Updates 2022-05-10

Welcome back, Folks!

Today is Patch Tuesday for May, 2022. There’s a lot of news this month, and sunlight is proving to be the best disinfectant. It’s a big one.

This Month in Technology

AA Traveller, Adaptive Health Integrations, AGCO, Aimware, Amazon Web Services, American Dental Association, Android, Apple, ARcare, Aruba and Avaya network switches, Austin Peay State University, Avvo, Bank of Israel, Beanstalk, Bob’s Red Mill Natural Foods, Central Florida Cardiology Group, Cisco Umbrella Virtual Appliances, Coca-Cola, Costa Rica government, County of Los Angeles Department of Mental Health, Dedalus Biology, Deus, Devil-Torrents, Discord, District 518 in Minnesota, Docker servers, DVR devices, EGAIS, F5 BIG-IP, Facebook, Fairfield County Implants and Periodontics, LLC, Fei protocol, Ferrari, Funky Pigeon, GHT Coeur Grand Est. Hospitals and Health Care group, Good Samaritan in West Palm Beach, Google, HealthActions, P.A., Healthplex, Inc, Heroku, Hetzner Online GmbH, IKEA Canada, Illinois Gastroenterology Group, PLLC, Illuminate Education, Kellogg Community College, Kenosha Community Health Center, King County Public Hospital District No. 2, La Casa de Salud, Lakeview Loan Servicing, Lincoln College, Linux, Lutheran Services Carolinas, Mental Health Center of Greater Manchester, MetroHealth System, Microsoft Azure, Microsoft Exchange servers, Nauru Police Force, New Creation Counseling Center, Newman Regional Health, Nordex, Nordic Hotels & Resorts, NPM, Oklahoma City Indian Clinic, Onleihe, OpenSea, Optima Dermatology Holdings, LLC, PayHere, QIWI, QNAP, RainLoop, Rarible NFT, Romania, Ronin Network, RuTube, Scott County, IowaSelect Benefits Group, LLC dba Dental Select, Sixt, Smile Brands, Snapchat, Southern Ohio Medical Center, Spanish football federation, St. Mary’s Medical Center in West Palm Beach, State Bar of Georgia, SUMMIT EYE ASSOCIATES P.C., Sunwing Airlines, Synology, T-Mobile, The Energy Cooperative Group Benefits Plan, The Mental Health Center of Greater Manchester, Twitter, U.S. DoD, UK Ministry of Defense, UK NHS, Ukrainian government, Urgent Team Holdings, US Department of Homeland Security (DHS) (with permission), US Health and Human Services, VMware Workspace ONE Access, Wayne Family Practice Associates, PC, WellDyneRx, LLC, Windows Event Logs, and WSO2 have reportedly been hacked or compromised this month.

Atlassian, Google Docs, WhatsApp, and Xbox have suffered from widespread outages.

A software bug in Harris County Jail has caused problems with hundreds of cases, preventing access to arrest and hearing information, resulting in major issues for law enforcement and the DA.

Google has added a feature to fight doxxing by removing supplied personal information from search results. This would, of course, not be so ridiculous if they hadn’t recently shared victim information with scammers so they could be scammed or abused all over again.

Science is still a joke. So is the news. And yes, the vaccines are shedding. Yet, governments are still penalizing those who refuse to participate in the experiments. VAERS is being purged in violation of federal law. Search warrants are passé. Did you know that the USPS is a spying agency?  Facebook’s Meta is a bunch of hypocrites.

The US federal government has announced a new Disinformation Governance Board under the Department of Homeland Security to combat “disinformation,” staffed by the same people that have promulgated lies and deceit for years, complicit in the very deception they claim to want to prevent. It’s different when they do it, though.

There is a very dark side of electric vehicles, including child slavery, and they still produce CO2 directly, too.

Various open source projects, node-ipc, which wiped the drives of Russian users, and event-source-polyfill “protest” by changing their behavior based on the user, or who they perceive the user to be. Projects like this destroy the trust of all of their users, even if they agree with their agenda. You never know what signal they’ll choose to use against you in the future. Others, including Avast, Coinbase, even CAs (certificate authorities), Dell, DuckDuckGo, GitHub, hacked WordPress sites, Google Play, Google News, Mozilla Firefox, and many others, are projecting their own politics on the world. Disagree and be censored.

iOS and iPadOS updates, security updates, are now being delayed by up to four weeks after release for those who have automatic updates enabled. Just how defective does your release quality testing have to be to postpone security updates for a month?

There’s yet another speculative execution vulnerability in pretty much every CPU. UPS (uninterruptible power supplies/battery backups) demonstrate the significance of a default password vulnerability. The Smart Meters that were promised to never be used to collect personal information are now being used with AI to profile individuals and households.

In an effort to make everyone want to abandon Windows, Microsoft is now pushing ads within the new File Explorer on Windows 11.

Cloud service providers can disappear on a whim. The recent disappearance of the entire Insteon service from under the feet of those that, in some cases, paid thousands of dollars for hardware to work with this home automation provider, demonstrates the insanity of reliance on external services.

Nigeria has blocked 73 million mobile phones (more than half of the Internet-connected population!) for failing to sign up for their digital identity/social credit ecosystem. Most people in Nigeria, like the vast majority of people in nations across the planet, only have access to the Internet through their mobile phones, so this digital identity implementation is intentionally cutting many users in that tiny nation from the Internet.

There is growing evidence that the entire national food supply is at risk, as well as dozens of food processing facilities (much more than in previous years). In response, California is paying farmers not to grow food.

Now for the good news:

When you think about how similar search results have become, this video will blow your mind: Where did the rest of the Internet go? Consider Swisscows for better variety, privacy and breadth of search.

Let’s Get Busy

Now back to our regularly scheduled program.

Patch Tuesday is quite large this month. The typical computer should see roughly 3 GB in updates today. Let’s get started.

Microsoft released updates to address 77 vulnerabilities in .NET and Visual Studio, .NET Framework, Microsoft Edge, Microsoft Exchange Server, Microsoft Graphics Component, Microsoft Local Security Authority Server, Microsoft Office, Microsoft Office Excel, Microsoft Office SharePoint, Microsoft Windows ALPC, Remote Desktop Client, Servicing Stack Update, Servicing Stack Updates, Tablet Windows User Interface, Visual Studio, Visual Studio Code, Windows Active Directory, Windows Address Book, Windows Authentication Methods, Windows BitLocker, Windows Cluster Shared Volume (CSV), Windows Failover Cluster Automation Server, Windows Fax Service, Windows Hyper-V, Windows Kerberos, Windows Kernel, Windows LDAP – Lightweight Directory Access Protocol, Windows Media, Windows Network File System, Windows NTFS, Windows Point-to-Point Tunneling Protocol, Windows PowerShell, Windows Print Spooler Components, Windows Push Notifications, Windows Remote Access Connection Manager, Windows Remote Desktop, Windows Remote Procedure Call Runtime, Windows Server Service, Windows Storage Spaces Controller, Windows WLAN Auto Config Service, and MSRT (~2 GB). This includes security updates. A reboot is required.

Google Chrome OS 101.0.4951.59 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.

Fedora 36-1.5 is a major update, including library and dependency updates. This is not a security update.
https://getfedora.org/en/workstation/download/

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

The release of macOS Monterey (12.x) means that macOS Mojave (10.14) and older are no longer supported. If you can not install at least macOS Catalina (10.15) on your Mac then you should immediately remove it from the Internet and use it offline only. It will no longer receive patches or updates and can now no longer be secured.

The now-current release of the Windows 10 (v21H2) is very large so will take a long time to download on slower connections. Windows 10 pushes you to get the latest Windows 10 release every 12 months and only supports any consumer builds for 18 months. If you don’t let it finish and you’re on a slow connection, this process will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

The now-current release of the Windows 11 (v21H2) is very large so will take a long time to download on slower connections. Windows 11 pushes you to get the latest Windows 11 release every 12 months and only supports any consumer builds for 24 months. If you don’t let it finish and you’re on a slow connection, this process will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

Windows 11 is still very young so I encourage you to wait a few more months before you consider switching to it.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need or use, reducing the attack surface. This includes “free” applications like Avast, OpenOffice, and games you do not actually play.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

Display Driver Uninstaller 18.0.5.0 improves cleanup. This is not a security update.
https://www.wagnardsoft.com/display-driver-uninstaller-ddu

HP M281cdw Firmware 20220414 is a security update.
https://support.hp.com/us-en/drivers/selfservice/hp-color-laserjet-pro-m280-m281-multifunction-printer-series/14142489/model/16748237

Logitech Unify 2.52.33 is a security update.
https://support.logitech.com/en_us/software/unifying

Browser Updates

One or more of these are likely to be of interest to everyone.

Brave 1.38.111 is a security update. Use Menu, Help, About to get the most current version.
https://brave.com/

Google Chrome 101.0.4951.54 is a security update. Use Menu, Help, About to get the most current version.
https://www.google.com/chrome/

Microsoft Edge 101.0.1210.39 is a security update. Use Menu, Help, About to get the most current version.
https://www.microsoft.com/en-us/edge/business/download

Firefox 100.0 is a security update. Use Menu, Help, About to get the most current version.
https://www.mozilla.org/en-US/firefox/new/

Firefox ESR 91.9.0 is a security update. Use Menu, Help, About to get the most current version.
https://www.mozilla.org/en-US/firefox/organizations/all/

SeaMonkey 2.53.12 is a security update. Use Menu, Help, About to get the most current version.
https://www.seamonkey-project.org/

Vivaldi 5.2.2623.41 is a security update. Use Menu, Help, About to get the most current version.
https://vivaldi.com/

Email Updates

One or more of these are likely to be of interest to everyone.

Mailspring 1.10.3 resolves several bugs. This is not a security update.
https://getmailspring.com/

NK2Edit 3.44 adds column sorting from menus. This is not a security update.
https://www.nirsoft.net/utils/outlook_nk2_edit.html

Thunderbird 91.9.0 is a security update. Use Menu, Help, About to get the most current version.
https://www.thunderbird.net/en-US/

Internet Updates

One or more of these are likely to be of interest to everyone.

AnyDesk 7.0.8 improves compatibility with Windows 11 and resolves several bugs. This is not a security update.
https://anydesk.com/en/downloads

AnyDesk (macOS) 6.5.1 resolves several bugs and adds option to remove all stored session profiles. This is not a security update.
https://anydesk.com/en/downloads

curl 7.83.0 adds several new features and resolves dozens of bugs. This is not a security update.
https://curl.haxx.se/windows/

Dropbox 147.4.4800 adds backup settings and sync configuration, right-click menu capabilities, and taskbar icon changes. This is not a security update.
https://www.dropbox.com/

FileZilla Server 1.4.1 resolves several bugs and improves upgrade converter. This is not a security update.
https://filezilla-project.org/

FreeFileSync 11.20 resolves several bugs. This is not a security update.
https://www.freefilesync.org/download.php

Google Drive 57.0 improves notifications and resolves several bugs. This is not a security update.
https://drive.google.com/start

Omada Software Controller 5.3.1 adds over 20 new features and a dozen fixes. This is not a security update.
https://www.tp-link.com/us/support/download/omada-software-controller/

Java 8u333 is a security update. This is the second update in two weeks, and one of the rare out-of-cycle updates from Oracle. If you have Java installed, update as soon as possible.
https://www.java.com/en/download/manual.jsp

Nextcloud Server 23.0.4 resolves dozens of bugs. This is not a security update.
https://nextcloud.com/

Rclone 1.58.1 resolves several bugs. This is not a security update.
https://rclone.org/

Syncthing 1.20.1 resolves a stability bug. This is not a security update.
https://syncthing.net/

Signal 5.42.0 resolves several bugs. This is not a security update.
https://signal.org/download/windows/

Technitium DNS Server 8.1 resolves several bugs and improves reliability. This is not a security update.
https://technitium.com/dns/

Telegram 3.7.3 resolves several bugs. This is not a security update.
https://telegram.org/

Zoom 5.10.4.5035 is a security update.
https://zoom.us/

Media Updates

These are unlikely to be of interest to most people.

Plex Desktop 1.44.0.2981 resolves several bugs. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-app

Plex Home Theater 1.15.1.2976 resolves several bugs. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-app

Plex Media Server 1.26.0.5715 resolves several bugs. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-media-server

VLC Media Player 3.0.17.4 should be treated as a security update.
https://www.videolan.org/vlc/

Game Updates

These are unlikely to be of interest to most people.

Battle.net Client 2.9.0.13279 resolves several bugs. This is not a security update.
https://us.battle.net/en/app/

Epic Games 14.0.7 resolves several bugs. This is not a security update.
https://www.epicgames.com/

Nintendo Switch 14.1.1 improves stability. This is not a security update.
https://en-americas-support.nintendo.com/app/answers/detail/a_id/22525/kw/system%20updates/p/989

PlayStation PS3 4.89 reduces on-device features (such as account creation and management) to improve device security.
https://www.playstation.com/en-us/support/hardware/ps3/system-software/

PlayStation PS5 22.01-05.02.00 improves performance. This is not a security update.
https://www.playstation.com/en-us/support/hardware/ps5/system-software/

Office Updates

One or more of these are likely to be of interest to most people.

Artweaver 7.0.12 resolves several bugs. This is not a security update.
https://www.artweaver.de/

Krita 5.0.6 resolves two crash bugs, and follows shortly after the 5.0.5 release which resolves dozens of outstanding bugs. This is not a security update.
https://krita.org/en/download/krita-desktop/

LibreOffice Fresh 7.3.3 resolves nearly 100 bugs. This is not a security update.
https://www.libreoffice.org/

Nextcloud Desktop 3.5.0 resolves dozens of bugs. This is not a security update.
https://nextcloud.com/

Notepad++ 8.4 updates the Scintilla library. Be aware that some plugins may not work after this update until they’re made compatible with the new release. This is not a security update.
https://notepad-plus-plus.org/

OpenOffice 4.1.12 resolves several bugs. This is not a security update. I recommend using LibreOffice instead of OpenOffice. It’s much better maintained and does not rely on an external 32-bit Java dependency.
http://www.openoffice.org/download/

PDF-XChange Editor 9.3.361.0 resolves several bugs. This is not a security update.
https://www.tracker-software.com/product/pdf-xchange-editor

Calibre 5.42.0 resolves several bugs. This is not a security update.
https://calibre-ebook.com/

Kindle for PC 1.36.65107 doesn’t provide a changelog so should be treated as a security update.
https://www.amazon.com/kindleforpc

Adobe Reader DC 22.001.20117 is a security update. Use Help, Check for Updates to get the most current version.
https://get.adobe.com/reader

Adobe Reader DC (Mac) 22.001.20112 is a security update. Use Help, Check for Updates to get the most current version.
https://get.adobe.com/reader

Security Software Updates

One or more of these is likely to be of interest to most people.

Tails 5.0 is a major update with updates to several libraries, newer hardware support, and resolving several bugs. This is a security update.
https://tails.boum.org/install/dvd/index.en.html

Gpg4win 4.0.2 resolves dozens of bugs and updates libraries. This is a security update.
https://www.gpg4win.org/download.html

KeePass 2.51.1 resolves dozens of bugs. This is a security update.
https://keepass.info/

MalwareBytes Anti-Malware 4.5.8 improves performance and resolves several bugs. This is not a security update.
https://www.malwarebytes.org/antimalware/

MalwareBytes Anti-Malware Mac 4.15 resolves several bugs. This is not a security update.
https://www.malwarebytes.com/mac/

OpenSSL 3.0.3 is a security update.
https://curl.se/windows/

RogueKiller 15.5.0 resolves several bugs. This is not a security update.
https://www.adlice.com/download/roguekiller/

uBlock Origin 1.41.0 adds dark mode, and resolves several bugs. This is not a security update.
https://github.com/gorhill/uBlock/releases/latest

VT-CLI 0.10.2 improves collection management. This is not a security update.
https://github.com/VirusTotal/vt-cli/releases/latest

YARA 4.2.1 resolves several bugs. This is not a security update.
https://github.com/countercept/chainsaw

Capture Updates

These are unlikely to be of interest to most people.

ScreenToGif 2.37 updates libraries, resolves several bugs, and adds AV1 export. This is not a security update.
https://github.com/NickeManarin/ScreenToGif/releases/latest

SnagIt 22.0.2 is a security update.
https://download.techsmith.com/snagit/releases/snagit.msi

Converter Updates

These are unlikely to be of interest to most people.

DVDFab 12.0.7.1 resolves several bugs. This is not a security update.
https://www.dvdfab.cn/download.htm

Education updates

One or more of these are likely to be of interest to most people.

Zotero 6.0.7 adds new features and resolves several bugs. This is not a security update.
https://www.zotero.org/

Utility Updates

These are unlikely to be of interest to most people.

Bitwarden 1.33.0 resolves several bugs. This is not a security update.
https://bitwarden.com/

CPU-Z Installer 2.01 adds support for newer hardware. This is not a security update.
https://www.cpuid.com/softwares/cpu-z.html

DesktopOK 9.85 resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK

Etcher 1.7.9 resolves several bugs. This is not a security update.
https://www.balena.io/etcher/

Git SCM 2.36.1 resolves several bugs. This is not a security update.
https://git-scm.com/

GoodSync 11.10.9 improves compatibility and resolves several bugs. This is not a security update.
https://www.goodsync.com/

HWMonitor 1.46 adds support for new hardware and new sensors. This is not a security update.
https://www.cpuid.com/softwares/hwmonitor.html

NTLite 2.3.4.8675 cleans up leftovers from previous updates. This is not a security update.
https://www.ntlite.com/download/

OpenToonz 1.6.0 adds several new features, bug fixes and performance improvements. This is not a security update.
https://github.com/opentoonz/opentoonz/

osquery 5.2.3 is a security update.
https://osquery.io/downloads

AOMEI Partition Assistant 9.7.0 adds speed test, and app mover improvements. This is not a security update.
https://www.diskpart.com/

PointerStick 5.77 adds support for dark mode, improves DPI scaling, and resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Freeware/PointerStick

PowerToys 0.58.0 resolves a dozen bugs. This is a security update.
https://github.com/microsoft/PowerToys/releases/latest

RoboForm 9.2.7 resolves compatibility issues. This is not a security update.
https://www.roboform.com/

ScreenConnect 22.4.7745.8154 resolves several bugs. This is not a security update.
https://www.connectwise.com/software/control/download

SmartMonTools 7.3 resolves several bugs, adds support for new hardware, and several new diagnostic and testing options. This is not a security update.
https://smartmontools.org/

Speccy 1.32.774 improves hardware support. This is not a security update.
https://www.piriform.com/speccy

Synergy 1.14.3 improves compatibility. This is not a security update.
https://symless.com/synergy/

TeamViewer 15.29.4 resolves a file transfer bug. This is not a security update.
https://www.teamviewer.com/en-us/download/windows/

Unity 2022.1.0 resolves dozens of bugs. This is not a security update.
https://unity3d.com/get-unity/download/archive

WhyNotWin11 2.4.3.2 resolves several bugs and improves detection and command-line support. This is not a security update.
https://github.com/rcmaehl/WhyNotWin11

WinScan2PDF 7.77 improves TWAIN support. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/WinScan2PDF

ZoomText 2022.2204.21.400 resolves several bugs. This is not a security update.
https://support.freedomscientific.com/Downloads/ZoomText

Developer Updates

These are unlikely to be of interest to most people.

AutoHotkey 1.1.34.01 resolves several bugs. This is not a security update.
https://www.autohotkey.com/download/

AutoIt 3.3.16.0 resolves dozens of bugs and adds several new features. This is not a security update.
https://www.autoitscript.com/autoit3/docs/history.htm

Docker Desktop 4.8.1 adds several new features, updates libraries, and resolves several bugs. This is not a security update.
https://www.docker.com/products/docker-desktop

GitHub Desktop 3.0.0 updates notification capabilities, and resolves several bugs. This is not a security update.
https://desktop.github.com/

Inno Setup 6.2.1 is a security update.
https://www.jrsoftware.org/isdl.php

MySQL Server 8.0.29 is a security update.
https://dev.mysql.com/downloads/installer/

MySQL ConnectorNet 8.0.29 is a security update.
https://dev.mysql.com/downloads/connector/net/

Node.js 14.19.2 is a security update.
https://nodejs.org/en/

Node.js 16.15.0 adds fetch API and resolves several bugs. This is not a security update.
https://nodejs.org/en/

Node.js 18.1.0 updates dependencies and resolves several bugs. This is not a security update.
https://nodejs.org/en/

SQLite 3.38.5 resolves several bugs. This is not a security update.
https://www.sqlite.org/download.html

Visual Studio Code 1.67.1 is a security update.
https://code.visualstudio.com/

Virtual Machine Updates

These are unlikely to be of interest to most people.

VirtualBox 6.1.34 resolves dozens of bugs. This is not a security update.
https://www.virtualbox.org/wiki/Downloads

Web Package Updates

These are likely to be of interest only to web developers.

Coppermine Gallery 1.6.19 improves compatibility. This is not a security update.
https://coppermine-gallery.net/

Drupal 9.2.17 resolves several bugs. This is not a security update.
https://drupal.org/download

Drupal 9.3.12 is a security update.
https://drupal.org/download

HumHub 1.11.1 is a security update.
https://www.humhub.com/en/download

Joomla 4.1.3 resolves several bugs. This is not a security update.
https://www.joomla.org/

SMF 2.1.2 is a security update.
https://www.simplemachines.org/

YOURLS 1.9 is a security update.
https://yourls.org/

Akismet 4.2.3 improves compatibility. This is not a security update.
https://wordpress.org/extend/plugins/akismet/

Autoptimize 3.0.4 resolves several bugs. This is not a security update.
https://wordpress.org/extend/plugins/autoptimize/

Slider Revolution 6.5.20 resolves several bugs. This is not a security update.
https://revolution.themepunch.com/

Social Post Feed 4.1.3 resolves several bugs. This is not a security update.
https://wordpress.org/extend/plugins/custom-facebook-feed/

Duplicator 1.4.5 improves several features, This is not a security update.
https://wordpress.org/plugins/duplicator/#developers

Interactive World Map 3.1.9.2 improves compatibility. This is not a security update.
https://wordpress.org/extend/plugins/interactive-world-map/

Postie 1.9.60 improves translatable strings. This is not a security update.
https://wordpress.org/extend/plugins/postie/

WooCommerce 6.4.1 resolves several bugs. This is not a security update.
https://wordpress.org/extend/plugins/woocommerce/

WP Mail SMTP 3.4.0 improves compatibility, integration, and resolves a couple bugs. This is not a security update.
https://wordpress.org/extend/plugins/wp-mail-smtp/

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Updates 2020-02-20

Welcome back, Folks!

It’s not Patch Tuesday, but security updates from Google, Mozilla, Apple and Adobe have triggered an out-of-cycle update.

This Month Week in Technology

According to one of Tumblr’s engineers, Apple’s iOS is adware.

Even great computers are no match for the human brain in perceiving what the typical human consider obvious. Exploiting this fact, evildoers are extorting Google Adsense users by threatening to fraudulently click ads in violation of the Adsense terms unless they get paid off.

If your site is still running an older version of TLS or SSL it’s about to get spanked by the browsers and search engines. Upgrade your HTTPS security policies to use only the latest methods (even if older devices can no longer visit your site).

This month brings even more Bluetooth design and implementation vulnerabilities, and reassurance that keeping your mouth shut may eventually pay off, a relatively minor bug in Firefox allows CSS to be abused to (slowly) extract data from secure sites, and a change to the CCPA (California Consumer Privacy Act) now allows business to keep certain information you’ve requested to be removed so they can…prove…it was…removed…huh? LOL

Finally, a scientific study demonstrates that sound-bite socialization and catch-phrase culture have ruined our ability to have an educated conversation. The real question should be, is anyone surprised?

Let’s Get Busy

The typical computer should see approximately 600 MB of updates. Let’s get started.

watchOS 6.1.3 and 5.3.5 are security updates. Use your updated iPhone to install the most current version through the Watch app.
https://support.apple.com/en-us/HT204641

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

Logitech Options 8.10.84 adds support for new hardware and resolves several bugs. This is not a security update.
https://www.logitech.com/en-us/product/options

Browser Updates

One or more of these are likely to be of interest to everyone.

Google Chrome 80.0.3987.116 is a security update. Use Menu, Help, About to install the current version.

Firefox 73.0.1 resolves several crash bugs. This is not a security update. Use Menu, Help, About to install the current version.

Vivaldi 2.11.1811.38 is a security update. Use Menu, Help, About to install the current version.

Internet Updates

One or more of these are likely to be of interest to everyone.

FreeFileSync 10.20 adds email notification support, HTML logging, sync error detection, and more. This is not a security update.
https://www.freefilesync.org/download.php

IPNetInfo 1.95 adds improved command-line support. This is not a security update.
https://www.nirsoft.net/utils/ipnetinfo.html

WinSCP 5.17 resolves several bugs and adds new features. This is not a security update.
https://winscp.net/eng/index.php

Media Updates

These are unlikely to be of interest to most people.

MyPaint 2.0.0 is a major new update with new layer and compositing features, new brush controls, and dozens more. This is not a security update.
http://mypaint.org/downloads/

Picard 2.3 resolves dozens of bugs and improves reliability. This is not a security update.
https://picard.musicbrainz.org/

Game Updates

These are unlikely to be of interest to most people.

Steam 2020.02.12 resolves several bugs. This is not a security update.

Office Updates

One or more of these are likely to be of interest to most people.

LibreOffice Still 6.3.5 resolves about 85, including stability and reliability fixes. This is not a security update.
https://www.libreoffice.org/

Paint.net 4.2.10 resolves several bugs, notably with those using MSI deployment (yay!). This is not a security update.
https://www.getpaint.net/

Adobe Media Encoder 14.0.2 is a security update.
https://helpx.adobe.com/security/products/media-encoder/apsb20-10.html

Adobe After Effects 17.0.3 is a security update.
https://helpx.adobe.com/security/products/after_effects/apsb20-09.html

Adobe FrameMaker 2019.0.5 resolves several bugs. This is not a security update.
64-bit: https://supportdownloads.adobe.com/detail.jsp?ftpID=6851
32-bit: https://supportdownloads.adobe.com/detail.jsp?ftpID=6849

Capture Updates

These are unlikely to be of interest to most people.

ScreenToGif 2.20.3 resolves a compatibility bug. This is not a security update.
https://www.fosshub.com/ScreenToGif.html

Converter Updates

These are unlikely to be of interest to most people.

DVDFab 11.0.7.4 adds support for new encodings and resolves a crash bug. This is not a security update.
https://www.dvdfab.cn/download.htm

Utility Updates

These are unlikely to be of interest to most people.

RoboForm 8.6.7 resolves several bugs and improves compatibility. This is not a security update.
https://12pd.com/click?rf

Cygwin 3.1.4 resolves a couple bugs and improves compatibility with symlinks and junctions. This is not a security update.
https://cygwin.com/

Etcher 1.5.79 improves user experience. This is not a security update.
https://www.balena.io/etcher/

GoodSync 10.10.24 resolves several bugs. This is not a security update.
https://12pd.com/click?goodsync

PointerStick 3.81 resolves several bugs and improves compatibility. This is not a security update.
https://www.softwareok.com/?seite=Freeware/PointerStick

Developer Updates

These are unlikely to be of interest to most people.

Node.js 13.9.0 resolves over 200 issues. This is not a security update.
https://nodejs.org/en/

Virtual Machine Updates

These are unlikely to be of interest to most people.

VirtualBox 6.1.4-136177 resolves several bugs and improves EFI support. This is not a security update.
https://www.virtualbox.org/wiki/Downloads

Web Package Updates

These are likely to be of interest only to web developers.

Nextcloud Server 18.0.1 resolves dozens of bugs. This is not a security update.
https://nextcloud.com/

HumHub 1.4.1 resolves several bugs. This is not a security update.
https://www.humhub.com/en/download

myStickymenu 2.3.5 updates license rates and terms. This is not a security update.

Postie 1.9.43 begins the migration of shortcodes into the main module. This is not a security update.

Raw HTML 1.6.2 resolves a compatibility bug. This is not a security update.

Redirection 4.7 adds domain relocation with exceptions, site aliases, www/wwwithout controls, and content-type. This is not a security update.

NextScripts Social Networks Auto-Poster 4.3.12 improves Blogger and Facebook compatibility. This is not a security update.

Sucuri Security 1.8.24 resolves two bugs. This is not a security update.

WooCommerce 3.9.2 resolves several bugs. This is a security update.

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

AdSense-Specific Ransom Attacks

Good morning, everyone!

Are you seeing an unexpected spike in your AdSense earnings? It’s most likely intentional click fraud with a side of ransom.

Last night I discovered a new botnet that uses an initial “warning” in the user-agent of the first request to a site, then parses the content of the site and submits “clicks” to your AdSense account.

A similar botnet was discovered last month that used Firefox 27 as it’s user-agent. Blocking Firefox 27 is very easy: it’s very outdated and insecure, has a built-in updater, and it’s users should have been forced to upgrade by now. However, this new variant of that botnet no longer uses Firefox for it’s user-agent. Well, not ONLY Firefox.

Only the initial request from the botnet will send the ransom message as it’s user-agent string. If you don’t view your logs you might never realize you’ve fallen victim to their attack. This will be quickly followed thereafter by dozens or even hundreds or thousands of requests that parse random page content and “click” the AdSense ads. After the first request the botnet will use random legitimate user-agent strings, which makes it impossible to block on user-agent alone. This is designed to skew your AdSense click ratio via intentional click fraud. Even though you, as a publisher, are not directly involved in the click fraud, Google may punish you for the click fraud by terminating your publisher relationship with them.

DO NOT PAY THE RANSOM! As with all blackmail, paying the ransom would only encourage further attacks against you. A great example is the series of ransom-ware Trojans that hijack your content and encrypt it so that the user no longer has access to their own files. A warning appears demanding $x be sent to the attacker, and if you do send the money a second (and subsequently third, fourth and even fifth) amount is demanded, while never actually releasing your content.

We’re acting quickly to block all identifiable instances of the click fraud/ransom attacks, but you should take the time to personally contact Google to let them know that you’re aware of the new botnet that may be attacking your sites. This will ensure that you are not blindsided by Google should they determine that your account is manipulating clicks. Google has exactly one punishment for all slights: termination of your account. Don’t let it happen to you.

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Updates 2013-08-13

Hi, Folks!

It’s Patch Tuesday! Not too much this month, but it’s almost exclusively security updates. Let’s get right to it.

Microsoft released 8 updates for Windows, Internet Explorer, and Exchange. This includes security updates. A reboot is required. IMPORTANT: Make sure you also install the “optional” root certificate update!
http://update.microsoft.com/

Apple released updates for OS X and a variety of printer drivers. Use the Apple Software Updater to get the most current versions.

Adobe AIR 3.8.0.870 is a security update.
Win: https://12pd.com/click?air
Mac: https://12pd.com/click?airmac

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone or kindle – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

BullZip PDF Printer 9.10.0.1629 enables images compression by default, and adds digital signing of PDFs. This is not a security update.
http://www.bullzip.com/products/pdf/info.php#download

Browser Updates

One or more of these are likely to be of interest to everyone.

Firefox 23.0 is a security update. This version also improves content sanity for security, various diagnostic and performance improvements, and several developer features. Use Help, About to install the most recent version.

Google Chrome 28.0.1500.95 is a security update. Use Menu, About to install the most current version.

HTTrack 3.47.22 adds punycode support, corrects several crashes and other bugfixes. This is a security update.
http://www.httrack.com/page/2/en/index.html

SeaMonkey 2.20 is a security update. Use Help, About to install the most current version.

Email Updates

One or more of these are likely to be of interest to everyone.

Thunderbird 17.0.8 is a security update. Use Help, About to install the most current version.

NK2Edit 2.75 adds several new switches for sanity, output preference and automation. This is not a security update.
http://www.nirsoft.net/utils/outlook_nk2_edit.html

OutlookAttachView 2.56 is a cosmetic update. This is not a security update.
http://www.nirsoft.net/utils/outlook_attachment.html

Internet Updates

One or more of these are likely to be of interest to everyone.

Yahoo Messenger 11.5.0.228 does not provide a changelog, so should be treated as a security update.
http://messenger.yahoo.com/download/

BrowsingHistoryView 1.36 is a cosmetic change only. This is not a security update.
http://www.nirsoft.net/utils/browsing_history_view.html

Evernote 4.6.7.8409 provides bug fixes for editing notes across various Evernote clients. This is not a security update.
http://www.evernote.com/

FileZilla 3.7.3 is a security update.
http://filezilla-project.org/

Google Earth 7.1.1.1888 now enables controllers by default, and updates the LEAP API to 0.8.1. This is not a security update.
http://earth.google.com/index.html

Nmap 6.40 adds several new detections, provides bugfixes, and feature improvements. This is not a security update.
http://nmap.org/

PuTTY installer 0.63 is a security update.
http://www.chiark.greenend.org.uk/~sgtatham/putty/

uTorrent 3.3.1 Build 30003 improves automatic updating. This is not a security update.
http://www.utorrent.com/downloads

WinSCP 5.1.6 is a security update.
http://winscp.net/eng/index.php

Codec Updates

One or more of these are likely to be of interest to everyone.

ADVANCED Codec Package 4.2.2 updates included codecs. To install the update, you must uninstall and reinstall the application. This is not a security update.
http://shark007.net/win7codecs.html

Media Updates

These are unlikely to be of interest to most people.

CDBurnerXP 4.5.2.4214 adds the ability to create a print contact sheet, video DVD verification, updated libraries, and minor bugfixes. This is not a security update.
http://cdburnerxp.se/

VLC Media Player 2.0.8 corrects several stability and performance issues. This is a security update.
http://www.videolan.org/vlc/download-windows.html

Winamp 5.65 updates libraries, bug fixes and more. This is a security update.
http://www.winamp.com/media-player/en

Game Updates

These are unlikely to be of interest to most people.

EA Origin 9.3.1.4482 adds group chat, improved notifications, installation and download improvements. This is not a security update.
http://www.filehippo.com/download_origin/

Office Updates

One or more of these are likely to be of interest to most people.

Adobe Digital Editions 2.0.1 is a security update.
http://www.adobe.com/products/digital-editions/download.html

Adobe Drive 5.0 is a major version update with workflow and performance improvements. This is not a security update.
http://www.adobe.com/downloads/updates.html

Adobe Bridge 6.0.1 is a reliability update. This is not a security update.
http://www.adobe.com/downloads/updates.html

Dynamic Link Media Server 7.0.1 is a bugfix release. This is not a security update.
http://www.adobe.com/downloads/updates.html

Blender 2.68a corrects 14 bugs including crashes, and reliability bugs. This is not a security update.
http://www.blender.org/download/get-blender/

Notepad++ 6.4.5 corrects a bug in file history. This is not a security update.
https://12pd.com/click?npp

OpenOffice 4.0.0 is a major update, providing over a thousand bugfixes, improvements and features. This is a security update.
http://www.openoffice.org/download/

Scribus 1.4.3 adds QR barcode support, Haiku OS support and new professional Color Tools. This is not a security update.
http://wiki.scribus.net/canvas/Download

Security Software Updates

One or more of these is likely to be of interest to most people.

Bitmessage 0.3.5 adds a number of new distributions, improved OSX support, improved performance and other fixes. This is a security update.
https://bitmessage.org/

DNSQuerySniffer 1.06 is a cosmetic update. This is not a security update.
http://www.nirsoft.net/utils/dns_query_sniffer.html

KeePass 1.26 adds preloading via command line, database repair warning, and a number of improvements including DEP and ASLR compatibility. This is a security update.
http://keepass.sourceforge.net/

SmartSniff 2.07 corrects a cosmetic bug. This is not a security update.
http://www.nirsoft.net/utils/smsniff.html

Stinger 12.0.0.485 adds support for newer malware. This is not a security update.
http://www.mcafee.com/us/downloads/free-tools/stinger.aspx

Wireless Network Watcher 1.66 is a cosmetic update. This is not a security update.
http://www.nirsoft.net/utils/wireless_network_watcher.html

Wireshark 1.10.1 improves logging, trace and updates protocol support. This is not a security update.
http://www.wireshark.org/

Capture Updates

These are unlikely to be of interest to most people.

Open Broadcaster Software 0.542 Beta corrects several security and performance bugs. This is a security update.
http://obsproject.com/

VideoCacheView 2.52 improves support for Chrome, and adds support for YouTube MPEG-DASH files.
http://www.nirsoft.net/utils/video_cache_view.html

Converter Updates

These are unlikely to be of interest to most people.

MakeMKV 1.8.4 improves performance, reliability with mastering issues, audio selection and minor bugfixes. This is not a security update.
http://www.makemkv.com/download/

Utility Updates

These are unlikely to be of interest to most people.

Autoruns 11.70 adds a new option to have it show only per-user locations. This is a security update.
Disk2vhd 1.64 now supports disk sizes of up to 2 TB. This is not a security update.
Process Explorer 15.40 now shows WMI providers hosted in Wmiprvse processes, includes an autostart option and introduces a process view column that shows process DPI awareness support on Windows 8.1 systems. This is a security update.
http://sysinternals.com/

CCleaner 4.04.4197 improves software detection and cleaning. This is not a security update.
https://12pd.com/click?ccleaner

Defraggler 2.15.741 improves performance, adds file type and modified date to display, and other fixes. This is not a security update.
https://12pd.com/click?defraggler

Recuva 1.48.980 adds UDF support, improves LFN support and several drive performance improvements. This is not a security update.
https://12pd.com/click?recuva

BlueScreenView 1.52 improves research with quick-search functionality. This is not a security update.
http://www.nirsoft.net/utils/blue_screen_view.html

NetworkTrafficView 1.75 adds protocol grouping. This is not a security update.
http://www.nirsoft.net/utils/network_traffic_view.html

NirCmd 2.75 adds moverecyclebin, suspendprocess, resumeprocess parameters, etitle support for find, and the ability to read Unicode files from clipboard. This is not a security update.
http://www.nirsoft.net/utils/nircmd.html

USBDeview 2.25 adds the ability to cycle devices, device control via Instance ID, and improved UAC support. This is not a security update. http://www.nirsoft.net/utils/usb_devices_view.html

WakeMeOnLan 1.52 adds cosmetic improvements. This is not a security update.
http://www.nirsoft.net/utils/wake_on_lan.html

WhatIsHang 1.20 adds 64-bit support, cosmetic improvements, and improved reporting. This is a security update.
http://www.nirsoft.net/utils/what_is_hang.html

WirelessKeyView 1.67 modifies application behavior to trigger fewer security alerts. This is not a security update.
http://www.nirsoft.net/utils/wireless_key.html

TeamViewer 8.0.20202 improves mobile support and provides bugfixes. This is not a security update.
http://www.teamviewer.com/en/download/windows.aspx

Developer Updates

These are unlikely to be of interest to most people.

TortoiseSVN 1.8.1 corrects a couple dozen bugs, including stability and reliability. This is not a security update.
http://tortoisesvn.net/downloads

Web Package Updates

These are likely to be of interest only to web developers.

MailEnable 7.50 provides compatibility fixes to installer, improved language support, and a fix for script handling. This is not a security update.
http://www.mailenable.com/

phpMyAdmin 4.0.5 is a security update.
http://www.phpmyadmin.net/home_page/news.php

SMF 2.0.5 is a security update.
http://download.simplemachines.org/

Dada Mail 6.5.2 fixes a send logging bug. This is not a security update. h
ttp://dadamailproject.com/download/

Drupal 7.23 is a bugfix release. This build also provides significant changes to the image API. Don’t forget to run update.php after updating the code! This is not a security update.
http://drupal.org/download

WordPress 3.6 is a major update that provides a more streamlined approach to uploads, embedding, autosave, revisions, post locking, updates included libraries, and more. This is not a security update.
http://wordpress.org/

BuddyPress 1.8.1 is a minor bugfix release. This is not a security update.

Contact Form 7 3.5.1 is a bugfix release. This is not a security update.

Developer 1.2.2 adds WP-CLI and removes Grunion Contact Form. This is not a security update.

Front-end Editor 2.3.1 updates included libraries and translations. This is not a security update.

Ultimate TinyMCE 4.8.1 fixes a download issue. This is not a security update.

W3 Total Cache 0.9.3 adds a variety of new features, improved plugin compatibility, performance and more. This is a security update.

WPtouch 1.9.8 improves Adsense support, fixes admin bugs. This is not a security update.

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/