The RSS has the updated podcast. Due to little download usage, we are not providing any more links for download.
If you wish to have a downloaded copy and you don’t have RSS, let me know and I’ll upload and have an email sent to you from a service.
At some point, we will disable all download links by cancelling Sendspace but it will not be done right away.
Below, please find the show notes for today’s program.
Welcome to podcast 40 of the Security Box. On this podcast, we’re going to have our main topic that deals with the Windows Updates which you may have been prompted to install. Instead of news notes, I’ll pick a few of the articles and we’ll see what you think about them as I’ll give my thoughts. No full news notes this week, but plenty of content to boot. We hope you enjoy the program, and thanks for listening!
Topic: Windows Updates for April 2021
Windows, like a lot of software, gets updated each and every month. This batch for April has a record high for this year, according to Trend Micro’s write up of the patches.
According to the Trend Micro article, 114 patches were released for April with only 19 classified as critical, 4 were publically known, and one publically exploitable in the wild. 5 Vulnerabilities were submitted through Trend Micro’s Zero Day Initiative program.
We know that the exchange server fiasco has really caused some headaches over at Microsoft. Exchange was dominated by 16 different problems dealing with RPC or Remote Procedure calls. Out of the 16 critical updates for exchange, the majority (12) were flaws in the RPC runtime. The RPC runtime has to do with programming, and not necessarily having to do with user behavior. There were 15 further vulnerabilities that effected the same runtime, according to Trend Micro.
If we haven’t had any trouble with exchange before , we do now. Besides the RPC vulnerabilities, 2 additional CVE numbers were designated. They are: CVE-2021-28480
and CVE-2021-28481. The CVSS score on both of the CVE’s are 9.8.
Its interesting to note that according to the Trend Micro article, both of the CVE’s were credited to the National Security Agency (NSA) and it suggests that both should be patched as soon as system administrators are able to do it.
Besides that, if you use the Windows Media Video Decoder, there are two vulnerabilities with it. The CVE numbers for these are: CVE-2021-27095
and CVE-2021-28315. They could lead to remote execution if a specially crafted video was sent to you and opened.
Besides these, Trend Micro’s article talks about some important updates which some may want to be aware of. If you use Visual Studio you should look at the Trend Micro article from these show notes, as there are CVE’s for it. For my normal computer users, Visual Studio is used for programming and is not used by the average user.
Key networking components are also effected. Two of these, CVE-2021-28324 and CVE-2021-28325 effect the SMB component, which affects file sharing.
There are several affecting the TCP/IP portion of windows, which deals with routing across the Internet. Two of these lead to denial of service problems, and a third leads to information disclosure. The Trend Micro article should be read to see if you need to worry about these as the CVE numbers are given within it.
Krebs On Security gives highlights and even links to several CVE’s as well as a Microsoft blog post talking about the updates that may affect readers. Both articles are worth the read, especially Trend Micro’s so find the articles and see what is of importance to you.
Topic: Ransomware hitting the Manufacturing Industry: Victims aren’t coming forward
The sectors of business are starting to get hit with Ransomware. Ransomware is defined as malware that is intended to lock up a computer and force people to pay money in the form of bitcoin to get their files back. The ransom notes are usually on the screen and instruct the victim where to go to get help and even have support agents available to answer questions such as where to get Bitcoin from a retailer.
Today’s article was read last week and talked about this now hitting the manufacturing industry. We’ve talked about numerous articles that mentioned how hospitals were affected by ransomware and two or so articles talking about how someone was killed because ransomware affected their care at a hospital and had to be transported some 70 miles away.
The article, written by Cyberscoop’s Sean Lyngaas, starts out with a true story on how Norsk Hydro had to pay 90 to 110 million dollars because production haulted for weeks as they tried to figure out what was happening. Halvor Molland is the senior vice president of communications for the company, and he had to respond to this incident. Its unfortunate that this occurs, but with everything connected in one network, its not a wonder that they got hit. This company isn’t the only one that has gotten effected by this type of thing, look through the tech blog and find ransom articles. You’ll find story after story on companies getting hit.
Norsk Hydro did something that nobody has ever done in this industry. They told their story and did it in vivid detail including releasing video interviews and telling their story of what happened. This is probably the first time we’ve actually heard of someone telling their story and we can get a picture of what they did, what they were doing, and how they were going to fix the problem.
I understand and know that ransomware attacks are mistakes. Someone clicks a link because they believe whatever the email is that they get is real, and that can happen with anybody at any company, big or small.
Even two years later, this candid reporting by this team at this manufacturing company stands out as ransomware continues to plague industries across the world during this aweful time. The actors have taken advantage of the pandemic like its the last thing they can do before the world blows up.
You know what’s sad? Cyberscoop tried to contact many different companies that were compromised by Ransomware in the last 2 and a half years. Nearly all either declined or didn’t respond to the inquiry.
To top it all off, Honeywell, a thermostat company that also endeavors in other things, declined to tell its employees and even us if we are affected by this breach at their facilities since data can be taken through the Internet these days. Honeywell has not said a word to anyone about their potential issue.
There is more, including news on the Honeywell incident which indicated that they did have a problem but it “wasn’t a big deal.” You can read the article as part of these notes for the entire detail. Let’s open it up, and get uyour thoughts!
Well its possible.
Just get snowed completely to buggery, and start losing what you need to do.
Then click what you think is important deleting the spam.
Except you reverse both etc.
My aunt got an issue with her system at work and called tech support.
They said they would send someone to get that fixed and would call when someone could come in.
However when she did get a call, the guy remoted in and it was not before she was asked to pay she twigged.
The tech did eventually show up, but was himself snowed under with a new system setup.
They had to reformat her system and their local server not much was lost and no money was done but this is what happens in a stressfull situation, there is always a chain of events.
When I call microsoft I get a number and reff code, same with other previders.
That works, though support calling back, I always have another person on the phone, and give them my refference and they get it to work.
I havn’t doodled with support that much of late though.