Welcome back, Folks!
Today is Patch Tuesday for April, 2021. There have been over 50 major hacking incidents, many hardware devices with critical security issues (often these are responsible for the major hacking incidents), and over a hundred updates this month. Almost every browser has released weekly security updates for the last two months. I don’t know about you, but I’m getting kind of sick of it. Finally, there’s an OpenSSL security update this week, so expect many more updates throughout the next month from every vendor that rolls their own encryption.
This Month in Technology
Acer, Apperta Foundation, Azure, BIG-IP, the Blender website, Boggi Milano Menswear, Booking.com, Broward County (FL) Public Schools, Brown University, Buffalo Schools, California State Controller’s Office, Clubhouse, CNA Financial, Crash 4 (within a day of release!), Facebook (which had the audacity to blame it’s users), Gigaset Android Update Server (preinstalled, too), Harvard Business School, Haverhill Public Schools, Idaho Central Credit Union, the Indian government, iOS, iPhones, iPads and Apple Watches, Kentucky unemployment insurance system, Maricopa (AZ) Community Colleges, Michigan-based Flagstar Bank, Millersville University, MobiKwik, MultiCare, Netgear switches, the Netmask library, ParkMobile, PeakTPA/Carolina SeniorCare, PHP, Roll, SAP, Schneider Electric Smart Meters, Shell, Shopify, Sierra Wireless, Stanford Medicine, SwarmShop, Ubiquiti (even if they won’t admit it), Union Bank of Nigeria, University Of California, University Of Colorado, University of Miami, University of Wisconsin, UPMC, Verkada, various VPN devices, Wake Forest Baptist-Lexington Medical Center, WeLeakInfo (ironic), Yeshiva University, and Zoom (more than once) have each been hacked.
There’s still fallout from the Exchange vulnerabilities for which Microsoft released patches in March, but with today’s release there are newly discovered vulnerabilities and patches, too. Even so, about 8% of Exchange servers still aren’t patched with the March fixes.
Newly discovered vulnerabilities allow bypass of Spectre mitigations on Linux, and on other platforms via JavaScript. AMD Zen 3 CPUs, Cisco SOHO Routers, and QNAP NAS devices are just a small sampling of hardware devices with serious security problems this month. 80% of global enterprises report firmware cyberattacks, while the other 20% probably just don’t have sufficient training or equipment to be able to detect them.
Major Google Android WebView problems have been notable this month and banking malware have been found in ten apps on the Google Play store. And Apple’s macOS Mail App can be hacked simply by receiving an email (again).
Azure AD/Microsoft 365, Azure DNS, Facebook, and Google have suffered recent outages.
T-Mobile is the latest to convert their customers into products. TikTok and Facebook tracking is worse than you imagine.
From the “I’m glad it didn’t happen to me” file we have an example of an aggressive space saving measure gone horribly wrong. There’s a growing trend of targeting the customers of ransomware victims to convince them to pay and another new cross-platform cryptomining worm.
Mobile privacy is a myth as both Google and Apple collect telemetry even when telemetry is disabled, but at least they’ve finally closed one of the more significant SIM-jacking holes.
Big Tech gets to make their own rules. They’re so aggressive about it that their own security staff sometimes can’t tell if they’ve been hacked. Google is being sued in France for violation of privacy. Apple has banned an accessibility keyboard from their AppStore in an effort to force them to into a buyout. Hopefully Epic will be able to use this and Apple’s hypocritical statements in Australia in their antitrust suit.
As with all disasters and government programs (but I repeat myself), the “American Rescue Act” is being trolled by malware authors to infect unsuspecting users. LinkedIn users are also being targeted thanks to the LinkedIn hack.
Not all of those Norton Antivirus renewal messages are scams (just most of them), and the UK is now suing Norton for failing to comply with their investigation into their “Dark Pattern” subscription model.
If Big Tech, Big Government, and the MSM didn’t censor Presidents (even Venezuela’s),
representatives, doctors, Christians, students, and even knitters, push false narratives, and tolerate terror, child abuse, racism, and sexism, while providing security only to one side of the aisle and targeting the other, I suspect there would be much more peace. Virginia Tech is being sued for banning the amorphously defined “hate speech“, while once more college racism turns out to be a hoax. It shouldn’t be any surprise to anyone that victimhood itself is a disease.
A single death is a tragedy but killing small businesses was always part of the plan. The lockdowns were never about a virus. They were about pushing compliance with masks and experimental (lethal and anything but “safe and effective“) mRNA treatments onto an unwilling public, to “hack the software of life” preventing the ability to survive and dismantling every freedom unless you accept the jab. A surge is happening, not just at the border, but in post-jab death rates. All of this to ensure that their slush funds would be financed and elections could never be honest again.
There have been tens of thousands of fraudulent ballots in Michigan Georgia, and New Hampshire. In Georgia, one county ordered voter registration applications for 25 times the population. At least we can all agree on some common sense election reform. Or can we? The same businesses that require an ID to use their services are attacking new laws that require the same scrutiny for elections.
Now for the good news:
After more than a decade the US Supreme Court has finally ruled in favor of Google.
It’s about time. While I have no love for Google, the idea that you can’t develop code that uses the same parameters or names as Oracle code is sickening. How many of you have have written functions to format a date or number? It’s not like granular coding styles leave much to the imagination. This would be like an author suing another author because the chapters of their book were named “Chapter 1”, “Chapter 2” and so on. Good decision.
As long as I have my soapbox: Save Crypto!
Let’s Get Busy
Now back to our regularly scheduled program.
Patch Tuesday this month is huge. The typical computer should see roughly 2 GB in updates today. Let’s get started.
Microsoft released updates for Windows, Exchange, Edge, .NET, Servicing Stack, and MSRT (~ 1.5 GB). This includes security updates. A reboot is required.
Apple released updates for GarageBand 10.4.3, iOS 14.4.2, iOS 12.5.2,, iPadOS 14.4.2, and watchOS 7.3.3. This includes security updates. Use Apple Software Update to install these updates. A reboot is required.
iOS 14.4.2 and 12.5.2 are security updates. Use Settings, General, Software Update to install the most current update.
iPadOS 14.4.2 is a security update. Use Settings, General, Software Update to install the most current update.
watchOS 7.3.3 is a security update. Use the Watch app on your iPhone to install the most current version.
Google Chrome OS 89.0.4389.95 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.
Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.
Important Notes
Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.
The release of macOS Big Sur (11.0) means that macOS High Sierra (10.13) and older are no longer supported. If you can not install at least macOS Mojave (10.14) on your Mac then you should immediately remove it from the Internet and use it offline only. It will no longer receive patches or updates and can now no longer be secured.
The now-current release of the Windows 10 (v2009) is huge (about 18% larger than v2004, which was 25% larger than any prior build) so will take a long time to download on slower connections. Windows 10 pushes you to get the latest Windows 10 release every 6 months and only supports any consumer builds for 18 months. If you don’t let it finish and you’re on a slow connection, this process kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.
Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.
It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need or use, reducing the attack surface. This includes “free” applications like Avast, OpenOffice, and games you do not actually play.
Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.
Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com
Driver Updates
If you’re using this hardware – these updates are for you.
Drivers by Seagull 2021.1 adds hardware support, improves response time, and adds features to certain models. This is not a security update.
https://www.seagullscientific.com/support/downloads/drivers/
Crucial Storage Executive 7.01 doesn’t provide a changelog so should be treated as a security update.
https://www.crucial.com/support/storage-executive
Display Driver Uninstaller 18.0.3.8 improves AMD removal and resolves several bugs. This is not a security update.
https://www.wagnardsoft.com/display-driver-uninstaller-ddu
Logitech Options (macOS) 8.50.210 resolves several bugs. This is not a security update.
https://www.logitech.com/en-us/product/options
NVidia 465.89 adds new profiles, improves compatibility with various games and newer hardware. This is not a security update.
https://www.nvidia.com/Download/index.aspx?lang=en-us
Browser Updates
One or more of these are likely to be of interest to everyone.
Brave 1.22.71 is a security update. Use Menu, Help, About to install the most current version.
https://brave.com/
Google Chrome 89.0.4389.128 is a security update. Use Menu, Help, About to install the most current version.
https://www.google.com/chrome/
Microsoft Edge 89.0.774.76 is a security update. Use Menu, Help, About to install the most current version.
https://www.microsoft.com/en-us/edge/business/download
Firefox 87.0 is a security update. Use Menu, Help, About to install the most current version.
https://www.mozilla.org/en-US/firefox/new/
Firefox ESR 78.9.0 is a security update. Use Menu, Help, About to install the most current version.
https://www.mozilla.org/en-US/firefox/organizations/all/
SeaMonkey 2.53.7 is a security update. Use Menu, Help, About to install the most current version.
https://www.seamonkey-project.org/
Vivaldi 3.7.2218.52 is a security update. Use Menu, Help, About to install the most current version.
https://vivaldi.com/
Email Updates
One or more of these are likely to be of interest to everyone.
Thunderbird 78.9.1 is a security update. Use Menu, Help, About to install the most current version.
https://www.thunderbird.net/en-US/
Internet Updates
One or more of these are likely to be of interest to everyone.
BrowsingHistoryView 2.47 adds high-DPI support and an option to copy URL QR Code to the clipboard. This is not a security update.
https://www.nirsoft.net/utils/browsing_history_view.html
curl 7.76.0 is a security update.
https://curl.haxx.se/windows/
Dropbox 119.4.1772 doesn’t provide a changelog so should be treated as a security update.
https://www.dropbox.com/
FileZilla Client 3.53.1 resolves a couple bugs. This is not a security update.
https://filezilla-project.org/
FreeFileSync 11.9 resolves several bugs. This is not a security update.
https://www.freefilesync.org/download.php
IPInfoOffline 1.60 adds CIDR and Duplicate Count columns, and updates internal IP database.
https://www.nirsoft.net/utils/ip_country_info_offline.html
Npcap 1.30 resolves several bugs. This is not a security update.
https://nmap.org/npcap/
Technitium DNS Server 6.2 is a major update. The 6.0 branch adds DNS Application support, more options, and improved compatibility. This is not a security update. Be aware that the current version chokes during updates because it stalls on removal of the previous version.
https://technitium.com/dns/
Telegram 2.7.1 resolves several bugs. This is not a security update.
https://telegram.org/
WGet 1.21.1 is a security update.
https://eternallybored.org/misc/wget/
Zoom 5.6.1.617 is a security update.
https://zoom.us/
Media Updates
These are unlikely to be of interest to most people.
3tene 2.0.14 resolves several bugs and adds new positions and motions. This is not a security update.
https://en.3tene.com/
FastStone Viewer 7.5 adds dark theme, support for audio formats, and resolves several bugs. This is not a security update.
http://www.faststone.org/FSViewerDetail.htm
Picard 2.6 resolves several bugs. This is not a security update.
https://picard.musicbrainz.org/
Office Updates
One or more of these are likely to be of interest to most people.
Adobe Photoshop 21.2.7 and 22.3.1 are security updates.
https://helpx.adobe.com/security/products/photoshop/apsb21-28.html
Adobe Digital Editions 4.5.11.187606 is a security update.
https://helpx.adobe.com/security/products/Digital-Editions/apsb21-26.html
Adobe Bridge 10.1.2 and 11.0.2 are security updates.
https://helpx.adobe.com/security/products/bridge/apsb21-23.html
Atom 1.56.0 updates libraries and resolves several bugs. This is not a security update.
https://atom.io/
RoboHelp RH2020.0.4 is a security update.
https://helpx.adobe.com/security/products/robohelp/apsb21-20.html
Krita 4.4.3 doesn’t provide a detailed changelog so should be treated as a security update.
https://krita.org/en/download/krita-desktop/
LibreOffice Fresh 7.1.2 resolves over 60 bugs. This is not a security update, but the “Fresh” line is beta, so should be avoided by most users.
https://www.libreoffice.org/
LibreOffice Still 7.0.5 resolves over 100 bugs. This is not a security update.
https://www.libreoffice.org/
Nextcloud Desktop 3.2.0 resolves dozens of bugs. This is not a security update.
https://nextcloud.com/
Notepad++ 7.9.5 resolves several bugs. This is not a security update.
https://notepad-plus-plus.org/
Security Software Updates
One or more of these is likely to be of interest to most people.
Tails 4.17 is a security update.
https://tails.boum.org/install/dvd-download/index.en.html
ClamWin Portable 0.99.4.103 doesn’t provide a changelog so should be treated as a security update.
https://portableapps.com/apps/security/clamwin_portable
OpenSSL 1.1.1k is a security update.
https://www.openssl.org/source/
RogueKiller 14.8.6 is a security update.
https://www.adlice.com/download/roguekiller/
uBlock Origin 1.34.0 resolves several bugs. This is not a security update.
https://github.com/gorhill/uBlock/releases/latest
VT-CLI 0.9.2 doesn’t provide a detailed changelog so should be treated as a security update.
https://github.com/VirusTotal/vt-cli/releases/latest
Capture Updates
These are unlikely to be of interest to most people.
SnagIt 2021.3.0 resolves several bugs and improves toolset. This is not a security update.
https://download.techsmith.com/snagit/enu/snagit.exe
Converter Updates
These are unlikely to be of interest to most people.
MakeMKV 1.16.3 resolves several bugs. This is not a security update.
https://12pd.com/click?makemkv
Education updates
One or more of these are likely to be of interest to most people.
e-Sword 13.0 adds Audio Bible support. This is not a security update.
https://www.e-sword.net/
Utility Updates
These are unlikely to be of interest to most people.
1Password for Windows 7.6.797 resolves several bugs. This is not a security update.
https://1password.com/downloads/windows/
Bitwarden 1.25.1 resolves installation issues, adds support for Safari 13 and updates electron. This is not a security update.
https://bitwarden.com/
CCleaner 5.78.8558 improves cleaning options and behavior. This is not a security update.
https://www.ccleaner.com/
Cygwin 3.2.0 is a major update, improving threading and symlink support, and resolves more than a dozen bugs. This is a security update.
https://cygwin.com/
DesktopOK 8.77 improves translations and resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK
dupeGuru 4.1.1 resolves several bugs. This is not a security update.
https://dupeguru.voltaicideas.net/
Etcher 1.5.117 resolves several bugs and updates libraries. This is not a security update.
https://www.balena.io/etcher/
Everything Toolbar 0.6.3 resolves a user-mode compatibility problem, requiring uninstallation of previous versions before upgrade. All future builds will be machine-level only. This is not a security update.
https://github.com/stnkl/EverythingToolbar/
GoodSync 11.6.2 resolves dozens of bugs. This is not a security update.
https://www.goodsync.com/
Homedale 1.95 adds translation. This is not a security update.
https://www.the-sz.com/products/homedale/
IsMyHdOK 3.13 improves SSD/SSHD detection and benchmark testing. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/IsMyHdOK
NTLite 2.1.0.7845 resolves several bugs. This is not a security update.
https://www.ntlite.com/download/
osquery 4.7.0 adds several new tables, concat* functions, and resolves dozens of bugs. This is not a security update.
https://osquery.io/downloads
ProduKey 1.96 improves high-DPI compatibility. This is not a security update.
https://www.nirsoft.net/utils/product_cd_key_viewer.html
PsExec 2.33 is a security update.
https://sysinternals.com/
RoboForm 9.1.2 adds website problem reporting and resolves several bugs. This is not a security update.
https://www.roboform.com/
Samsung Magician 6.3.0 doesn’t provide a changelog so should be treated as a security update.
https://www.samsung.com/semiconductor/minisite/ssd/download/tools/
SimpleWMIView 1.43 improves high-DPI compatibility. This is not a security update.
https://www.nirsoft.net/utils/simple_wmi_view.html
System Monitor 13.02 resolves several bugs. This is not a security update.
https://sysinternals.com/
TaskSchedulerView 1.67 improves high-DPI compatibility. This is not a security update.
https://www.nirsoft.net/utils/task_scheduler_view.html
TcpLogView 1.35 adds Process User column and improves high-DPI compatibility. This is not a security update.
https://www.nirsoft.net/utils/tcp_log_view.html
TCPView 4.0 adds flexible filtering, search, and display of the Windows service that owns an endpoint. This is not a security update.
https://sysinternals.com/
WifiInfoView 2.68 improves high-DPI compatibility. This is not a security update.
https://www.nirsoft.net/utils/wifi_information_view.html
WinObj 3.02 resolves a crash bug. This is not a security update.
https://sysinternals.com/
WinScan2PDF 7.01 resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/WinScan2PDF
WirelessKeyView 2.22 adds an option to copy QR Code of the selected item. This is not a security update.
https://www.nirsoft.net/utils/wireless_key.html
Developer Updates
These are unlikely to be of interest to most people.
AutoHotkey 1.1.33.06 resolves a hotkey bug. This is not a security update.
https://www.autohotkey.com/download/
Android Studio 4.1.3.0 resolves a stable/beta channel bug. This is not a security update.
https://developer.android.com/studio
Node.js 12.22.0 is a security update.
https://nodejs.org/en/
Node.js 14.16.1 is a security update.
https://nodejs.org/en/
Node.js 15.14.0 is a security update.
https://nodejs.org/en/
Redemption 5.27.0.5916 resolves several bugs. This is not a security update.
https://www.dimastr.com/redemption/
SQLite 3.35.4 is a security update.
https://www.sqlite.org/download.html
TortoiseGit 2.12.0 updates libraries, resolves more than a dozen bugs, and improves consistency. This is not a security update.
https://tortoisegit.org/
Unreal Engine 4.26 adds many new features. This is not a security update.
https://unrealengine.com/en-US/
Visual Studio Code 1.55.2 is a security update.
https://code.visualstudio.com/
Web Package Updates
These are likely to be of interest only to web developers.
Coppermine Gallery 1.6.11 adds a method to enable 2FA. This is not a security update.
https://coppermine-gallery.net/
Docker Desktop 3.3.0 resolves several bugs. This is not a security update.
https://www.docker.com/products/docker-desktop
Drupal 9.1.6 resolves over 50 bugs. This is not a security update.
https://drupal.org/download
HumHub 1.8.1 resolves several bugs. This is not a security update.
https://www.humhub.com/en/download
Joomla 3.9.26 is a security update.
https://www.joomla.org/
MailEnable 10.34 resolves several bugs. This is not a security update.
https://www.mailenable.com/
Nextcloud Server 21.0.1 resolves over 70 bugs, updates libraries, and improves reliability and compatibility. This is not a security update.
https://nextcloud.com/
phpList 3.6.2 improves compatibility and resolves several bugs. This is not a security update.
https://www.phplist.org/
Piwigo 11.4.0 is a security update.
https://piwigo.org/
ScreenConnect 21.4.2767.7752 makes several cosmetic changes and resolves bugs. This is not a security update.
https://www.connectwise.com/software/control/download
SpamAssassin 3.4.6 is a security update.
https://spamassassin.apache.org/downloads.cgi
Antispam Bee 2.9.4 adds support for ajax calls. This is not a security update.
Autoptimize 2.8.3 resolves a bug. This is not a security update.
BuddyPress 7.2.1 is a security update.
Social Post Feed 2.19.1 improves compatibility and reliability, and resolves several bugs. This is not a security update.
Email Log 2.4.5 resolves several bugs. This is not a security update.
Redirection 5.1.1 resolves several bugs. This is not a security update.
Sucuri Security 1.8.26 is an SJW release. This is not a security update.
Theme My Login 7.1.3 resolves several bugs. This is not a security update.
W3 Total Cache 2.1.2 resolves several bugs and adds AWS regions, new MIME types and pagination links. This is not a security update.
WooCommerce 5.2.0 resolves dozens of bugs. This is not a security update.
WP Mail SMTP 2.7.0 changes PHP requirements (5.5+) and resolves several bugs. This is not a security update.
WordPress Zero Spam 5.0.12 resolves several bugs. This is not a security update.
That’s all for now folks. Keep it clean out there. 😉
Regards,
Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/