Updates 2020-03-24

Hi, Folks!

It’s not Patch Tuesday, but security updates from Apple, Adobe, Google, and many others have triggered an out-of-cycle update.

This Month/Week in Technology

NPM is joining Github. Cool.

Apple was fined $1.2 billion by French antitrust authorities. And you thought the next iPhone was going to be expensive yesterday? They’ll be rolling the expense of the antitrust settlement into your next iDevice.

Security is all about trust. The thing to remember is that just because something claims to be a security application or service doesn’t mean it is. Antivirus and VPNs are no exception. By the way, if you’re still using Avast, you may as well just send your passwords out to random email addresses along with all your other personal data.

Content Delivery Networks (CDNs) are critical for scalable web distribution. Unfortunately, this makes them prime targets for malware distribution as well.

Salesforce customers will soon no longer be able to use Data Backup Recovery. Consider this a reminder that while the cloud might store everything, it’s not always easy to get it back when you’ve lost it.

The US Department of Defense is glacially slow (8+ years) at fixing security issues. Don’t say you weren’t warned. In their wisdom, the FBI says you shouldn’t save your passwords in your browser. Duh.

Even if you don’t, however, your data is stored by most other entities you interact with. For example, every 10 years the US performs the Census and collects a wide variety of information about every household in the country. When the US Census Bureau data is hacked you can find that data online, too. But that’s not even the worst of what’s wrong with the Census this year. Their website uses a script that performs a unique fingerprint of every single device that connects to their site and attempts to load various sensor features to further profile and access features of the device. Coupled with the “unique” login you use when filling out the Census your online activity can be permanently tied to your devices. And yes, this is the same organization that had a major data leak earlier in this paragraph.

The Internet of Things (IoT) is much less secure than you may have thought, no matter how bad you thought it was. 98% of their traffic is sent unencrypted, more than half of devices suffer from critical vulnerabilities that will likely never be patched, IoT devices are often used as a foothold to gain access to your internal networks, and hospitals are some of the worst offenders for employing insecure and unmaintained IoT devices.

Is it any wonder that the Russian FSB was developing an IoT botnet? Another FSB contractor was hacked and their tools were released in much the same way as the CIA Vault7 hack.

Now for the good news:

Comcast has made their public Wi-Fi hotspots available free to everyone and has removed data caps for the next 60 days as a result of the current pandemic. Just make sure you’re using a VPN. πŸ™‚

Let’s Get Busy

Apple released updates for macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra, Xcode 11.4, Safari 13.1, watchOS 6.2, watchOS 5.3.6, tvOS 13.4, iOS 13.4, iPadOS 13.4, iOS 12.4.6, and iTunes 12.10.5 for Windows. These are security updates. Use the Apple App Store or Apple Software Update to install the most current versions.

iOS 13.4 and 12.4.6 are security updates. Use Settings, General, Software Update to install the most current version.

watchOS 6.2 and 5.3.6 are security updates. Use your updated iPhone to install the most current version through the Watch app.
https://support.apple.com/en-us/HT204641

tvOS 13.4 is a security update. Use Settings, General, Updates to install the most current version.

Adobe Flash Player 32.0.0.344 is a security update.
Win: https://12pd.com/click?flash
Win: https://12pd.com/click?flashie
Mac: https://12pd.com/click?flashmac

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

nVidia 442.75 resolves several compatibility issues and adds app/game profiles. This is not a security update.
https://www.nvidia.com/Download/index.aspx?lang=en-us

Browser Updates

One or more of these are likely to be of interest to everyone.

Brave 1.5.113 is a security update. Use Menu, Help, About to install the most current version.
https://brave.com/

Google Chrome 80.0.3987.149 is a security update. Use Menu, Help, About to install the most current version.

Vivaldi 2.11.1811.49 is a security update. Use Menu, Help, About to install the most current version.
https://vivaldi.com/

Email Updates

One or more of these are likely to be of interest to everyone.

Thunderbird 68.6.0 is a security update. Use Menu, Help, About to install the most current version.

Internet Updates

One or more of these are likely to be of interest to everyone.

BrowsingHistoryView 2.40 adds a new date/time filter. This is not a security update.
https://www.nirsoft.net/utils/browsing_history_view.html

FileZilla Client 3.47.2.1 resolves several bugs. This is not a security update.
https://filezilla-project.org/

FreeFileSync 10.22 resolves several bugs. This is not a security update.
https://www.freefilesync.org/download.php

Npcap 0.9989 resolves several bugs. This should be treated as a security update.
https://nmap.org/npcap/

Prosody 0.11.5 adds foreground/background flags to replace daemon functionality. This is not a security update.
https://prosody.im/download/start

Media Updates

These are unlikely to be of interest to most people.

iTunes 12.10.5 is a security update. Use Apple Software Update to install the most current version.

Office Updates

One or more of these are likely to be of interest to most people.

Adobe Reader DC 20.006.20042 is a security update. Use Help, Check for Updates to install the most current version.

Adobe Creative Cloud Desktop?5.1 is a security update.
https://www.adobe.com/creativecloud/catalog/desktop.html

Adobe Bridge 10.0.3 is a security update.
https://www.adobe.com/products/bridge.html

Adobe ColdFusion 2016.14 and 2018.8 are security updates.
https://helpx.adobe.com/coldfusion/kb/coldfusion-2016-update-14.html
https://helpx.adobe.com/coldfusion/kb/coldfusion-2018-update-8.html

Adobe Experience Manager 6.3.3.8, 6.4.8.0, and 6.5.4.0 are security updates.
https://helpx.adobe.com/experience-manager/aem-releases-updates.html

Adobe Photoshop 20.0.9 and 21.1.1 are security updates. Use Adobe Creative Cloud Desktop to install the most current versions (after you patch it).

Adobe Acrobat 2020.006.20042, 2017.011.30166, and 2015.006.30518 are security updates. Use Adobe Creative Cloud Desktop to install the most current versions (after you patch it).

Adobe Genuine Integrity Service 6.6 is a security update. AdobeGCClient does not have a separate installer or updater, and will update as you patch other programs.

Atom 1.45.0 resolves several bugs and updates libraries. This should be treated as a security update.
https://atom.io/

LibreOffice Fresh 6.4.2 resolves over 90 bugs. This is a security update. LibreOffice Fresh is a beta version, and should be avoided for most users.
https://www.libreoffice.org/

Security Software Updates

One or more of these is likely to be of interest to most people.

RogueKiller 14.3.0 updates libraries, improves reliability and scanning behaviors. This is a security update.
https://www.adlice.com/download/roguekiller/

Capture Updates

These are unlikely to be of interest to most people.

ScreenToGif 2.22.1 resolves a couple bugs and updates translations. This is not a security update.
https://github.com/NickeManarin/ScreenToGif/releases/latest

Converter Updates

These are unlikely to be of interest to most people.

DVDFab 11.0.8.1 adds support for new encodings, improves compatibility, and resolves a couple bugs. This is not a security update.
https://www.dvdfab.cn/download.htm

Utility Updates

These are unlikely to be of interest to most people.

1Password for Windows 7.4.759 resolves several bugs and improves compatibility. This is not a security update.
https://1password.com/downloads/windows/

CurrPorts 2.61 resolves a state-monitoring bug. This is not a security update.
https://www.nirsoft.net/utils/cports.html

Etcher 1.5.80 resolves several bugs and updates electron. This should be treated as a security update.
https://www.balena.io/etcher/

Everything 1.4.1.969 improves stability. This is not a security update.
https://www.voidtools.com/

Fing 9.0.0 adds several new feature shortcuts and an Account tab. This is not a security update.
https://community.fing.com/

GoodSync 10.11.2 resolves several bugs. This is not a security update.
https://12pd.com/click?goodsync

IsMyHdOK 2.11 updates language packs and resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/IsMyHdOK

TeamViewer 15.4.4445 resolves several bugs and adds the tvopt file format for setting portability. This is not a security update.
https://www.teamviewer.com/en/download/windows/

WSUS Offline 12.0 removes support for Windows 7, Windows Server 2008 R2, Win10 v1703, splits Win10 updates to versioned folders for future updates, and updates supercedence values. This is not a security update.
https://download.wsusoffline.net/

Developer Updates

These are unlikely to be of interest to most people.

Inno Setup 6.0.4 improves compatibility, Restart Manager, and RTF, adds Dark Theme, several fixes and HTTPS on the website. This is not a security update.
https://www.jrsoftware.org/isdl.php

Node.js 13.11.0 updates libraries, improves compatibility, and resolves several bugs. This is not a security update.
https://nodejs.org/en/

StrawberryPerl 5.30.2.1 updates libraries, improves compatibility, and resolves several bugs. This is a security update. You probably shouldn’t be using StrawberryPerl though, since they still aren’t using HTTPS even though they can get it free through LetsEncrypt. Sad.
http://strawberryperl.com/

Web Package Updates

These are likely to be of interest only to web developers.

Drupal 8.8.4 is a security update.
https://drupal.org/download

HumHub 1.4.4 resolves several bugs. This is not a security update.
https://www.humhub.com/en/download

phpMyAdmin 4.9.5 is a security update.
https://www.phpmyadmin.net/

Nextcloud Server 18.0.3 is a security update.
https://nextcloud.com/

phpList 3.5.1 updates libraries and resolves several bugs. This is a security update.
https://www.phplist.org/

Connectwise Control 20.2.27450.7387 resolves several bugs. This is not a security update.
https://www.connectwise.com/software/control/download

Akismet 4.1.4 improves compatibility and activation process. This is not a security update.

Custom Facebook Feed 2.12.4 improves compatibility and resolves several bugs. This is not a security update.

myStickymenu 2.3.8 improves compatibility, reduces announcement nag frequency, and allows custom HTML within notification bar. This is not a security update.

Postie 1.9.44 refactors code for separation of purpose and adds an action for registering shortcodes.

Redirection 4.7.1 resolves several bugs. This is not a security update.

WooCommerce 4.0.1 improves Action Scheduler and resolves several bugs. This is not a security update.

WP Mail SMTP 1.9.0 adds several troubleshooting features, improves documentation, About, and warns when settings are not saved. This is not a security update.

That’s all for now folks. Keep it clean out there. πŸ˜‰

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Leave a Reply

Your email address will not be published. Required fields are marked *