Monthly Archives: April 2025

• Apple zero days for April

  Posted on April 17, 2025 at 03:00 CDT by Susan Bradley • Comment in the Forums

  In other security news, be aware that Apple has released several updates that include zero day fixes:

  Once again it appears that it’s targeted attacks only and not widespread.

  As with typical Apple releases, you will see them offered up to your phones or devices. With any device always make sure that you back up your devices. Typically this will be done online and over the air to a cloud backup.

   

  iOS iOS 18.4.1 and iPadOS 18.4.1	iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later	16 Apr 2025
  macOS Sequoia 15.4.1	macOS Sequoia	16 Apr 2025
  tvOS 18.4.1	Apple TV HD and Apple TV 4K (all models)	16 Apr 2025
  visionOS 2.4.1	Apple Vision Pro	16 Apr 2025

  Apple Apple updates, Patch Lady Posts, Security

• Seeing BSOD’s on 24H2?

  Posted on April 16, 2025 at 22:07 CDT by Susan Bradley • Comment in the Forums

  Microsoft posted a cryptic note on its Admin page that some Windows 11 24H2 PCs are experiencing BSODs after the April updates are installed (details in my forum post). I don’t have the April updates on all machines, nor has 24H2 been installed on every system, but I’m not seeing this in my environment.

  After reviewing my sources, it’s clear that not all 24H2 machines are afflicted. What it does point out is that Microsoft still has a serious problem with a lack of documentation.

  Are you seeing this on your Windows 11 24H2 machines?  I’m not!

   

  Windows Security Blue screens of death, BSOD, Patch Lady Posts, Windows 11 24H2

• It’s Identity Theft Day!

  Posted on April 15, 2025 at 16:05 CDT by Susan Bradley • Comment in the Forums

  It’s April 15, 2025, the day I call Identity Theft Day. In America, you may call it the tax deadline, but for me, in addition to being the date that we need to file or extend tax returns, it’s also the day that I find out who’s had their Identity stolen this year.

  So far, I’ve seen one dependent and one taxpayer who had their identity stolen. For the  child, this is a gift that keeps on giving because this year it’s Big sister’s turn to have to file an Identity theft affidavit. Several years ago, it was her brother’s turn. Both were impacted by a breach in a school’s master database several years ago and now the kids IDs are used as “bogus” dependents on other returns.

  Starting in September, the White House wants to take steps to phase out accepting and sending checks in the mail. Lost refund checks are a big problem.

  What can you do about identity theft?

  1. File early. Whomever files first — whether attacker or actual taxpayer — is seen in the system first.
  2. Consider signing up for a voluntary identity protection PIN. This is a special number that gets mailed to you in early January and has to be in your electronically filed tax return in order to match up the info.  Without the PIN, the attacker can’t grab your identity. Yes, you will need to look for this piece of paper mailed to you in early January or log into your online IRS account to obtain it each year. It’s a slight hassle, but I think it’s worth it.

  If you file a tax return, consider signing up for a PIN.

  Security Patch Lady Posts

• The time has come for AI-generated art

  Posted on April 14, 2025 at 02:45 CDT by Catherine Barrett • Comment in the Forums

  

  ISSUE 22.15 • 2025-04-14

  Look for our BONUS issue on April 21, 2025!!

  MEDIA

  

  By Catherine Barrett

  The horse may have five legs, but it’s already out of the barn.

  AI-generated images are here to stay, and we need to learn how to recognize them and use them legitimately. They’re not authoritative depictions of how things look, but they are handy for illustrating ideas. In what follows, I’ll tell you how they work and address ethical and practical concerns.

  Read the full story in our Plus Newsletter (22.15.0, 2025-04-14).
  This story also appears in our public Newsletter.

  Media AI, ChatGPT, Copilot, DALL-E, Generative AI, Google Gemini, Leonardo.ai, Midjourney, Newsletters

• Hackers are using two-factor authentication to infect you

  Posted on April 14, 2025 at 02:44 CDT by B. Livingston • Comment in the Forums

  PUBLIC DEFENDER

  

  By Brian Livingston

  We’ve all seen those are-you-human tests that websites use to screen out data-scraping bots — e.g., click all the cars, enter the code we texted you, etc. — but, unfortunately, malicious hackers are now exploiting our trust in these common dialog boxes to trick us into installing malware on our PCs.

  It’s natural for us to simply click through whatever process a particular website may use for two-factor authentication (2FA). But hackers are taking advantage of that sense of familiarity to bypass our usual security measures and infect our machines.

  Read the full story in our Plus Newsletter (22.15.0, 2025-04-14).

  Public Defender Are You Human, ClickFix, Multifactor Authentication, Newsletters, Passkeys, Social Engineering, Two-factor authentication

• 23 and you

  Posted on April 14, 2025 at 02:43 CDT by Max Stul Oppenheimer • Comment in the Forums

  LEGAL BRIEF

  

  By Max Stul Oppenheimer, Esq.

  The pending bankruptcy of 23andMe raises important questions — questions that are relevant not only to those who have trusted that company with personal information, but more generally to anyone who trusts any company with personal information.

  This particular bankruptcy highlights the importance of reviewing user agreements as well as some shortcomings of current federal law. Fortunately, users who act promptly will be able to mitigate the potential risk.

  Read the full story in our Plus Newsletter (22.15.0, 2025-04-14).

  Legal Brief 23 and Me, Bankruptcy, Newsletters, Privacy, Terms of Service

• April’s deluge of patches

  Posted on April 14, 2025 at 02:42 CDT by Susan Bradley • Comment in the Forums

  PATCH WATCH

  

  By Susan Bradley

  It’s a good thing we no longer receive individual updates fixing each unique vulnerability. If we did, we’d be calling “uncle” right about now.

  Historically, the number of patches released each April tends to be large. I attribute this to the final end of the holiday slump, when the folks at Microsoft are back up to full steam and working on fixes with gusto.

  This time around, there are 124 vulnerabilities in Windows, Office, Azure, .NET, Visual Studio, BitLocker, Kerberos, Windows Hello, OpenSSH, and Windows’ Lightweight Directory Access Protocol (LDAP).

  Read the full story in our Plus Newsletter (22.15.0, 2025-04-14).

  Patch Watch CVE-2024-21302, CVE-2025-21204, CVE-2025-26670, CVE-2025-29809, inetpub, KB5002623, KB5002700, KB5055581, KB5057589, Microsoft Edge, Newsletters, Office 2016, Patch Lady Posts, Windows 11 24H2

• WinRE KB5057589 fake out

  Posted on April 11, 2025 at 19:28 CDT by Susan Bradley • Comment in the Forums

  PK noted this behavior the other day (if I am recalling correctly) where the installation of the KB5057589 patch looks like it failed, but it really doesn’t.

  “This error is observed when the device installs the WinRE update when there is another update in a pending reboot state. Although the error message suggests the update did not complete, the WinRE update is typically applied successfully after the device restarts. Windows Update might continue to display the update as failed until the next daily scan, at which point the update is no longer offered and the failure message is cleared automatically.”

  Sigh.

  So if you get an install failure, you may not have an install failure, unless you really do have an install failure. My take: In a consumer setting the risk of issues of side effects of installing updates are often greater than the risk of attacks.

  Windows Security KB5057589, Patch Lady Posts
• « Older Entries