It’s Identity Theft Day!

It’s April 15, 2025, the day I call Identity Theft Day. In America, you may call it the tax deadline, but for me, in addition to being the date that we need to file or extend tax returns, it’s also the day that I find out who’s had their Identity stolen this year.

So far, I’ve seen one dependent and one taxpayer who had their identity stolen. For the  child, this is a gift that keeps on giving because this year it’s Big sister’s turn to have to file an Identity theft affidavit. Several years ago, it was her brother’s turn. Both were impacted by a breach in a school’s master database several years ago and now the kids IDs are used as “bogus” dependents on other returns.

Starting in September, the White House wants to take steps to phase out accepting and sending checks in the mail. Lost refund checks are a big problem.

What can you do about identity theft?

1. File early. Whomever files first — whether attacker or actual taxpayer — is seen in the system first.
2. Consider signing up for a voluntary identity protection PIN. This is a special number that gets mailed to you in early January and has to be in your electronically filed tax return in order to match up the info.  Without the PIN, the attacker can’t grab your identity. Yes, you will need to look for this piece of paper mailed to you in early January or log into your online IRS account to obtain it each year. It’s a slight hassle, but I think it’s worth it.

If you file a tax return, consider signing up for a PIN.

The time has come for AI-generated art

MEDIA

By Catherine Barrett

The horse may have five legs, but it’s already out of the barn.

AI-generated images are here to stay, and we need to learn how to recognize them and use them legitimately. They’re not authoritative depictions of how things look, but they are handy for illustrating ideas. In what follows, I’ll tell you how they work and address ethical and practical concerns.

Read the full story in our Plus Newsletter (22.15.0, 2025-04-14).
This story also appears in our public Newsletter.

Hackers are using two-factor authentication to infect you

PUBLIC DEFENDER

By Brian Livingston

We’ve all seen those are-you-human tests that websites use to screen out data-scraping bots — e.g., click all the cars, enter the code we texted you, etc. — but, unfortunately, malicious hackers are now exploiting our trust in these common dialog boxes to trick us into installing malware on our PCs.

It’s natural for us to simply click through whatever process a particular website may use for two-factor authentication (2FA). But hackers are taking advantage of that sense of familiarity to bypass our usual security measures and infect our machines.

Read the full story in our Plus Newsletter (22.15.0, 2025-04-14).

23 and you

LEGAL BRIEF

By Max Stul Oppenheimer, Esq.

The pending bankruptcy of 23andMe raises important questions — questions that are relevant not only to those who have trusted that company with personal information, but more generally to anyone who trusts any company with personal information.

This particular bankruptcy highlights the importance of reviewing user agreements as well as some shortcomings of current federal law. Fortunately, users who act promptly will be able to mitigate the potential risk.

Read the full story in our Plus Newsletter (22.15.0, 2025-04-14).

April’s deluge of patches

PATCH WATCH

By Susan Bradley

It’s a good thing we no longer receive individual updates fixing each unique vulnerability. If we did, we’d be calling “uncle” right about now.

Historically, the number of patches released each April tends to be large. I attribute this to the final end of the holiday slump, when the folks at Microsoft are back up to full steam and working on fixes with gusto.

This time around, there are 124 vulnerabilities in Windows, Office, Azure, .NET, Visual Studio, BitLocker, Kerberos, Windows Hello, OpenSSH, and Windows’ Lightweight Directory Access Protocol (LDAP).

Read the full story in our Plus Newsletter (22.15.0, 2025-04-14).

WinRE KB5057589 fake out

PK noted this behavior the other day (if I am recalling correctly) where the installation of the KB5057589 patch looks like it failed, but it really doesn’t.

“This error is observed when the device installs the WinRE update when there is another update in a pending reboot state. Although the error message suggests the update did not complete, the WinRE update is typically applied successfully after the device restarts. Windows Update might continue to display the update as failed until the next daily scan, at which point the update is no longer offered and the failure message is cleared automatically.”

Sigh.

So if you get an install failure, you may not have an install failure, unless you really do have an install failure. My take: In a consumer setting the risk of issues of side effects of installing updates are often greater than the risk of attacks.

Master patch listing for April 8th, 2025

I’ve updated the master patch list here.  Please note I am not recommending installing updates at this time, we are just testing and reporting.

So far in April we are seeing the spontaneous creation of an empty c:\inetpub folder. No extra services are installed with it, just the empty folder. There are still some .NET non security that I need to list on the listing, as well as updating the listing for browsers and other non Microsoft patches. I’ll get to it this weekend.

As always, thank you all for supporting the cause! Remember we use the “name your price” model where you can choose how much you will pay for a membership. Plus membership gives you full access, And if you donate $50 or more, you’ll get a special code to enable text messages sent to your phone each time the Master Patch List gets updated and when I change the MS-DEFCON level.

More details about these updates in Monday’s newsletter.  You are missing out if you don’t sign up. All content is human made with our own blood, sweat, tears, fingers, and brain power — and it’s 100% AI free.  Therefore, if I’ve fat fingered any KB numbers or if you have any questions, as always post in the forums and I’ll follow up!

April 2025 updates out

Once again it’s the second Tuesday of the month and it’s time for the major “B” week release better known as Patch Tuesday.

And finally this issue “Event Viewer displays an error for System Guard Runtime Monitor Broker service” is now resolved in the April updates. KB5055518 for Windows 10 22H2 fixes the issue.  I think.  I got an alert saying “Resolution: This issue was resolved by Windows updates released April 8, 2025 (the Resolved KBs listed above), and later. ” but the KB update history still acts like it’s not resolved? I think their documentation needs to catch up with their release information.

Windows 11 24H2 will be receiving KB5055523

Windows 11 23H2 will be receiving KB5055528

Remember at this time we are in test mode only.

I’ll be following up on any side effects or concerns in Monday’s newsletter.  In the meantime, you can view the vulnerability details on Dustin Child’s blog.

Apparently, Microsoft once again wants to torture us with KB5057589!  Our friend the WinRE patch is back. Just a reminder to skip that one.