Newsletter Archives

• Bank-Grade Security

  Posted on July 25, 2018 at 01:15 CDT by Kirsty • Comment in the Forums

  Before you do your online banking next, you might like to check out a website that rates the security of bank websites. It might have you rethinking just how secure they are.

  Bank Grade Security
  When companies say they have “Bank Grade Security” they imply that it is a good thing.
  In reality banks have poor security

  Check it out at https://bankgradesecurity.com/

   
  And while you are looking at online security issues, today marks the release of Chrome 68, which marks sites not using HTTPS as insecure. Security Researchers Troy Hunt and Scott Helme have just launched a new website, listing websites not using https. It’s not reassuring to see universities, government departments and many popular sites not using https yet, but there are early reports of sites changing to https as a result.

  You’ll find it at https://whynohttps.com

  Other Bank-Grade Security, banking sites, Browser security, Chrome

• The ‘AskWoody Lounge’ starts its second year

  Posted on January 30, 2018 at 05:00 CST by Kirsty • Comment in the Forums

  A whole year has passed since Woody opened up the site further, to what is known as the “AskWoody Lounge”, allowing users to register. Mind you, AskWoody.com actually dates back to July 2004. This year has seen an explosion in activity on the site, with around 30,000 replies and over 1,000 topics posted in that time. Site traffic has also increased, with over 110,000 unique site visitors this month, and we’ve just had the busiest day, with over 16,600 site visits.

  We’ve had a few site issues, sure (and sorry – they are still being worked on), but soldiered on together. We have navigated many update crises, even got to MS-Defcon 5, but have spent much of the time hanging on for the “all-clear”. We’ve seen cybersecurity threats like Wannacry, issues like Net Neutrality, the unravelling of Intel ME, most recently the Meltdown / Spectre vulnerabilities, and many discussions over the future of owning a WinOS-based device / machine. Woody has managed to maintain his trademark humor in his ComputerWorld articles throughout! Ok, so it hasn’t all been sunshine and roses here, but Woody has managed to keep a fairly good lid on things, with the willing assistance of his small team of MVP helpers.

  One thing that hasn’t quite panned out as hoped, was Woody’s wish for AskWoody.com to be a self-sustaining venture. Donations have been coming in steadily, but the ad revenue has dropped off since the site issues in September. All support received has been helpful, from whatever channel. Could we please ask for your continued support, and if you are shopping at Amazon, could you please use the AskWoody link? It all helps a little.

  I’m sure we’d be lost without this resource! In the words of Kermit & Fozzie Bear:
  “Moving right along in search of good times and good news, with good friends you can’t lose – this could become a habit”.
  

  So here’s to the second year – may it be more successful than the first. And three cheers for Woody! Hip, hip, hooray!

  Other AskWoody Lounge

• HP recalling some recent laptop batteries

  Posted on January 5, 2018 at 14:51 CST by Kirsty • Comment in the Forums

  Another laptop battery issue has been reported, with a heads-up article by Catalin Cimpanu on bleepingcomputer.com.

  See the details and links in our Code Red topic (not a security issue, but we don’t have a Recall topic!):
  https://www.askwoody.com/forums/topic/hp-laptop-battery-recall-dec-15-dec-17/

  Other HP Laptop Battery, Recall

• Microsoft’s Malware Protection Engine Vulnerable

  Posted on December 7, 2017 at 02:23 CST by Kirsty • Comment in the Forums

  Gunter Born has posted a new topic here on a vulnerability in Defender & Security Essentials:

  I received this night (Germany) a notification from Microsoft about a critical vulnerability in Microsoft’s Malware Protection Engine (CVE-2017-11937). All Windows versions using either Defender or Microsoft Security Essentials or Forefront are affected. But there are no updates available – and the link within Microsoft’s Update Catalog are broken.

  He is calling for information and insights. Can you help?

  Check it out here:
  Critical vulnerability in Microsoft’s Malware Protection Engine (CVE-2017-11937)

  UPDATE:

  Defender and MSE are updating itself – and it seems that yesterday the Security module has been updated.

  Windows Patches/Security CVE, CVE-2017-11937, Forefront, Microsoft Security Essentials, Vulnerability, Windows Defender

• Intel Firmware Security Bulletin issued

  Posted on November 21, 2017 at 01:46 CST by Kirsty • Comment in the Forums

  Six months on from the initial vulnerability disclosure on Intel Management Engine, Intel have issued a follow-up disclosure today, on a firmware vulnerability.

  Intel has identified several security vulnerabilities that could potentially place impacted platforms at risk. Systems using ME Firmware versions 11.0/11.5/11.6/11.7/11.10/11.20, SPS Firmware version 4.0, and TXE version 3.0 are impacted

  The details have been posted in the Code Red forum, but as we are missing the right panel widgets, you might not find that by navigating! Here’s the link

  Other Firmware, Firmware Update, Intel, Vulnerability

• DDEAUTO vulnerability evolving

  Posted on October 22, 2017 at 14:29 CDT by Kirsty • Comment in the Forums

  Further to recent news on DDEAUTO vulnerability, this threat has, like all good malware, evolved.

  From nakedsecurity.sophos.com:

  On Friday, independent reports surfaced showing that it’s possible to run DDE attacks in Outlook using emails and calendar invites formatted using Microsoft Outlook Rich Text Format (RTF), not just by sending Office files attached to emails.

  In the original attack users had to be coaxed into opening malicious attachments. By putting the code into the email message body itself, the attack comes one step closer, meaning that the social engineering needed to talk a recipient into falling for it becomes easier.

  The good news is that whether a DDE attack comes via an attachment or directly in an email or a calendar invite, you can stop the attack easily:
  Just say no

  You can read their article here

  AdminITs might like to check out the Microsoft blog on ASR (Attack Surface Reduction), which is said to mitigate the risks – linked in the AdminIT Lounge topic “Enable Attack Surface Reduction in Win10-1709“.

  Office Patches/Security, Windows Patches/Security Attack Surface Reduction, DDEAUTO, malware

• Recently updated topics you may have missed

  Posted on October 19, 2017 at 02:09 CDT by Kirsty • Comment in the Forums

  It’s possible you may have missed recent security updates that have been made to Chrome, Firefox, Thunderbird, Java and Flash Player. The following topics have now been updated with the US-Cert alerts, with links:

  Chrome Security Update: US-CERT (Browser)

  Mozilla Security Update: US-CERT (Firefox)

  Mozilla Security Update: US-CERT (Thunderbird)

  Oracle Security Update: US-CERT (Java etc)

  1000002: Links to Flash update resources

  Subscribers to those topics should have received emails with details of the new posts. However, we have had some reports that some people are currently not receiving those emails. If your subscription emails aren’t working, please let us know.

   
  Also updated recently is AKB3000005: On the subject of Botnets, which was posted last month, but promptly disappeared in a backup-reset of the site.

  Other AskWoody, botnet, Chrome, Firefox, Flash, Java, Thunderbird

• Bleepingcomputer: Nearly 700 Brother printers left exposed online

  Posted on October 5, 2017 at 23:39 CDT by Kirsty • Comment in the Forums

  Another article by Catalin Cimpanu (October 5th, 2017) for bleepingcomputer.com, warns of a problem with security of internet-connected Brother printers, where the printers’ backend panels and password reset functions are exposed online.

  While the full list of affected models does not appear to have been published yet, the article provides these models as examples: “DCP-9020CDW, MFC-9340CDW, MFC-L2700DW, or MFC-J2510, just to name a few”.

  Organizations running Brother printers should verify if the printer exposes the administration panel by default online, and/or set a custom password to prevent unauthorized access to the device.

  You can read the full article here

  Other Brother, password, printer hack

• Office 2007 End Of Life is only days away

  Posted on October 4, 2017 at 22:57 CDT by Kirsty • Comment in the Forums

  Are you still using Office 2007? If so, October 10th will be the last day you will be able to receive:

  Technical support for issues
  Bug fixes for issues that are discovered
  Security fixes for vulnerabilities that are discovered

  You can check out the Microsoft Support page with the details here

  Meanwhile, the recent announcement of Office 2019, due to be released next year, being offline/desktop software has been greeted with headlines such as:

  Scared of that new-fangled ‘cloud’? Office 2019 to the rescue!
  Next release promises nice offline features
  (on theregister.co.uk)

  Microsoft Office 2019 Coming in Second Half of 2018
  New Standalone Version of Microsoft Office Coming in 2018
  (on groovypost.com)

  Office News Office 2007 EOL, Office 2019

• Yahoo’s 2013 hack, again in the news

  Posted on October 4, 2017 at 00:21 CDT by Kirsty • Comment in the Forums

  Reports have showed up all over the place in the last several hours, stating that ALL 3 BILLION (yes, with a B) Yahoo accounts were hacked in the 2013 data breach.

  Here’s the Reuters report.

  A reminder from ZDNet’s Zack Whittaker, not to trash an old Yahoo account, or it could be re-used:

  Secure your Yahoo account with 2FA, but do not delete it. Deleting it will recycle your account after 30 days — and anyone can hijack it.

  — Zack Whittaker (@zackwhittaker) 4 October 2017

  
  

  Other data breach, Yahoo Mail

• In case you missed it, in recent days

  Posted on September 23, 2017 at 12:06 CDT by Kirsty • Comment in the Forums

  Over the last several days, while AskWoody.com has been on “less than normal service”, you may have missed some of the newly posted topics, including the following:

  In Code Red – Security advisories:
  New Locky Ransomware Variant
  New FinFisher surveillance campaigns: Are internet providers involved?

  In Admin IT Lounge:
  Windows Update stuck at 0 percent on Windows Server 2016

  In Office:
  Changes to Slow/Fast level names for Office Insider for Windows desktop

  In Windows:
  Manual step is needed to fix CVE-2017-8529 after installing September updates

   
  We don’t yet have the old Topic Freshness, New Topics (and the other) helpful right-panel links back up and running, but we hope you’ll check out what’s been going on apart from on the home page.

  Other AskWoody Lounge

• Fall Creators Update will remove some Windows features

  Posted on July 24, 2017 at 03:34 CDT by Kirsty • Comment in the Forums

  Microsoft have recently updated KB4034825 (Last Review: Jul 21, 2017 – Revision: 19), showing several items that will be either removed or deprecated in the Fall (Autumn) Creators Update.

  The following features and functionalities in the Windows 10 Fall Creators Update are either removed from the product in the current release (“Removed”) or are not in active development and might be removed in future releases (“Deprecated”).

  This list is intended to help customers consider these removals and deprecations for their own planning. The list is subject to change and may not include every deprecated feature or functionality.

  The list includes EMET, Outlook Express & 3D Builder app being removed, and Paint, Powershell 2 & System Image Backup being deprecated. Some of the items slated for removal/deprecation are for security reasons, which makes perfect sense, but it would be hard to imagine system image backups not being missed by those that still use them.

  The full list is available here, and Martin Brinkmann has a good write-up on ghacks.net

  Windows News Fall Creators Update
• « Older Entries

  Newer Entries »