Apple Joins Microsoft and Adobe with Patches

It’s another Patch Tuesday week with Apple joining Microsoft and Adobe in issuing security updates.

Pain Reduction Tip: Keep a current image handy as it’s much easier and more certain to restore your system if you encounter a bad patch than attempting to back it out/uninstall it.  And be especially mindful with Windows 10 and Office 365 automatic updates.

Apple Releases Multiple Security Updates

  • iTunes 12.8 for Windows
  • iCloud for Windows 7.6
  • Safari 11.1.2
  • macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan
  • watchOS 4.3.2
  • tvOS 11.4.1
  • iOS 11.4.1

Adobe Releases Security Updates
Adobe Acrobat and Reader, Adobe Connect, and Adobe Experience Manager.  And of course, as always, the not to be gone soon enough Adobe Flash Player.

See Krebs on Security for a full overview and recurring admonition to ditch Flash. 

 

 

Don’t Mess with a Librarian

Randolph librarian wins surprise judgement against Equifax

RANDOLPH — In a small claims court ruling that surprised even the victor, a self-described member of the “librarian resistance” has won a $600 judgment against Equifax, the credit ratings agency that collects financial data on nearly a billion consumers and businesses worldwide.

And KrebsOnSecurity took notice as well.

What’s not clear is the context of the photo they used.

 

Reboot Your Router – NOW Department

The Federal Bureau of Investigation (FBI) is warning that a new malware threat has rapidly infected more than a half-million consumer devices. To help arrest the spread of the malware, the FBI and security firms are urging home Internet users to reboot routers and network-attached storage devices made by a range of technology manufacturers.

The data is/are sketchy, but most reports recommend, at the very least, rebooting your router.

Firmware updates may be in order for the following presumably targeted devices:

  • Linksys E1200
  • Linksys E2500
  • Linksys WRVS4400N
  • Mikrotik RouterOS for Cloud Core Routers: Versions 1016, 1036, and 1072
  • Netgear DGN2200
  • Netgear R6400
  • Netgear R7000
  • Netgear R8000
  • Netgear WNR1000
  • Netgear WNR2000
  • QNAP TS251
  • QNAP TS439 Pro
  • Other QNAP NAS devices running QTS software
  • TP-Link R600VPN

There’s no easy way to know if a router has been infected by VPNFilter. For more advanced users, Cisco provided detailed indicators of compromise in Wednesday’s report, along with firewall rules that can be used to protect devices. Ars has much more about VPNFilter here.

The advice to reboot, update, change default passwords, and disable remote administration is sound and in most cases requires no more than 15 minutes. Of course, a more effective measure is to follow the advice Cisco gave Wednesday to users of affected devices and perform a factory reset, which will permanently remove all of the malware, including stage 1. This generally involves using a paper clip or thumb tack to hold down a button on the back of the device for 5 seconds. The reset will remove any configuration settings stored on the device, so users will have to restore those settings once the device initially reboots. (It’s never a bad idea to disable UPnP when practical, but that protection appears to have no effect on VPNFilter.)