Patch Tuesday. Microsoft released 11 critical security vulnerabilities and six zero-days being actively exploited.

November 8, 2022.  Yesterday was Patch Tuesday.  Microsoft released 11 critical security vulnerabilities and six zero-days being actively exploited.

We often put a lot of faith in our firewalls and anti-viruses and ignore updating and patching our computers.  However, the good guys are always behind and are only responding to the latest threat after it has been exposed.

In total, Microsoft issues 64 patches to address security flaws in products including Windows, Exchange and Office – so get updating now.

The security flaws impact Microsoft products including Windows, Microsoft Azure, Microsoft Exchange Server, Microsoft Office and more, some of which have been targeted by malicious hackers for months.

Please update your computers as soon as possible.  

To read more please click on the following link;

https://www.zdnet.com/article/microsoft-patch-tuesday-fixes-11-critical-security-vulnerabilities-and-six-zero-days-being-actively-exploited/

How do so many users become victims of hackers, credit card info theft and ransomware?  They oftentimes get attacked while browsing the web.  Sometimes it happens via a web search or a link on a page visited.  Before one knows it a malware script has been downloaded and installed without any needed response from the user.

Webpages themselves are actively being exploited and attacks placed in the code of the website without the authors knowing.  Thus a website can become a means of malware/ransomware distribution.  Websites too need protecting but that is another story.  WordPress and web-hosting companies provide or sell website protection but not all websites take advantage of these services.

In addition to keeping your operating system and applications updated you need to update your browsers.  Google's Chrome has become the largest target among the browsers currently used.  See article below.

There's been a big rise in hackers targeting Google Chrome - doing this one thing can help protect you

We enter and store a lot of information in our internet browsers, making them a tempting target for cyber criminals.

Google has released security updates to address 6 severe flaws in their browser.  See link below;

Google Chrome: Apply new security update now to fix these six 'high severity' bugs | ZDNET

To update your Chrome browser, check in the upper right corner of the Chrome browser to see if there is an update notification.  Please click on it to update your browser to the latest version. Warning:  it usually requires a browser restart to complete installation, you can restart at your convenience.

You can always go to Settings, Help to check for updates.  If available, Chrome will apply automatically.

In tech news;

Apple Preparing iOS 16.1.1 as Widespread Wi-Fi Bug Persists - MacRumors

Apple Experts Say You Should Never Waste Your Money On This Storage Upgrade (yahoo.com)

For the first time, I'm switching to an AMD graphics card | Digital Trends

Intel to Introduce Wi-Fi 7 in 2024 as Apple Plans Imminent Move to Wi-Fi 6E - MacRumors

Apple Just Quietly Raised Prices for Apple Music and Apple TV Plus

 Apple raises rates for Apple TV and Apple Music.

Everybody mad at Comcast, Direct TV and other cable providers for constantly raising their rates so they cut their TV service and began to stream entertainment.

and here come the increases, Apple TV has increased their Apple TV plus service by 2 dollars to $7/month.  I have been paying $4.99/month and with the increase it is still a bargain.  Apple Music is going up by a dollar.

Apple's bundle service, Apple One, meanwhile, will cost $16.95 per month for an individual, a $2 increase. The Apple One family plan will hit $22.95 per month and its premier plan, $32.95 -- a $3 bump for both. Apple One individual and family plans include Apple Music, Apple TV Plus, Apple Arcade cloud gaming and iCloud remote storage services; premier includes those four and both Apple Fitness Plus workouts and Apple News Plus, which unlocks multiple subscription newspapers, magazines and other news outlets.)

However Apple is not alone.  Other streamers, Netflix, Spotify, Disney and YouTube have raised their rates in the past year and the Prime membership jumped from $99 to $119 and now $139/year if you want to keep your Prime Video.

Yesterday both Google and Microsoft reported disappointing numbers on Wall Street so YouTube subscribers may see an increase soon.

FYI... to read more about the increases in streaming services, click the link below,

https://www.cnet.com/news/apple-just-quietly-raised-prices-for-apple-music-and-apple-tv-plus/

T-Mobile Home Internet Redux, 5 best Browsers, Microsoft Patch Tuesday

T-Mobile Home Internet Redux, the last time I'll talk about it.

I so much want to dump Comcast that I called T-Mobile again last Friday to inquire about data plans.  I was paying $50/month.

I found out this, as I stated in the 1st post 2 weeks ago, when I looked up my address online the website said the service was not available at my address but I was able to order the modem anyway.  When I setup the T-Mobile modem the phone app could not connect to the T-Mobile network and I had to set it up manually.  I was pulling 250 mbps download and pretty happy until I received the message that I had used up 80% of 100 GB allotment in 13 days and T-Mo was going to throttle my speed.

T-Mobile Home Internet vs T-Mobile Home Internet Lite

I found out that the modem couldn't connect to their actual 5G Home Internet.  It was connected to their phone networks 5G signal.  They call that Home Internet Lite.

If I could connect to their true 5G Home Internet then I would have had unlimited data for $50/month.  The Home Lite plan allows you to purchase more data but in incremental increases and it's not cost effective.

So now I am on their wait list, waiting for them to install equipment in my neighborhood.

To check your address visit the following link;

Check Eligibility for 5G Internet | T-Mobile 5G Home Internet

Microsoft's Patch Tuesday - October

Microsoft has released new updates addressing 84 vulnerabilities.  The Redmond company said that one flaw had already been exploited and another has been publicly announced.  Earlier this month patches were released that addressed 12 more CVEs (Common Vulnerabilities and Exposures) found in the Edge browser.

The vulnerability that has been exploited is a Windows COM+ Event System Service Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain system privileges.

The publicly disclosed vulnerability is a Microsoft Office Information Disclosure Vulnerability. This vulnerability, discovered by Cody Thomas with SpecterOps, puts at risk user tokens and other potentially sensitive information.

If you have not updated your computer this month, please take the time tonight before leaving to start Windows updates installing on your computer.

To read more click on the link below;

https://www.zdnet.com/article/everything-microsoft-announced-at-the-october-surface-event/?ftag=TRE-03-10aaa6b&bhid=%7B%24external_id%7D&mid=%7B%24MESSAGE_ID%7D&cid=%7B%24contact_id%7D

What is the best browser to use?

The most commonly used browsers are Chrome, Firefox and Edge.  With Cloud services becoming more ubiquitous, cloud service companies have to make sure their products work with these major browser players.  However, which is best to use?... Chrome does not make the top 5.

I  use the Brave browser for Global Administration of client MS365 sites as well as banking activities.  Brave is rated #1 for overall privacy.

It allows me to peruse many newspapers without a subscription.  It comes with Tor browser and VPN built in.  When I launch an in-private windows using Tor however it hides your public IP address via a VPN and often assigns a European Public IP.

If you have heard of it before, Tor is the infamous browser most associated with the Dark Web.

To read more about the best browsers click on this link;

The 5 best secure browsers for privacy in 2022 | ZDNET

T-Mobile 5G Home Internet Update

T-Mobile Gateway sent packing.

As promised I wanted to update you on my experience with the T-Mobile Gateway, (see previous T-Mobile post).  The device was easy to implement and the speed was very good considering I was only getting 3 out of 5 bars signal strength.  I averaged 250 MBPS download speed and the service never faltered even after connecting my main TV along with my Surface Pro notebook.  I do all my TV watching via streaming including news.  I have an internet only subscription, Comcast business, 

I never got around to connecting all my devices which would have been 2 desktops, server, printer and 2 more TVs.  I'm glad I never fully converted since on day 13 of my 15 day trial I received a message from T-Mobile (see below) that I had used 80% of my 100 GB data allotment and they were going to slow down my speed until the next billing cycle.  Sorry T-Mobile, throttling my speed is not an option.

The customer service lady I spoke to was very nice and helpful and said that T-Mobile hopes to be able to provide unlimited data to my area some time in the near future.  If that happens and the price is reasonable, (I was paying $50/month) I'll be back.  In the meantime, bye-bye T-Mo.  

T-Mobile 5G Home Internet Review

T-Mobile 5G Home Internet, going Rogue on Comcast

When it comes to broadband internet, I have been with Comcast since 1998.  I can remember telling clients you really should see this.  I was pulling 3 mbps download and we were raiding Napster for songs at blazing speeds.  We could hook into a T3 line and download 75 songs at the time.  Friends and relatives were lucky to get a song a night using dial-up.

At the time my clients would say all we need are emails and don't need broadband.  Fast forward 24 years and civilization cannot exist without it.

Now I'm seeking an alternative to Comcast.  My location unfortunately does not have fiber yet so I am excluded from Google or AT&T fiber.  Up until this week my only alternative has been AT&T, internet 75, not fiber.  I refuse to go with AT&T since my experience dealing with them on client accounts has always been disappointing as to speeds, (they promise up to 75 MBPS, but may be only 5 MBPS).

I have had Comcast Business for 3 years now and of course the bill keeps climbing.  I have internet service only, no cable TV.

I decided to try T-Mobile 5G home internet.  I entered my address info and voila,

However, all was not as it seemed.  Upon continuing I had to verify my shipping and emergency (911) address.  The address prefilled by the website did not match my actual street address.  I'm at 4228 and it was responding with 4308.  I had to call customer service and the rep told me that the service was not available at my address.  Undaunted the next day I tried again and this time the rep allowed me to change the shipping and emergency address.  I was able to place the order and my internet appliance arrived Tuesday.  I have a 15 day trial before my service starts at $50/month.

Installation and setup.

The device setup was simple.  I attached the power cord, downloaded the T-Mobile app on my iPhone and I was ready.  I started the app and things looked bleak.  It could not auto attach to the T-Mobile 5G network or discover my location.

I then chose manual installation and provided my street address and phone number.  Next I gave it a secured password/key for the internet and accepted the default SSID (Wi-Fi name).  The device then attempted to connect which it accomplished successfully, but only 2 out of 5 bars strength.

I attached my Surface Pro notebook, ran a speed test and found I was pulling 120 MBPS down/8 MBPS up.  The instructions advised to place the device on an upper level near a window.  I moved the device upstairs, trying 3 different rooms. all locations had 3 bars out of 5.  I found that even with 3 bars, some of the locations were not ideal for WIFI due to walls and distance so I opted for the middle level of the house with 3 bars.

So far I'm pleased with the results.  I've tested and used the internet with my notebook and I can't discern any difference between it and my Comcast signal.  I ran the http://speedof.me speed test and the results are:

So far so good... this is with 3 of 5 bars signal strength.  If T-Mobile can improve the strength of the signal to my device I have no doubt that the T-Mobile Home Internet is a worthy alternative to Comcast.  The price is no comparison, $50 vs $130 plus per month.

This weekend I plan to test the device using all my devices including streaming on the TVs.

The T-Mobile device has 2 ethernet ports.  However the location of the device isn't convenient for my lower level office.  I will drop an ethernet cable and connect to an ethernet switch to conduct the test.

I will post an update to the blog next week and publish the result of my experiment with the T-Mobile Home Internet.

Have a great weekend.

The Newest Windows 11 update 22H2 and more

Is it time to update to Windows 11?  The latest Windows 11 update 22H2 contains features that have many saying yes!

This feature update isn't likely to turn Windows 11 skeptics into fans. It doesn't include any major architectural changes and it preserves both the system requirements and the overall design of the user experience from the initial release. This is, at its core, a "fit and finish" update, with a handful of new features that are useful but far from essential.

The 8 best new features are:

1. Drag and Drop for the Taskbard
2. Folders on the Start Menu
3. Updated File Explorer
4. Live Captions
5. New Touch Gestures
6. Update Task Manager
7. New Inbox Apps:  ClipChamp, Sound Recorder
8. Smart App Control.

To summarize key features;

Windows 11 has changed the way security is handled.  Windows 10 left security settings up to the user to enable.  What Microsoft found was that most users did not understand how to make the changes or the trade offs in compatibility and performance.  Windows 11 has inverted that view and now makes the security settings default for users.

In addition to security, the new Windows 11 update contains improvement in performance, better throughput and more beneficial features.  Microsoft's Photos app is also getting a much needed makeover.

File Explorer's Quick Access will now be called Home, however Quick Access will shift to the right panel where you can pin files and folders.  Windows will be adding a Tabs feature to File Explorer in October 2022 as an optional preview and then in November as a full release.  A File Explorer Tabs interface will allow you to open a new Tab like in a browser where you can search and open files without opening another File Explorer instance, much needed.

The Windows 11 22H2 upgrade was made available yesterday, 09/20/22.  It may already be installed on your Windows 11 computer, waiting for a restart to finish installing.

To read about what to expect and more from this update, please see the following links.

https://www.zdnet.com/article/windows-11-22h2-how-to-get-microsofts-latest-os-update-and-whats-coming-next/ 

https://www.bleepingcomputer.com/news/microsoft/hands-on-with-windows-11s-new-task-manager/

https://www.zdnet.com/article/windows-11-22h2-these-are-the-big-new-security-features/

Windows 10 EOL (End of Life)

You have until October 14, 2025 to keep using Windows 10 and continue receiving at least some sort of support from Microsoft for it. However, the company announced in November 2021 that it will only release feature updates after version 21H2 (the Windows 10 November 2021 Update) annually in the second half of the year via the General Availability Channel.

The next Windows 10 feature update is slated for the second half of 2022. Home and Pro editions of the November 2021 Update will only receive 18 months of servicing and support, and Enterprise and Education editions will receive 30 months of servicing and support after November 2021.

After that, Microsoft says it will continue to support at least one annual Windows 10 release until October 2025.

 https://www.lifewire.com/windows-10-end-of-life-4163811 

Who Will Pay the Price for Cyberattacks?

Insurers have long excluded war damage from their coverage. A new spate of legal battles will decide whether they can consider state-sponsored hacking an act of war.

https://www.wsj.com/articles/who-will-pay-the-price-for-cyberattacks-11662645501?st=05lt1qffidk57d4&reflink=desktopwebshare_permalink

Safeguard iPhones, iPads & Macs: Apply security updates now. Microsoft 365 Basic Authentication ends October 1, 2022

Safeguard your iPhones, iPads and Macs: Apply these security updates now

Apple urges users to patch their devices as newly disclosed vulnerabilities 'may have been actively exploited'.

There are reports that Apple products to include iPhones, iPads and Macs are actively being targeted by hackers due to a series of vulnerabilities in the IOS's of the devices.

In the wake of the heightened political tensions with state actors as well as plain old criminal hackers, it would be wise to apply Apple's latest security updates to your devices ASAP.

To read the more click on the following link,

https://www.zdnet.com/article/safeguard-your-iphones-ipads-and-macs-apply-these-security-updates-now/?ftag=TRE-03-10aaa6b&bhid=%7B%24external_id%7D&mid=%7B%24MESSAGE_ID%7D&cid=%7B%24contact_id%7D

Microsoft is turning off Basic Authentication for Exchange Online customers.

On October 1, 2022, Microsoft is turning off Basic Authentication in Exchange Online for all tenants.

If you have Microsoft Exchange as part of your Microsoft Office subscription, you need to enable MFA, Multi-Factor Authentication.  This will require you to receive a code either via email or cell phone each time you login to http://office.com.

In addition, a secured password will be required for any desktop email app such as Outlook or Mozilla Thunderbird.

As more sophisticated cyber criminals take aim at hybrid and remote workers, Microsoft is working to raise awareness among Exchange Online customers that one of the most important security steps they can take is to move away from outdated, less secure protocols, like Basic Authentication.

Basic Authentication puts companies at greater risk of data breaches and disruption of email. There are 921 password attacks every second, almost doubling the frequency of attacks from 2021. In addition, the FBI’s Internet Crime Complaint Center (IC3) received 19,954 business email compromise (BEC) and email account compromise (EAC) complaints with adjusted losses at nearly USD2.4 billion.

To read more, click on the following link:

It's Time to Disable Basic Authentication in Office 365  - Office 365 Reports (o365reports.com)

Other security news:

Reported ransomware attacks are just the tip of the iceberg. That's a problem for everyone

Shame or just trying to avoid bad publicity means there's very little useful data recorded on ransomware attacks.

https://www.zdnet.com/article/reported-ransomware-attacks-are-just-the-tip-of-the-iceberg-thats-a-problem-for-everyone/?ftag=TRE-03-10aaa6b&bhid=%7B%24external_id%7D&mid=%7B%24MESSAGE_ID%7D&cid=%7B%24contact_id%7D

Federal courts hit by "significant and sophisticated" cyberattack in 2020

https://www.zdnet.com/article/federal-courts-hit-by-significant-and-sophisticated-cyber-attack-in-2020/

TikTok 'Kia Challenge' fuels rise in using USB cables to steal cars

https://www.insider.com/tiktok-kia-challenge-using-usb-cables-to-steal-cars-2022-7

Warning: Malicious browser extension targets Gmail and AOL users

https://www.komando.com/security-privacy/malicious-browser-extension/848631/

How to find and remove spyware from your phone

Surveillance apps are becoming more advanced. Here's what to do if you think you're being tracked.

https://www.zdnet.com/article/how-to-find-and-remove-spyware-from-your-phone/

Deepfakes are coming, New Phishing attacks come with Countdown clocks. Beware.

The next big security threat is staring us in the face. Tackling it is going to be tough

Deepfakes are getting better at mimicking real people. Soon that's going to be a problem for everyone.

The development of AI and facial recognition has led to many advancements in the tech arena.  However as always the hackers are exploiting this new tech to their advantage.

While ransomware gets the headlines and attention, BEC costs businesses more losses that any other cyber crime.  Some of you may have experienced a BEC attack.  A BEC (business email compromise) attack usually comes in the form of an email purportedly from the boss asking staff to send or authorize financial transactions immediately and discretion is key.

By the time anyone might be suspicious, the cyber criminals have taken the money, likely closed the bank account they used for the transfer – and run. 

My small to medium size business clients have all experienced these emails.  Fortunately the receiver was smart enough to spot or question the validity and the email was a spoof, not a compromised user.  A spoof is when someone uses the email address/identity of someone but the source of the email indicates otherwise.

But if cyber criminals could use a deepfake to make the request, it could be much more difficult for victims to deny the request, because they believe they're actually speaking to their boss on camera. 

Scammers have already used artificial intelligence to convince employees they're speaking to their boss on the phone. Adding the video element will make it even harder to detect that they're actually talking to fraudsters. 

Many companies and organization feature pictures of their staff on their websites or social media pages.  With new programs and techniques, deepfakes are coming.  The FBI has warned that cyber criminals are using deepfakes to apply for remote IT positions.

To read more please click the following link;

The next big security threat is staring us in the face. Tackling it is going to be tough | ZDNet

This phishing attack uses a countdown clock to panic you into handing over passwords

A phishing attack is borrowing a technique from ransomware groups by looking to scare the victim into doing what they want.

There is a new phishing attack with a twist.  If you don't supply them with your credentials within a time limit, POOF!... your account is deleted.

Everyone has been subjected to these emails in the past, some are good in appearance and some down right amateurish.  For the most part Microsoft, Google and others will not email you directly about your credentials.  However, some banks, credit cards and online services do send emails notifying you that your password is expiring.

Always be certain to verify.  If possible do not use links within the emails but verify through a trusted link, perhaps in your favorites.  I always wait until they will not let me login and then use a password reset link.

Be careful and don't panic.

Read more at this link;

This phishing attack uses a countdown clock to panic you into handing over passwords | ZDNet

Chip shortages.

The ongoing chip shortage is continuing to have an impact on availability and cost of new computers.  Intel's 11th generation processors have experienced large price increase in the past 2 months.

An Intel Core i7 11700K processor initially increased $20 last month.  Today the same processor will set you back $70 more than a couple of months ago.

If you are interested in a new Intel DForce workstation please contact us on the www.drivingforce.net website.

Thanks!

MS365 issues 07/20/22, other Microsoft 11 news, Microsoft Windows 11 Computers

MS365 issues 07/20/22

I only had one report of issues with MS Teams and Exchange yesterday.  I check and reported to the client a degradation of Exchange services and Teams.  Microsoft this a.m. has issued a statement about the service outage after it stretched into hours.

Microsoft has said a recent deployment that contained a "broken connection to an internal storage service" was the likely cause of an outage that left many users unable to access or use various Microsoft 365 apps for several hours.  

The service issues, which started on the evening of Wednesday July 20 and continued into Thursday morning, slowed down or prevented access to several Microsoft services, including Microsoft Teams, Exchange Server, Microsoft 365 admin center, Yammer, Microsoft Word and other Office applications. The issue also prevented auto-patching within Microsoft Managed Desktop and other services.

More Microsoft News:

Windows 11 stuff

Microsoft is deploying a new Autopatch service.  It is a welcome relief for admins who have been having to deploy as many 100 updates/patches or more a month to Windows 11 machines.

Autopatch arrives to make Windows Patch Tuesday a breeze

The best Surface PCs: Which device is right for you?

Microsoft just changed the update policy recently, moving away from Patch Tuesday.  Now they are shaking it up again with new Windows 11 features up to 4 times a year. 

Microsoft said to be ready to shake up the Windows update schedule. Again.

Is your Windows license legal? Should you even care?

Time for a new computer?

If your computer doesn't move the way it used to or it is now a bottleneck in your daily work or online life then consider upgrading to a new Intel based machine.

The newest Intel processors, Generation 10 and up offer power and advantage well above previous processors.  In addition the mainboards and chipsets supporting these processors allow use of newer technologies and add-ons that further enhance computing power.

For example, consider hard drives.  The older hard drives, SATA based are fine for storing vast amounts of photos, music and archive data but they pale greatly in speed compared to the newer SSDs, (Solid State Drives).  However, not all SSDs are the same.  Today there are SATA based SSDs that use the same interface as your older hardware drives.  They are much faster than hard drives but even they cannot come close to SSDs based on NVMe technology.

SATA interface connect to your mainboard via a cable.  NVMe plugs directly into your mainboard via an interface that directly accesses your system and provides unmatched read/write speeds.

NVMe drives offer instant computer start up and data access unmatched by SATA drives.  However, not all NVMe drives are the same.  Some offer speeds twice or 3 times quicker than others.

https://www.ibm.com/cloud/blog/hard-disk-drive-vs-solid-state-drive

10 things that let cyber criminals in.

In today's cyber threat environment prompted by economic conditions and amid today's heightened geopolitical tensions due to Russia's invasion of Ukraine, cybersecurity has taken on renewed urgency.

The US Cybersecurity and Infrastructure Agency (CISA) and it's peers around the world have created an issued a list of concerns that prioritize things companies and individuals can do to minimize threats to systems.  This list is called Alert (AA22-137A).

• Multifactor authentication (MFA) is not enforced.
• Incorrectly applied privileges or permissions and errors within access control lists. 
• Software is not up to date.
• Use of vendor-supplied default configurations or default login usernames and passwords.
• Remote services, such as a virtual private network (VPN), lack sufficient controls to prevent unauthorized access. 
• Strong password policies are not implemented. 
• Cloud services are unprotected. 
• Open ports and misconfigured services are exposed to the internet.
• Failure to detect or block phishing attempts.
• Poor endpoint detection and response.

What should you do?  The italicized items above are within your control.

Multifactor authentication (MFA) or two step is a must for those using SaaS or cloud access services.  Many users consider it an annoying additional step but it is necessary to secure and protect cloud services and assets.  What it does is require one to receive a code via text or email when trying to access the service.

If you or a user's credentials are compromised via phishing or malware the hacker can then access the compromised account from any connected device and cause havoc via using the account to send spam emails phishing for information or carrying malicious attachments.  In addition, they create rules diverting critical emails from financial institutions to their own external email accounts.

What's more, once in they have access to OneDrive and SharePoint documents.  Using this data they can glean information about finance and uncover personal information about other users, staff and clients.

Even worse, an attacker could upload files containing malicious software that can spread to other systems.  Worse yet, Ransomware could be deployed and all of a company's data could be encrypted and held ransom by the attacker.

MFA is becoming a prerequisite required by insurance companies who provide coverage against damage caused by cyber attackers.

If your company has MFA implemented none of the above can happen since the attacker cannot access the compromised account without the code that is delivered via text or a secondary email account.

Software is not up to date.  Because of non patched systems, even MFA was compromised.  Last year Russian hackers combined a default policy shared by multiple MFA solutions and a Windows printer privilege of escalation flaw to disable MFA for active domain accounts and then establish remote desktop protocol (RDP) connections to Windows domain controllers

Be sure to keep your computers and devices updated.  Check and make sure Windows Update is running and apply updates when available.

Use of vendor-supplied default configurations or default login usernames and passwords.  Routers, switches, printers and other devices are delivered with User names and passwords to prevent access to the device and the underlying network.  These credentials are the same for all of a manufacturer's products and readily available via a Google search online.  Discover what your device's credentials are and change them.  You can do this generally via a browser interface using the IP or Mac address or the device.

ISPs, internet service providers routers and equipment are guilty of this as well.  Comcast, AT&T have public IP addresses that can be used to access and exploit the device using these credentials.  Linksys, Netgear and almost all consumer routers are guilty as well.

Strong Passwords.  Too many users take password policy lightly.  Avoid using dates that coincide with life events, i.e. birthdays, anniversaries, etc.  Do not use consecutive numbers and when strong passwords are established, avoid changing a good password by adding a one when it expires, example, Zav98721 to Zav98722.  Attackers and their algorithms are wise to this and once a user and compromised password on on the dark web, an attacker will try this.  For more info on creating strong passwords, see my previous blog post from March 7, 2022.  

https://dforceatl.blogspot.com/2022/03/httpswwwcnbccom20220227most-common.html

For more info on securing your computer and network environment, use the following link to the full article;

https://www.zdnet.com/article/fbi-and-nsa-say-stop-doing-these-10-things-that-let-the-hackers-in/?ftag=TRE-03-10aaa6b&bhid=%7B%24external_id%7D&mid=%7B%24MESSAGE_ID%7D&cid=%7B%24contact_id%7D&eh=%7B%24CF_emailHash%7D

Password Security, Windows 10 settings that need to be turned off, Chromebook use by Date

Good morning.  In today's blog,

- These are the 20 most common passwords leaked on the dark web — make sure none of them are yours

With no end in sight for the Ukraine/Russia conflict and the threat of Russian cyber warfare, it is important for everyone to assess their password strategy to secure their online data.  see below for more info.

- Turn Off These Annoying Windows 10 Settings

One of the default settings in Windows 10 allows Microsoft to use your computer to provide updates to other users on the web?  That's right, your computer and internet connection are being utilize world wide as an update server.  See this section below for more information.

- Before You Buy a Chromebook, Check the Expiration Date

Are you considering buying a Chromebook?  Be sure to check your expiration date.  Who'd have thought, Chromebooks have a use by date?

https://www.wsj.com/articles/before-you-buy-a-chromebook-check-the-expiration-date-11646538322?st=8yr80fa3kya5zw5&reflink=desktopwebshare_permalink

These are the 20 most common passwords leaked on the dark web — make sure none of them are yours

CNBC has published a list of the top 20 passwords found on the dark web.  Many of these I have seen in use or a slightly different version from some of those listed.

Password security is a pain I know but it is your only defense in protecting your financial and personal data from being stolen and causing much more pain.

Some of the things you can do is change your passwords on a regular basis and do not reuse passwords either on the same account or use the same password for multiple accounts.  The first thing hackers will do once they have compromised one of your passwords is to try that password on your other accounts.

If you change your password do not perform a simple change such as adding 1 to a number, i.e. Blah987 to Blah988.  They know this trick.  They are equipped with powerful cracking programs that can perform millions of combinations and permutations of passwords based on a cracked password in minutes.  With many computers and lots of compromised systems working for them, they have time on their side.

To see the 20 most compromised passwords, follow the link below and then check the chart below to see how your password stacks up for complicity.

 Most common passwords hackers leak on the dark web: Lookout report (cnbc.com)

If your password wasn't on the list above then just how safe is your current password?  The chart below project just how long it would take a computer to crack your password.

The Y axis depicts the length of your password while the X axis lists complexity.

Turn Off These Annoying Windows 10 Settings

Did you know the default setting in Windows 10 allows Microsoft to use your computer to provide updates to other users on the web?  That's right, your computer and internet connection is being utilize world wide as an update server.

Microsoft plans to roll out Windows 11 to all eligible computers by mid 2022.  That said, if you have a computer that does not meet the hardware requirements to upgrade or prefer to stay with Windows 10 then read the following article and change these settings to improve your computer performance and Windows 10 experience.

https://www.msn.com/en-us/news/technology/windows-10-settings-you-need-to-disable-now/ar-AAOPTLU?ocid=msedgntp

DForce Intel based Windows 11 Workstations

https://drive.google.com/file/d/15EUghuRhwZbYitLvbLrhqncIbyYhNP_y/view?usp=sharing

Chrome Zero-Day Under Active Attack: Patch ASAP

 Chrome Zero-Day Under Active Attack: Patch ASAP

Google's Chrome, the popular web browser has a critical flaw that is currently under active attack by bad actors.  The flaw is classified as a zero day (active attack) bug and the patch needs to be applied immediately.

In a brief update, Google described the weakness, tracked as CVE-2022-0609, as a use-after-free vulnerability in Chrome’s Animation component. This kind of flaw can lead to all sorts of misery, ranging from the corruption of valid data to the execution of arbitrary code on vulnerable systems.

https://threatpost.com/google-chrome-zero-day-under-attack/178428/

The fix is to update Chrome browser to the latest version 98.0.4758.102.  This will resolve this issue along with 10 other security issues.

The affected OSs include MAC, Linux as well as Windows users.

To check your Chrome version and update do the following,

Click on Chrome Menu buttons at top right of browser and select Settings,

Next select About Chrome at the bottom

Check your version and make sure it is 93.0.4758.102.  If not update.

That is all. Happy Hump Day!

buy a computer!  DForce Intel 11th Generation Workstations

https://drive.google.com/file/d/15EUghuRhwZbYitLvbLrhqncIbyYhNP_y/view?usp=sharing

Microsoft Patch Tuesday-February 2022 and Windows 11

Yesterday was Patch Tuesday so many of you may be seeing the Windows 11 upgrade offer or a message saying your computer doesn't meet minimal requirements. Windows 11 requires TPM 2.0 (Trusted Platform Management), UEFI and Secure Boot enabled. If you have an older machine then you will probably not be eligible for the upgrade. It is estimated that 55% of existing Windows computers will not be Windows 11 compatible.  There may still be hope if you want Windows 11 however... discussed later in post.

If you are running Windows 10, Microsoft has issued updates to patch several security flaws, none deemed critical but Microsoft considers them to be ripe for exploitation.  One CVE-2022-22005 affects SharePoint which is critical to many users and organizations who utilize cloud access.

For a full list of Windows 10 patches please click the following link;

Microsoft Patch Tuesday, February 2022 Edition – Krebs on Security

Last Gasp for Windows 11 wannabes!

Despite a message that your machine is not compatible, you may still be eligible by tweaking your BIOS settings.  It may require a BIOS (firmware) upgrade but many machines have a TPM software feature that needs to be turned on and UEFI/Secure Boot enabled.

For a list of all the minimum requirements for Windows 11 click the following link; 

https://support.microsoft.com/en-us/windows/windows-11-system-requirements-86c11283-ea52-4782-9efd-7674389a7ba3

If you are already running Windows 11, the current Patch contains all the fixes from previous updates including a speed boost that corrects a bug that made drive write/read speeds slower.

Known issues (famous last words)

Microsoft is currently not aware of any critical issues in this release, but you should watch for a weird bug where recent emails might not appear in the search results of Outlook desktop app. This bug affects POP, IMAP, Microsoft Exchange and Microsoft 365 accounts.

There’s always a possibility that the Windows Update could break your device. In the past, some updates have caused major issues including Blue Screen of Death errors and problems running certain apps.

For a full list of bug fixes and improvements for Windows 11 in this Patch Tuesday release, please click on the following link.  It also contains links to the full install of Windows 11 which you can use to upgrade if you wish.

Windows 11 KB5010386 released with a speed boost and more (windowslatest.com)

DForce Windows 11 workstations

https://drive.google.com/file/d/1WouUA5OZ-LLQM2AQgawpG01_fHrn-D7X/view?usp=sharing