser until patched

  In several cyber security SIG presentations the Tails distribution was mentioned, and at one in-person meeting USB drives with Tails were provided to attendees.

 If you still or now use Tails, the maintainers advise to avoid the Tor browser included until the release of Tails version 5.1 (May 31).

 Tails - The Amnesic Incognito Live System   is a live Linux distribution with security and privacy at the top priority. 

 Tails is reported to be the system Ed Snowden used for its privacy and security.

Other Sun City Resources for Self, Home, and Fraud Security

 Other Sun City Resources for Self, Home and Fraud security:

Self Defense Club   Self and Home Security SIG

Past Presentations:

Cybersecurity Risks and Scams

Outdoor Surveillance Cameras

Williamson County Sheriff

CA Community Standards Director

   Safety Procedures

Georgetown Police Security

  Safety and Protection Devices

Safety on the Sun City Trails

Neighborhood Representative Organization

NRO Anti-Fraud Group

For your awareness, for your neighbor's awareness, for your family's awareness, for a community awareness.

May 20, 2022 MANY Browser Updates recently Many updates are security related

 Firefox 100.0.2

Chrome 101.0.4951.67 

Edge 101.0.1210.53 

Brave 1.38.119

Opera 87.0.4390.25

Safari 15.5 17613.2.7.1.8

Vivaldi 5.2.2623.48

ToR 11.0.10

Apple Updates EVERYTHING

 May 16, 2022

Apple updates everything.

iOS 15.5

iPadOS 15.5

Monterey 12.4

WatchOS 8.6

tvOS 15.5

Most updates include a measure of security fixes.  86 vulnerabilities.

Also Catalina 10.15.7, and Big Sur 11.6.6.

Mozilla releasing Out-of-Band update for Firefox Browser

  The out-of-band update to Firefox brings the latest version to 100.0.1.

Out-of-Band updates are almost always security related. A update to address a vulnerability.

 Recall the recent updates to Chrome and browsers based on the Chromium browser engine.

 Firefox is not based on Chromium.

Yet Another IMPORTANT Update for Google Chrome Browser 11-May-2022

 

 This update is important. This update is for all platforms. Updates to Chromium based browsers should follow soon.

UPDATE: Most browsers based on Chromium engine have updates available today May 14. This update is security related. Patching for a now known vulnerability actively being exploited!

Google releases Android Update May 5, 2022

  Google released monthly security updates for Android May 5, 2022.

The update fixes 37 security flaws for the varied components of Android. Each manufacturer that uses the Android system for its devices will then release the fixes for the varied components to customers. 

 One fix is for a kernel vulnerability rated with a CVSS score of 7.8 and was recently added by the US Cybersecurity and Infrastructure Security Agency to its known vulnerabilities catalog.

 This vulnerability was recently patched by most Linux distributions as well.

New Ability to request removal of Personally Identifiable Information from Google Search Results

  We addressed doxxing in a cyber security presentation recently.

 To help stem the tide, Google now provides a request page for users to submit for review and perhaps removal of any PII that contains too much PII.

"Google may remove personally identifiable information (PII) that has potential to create significant risks of identity theft, financial fraud, harmful direct contact, or other specific harms,"

"This includes doxxing, which is when your contact info is shared in a malicious way."

The link to the request page:

https://support.google.com/websearch/answer/9673730

MUST UPDATES for Java

  We will cover this in more detail in the Cyber Security SIG presentation May 5, 2022.

 A very recently discovered vulnerability in all recent Java versions allows attackers to create forged SSL certificates, signed JASON WEB Tokens, encrypted handshakes, WebAauth authentication messages, and more. A vulnerability akin to the Doctor Who blank IDentity card.

 The vulnerability was fixed in the April 2022 Critical Patch Update.

 Probably not something you need to address as a coder, BUT you should be aware that most of ecommerce needs to address and you need to be aware of.

Apple Beta

  Apple released beta 3 for most devices today  April 26, 2022

Microsoft Windows Cumulative Update Previews available today April 26

  At times Microsoft will release Windows cumulative previews to the public as a preview for Microsoft Patch Tuesday due May 10.

 Windows 10 has cumulative update

KB5011831

 Windows 11 has cumulative update

KB5012643

Both update previews have more detail by viewing the Knowledge Base (KB) article on the Microsoft site.

NOTE: This cumulative update preview is reported to cause some problems/issues:

Safe Mode may cause screen flicker - Safe Mode without Networking.

Some also report very long boot times.

Microsoft has addressed this via known issue Rollback.

This should be addressed by the May 10 Microsoft  Patch Tuesday.

UPDATE: Release today (May 2) Cumulative Update Preview for .NET Framework 3.5 and 4.8 for Windows 11 x64

Android Remote Execution Flaw

  No vulnerability is a good thing, but a remote execution flaw a really bad thing.

 Remote execution means the attacker can cause the attacked device to run any code the attacker provides.

 For android devices - phones, tablets, streaming devices, and others being able to capture and send files to the attackers, turn on camera and/or microphone without the owner's awareness, even take complete control of the device are possible. Once an attack is constructed it can and often is used by any/everyone.

 Most android devices use MediaTek or Qualcomm chips to decode audio files. A recently discovered flaw allows a remote execution flaw to be exploited. Using an android device for financial applications could thus be dangerous.

 Some android device manufacturers have recently updated their platforms to address this flaw. 

 Android version 12 is the recent version. Older devices may not be able to update to android version 12.

 To check your android version perform these steps (or similar)

Open Settings

Choose System > System update

 This flaw is making several news outlets so attacks are on the increase.

 The most common attack used: tricking the user to play an audio file with the exploit. 

FDIC - The Final Rule

  Until recently the FDIC had no requirement for a banking organization to report a cyber incident.

 The new regulation titled The First Rule states any banking organization must notify their primary federal regulator of any significant cyber security incident as soon as possible, but no later than 36 hours after the banking organization has determined that a cyber incident has occurred.

 So until now (the regulation went into effect April 1, 2022 with compliance by May 1, 2022) banks had no such requirement.

The cyber attributes for such notification:

• An incident has materially affected, or is likely to materially affect, the viability of a banking organization’s operations
• The banking organization cannot deliver its usual banking products and services to customers 
• The incident has the ability to affect the stability of the financial sector

 If the incident is materially affected or likely to affect the organizations customer base for four or more hours then customers must also be notified.

 Banks will need to address how to comply with The First Rule.

The First Rule does not address when a customer has a cyber incident due to their actions.

CISA Joint Advisory Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure April 20, 2022

 

FAKE Microsoft Windows 11 Update web page loads Malware

 

If your machine can not load Microsoft Windows 11 or you have to pay a license fee - This add may tempt you to Download Now.

Please do not. The download steals information and cryptocurrency wallets.

You get the URL for the above download page as a result of poisoned search results.

A lot of effort went into making the web page look real. A lot of effort will be needed by you to recover your machine, information and crypto currency wealth.

The new malware called Inno Stealer.

The malware disables registry security, adds Defender exceptions, uninstalls security products, and deletes shadow volumes.

As it is with any update/upgrade process, it is best to always use the vendor's site for updates/upgrades.

Shields Up A 60 minutes Episode April 17, 2022

  I had a good career as a cyber engineer for some critical infrastructure enterprises. Decades ago we defended against cyber actors seeking the advantage for the fifth domain. 

 Now with a kinetic war increasing political and cultural conflict, the potential for cyber warfare increases as well.

 A series of seminars in given on the Cyber Security SIG website under MEETING NOTES - SEMINARS.

 On a CBS 60 minutes episode tonight the "Shields Up" warning was given yet again The Cyber Security SIG's mission to raise awareness, preparedness, and understanding can now add the urgency to prepare. Not panic, prepare.

 A link to the Shields Up episode is given here.

YET ANOTHER Critical Chrome Update

  Seems like yesterday you updated your Chrome browser version on all your devices.

 For your Internet safety you should do the update once again.

 The update addresses vulnerabilities actively being exploited now.

Current Chrome version:  

Version 100.0.4896.127 (Official Build) (64-bit)

Microsoft 0-day Tarrask Using scheduled tasks for stealth and persistence

  Microsoft has announced recent detection of a state sponsored actor HAFNIUM using an unpatched vulnerability to exploit scheduled tasks to compromise Windows environments via scheduled tasks.

 The scheduled tasks are "hidden" due to a registry setting. Subsequent actions hide the scheduled task artifacts and provide persistence across reboots.

 For more information see this Microsoft article. 

A newer Android Banking Trojan

 April 11, 2020

 A new Android banking trojan has capabilities that enables it to take over calls to a bank's customer support number - with the official logo and customer support number.

The trojan is called Fakecalls. No real magic, the app seeks permissions to contacts, microphone, camera, geolocation and call handling.

The bank's pre-recorded message sounds just like the bank's own because it is the bank's own.

The cited permissions allow takeover control of your device.

To be safer do not share any confidential information over this phone call. Login Credentials, PIN, card security code, or confirmation codes

Android Antivirus Apps used to spread malware Banking trojans

 Several Android antivirus apps available from the Google Play Store are being used to spread banking malware.

The current list of those antivirus apps:

• Atom Clean-Booster, Antivirus
• Antivirus, Super Cleaner
• Alpha Antivirus, Cleaner
• Powerful Cleaner, Antivirus
• Center Security - Antivirus (two versions) 

The apps also do geofencing such that users in China, India, Romania, Russia, Ukraine, and Belarus being ignored.

The apps have been pulled from the Play Store but are available in other places.

Mozilla Update for Firefox April 6, 2022

 Current version 99.0.

Update address security issues.

Recommendations from CISA update on all platforms

Apple Updates April 1, 2022

 Apple Updates being pushed today 1-Apr-2022:

iOS 15.4.1

iPadOS 15.4.1

macOS 12.3.1

watchOS 8.5.1

tvOS 15.4.1

Fixes to address the battery drain problem 

AND 2 zero-day vulnerabilities being used in the wild

Safari 17613.1.17.1.13

Updates are available for some older macOS releases:

Catalina and Big Sur

Note: for iOS and iPadOS consider leaving the beta program

  Settings > General > VPN and Device Management

 Remove Beta Profile

 Restart

 Update

Chrome Browser Update 3/30/2022

 Version 100.0.4896.60

For most platforms 

Chromium based browsers like Edge, Brave, Opera, Vivaldi, Blisk, Colibri, Epic, and others may have updates soon.

Be aware that some applications check the version number. Some applications only check the first two digests of the version number.

Thus some apps and web sites may inform your browser is not supported.

As of this writing, Chrome OS is version 99.0.4844.94

Chrome Update for macOS

 Version 99.0.4844.83 to 99.0.4844.84 to match the version on Windows. Recommended due to current in-the-wild exploit.

Google Chrome OS Update

 Version 99.0.4844.86 available today 3/23/2022

News: White House warning on National Cyber Security

Potential Mac Monterey 12.3 problem

 

Chrome Security Update

 Version 99.0.4844.74 (Official Build) (64-bit)

Released today March 16, 2022 to address security issues.

Apple Updates

 iOS15.4

iPadOS 15.4

macOS 12.3

watchOS 8.5

tvOS 15.4

XCode 13.3

Logic Pro X

GarageBand 10.4.6

HomePod 15.4

Firefox and other Mozilla products Security Advisory March 7, 2022

 

Chrome update 15-Feb-2022

 Google urges users to update the Chrome browser due to a major bug.

Version after the update:98.0.4758.102

Other chromium based browsers should offer their updates soon.

Microsoft Release Preview 15-Feb-2021

  Microsoft released updates to Windows 10 and Windows 11 as a Release Preview today 15-Feb-2021.

No major changes to Windows 10, yet.

For Windows 11 a "first big update".

1) Preview of Android Apps on Windows 11  for systems in the US

2) Redesigned Notepad and Media Player

3) Taskbar improvements

Both updates are listed under Other Updates after install.

View Optional Updates under Windows Update to load. A reboot is required.

Apple Updates

watchOS  8.4.2

iPadOS 15.3.1

iOS 15.3.1

macOS Monterey 12.2.1

macOS Monterey 12.3 Beta 2

WebKit security issues   Vulnerabilities for malicious web contend

MacBook Bluetooth battery drain fix

US Cybersecurity and Infrastructure Agency (CISA) sets 25-Feb-2022 deadline for federal agencies to apply this update to iPhones, iPads, macOS, Safari.

iOS and iPadOS 15.3 update available today January 26, 2022

 Reported to fix Safari AND Other browsers that allows browser history to be leaked.

Plus other security and bug fixes.

I have not seen the update for MacOS and Safari as of this writing.

UPDATE: MacOS 12.2 available today.  26-January-2022

U.S. Power Grid - New Threats

 

Microsoft Windows Emergency Update

 

 The emergency update is released for Windows 11 and some versions of Windows 10. Also affected are some versions of Windows server.

A list of affected versions:

 In a statement from Microsoft:

The update fixes these issues after the January Patch Tuesday:

Some detail:

Crber attacks against Ukrainian government

 Yet again.  See Cyber Warfare parts 1 & 2 at Cyber Security Seminar series.

iOS 15.2.1 and iPadOS 15.2.1 released January 12, 2022

  Apple releases iOS 15.2.1 and iPadOS 15.2.1 today.

As is Apple's practice any security fixes are not usually documented.

Ah. The fix for the HomeKit DDoS vulnerability.

FAKE QR Codes placed on some Austin Texas Parking meters

 

 A

Austin police are warning to think carefully about scanning QR codes being found on Austin parking meters. The scan takes users to fraudulent sites and does not pay the parking ticket(s).

If you or someone you know has been a victim, file a police report.