Google Chrome Security related Update 20-Dec-2023

  Chrome fixes zero-day vulnerability in Chrome. Other Chromium browsers should soon follow.

 Chrome current updated version:
Version 120.0.6099.130 (Official Build) (64-bit)

Firefox Security Update 20-Dec-2023

 Mozilla has released security updates to address vulnerabilities in Firefox and Thunderbird. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.

Firefox 121
Firefox ESR 115.6
Thunderbird 115.6

Apple Updates 19-Dec-2023

  iOS 17.2.1
 iPadOS 17.2.1
 macOS 14.2.1
 iPadOS 16.7.4

 Safari 17.2.1

Security and bug fixes

Comcast discloses data breach 19-Dec-2023

 Cable giant Comcast disclosing data breach to millions of Xfinity customers. 

 Breach occurred between October 16 and 19.

 Comcast learned December 6 some data was stolen.

 Data included usernames and hashed passwords, contact information, date of birth, secret questions and answers.

Apple Updates Everything 11-Dec-2023

 iOS 17.2

iPadOS 17.2

tvOS 17.2

Sonoma 14.2

Monterey 12.7.2

iPadOS 16.7.3

watchOS 10.2

And Safari

Missing Files with Google Drive?

 Google might be addressing what some Google Drive users are reporting: Missing files on their desktop Google Drive application.

 Google recommends updating to latest Drive version: 85.0.13.0.

 This document might help:

Google Drive Support Document

Google issues Chrome browser update 6-Dec-2023

 Google has issued an update to the Chrome browser.

1 emergency patch and 6 security fixes.

Latest Chrome release: 120.0.6099.63

Expect other Chromium browsers to update soon.

Information Regulator demands information from TransUnion and Experian on alleged hack 30-Nov-2023

 Alleged hack of credit bureaus TransUnion and Experian.

Hackers claiming possession of consumer data to be released or sold if ramson ($60M) is not paid.

Legal obligations under section 22 of the Protection of Personal Information Act.

 The allocations may or may not be true.

 A recommended practice for all 4 credit reporting bureaus:
Every few months check to see if you requested alert, freeze, or block is still in place AND you are able to use your PIN.

 The dilemma:  Freeze  "They" can access your information.
The attackers have your PIN so "they" can unfreeze the re-freeze your access.

TransUnion, Experian, Equifax, Innovis.

Apple issues Emergency Updates 30-Nov-2023

  Emergency updates:

iOS 17.1.2
iPadOS 17.1.2
macOS Sonoma 14.1.2
Safari 17.1.2

Malicious webpages can exploit vulnerabilities to exploit memory corruption.

 Emergency updates

Emergency Chrome Update 28-Nov-2023

  Emergency Chrome update available today. 

Windows should update to version 119.0.6045.200

Mac and Linux to version 119.0.6045.199

AND browsers based on Chromium engine. Most browsers except Safari and Firefox

Got files/folders on Google Drive? Might want to check.

  Many users are reporting months of files/folders stored on Google Drive have gone missing.

 Google is investigating.

 A synch issue with Google Drive desktop versions 84.0.0.0 thru 84.0.4.0.

 Google warns NOT to disconnect account within Google Drive.

Preserve app data folder:

• Windows: %USERPROFILE%\AppData\Local\Google\DriveFS
• macOS: ~/Library/Application Support/Google/DriveFS 

WARNING Dangerous Popups and Notifications

 Some of us are plagued by pop-ups and notifications. Hackers are increasing their efforts to get victims to click on links, notifications, and pop-ups.

A few recent examples:

These "features" enable web sites to design notifications that appear to come from macOS.

For macOS you can setup to limit these notifications and pop-ups.

MacOS System Settings > Notifications > Application Notifications
Now choose the applications you wish to have notifications.

For Safari Settings > Websites > Notifications and enable or disable the web sites as desired.
Then Safari Settings > Websites > Pop-up Windows and choose websites as desired.

The more real the notification and/or pop-up appears - the more caution should be exercised.

   

ChatGPT and OpenAI API outage November 7 & 8

  The outage of ChatGPT and associated OpenAI API due to a distributed Denial-of-Service (DDoS).

 Anonymous Sudan claiming responsibility.
American organization, alleged cooperation with Israel claimed.

Apple Updates available November 7, 2023

 iOS 17.1.1, iPadOS 17.1.1, macOS Sonoma 14.1.1

Vicious Virus NodeStealer spread by fake ads in Facebook

  Facebook ads that appear to come from Meta (Facebook).
Click on one of these ads and the NodeStealer virus is loaded.

 NodeStealer can and will steal passwords and personal information. 
The personal information stolen is increasing in amount as this virus evolves.

 The ads come from business that have had their Facebook accounts hacked and compromised.

 The ads usually say "Photo Album" but your malicious ad may be different.

 This campaign has had a very large scope and successful infection rate.

 Some examples:

Apple Updates a Lot October 25, 2023

 iOS 17.1

iPadOS 17.1

Sonoma 14.1

tvOS 17.1

iPadOS 16.7.2

iOS 15.8

Monterey 12.7.1

WatchOS 10.1

  Important bug fixes and security updates.

Recommended for all users.

Apple App store – check for updates

OneDrive

WinRAR Vulnerability Manual Update required

 WinRAR is an archive application popular on the Windows platform. 

The vulnerability is addressed in WinRAR version 6.24

Solar Magnetic Storm Level Increase

 

Williamson County Sheriff's Office offering free steering wheel locks to Hyundai and Kia owners

  Recent increase in auto thefts of Hyundai and Kia vehicles has prompted the Williamson county sheriff's office to provide a limited number of steering wheel locks for owners to attempt a curb the recent increase in auto thefts of those vehicles due to videos on social media detailing how to easily the process is.

 To request a steering wheel lock email the sheriff's office:
CID@wilco.org
with contact information including phone number.

Apple releases security patches for iOS 16.7 and iPadOS 16.7

 Patches/updates to iOS 16.7.1 and iPadOS 16.7.1.

This to address vulnerabilities fixed last week on the more current iOS and iPadOS versions.

So, security updates!

Not so for iOS 15.7.9

IMPORTANT Information MOVEit

 

                                                MOVEit
We try to keep up and protect our IDentity and personal information.

A product used by a very large number of corporations, institutions, and
governments called MOVEit had a severe vulnerability that hackers took
advantage of and stole large quantities of information for months before
being found. Many affected corporations may still be unaware of the data breach
or scope.

A lot of us are just now being notified of how much of our data has been breached.
We are getting legal notification from publicly traded companies due to forced
SEC filings.

These legal notices may offer credit monitoring services. The credit monitoring services
require our personal information to monitor that personal information.

A lot of these credit monitoring services we may have never heard of. The contract is
between the breached company and the credit monitoring services. We probably will
not know those details.

So, as never before we need to be Aware. Prepare. Understand.

Details can be obtained from the Cyber Security SIG presentations.

Apple updates for vulnerabilities iOS 17.0.3 iPadOS 17.0.3

  Recent discovery of vulnerability in WebRTC which exposes mobile devices to arbitrary code execution attacks.

Microsoft security related updates to Edge, Teams, and Skype

 The applications listed used a vulnerable open-source library that was found to have active exploits.

Please visit the Microsoft store to obtain and update these products.
And any other applications with available updates.

Consider removing these applications if they are unused.

Georgetown Police warning on Fundraising phone scam

By FOX 7 Austin Digital TeamPublished October 3, 2023 12:13PMCrime and Public SafetyFOX 7 Austin

GEORGETOWN, Texas - The Georgetown Police Department is warning residents about a new phone scam where the caller claims to be fundraising for public service agencies.

GPD says the caller says they're "fundraising for the police department or fire department" and will be persistent in asking the resident if they agree that police or fire should be funded.

The goal of this scam is to get the resident to say "yes" at which point they hang up and now have a voice recording of that "yes."

GPD is reminding residents it will never call about fundraising or have someone else call on their behalf. 

GPD also advises that if you don't recognize the number, it would be safer to let it go to voicemail rather than answer and potentially fall victim to a scam like this.

Nation wide test of Emergency Alert Systems and Wireless Emergency Alerts October 4 2:20 PM Eastern Time

  Radio and TV stations:

“This is a nationwide test of the Emergency Alert System, issued by the Federal Emergency Management Agency, covering the United States from 14:20 to 14:50 hours ET. This is only a test. No action is required by the public.”

Wireless Phones:

“THIS IS A TEST of the National Wireless Emergency Alert System. No action is needed.”

Wednesday's test of the Emergency Alert System will be the seventh ever test. The test of Wireless Emergency Alert will be the second time the test is sent to consumer cellular devices.

Google Chrome Vulnerability patched

  Google has released a patched version of Chrome.

Other chromium based browsers are sure to follow.
Current version of Chrome  117.0.5938.132 (Official Build) (64-bit)

Mozilla releases security updates to multiple products

 Mozilla releases updates for Firefox, Firefox ESR, Firefox Focus for Android, and Firefox for Android

Firefox version 118.0.1

Apple updates a LOT

  Apple today (21-September-2023) updates available to address three new vulnerabilities. 

 CVE-2023-41993, CVE-2023-41992, CVE-2023-4199

Updates to addresses these security vulnerabilities are now available for:

iOS 7.0.1  iPadOS 17.0.1   watchOS 10.0.1   macOS Ventura 13.6  macOS Monterey 12.7  Safari 16.6.1

Applying these updates is recommended.

Some of my beta releases had to be reverted to apply the recommended updates.

And iOS and iPadOS 16.7

And Pages, Keynote, and Numbers

Georgetown Police warn of Phone scam

 

Georgetown police warning residents about phone scam

By FOX 7 Austin Digital Team

Published 1 hour ago

FOX 7 Austin

GEORGETOWN, Texas - The Georgetown Police Department is warning residents about a recent phone scam.

Scammers may be claiming that they are Chief Cory Tchida or that they are with Georgetown police and that you have a warrant and need to pay a fine over the phone.

GPD says this is a scam and they will never ask residents for money over the phone. 

Security Updates for A LOT

 The severe security vulnerability has been addressed for a lot of things, like browsers, messaging applications, LibreOffice, Affinity, Gimp, many Android applications, any and everything that uses library codes to render WebP images.

Chrome 116.0.5846.187  for Mac or Linux
Chrome 116.0.5845.187/.188 for Windows

Mozilla Firefox 117.0.1; Firefox ESR 102.15.1; Firefox ESR 115.2.1; Thunderbird 102.15.1; Thunderbird 115.2.2

Edge 116.0.1938.81

Brave 116.0.1938.81

Consider viewing the update page for your major apps.
Also check the mobile platforms: Android, Apple, and others

And Linux.

Apple updated their platforms a few days ago. Including the beta releases yesterday.

Then visit the Microsoft Store and Apple Stores for updates.

Then major apps for their update mechanism.

Google Chrome Browser issues Critical Update for security Vulnerability September 12

 Goggle has released a critical update to its Chrome Browser to address a severe security vulnerability being exploited in the wild.

 Details are being withheld - implying the severity and scope of the recommended update to the Chrome browser.

Recommended Chrome version for Windows 116.0.5845.187/.188

Recommended version for macOS and Chrome 116.0.5845.187

Apple Updates September 7, 2023 UPDATE

  Apple updates today September 7, 2023

Flaws in imageIO for macOS

Flaws in wallet for iOS, iPadOS, watchOS

iOS 16.6.1  iPadOS 16.6.1  watchOS 9.6.2  Ventura 13.5.2  Monterey 12.7.x

Updates to older Apple devices available today September 12.

iOS 15.7.9   iPadOS 15.7.9   Monterey 12.6.9  Big Sur 11.7.10

Kia & Hyundai recalls due to Fire Danger

  Not cyber related, but SAFETY related.

Today Hyundai and Kia are recalling some models due to fire danger.
Until the repairs affected owners are advised to park affected vehicles outside and away from structures.

The affected list includes:
Hyundai
2023 Tucson, Sonata, Elantra, and Kona models.
2023 and 2024 Palisade
Kia
2023 Soul and Sportage
2023 and 2024 Seltos models

Hyundai owners should be notified by letter beginning September 25.
Kia owners should be notified beginning September 28.

The problem cited as overheating of the electronic controller in the oil pumps.

Owners may notice varied warning lights, vehicle entering "limp home mode"  (ok, maby cyber related), engine does not turn off, smoke from engine compartment, or vehicle is inoperative.

Cited the Idle Stop & Go oil pump, which saves fuel by automatically shutting down the engine while the vehicle is at a standstill.

Apple Updates released today July 24

  MANY security flaws fixed.

iOS 15.7.8 iOS 16.6 iPad 16.6 macOS Ventura 13.5 macOS 

Monterey 12.6.8 macOS BigSur 11.7.9 tvOS 16.7 watchOS 9.6

PLEASE UPDATE

IMPORTANT iCloud storage Notice is malicious!!

  I got this today on an iPhone. Tempting. BUT the site you are taken to when the link is clicked is malicious.

PLEASE  BE AWARE.

Apple issues Rapid Security Response 16.5.1 (c) and others

 Apple is rolling out Rapid Security Responses for most devices as this is being written.

 16.5.1 (c) for iOS & iPadOS

 macOS 12.6.8 and 13.4.1 (c)

 Appears the goal is Safari 16.5.2

 Rapid Security Response might indicate the severity and purpose.

HCA Healthcare suffers a data breach affecting 11 million patients - What to know

  This story from CBS News July 11, 2023.

Hospital and clinic operator HCA Healthcare suffered a major attack risking the data of 11 million patients. 

 The stolen data includes names, addresses, contact information, appointments, and others.

 HCA learned of the breach July 5, 2023. One of the largest breaches in history.

 HCA should be contacting affected patients.

 HCA asks patients to contact them before paying any invoices. The CBS article lists the HCA contact information as 844-608-1803. Please use your information from verified resources to contact HCA Healthcare.

 With the scope and numbers of this data breach, expect increased phishing, identity theft, and focused attacks.

 St. David's is a HCA facility. You should check on your providers.

The notice HCA Healthcare is sending to affected customers:

On Monday, July 10, 2023, we announced that a list of certain information with respect to some of our patients was made available by an unknown and unauthorized party on an online forum. The list includes: patient name, city, state, and zip code; patient email, telephone number, date of birth, gender; and patient service date, location and next appointment date. Importantly, the list does not include: clinical information, such as treatment, diagnosis, or condition; payment information, such as credit card or account numbers; sensitive information, such as passwords, driver’s license or social security numbers. Additional information about the data security incident can be found at hcahealthcare.com/privacyupdate. We remain committed to protecting the personal information that is entrusted to us. Because patient contact information was involved in this incident, we encourage you to remain vigilant about any suspicious or unexpected communications from an unfamiliar source or from anyone claiming to be affiliated with HCA Healthcare. You can call us at 888-993-0010. Representatives will be available to provide assistance Monday through Friday, 8 am – 8 pm Central Time beginning Monday, July 17. Specifically, if you receive any communication regarding an invoice, outstanding balance, or payment reminder that you were not expecting or believe to be fraudulent, please contact us so that we can confirm the legitimacy of the message. We are working as quickly as possible to identify and contact patients whose data was impacted by this data security incident. Those individuals can expect to receive a mailed notification letter in the coming weeks and will be offered complimentary credit monitoring and identity protection services. We appreciate your patience as we continue to work through this event. Sincerely, Kathi Whalen SVP and Chief Ethics and Compliance Officer HCA Healthcare

Apple Removes Rapid Security Response 16.5.1 (a)

  Apple released a Rapid Security Response for most products Monday July 10.

iOS 16.5.1 (a)   iPadOS 16.5.1 (a)  macOS Ventura   macOS Monterey  watchOS  and  Safari.

That Rapid Security Response caused some web sites to not be displayed.

If you have loaded that Rapid Security Response before it was pulled by Apple and have issues with websites displaying in Safari  downgrade to remove the Rapid Security Response.
Settings > General > About > iOS version.

 Apple indicates a replacement Rapid Security Response to replace 16.5.1 (a) with 16.5.1 (b) soon.

Apple retiring My Photo Stream July 26, 2023

 

Apple releases iOS 16.5.1 iPadOS 16.5.1 June 21, 2023

  Security fixes. Recommended for All Users.   A few bug fixes

iOS 16.5.1

iPadOS 16.5.1

macOS Ventura 13.4.1

watchOS 8.8.1 watchOS 9.5.2

iOS 15.7.7

macOS Monterey 12.6.7

Zacks customer database hacked and published June 12, 2023

 Zacks Investment Research has reportedly suffered a data breach affecting 8.8 million customer records.

 The data could contain email addresses, usernames, unsalted passwords, addresses, phone numbers, first and last names, and other data.

 Zacks customer should be advised of a potential use of this stolen and published data in account hijacking, phishing, credential stuffing and other attacks. 

 Zacks customer should change their passwords.

Yet Another Chrome Browser Security Update 5-June-2023

  Another zero-day flaw.

Update Chrome to version 114.0.5735.110 for Windows

Update Chrome to version 114.0.5735.106 for Mac & Linux.

Other Chromium based browsers may follow with their updates.

Williamson County Clerk's Office announcing Property Fraud Alert program

 Property Fraud Alert program is a notification service that alerts subscribers is a document with their name is submitted to the County Clerk's Recording office.

 Subscribers can choose the method of contact that works for them.

 Subscribers can then go online to view the document(s).

 The FBI warns that property and mortgage fraud are fastest growing crimes in the country.

To subscribe: https://www.propertyfraudalert.com/TXWilliamson

Daam Android malware has access to sensitive data

  India's Computer Emergency Response Team  CERT-In.

Daam can bypass Anti-virus. Daam is distributed via websites and applications downloaded from untrusted sources.

 Once loaded the malware steals sensitive data: reading history, bookmarks, call logs, taking screen shots, accessing past screenshots, intercepting SMS, down loading and uploading files.

 Daam deletes most files after encrypting them with AES.

 Enhanced cautions on clicking on links in email, web sites, or popups. Using only trusted sites. We all know the drill. 

 Awareness, Preparedness, Understanding.

HP Officejet 902x printers Bad firmware

  Your HP Officejet Pro model 902x show error 83c0000B?

HP now indicating a bad firmware update from May 8 may be the problem.

 No current update as to when to expect a fix.

SOME Asus routers experience outages May 22, 2023

 Asus routers may or may have experienced internet access outages recently. The outage is due to a corrupt ASD file from an automatic update. Updates enables or not.

 Impacted routers should return to normal operations.

 If not, save the router settings, then factory reset.

KeePass Vulnerability Master Password retrieved from memory

 Unpatched (so far) KeePass exploit 

   Helps retrieve cleartext master password

 Retrieves from memory

 So even with database locked

 CVE-2023-3278

 Just memory access / memory dump

 process dump, swapfile, hibernation file, ..

 Windows, macOS, Linux, 

 2.53.1 and older are vulnerable 

 Version 2.54 should fix the issue

 BUT 

KeePass master password may still exist in memory

BEWARE of apps that can dump/access memory

CISA issues Samsung device exploration flaw.

  U.S Cybersecurity and Infrastructure Security Agency (CISA) has issues a warning for users of Samsung devices. 

 The issue impacts select Samsung devices running Android versions 11,12, and 13.

 Preliminary information indicates an information disclosure flaw that could be exploited by a privileged attacker to bypass address space layout randomization protections (ASLR).

 No indication on when Samsung may address this issue. 

Apple Updates Everything Update

  Many of Apple's platforms has updates released May 18. An unusual occurrence. On a Thursday?

 Apple is terse with details on security related updates.

Safari, macOS, iOS, iPadOS, tvOS, watchOS both current and older versions can apply the updates.

At lease three vulnerabilities are currently being exploited in the wild.

The exploit code can combine the three cited vulnerabilities to take complete system access just by visiting a malicious web site!

SO, Important. PLEASE UPDATE.

Some detail: 

CVE-2023-32373 allows arbitrary code execution as WebKit processes malicious content.

CVE-2023-32409 allows breaking out of web content sandbox, thus full system compromise.

iOS 16.5 iPadOS 16.5 macOS Ventura 13.4 tvOS 16.5 watchOS 9.5 iOS 15.7.6 macOS Monterey 12.6.6 and Safari updates available today May 18

 Apple Updates everything.

Mozilla releases Security Updates for Firefox and Firefox ESR

 Date: 9-May-2023

Mozilla releases security updates for Firefox and Firefox ESR.

Firefox release version 113.0 after the security update.

Apple Rapid Security Response released today May 1, 2023

 Rapid Security Response for devices: macOS, iOS, iPadOS

iOS16.4.1(a) iPadOS 16.4.1(a) macOS 13.3.1(a) tvOS 16.4.1

Very little being released so far

Which might indicate the severity of this fix/patch.

Yet Another Google Chrome Urgent Patch April 19, 2023

  The patch fixes yet another zero day vulnerability being actively exploited now.

The update should bring the Chrome version to

Version 112.0.5615.138 (Official Build) (64-bit)

Other chromium based browsers should soon follow with their updates.

The Six Step FBI Bank Warning URL

 The Six Step FBI Bank Warning

The Six Step FBI Bank Warning

 HOW WE CAN HELP YOU

• Scams And Safety
• Active Shooter Safety Resources

On the Internet: Be Cautious When Connected

Everyday tasks—opening an email attachment, following a link in a text message, making an online purchase—can open you up to online criminals who want to harm your systems or steal from you. Preventing internet-enabled crimes and cyber intrusions requires each of us to be aware and on guard.

Protect Your Systems and Data

• Keep systems and software up to date and install a strong, reputable anti-virus program.
• Create a strong and unique passphrase for each online account you hold and change them regularly. Using the same passphrase across several accounts makes you more vulnerable if one account is breached.
• Do not open any attachments unless you are expecting the file, document, or invoice and have verified the sender’s email address.

Protect Your Connections

• Be careful when connecting to a public Wi-Fi network and do not conduct any sensitive transactions, including purchases, when on a public network.
• Avoid using free charging stations in airports, hotels, or shopping centers. Bad actors have figured out ways to use public USB ports to introduce malware and monitoring software onto devices that access these ports. Carry your own charger and USB cord and use an electrical outlet instead.

Protect Your Money and Information

• Examine the email address in all correspondence and scrutinize website URLs. Scammers often mimic a legitimate site or email address by using a slight variation in spelling. Or an email may look like it came from a legitimate company, but the actual email address is suspicious.
• Do not click the link in an unsolicited text message or email that asks you to update, check, or verify your account information. If you are concerned about the status of your account, go to the company’s website to log into your account or call the phone number listed on the official website to see if something does in fact need your attention.
• Carefully scrutinize all electronic requests for a payment or transfer of funds.
• Be extra suspicious of any message that urges immediate action.
• Make online purchases with a credit card for an extra layer of protection against fraud.
• Do not send money to any person you meet online or allow a person you don’t know well to access your bank account to transfer money in or out.

Microsoft released Special Defender updates for Windows 10 & 11 15-Apr-2023

  Recent news indicates Microsoft Defender updates and signature updates may not have been applied as intended.

 This special update released today should be applied to bring things up to date.

 Normal method, Open Windows Update, choose Check for Updates.

 The current release information:

Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.387.1133.0)

Platform version: 4.18.2302.7

Engine version: 1.1.20100.6

Security intelligence version: 1.384.1537.0

Google Chrome browser emergency update April 14, 2023

  Few details thus far, which is worrying.

Reports of actively exploitable vulnerability.

Chrome users should seek and apply update to version 112.0.5615.121

Other chromium based browsers will probably follow.

 

Apple releases new firmware for AirPods, AirPods Max, and AirPods Pro April 11

  Firmware version 5E133. Performance improvements and bug fixes.

How to update?

Connect AirPods to the paired iOS device

Settings on the iOS device

General > About > AirPods

Check Firmware version

WAIT

Important Apple Updates April 7, 2023. Others may soon follow. UPDATE

 Apple released updates today April 7, 2023

iOS 16.4.1   iPadOS 16.4.1 and macOS Ventura 13.3.1

Also updates for macOS versions Big Sur, Monterey, and Ventura

Late reports indicate this update did NOT address some issues with recent updates, but rather fixes issues with vulnerabilities actively being exploited in the wild. 

Other platforms may be vulnerable as well. Good timing with most of the workforce with reduced staff for the holiday.

 We will keep this notice updated.

UPDATE: Older iPhone models get the security update April 10. iOS 15.7.5

Also iPadOS 15.7.5, macOS Big Sur 11.7.6, and macOS 12.6.5

The fact that Apple dropped support but provides this update should indicate the severity of the vulnerabilities found and fixed.

Apple to release iOS 16.4.1 due to issues with weather app, Wi-Fi passwords??

 We will update this news item as the details are released.

Apple Public Beta available 30-Mar-2023

  Public beta releases for macOS 13.4, iOS 16.5, iPadOS 16.5, and Safari 16.5 available 30-Mar-2023.

Apple Updates Everything March 27, 2023

  Apple released updates March 27, 2023

iOS 15.7.4  iPadOS 15.7.4

iOS 16.4  iPadOS 16.4

watchOS 9.4

tvOS 16.4

macOS Big Sur 11.7.5

macOS Monterey 12.6.4

macOS Ventura 13.3

Safari 16.4

Studio Display Firmware 16.4

Some feature updates. AND Important Security fixes.

Microsoft Windows 11 Snipping Tool and Windows 10 Snip & Sketch tool vulnerability and Update available

  The vulnerability (similar to Google Pixel snipping tools(s)) . The vulnerability could allow attackers to access data that users had cropped from an image.

 Visit the Microsoft Store. Access the Library then Updates available.

 After the updates you should have Windows 11 snipping tool version 10.2008.3001.0 and Windows 10 Snip & Sketch tool version 11.2302.20.0.

 This is an example of keeping everything up-to-date, even Apps from the App store.

Ring hit with ransomware 14-mar-2023

 Reports are Ring has been a victim of the ALPHV ransomware.

Ring denies this report. This blog will be updated as events develop.

March Security updates for Android 13-Mar-2023

  The March 2023 Android Security Bulletin includes fixes for two critical remote code execution vulnerabilities. The vulnerabilities affect Android versions 11,12, 12L, and 13.

 Google has advised Android partners at least a month ago.

 Check your Android device for security patch level 2023-03-05 or later. 

 Android devices, so phones, tablets, streamers, SmartTVs, etc.

Google Chrome and ChromeOS updated today 3-11-2023

  Some feature updates AND 40 security patches.

ChromeOS on Chromebooks also updated.  Other chromium browsers should be updating soon as well

Bitwarden Vulnerability

  Disclosed today, March 9, 2023

If the autofill feature is turned on (this feature if off by default) an attacker using a specially crafted web page with an iframe in the HTML code the credentials are automatically filled out in the parent web page.

Bitwarden was aware, but claimed the vulnerability was hard to exploit and many popular web sites ised iframes.

Now that the vulnerability is known Bitwarden users should be more aware and check the option autofill is disabled.

Bitwarden does issue a warning when you go to turn on its autofill feature, stating that "compromised or untrusted websites could take advantage of this to steal credentials."

Apple releases Rapid Security Response for iOS 16.4(b) and iPadOS 16.4(b) and tvOS 16.3.3 March 7, 2023

 The tvOS update is for Apple TV 4k 3rd generation and Apple TV HD.

The iOS and iPadOS Rapid Security Responses are for those in the 16.4 Beta testing channels.

Apple released Rapid Security Response update for iOS & iPadOS 2-March-2023

  Rapid Security Response issued for:

iOS Security Response 16.4(a)

iPadOS Security Response 16.4(a)

macOS Rapid Security Response 13.3(a)

ALL OF THESE Rapid Security Responses are for Beta releases

If you are NOT running any current Beta tests of any Apple hardware you may not see these Security Responses.

This Cyber Security News item will be updated as this develops

Browser Updates February 24, 2023 IMPORTANT!!

  Google Chrome version 110.0.5481.178 

  Edge 110.0.1587.56

 Firefox 110.0

 Brave 1.48.171

Opera, Vivaldi, Tor and others sure to follow

The vulnerability is rated CRITICAL

ChromeOS updated to version 110.0.5481.181

Apple released updates to users enrolled in public beta program

 iOS 16.4, iPadOS 16.4, MacOS Ventura 13.3 which i loaded today.

Perhaps tvOS 16.4 and watchOS 9.4 which i did not.

The next MUG presentation will detail what is new/changed.

ChromeOS Update February 16, 2023

  Google released ChromeOS version 110.0.5481.112 February 16, 2023

Chrome browser Version 110.0.5481.100 (Official Build) (64-bit)

Apple issues updates February 13, 2023

  Updates to most platforms.

iOS 16.3.1 iPadOS 16.3.1  macOS Ventura 13.2.1  tvOS 16.3.2  HomePod 16.3.2 

“This update provides important bug fixes and security updates for your iPhone,” Apple says.

No notice as yet of any updates to older iPhone iOS nor Monterey. There is an update to Safari for Monterey and Big Sur.

Apple releases updates tvOS 16.3.1 and HomePod 16.3.1 February 6, 2023

  Apple released today, February 6, 2023 updates to tvOS and HomePod. The updates come just weeks after tvOS 16.3 and HomePod 16.3.

 The updates tvOS 16.3.1 and HomePod 16.3.1 cite general performance and stability improvements.

Security Updates Firefox & Android 1-Feb-2023

 Updates to address security vulnerabilities for Firefox and Android were released today.

Firefox 109.0.1 is the current version after the update. 11 flaws. The warning from CISA>

Android update is available for the Google Pixel devices and Samsung Galaxy Note 10, Galaxy S21, and Galaxy A73

Apple Updates Today January 23, 2023

  Apple has released updates to most of its products today.

iOS 16.3, iPadOS 16.3, Ventura 13.2, iOS 15.7.3

Few features.   Security fixes.  More products may soon follow.

Apple TV 16.3   Safari 16.3

T-Mobile Yet Another Data Breach

  Bad actor gains data on 37 million current customers.

Breach occurred around November 25, 2022. Data leaked until January 5, 2023

Not a T-Mobile customer?  Did you sign to be notified when T-Mobile home service would be available in your area?

Firefox browser Update 18-Jan-2023

  Mozilla released an update to the Firefox browser.

Version 109.0

For most platforms.

Mozilla does not release much for their updates.

CISA has issued an advisory so the update is probably security related.

Please consider updating your instances of Firefox.