Updates 2021-04-13

Welcome back, Folks!

Today is Patch Tuesday for April, 2021. There have been over 50 major hacking incidents, many hardware devices with critical security issues (often these are responsible for the major hacking incidents), and over a hundred updates this month. Almost every browser has released weekly security updates for the last two months. I don’t know about you, but I’m getting kind of sick of it. Finally, there’s an OpenSSL security update this week, so expect many more updates throughout the next month from every vendor that rolls their own encryption.

This Month in Technology

Acer, Apperta FoundationAzureBIG-IP, the Blender websiteBoggi Milano MenswearBooking.comBroward County (FL) Public SchoolsBrown UniversityBuffalo SchoolsCalifornia State Controller’s OfficeClubhouseCNA FinancialCrash 4 (within a day of release!), Facebook (which had the audacity to blame it’s users), Gigaset Android Update Server (preinstalled, too), Harvard Business SchoolHaverhill Public SchoolsIdaho Central Credit Union, the Indian governmentiOS, iPhones, iPads and Apple WatchesKentucky unemployment insurance systemMaricopa (AZ) Community Colleges, Michigan-based Flagstar BankMillersville UniversityMobiKwikMultiCareNetgear switches, the Netmask libraryParkMobilePeakTPA/Carolina SeniorCarePHPRollSAPSchneider Electric Smart MetersShellShopifySierra WirelessStanford MedicineSwarmShopUbiquiti (even if they won’t admit it), Union Bank of NigeriaUniversity Of CaliforniaUniversity Of ColoradoUniversity of MiamiUniversity of WisconsinUPMCVerkada, various VPN devices, Wake Forest Baptist-Lexington Medical CenterWeLeakInfo (ironic), Yeshiva University, and Zoom (more than once) have each been hacked.

There’s still fallout from the Exchange vulnerabilities for which Microsoft released patches in March, but with today’s release there are newly discovered vulnerabilities and patches, too. Even so, about 8% of Exchange servers still aren’t patched with the March fixes.

Newly discovered vulnerabilities allow bypass of Spectre mitigations on Linux, and on other platforms via JavaScriptAMD Zen 3 CPUs, Cisco SOHO Routers, and QNAP NAS devices are just a small sampling of hardware devices with serious security problems this month. 80% of global enterprises report firmware cyberattacks, while the other 20% probably just don’t have sufficient training or equipment to be able to detect them.

Major Google Android WebView problems have been notable this month and banking malware have been found in ten apps on the Google Play store. And Apple’s macOS Mail App can be hacked simply by receiving an email (again).

Azure AD/Microsoft 365, Azure DNS, Facebook, and Google have suffered recent outages.

T-Mobile is the latest to convert their customers into products. TikTok and Facebook tracking is worse than you imagine.

From the “I’m glad it didn’t happen to me” file we have an example of an aggressive space saving measure gone horribly wrong. There’s a growing trend of targeting the customers of ransomware victims to convince them to pay and another new cross-platform cryptomining worm.

Mobile privacy is a myth as both Google and Apple collect telemetry even when telemetry is disabled, but at least they’ve finally closed one of the more significant SIM-jacking holes.

Big Tech gets to make their own rules. They’re so aggressive about it that their own security staff sometimes can’t tell if they’ve been hacked. Google is being sued in France for violation of privacy. Apple has banned an accessibility keyboard from their AppStore in an effort to force them to into a buyout. Hopefully Epic will be able to use this and Apple’s hypocritical statements in Australia in their antitrust suit.

As with all disasters and government programs (but I repeat myself), the “American Rescue Act” is being trolled by malware authors to infect unsuspecting users. LinkedIn users are also being targeted thanks to the LinkedIn hack.

Not all of those Norton Antivirus renewal messages are scams (just most of them), and the UK is now suing Norton for failing to comply with their investigation into their “Dark Pattern” subscription model.

If Big Tech, Big Government, and the MSM didn’t censor Presidents (even Venezuela’s),
representatives, doctors, Christians, students, and even knitters, push false narratives, and tolerate terror, child abuse, racism, and sexism, while providing security only to one side of the aisle and targeting the other, I suspect there would be much more peace. Virginia Tech is being sued for banning the amorphously definedhate speech“, while once more college racism turns out to be a hoax. It shouldn’t be any surprise to anyone that victimhood itself is a disease.

A single death is a tragedy but killing small businesses was always part of the plan. The lockdowns were never about a virus. They were about pushing compliance with masks and experimental (lethal and anything butsafe and effective“) mRNA treatments onto an unwilling public, to “hack the software of life” preventing the ability to survive and dismantling every freedom unless you accept the jab. A surge is happening, not just at the border, but in post-jab death rates. All of this to ensure that their slush funds would be financed and elections could never be honest again.

There have been tens of thousands of fraudulent ballots in Michigan Georgia, and New Hampshire. In Georgia, one county ordered voter registration applications for 25 times the population. At least we can all agree on some common sense election reform. Or can we? The same businesses that require an ID to use their services are attacking new laws that require the same scrutiny for elections.

Now for the good news:

After more than a decade the US Supreme Court has finally ruled in favor of Google.
It’s about time. While I have no love for Google, the idea that you can’t develop code that uses the same parameters or names as Oracle code is sickening. How many of you have have written functions to format a date or number? It’s not like granular coding styles leave much to the imagination. This would be like an author suing another author because the chapters of their book were named “Chapter 1”, “Chapter 2” and so on. Good decision.

As long as I have my soapbox: Save Crypto!

Let’s Get Busy

Now back to our regularly scheduled program.

Patch Tuesday this month is huge. The typical computer should see roughly 2 GB in updates today. Let’s get started.

Microsoft released updates for Windows, Exchange, Edge, .NET, Servicing Stack, and MSRT (~ 1.5 GB). This includes security updates. A reboot is required.

Apple released updates for GarageBand 10.4.3, iOS 14.4.2, iOS 12.5.2,, iPadOS 14.4.2, and watchOS 7.3.3. This includes security updates. Use Apple Software Update to install these updates. A reboot is required.

iOS 14.4.2 and 12.5.2 are security updates. Use Settings, General, Software Update to install the most current update.

iPadOS 14.4.2 is a security update. Use Settings, General, Software Update to install the most current update.

watchOS 7.3.3 is a security update. Use the Watch app on your iPhone to install the most current version.

Google Chrome OS 89.0.4389.95 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

The release of macOS Big Sur (11.0) means that macOS High Sierra (10.13) and older are no longer supported. If you can not install at least macOS Mojave (10.14) on your Mac then you should immediately remove it from the Internet and use it offline only. It will no longer receive patches or updates and can now no longer be secured.

The now-current release of the Windows 10 (v2009) is huge (about 18% larger than v2004, which was 25% larger than any prior build) so will take a long time to download on slower connections. Windows 10 pushes you to get the latest Windows 10 release every 6 months and only supports any consumer builds for 18 months. If you don’t let it finish and you’re on a slow connection, this process kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need or use, reducing the attack surface. This includes “free” applications like Avast, OpenOffice, and games you do not actually play.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

Drivers by Seagull 2021.1 adds hardware support, improves response time, and adds features to certain models. This is not a security update.
https://www.seagullscientific.com/support/downloads/drivers/

Crucial Storage Executive 7.01 doesn’t provide a changelog so should be treated as a security update.
https://www.crucial.com/support/storage-executive

Display Driver Uninstaller 18.0.3.8 improves AMD removal and resolves several bugs. This is not a security update.
https://www.wagnardsoft.com/display-driver-uninstaller-ddu

Logitech Options (macOS) 8.50.210 resolves several bugs. This is not a security update.
https://www.logitech.com/en-us/product/options

NVidia 465.89 adds new profiles, improves compatibility with various games and newer hardware. This is not a security update.
https://www.nvidia.com/Download/index.aspx?lang=en-us

Browser Updates

One or more of these are likely to be of interest to everyone.

Brave 1.22.71 is a security update. Use Menu, Help, About to install the most current version.
https://brave.com/

Google Chrome 89.0.4389.128 is a security update. Use Menu, Help, About to install the most current version.
https://www.google.com/chrome/

Microsoft Edge 89.0.774.76 is a security update. Use Menu, Help, About to install the most current version.
https://www.microsoft.com/en-us/edge/business/download

Firefox 87.0 is a security update. Use Menu, Help, About to install the most current version.
https://www.mozilla.org/en-US/firefox/new/

Firefox ESR 78.9.0 is a security update. Use Menu, Help, About to install the most current version.
https://www.mozilla.org/en-US/firefox/organizations/all/

SeaMonkey 2.53.7 is a security update. Use Menu, Help, About to install the most current version.
https://www.seamonkey-project.org/

Vivaldi 3.7.2218.52 is a security update. Use Menu, Help, About to install the most current version.
https://vivaldi.com/

Email Updates

One or more of these are likely to be of interest to everyone.

Thunderbird 78.9.1 is a security update. Use Menu, Help, About to install the most current version.
https://www.thunderbird.net/en-US/

Internet Updates

One or more of these are likely to be of interest to everyone.

BrowsingHistoryView 2.47 adds high-DPI support and an option to copy URL QR Code to the clipboard. This is not a security update.
https://www.nirsoft.net/utils/browsing_history_view.html

curl 7.76.0 is a security update.
https://curl.haxx.se/windows/

Dropbox 119.4.1772 doesn’t provide a changelog so should be treated as a security update.
https://www.dropbox.com/

FileZilla Client 3.53.1 resolves a couple bugs. This is not a security update.
https://filezilla-project.org/

FreeFileSync 11.9 resolves several bugs. This is not a security update.
https://www.freefilesync.org/download.php

IPInfoOffline 1.60 adds CIDR and Duplicate Count columns, and updates internal IP database.
https://www.nirsoft.net/utils/ip_country_info_offline.html

Npcap 1.30 resolves several bugs. This is not a security update.
https://nmap.org/npcap/

Technitium DNS Server 6.2 is a major update. The 6.0 branch adds DNS Application support, more options, and improved compatibility. This is not a security update. Be aware that the current version chokes during updates because it stalls on removal of the previous version.
https://technitium.com/dns/

Telegram 2.7.1 resolves several bugs. This is not a security update.
https://telegram.org/

WGet 1.21.1 is a security update.
https://eternallybored.org/misc/wget/

Zoom 5.6.1.617 is a security update.
https://zoom.us/

Media Updates

These are unlikely to be of interest to most people.

3tene 2.0.14 resolves several bugs and adds new positions and motions. This is not a security update.
https://en.3tene.com/

FastStone Viewer 7.5 adds dark theme, support for audio formats, and resolves several bugs. This is not a security update.
http://www.faststone.org/FSViewerDetail.htm

Picard 2.6 resolves several bugs. This is not a security update.
https://picard.musicbrainz.org/

Office Updates

One or more of these are likely to be of interest to most people.

Adobe Photoshop 21.2.7 and 22.3.1 are security updates.
https://helpx.adobe.com/security/products/photoshop/apsb21-28.html

Adobe Digital Editions 4.5.11.187606 is a security update.
https://helpx.adobe.com/security/products/Digital-Editions/apsb21-26.html

Adobe Bridge 10.1.2 and 11.0.2 are security updates.
https://helpx.adobe.com/security/products/bridge/apsb21-23.html

Atom 1.56.0 updates libraries and resolves several bugs. This is not a security update.
https://atom.io/

RoboHelp RH2020.0.4 is a security update.
https://helpx.adobe.com/security/products/robohelp/apsb21-20.html

Krita 4.4.3 doesn’t provide a detailed changelog so should be treated as a security update.
https://krita.org/en/download/krita-desktop/

LibreOffice Fresh 7.1.2 resolves over 60 bugs. This is not a security update, but the “Fresh” line is beta, so should be avoided by most users.
https://www.libreoffice.org/

LibreOffice Still 7.0.5 resolves over 100 bugs. This is not a security update.
https://www.libreoffice.org/

Nextcloud Desktop 3.2.0 resolves dozens of bugs. This is not a security update.
https://nextcloud.com/

Notepad++ 7.9.5 resolves several bugs. This is not a security update.
https://notepad-plus-plus.org/

Security Software Updates

One or more of these is likely to be of interest to most people.

Tails 4.17 is a security update.
https://tails.boum.org/install/dvd-download/index.en.html

ClamWin Portable 0.99.4.103 doesn’t provide a changelog so should be treated as a security update.
https://portableapps.com/apps/security/clamwin_portable

OpenSSL 1.1.1k is a security update.
https://www.openssl.org/source/

RogueKiller 14.8.6 is a security update.
https://www.adlice.com/download/roguekiller/

uBlock Origin 1.34.0 resolves several bugs. This is not a security update.
https://github.com/gorhill/uBlock/releases/latest

VT-CLI 0.9.2 doesn’t provide a detailed changelog so should be treated as a security update.
https://github.com/VirusTotal/vt-cli/releases/latest

Capture Updates

These are unlikely to be of interest to most people.

SnagIt 2021.3.0 resolves several bugs and improves toolset. This is not a security update.
https://download.techsmith.com/snagit/enu/snagit.exe

Converter Updates

These are unlikely to be of interest to most people.

MakeMKV 1.16.3 resolves several bugs. This is not a security update.
https://12pd.com/click?makemkv

Education updates

One or more of these are likely to be of interest to most people.

e-Sword 13.0 adds Audio Bible support. This is not a security update.
https://www.e-sword.net/

Utility Updates

These are unlikely to be of interest to most people.

1Password for Windows 7.6.797 resolves several bugs. This is not a security update.
https://1password.com/downloads/windows/

Bitwarden 1.25.1 resolves installation issues, adds support for Safari 13 and updates electron. This is not a security update.
https://bitwarden.com/

CCleaner 5.78.8558 improves cleaning options and behavior. This is not a security update.
https://www.ccleaner.com/

Cygwin 3.2.0 is a major update, improving threading and symlink support, and resolves more than a dozen bugs. This is a security update.
https://cygwin.com/

DesktopOK 8.77 improves translations and resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK

dupeGuru 4.1.1 resolves several bugs. This is not a security update.
https://dupeguru.voltaicideas.net/

Etcher 1.5.117 resolves several bugs and updates libraries. This is not a security update.
https://www.balena.io/etcher/

Everything Toolbar 0.6.3 resolves a user-mode compatibility problem, requiring uninstallation of previous versions before upgrade. All future builds will be machine-level only. This is not a security update.
https://github.com/stnkl/EverythingToolbar/

GoodSync 11.6.2 resolves dozens of bugs. This is not a security update.
https://www.goodsync.com/

Homedale 1.95 adds translation. This is not a security update.
https://www.the-sz.com/products/homedale/

IsMyHdOK 3.13 improves SSD/SSHD detection and benchmark testing. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/IsMyHdOK

NTLite 2.1.0.7845 resolves several bugs. This is not a security update.
https://www.ntlite.com/download/

osquery 4.7.0 adds several new tables, concat* functions, and resolves dozens of bugs. This is not a security update.
https://osquery.io/downloads

ProduKey 1.96 improves high-DPI compatibility. This is not a security update.
https://www.nirsoft.net/utils/product_cd_key_viewer.html

PsExec 2.33 is a security update.
https://sysinternals.com/

RoboForm 9.1.2 adds website problem reporting and resolves several bugs. This is not a security update.
https://www.roboform.com/

Samsung Magician 6.3.0 doesn’t provide a changelog so should be treated as a security update.
https://www.samsung.com/semiconductor/minisite/ssd/download/tools/

SimpleWMIView 1.43 improves high-DPI compatibility. This is not a security update.
https://www.nirsoft.net/utils/simple_wmi_view.html

System Monitor 13.02 resolves several bugs. This is not a security update.
https://sysinternals.com/

TaskSchedulerView 1.67 improves high-DPI compatibility. This is not a security update.
https://www.nirsoft.net/utils/task_scheduler_view.html

TcpLogView 1.35 adds Process User column and improves high-DPI compatibility. This is not a security update.
https://www.nirsoft.net/utils/tcp_log_view.html

TCPView 4.0 adds flexible filtering, search, and display of the Windows service that owns an endpoint. This is not a security update.
https://sysinternals.com/

WifiInfoView 2.68 improves high-DPI compatibility. This is not a security update.
https://www.nirsoft.net/utils/wifi_information_view.html

WinObj 3.02 resolves a crash bug. This is not a security update.
https://sysinternals.com/

WinScan2PDF 7.01 resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/WinScan2PDF

WirelessKeyView 2.22 adds an option to copy QR Code of the selected item. This is not a security update.
https://www.nirsoft.net/utils/wireless_key.html

Developer Updates

These are unlikely to be of interest to most people.

AutoHotkey 1.1.33.06 resolves a hotkey bug. This is not a security update.
https://www.autohotkey.com/download/

Android Studio 4.1.3.0 resolves a stable/beta channel bug. This is not a security update.
https://developer.android.com/studio

Node.js 12.22.0 is a security update.
https://nodejs.org/en/

Node.js 14.16.1 is a security update.
https://nodejs.org/en/

Node.js 15.14.0 is a security update.
https://nodejs.org/en/

Redemption 5.27.0.5916 resolves several bugs. This is not a security update.
https://www.dimastr.com/redemption/

SQLite 3.35.4 is a security update.
https://www.sqlite.org/download.html

TortoiseGit 2.12.0 updates libraries, resolves more than a dozen bugs, and improves consistency. This is not a security update.
https://tortoisegit.org/

Unreal Engine 4.26 adds many new features. This is not a security update.
https://unrealengine.com/en-US/

Visual Studio Code 1.55.2 is a security update.
https://code.visualstudio.com/

Web Package Updates

These are likely to be of interest only to web developers.

Coppermine Gallery 1.6.11 adds a method to enable 2FA. This is not a security update.
https://coppermine-gallery.net/

Docker Desktop 3.3.0 resolves several bugs. This is not a security update.
https://www.docker.com/products/docker-desktop

Drupal 9.1.6 resolves over 50 bugs. This is not a security update.
https://drupal.org/download

HumHub 1.8.1 resolves several bugs. This is not a security update.
https://www.humhub.com/en/download

Joomla 3.9.26 is a security update.
https://www.joomla.org/

MailEnable 10.34 resolves several bugs. This is not a security update.
https://www.mailenable.com/

Nextcloud Server 21.0.1 resolves over 70 bugs, updates libraries, and improves reliability and compatibility. This is not a security update.
https://nextcloud.com/

phpList 3.6.2 improves compatibility and resolves several bugs. This is not a security update.
https://www.phplist.org/

Piwigo 11.4.0 is a security update.
https://piwigo.org/

ScreenConnect 21.4.2767.7752 makes several cosmetic changes and resolves bugs. This is not a security update.
https://www.connectwise.com/software/control/download

SpamAssassin 3.4.6 is a security update.
https://spamassassin.apache.org/downloads.cgi

Antispam Bee 2.9.4 adds support for ajax calls. This is not a security update.

Autoptimize 2.8.3 resolves a bug. This is not a security update.

BuddyPress 7.2.1 is a security update.

Social Post Feed 2.19.1 improves compatibility and reliability, and resolves several bugs. This is not a security update.

Email Log 2.4.5 resolves several bugs. This is not a security update.

Redirection 5.1.1 resolves several bugs. This is not a security update.

Sucuri Security 1.8.26 is an SJW release. This is not a security update.

Theme My Login 7.1.3 resolves several bugs. This is not a security update.

W3 Total Cache 2.1.2 resolves several bugs and adds AWS regions, new MIME types and pagination links. This is not a security update.

WooCommerce 5.2.0 resolves dozens of bugs. This is not a security update.

WP Mail SMTP 2.7.0 changes PHP requirements (5.5+) and resolves several bugs. This is not a security update.

WordPress Zero Spam 5.0.12 resolves several bugs. This is not a security update.

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Updates 2021-02-09

Welcome back, Folks!

Today is Patch Tuesday for February, 2021.

This Month in Technology

Malware planted during the SolarWinds hack is still being discovered and SolarWinds is still vulnerable.

ADT (not just employee abuse), Amazon Kindle e-readersAzure Functions, the Australian Securities and Investments CommissionCisco DNA CenterCyberpunk 2077Excellus Health Plan, Inc., ExperianFiberHome routers, Forward AirGolang, various Home Assistant integrationsiOSlibgcrypt, Linux (and macOS) SUDOMalwarebytesMeetMindfulMimecast (also a SolarWinds victim), Nespresso smart cards, New Zealand Central BankNoxPlayerOffice 365OpenWRT forumPalo Alto Networks, the PentagonPerl[.]comPfizerSonicWallStormshieldUK Research and Innovationthe UNUScellularUSDA (again), Vermont Dept of LaborVIPGamesWashington State Auditor’s OfficeWestRock Co., WhatsApp, and Wind River Systems have been hacked.

The EU is fining (victims) of data breaches 39% more than two years ago. Grindr is exposing your information. SpamCop made a boo-boo by not renewing their domain on time, resulting in a huge amount of legitimate messages being treated as spam. The LogoKit phishing platform has been updated to “improve” effectiveness.

The UK Government is giving malware-infected laptops to students and the US federal government has repeatedly supported violation of the third and fourth amendments to plant recording devices on private property. There has been an increase of 93% of leaks and data breaches in 2020.

Whether you pay the ransom or restore from backups: PATCH the vulnerabilities!

I have always called for avoiding pirated software because it poses a unique security risk. Here’s an example. (avoid travelling by train in China)

Federally funded censorship and double-standards are being used to advance cancel culture in bankscoffeejournalism, patriotism, by mere association, while actually inciting violence with absurd rhetoric such as calling a kindly neighbor a terrorist for plowing your snow are being excused as acceptable. While censorship isn’t left or right only one side is willing to ban those most likely to join the military from joining.

Worse yet, they’re even targeting third-parties for cancellation for daring to support free speech. Heck, even Mike Rowe is being cancelled.

Some are actually upset that not enough censorship is taking place while ignoring actual calls for violence, funding terroristsopenly supporting child porn, hypocritically calling censorship a violation of election integrity, and arresting people for posting memes.

No matter how much the narrative is disproven – this was planned by others well in advance, and the capitol police were directly involved, which is probably why they refused assistance from the National Guard and DoD when offered multiple times. There’s plenty more.

At least there’s finally some pushback. Hopefully it’s not too little, too late.

Meanwhile, TIME acknowledges that they did, in fact, collude with big tech, large corporations and foreign governments in violation of state and federal laws in order to steal the election. (But don’t talk about it online!) By the way, is it just a coincidence that so many opponents of free speech are pedophiles?

Facebook will pay $300/ea to Illinois users for violating state biometric laws and yet, they have still violated Polish law and blocked & banned small investors while Zuckerberg bragged about how he censored Trump to prevent a free election. WhatsApp users are leaving in droves, while WhatsApp has shifted messaging to explain that user messages (notably not their “data”) can still be removed.

There’s been a surge in BSODs for some Windows devices after January updates. Microsoft has been beaten to the patch (again) by 0patch for a vulnerability in their installer system.

Google is above the law or at least, demands the ability to be excluded from it. They’ve also banned one app for supporting a popular open source file type and another for allowing access to content it doesn’t control (like Google’s own browsers), and violated their own terms to purge negative reviews in their App Store. YouTube is removing Senate testimony. It should come as no surprise then, that developers are realizing that “doing business with [Google] is a liability.” Do you really need more justification to de-Google?

Mozilla fixed a browser bug that could trigger physical damage to your SSD.

Amazon has been caught colludingendangering privacyhypocritically inciting violence, and stealing, all while pursuing the ability to run the Pentagon Defense Systems (in violation of their own Terms of Service).

Apple is throttling iPhones again, preventing sideloading on M1’s, and took five years to discover a widespread crypto miner in macOS.

Still trust your mobile security? Your operating systems have intentionally designed vulnerabilities/weaknesses.

Especially when it comes to science, sunlight remains the best disinfectant. It turns out “global warming” is worse when humans aren’t polluting the air. But sadly, facts don’t matter anymore, so months have passed and hundreds of thousands of lives were lost before political and social science caught up with actual science to acknowledge HCQ is, in fact, an effective treatment. And surely it’s just a coincidence that testing processes were changed immediately after inauguration?

Investigating and/or punishing people for refusing an experimental treatment (according to the FDA they’re not vaccines) is a violation of the Nuremberg Code, but that won’t prevent governments and corporations from doing it anyway, no matter how many times that is struck down as unconstitutional.

The CDC has illegally inflated COVID statistics, but is suppressing VAERS information about people dying like flies after injections.

Really though, can you trust any medical treatment created by people that struggle with math?

Now for the good news:

The Biden administration has dropped the federal lawsuit against the California Net Neutrality law. This will eventually be what breaks the Big Tech monopoly.

Let’s Get Busy

Now back to our regularly scheduled program.

Patch Tuesday this month is huge. The typical computer should see roughly 3 GB in updates today. Let’s get started.

Microsoft released updates for Windows, Edge, .NET, Servicing Stack, and MSRT (~ 2 GB). This includes security updates. A reboot is required.

Apple released updates for macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iCloud for Windows 12.0 (off and on again), iOS 14.4, iPadOS 14.4, Safari 14.0.3, tvOS 14.4, watchOS 7.3, and Xcode 12.4. This includes security updates. Use Apple Software Update to install these updates. A reboot is required.

iOS 14.4 is a security update. Use Settings, General, Software Update to install the most current update.

iPadOS 14.4 is a security update. Use Settings, General, Software Update to install the most current update.

watchOS 7.3 is a security update. Use the Watch app on your iPhone to install the most current version.

tvOS 14.4 is a security update. Use System, Software Update to install the most current version.

Google Chrome OS 88.0.4324.109 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

The release of macOS Big Sur (11.0) means that macOS High Sierra (10.13) and older are no longer supported. If you can not install at least macOS Mojave (10.14) on your Mac then you should immediately remove it from the Internet and use it offline only. It will no longer receive patches or updates and can now no longer be secured.

The now-current release of the Windows 10 (v2009) is huge (about 18% larger than v2004, which was 25% larger than any prior build) so will take a long time to download on slower connections. Windows 10 pushes you to get the latest Windows 10 release every 6 months and only supports any consumer builds for 18 months. If you don’t let it finish and you’re on a slow connection, this process kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need or use, reducing the attack surface. This includes “free” applications like Avast, OpenOffice, and games you do not actually play.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

Display Driver Uninstaller 18.0.3.6 improves cleanup. This is a security update.
https://www.wagnardsoft.com/display-driver-uninstaller-ddu

nVidia 461.40 resolves a dozen bugs. This is not a security update.
https://www.nvidia.com/Download/index.aspx?lang=en-us

Browser Updates

One or more of these are likely to be of interest to everyone.

Brave 1.19.92 is a security update. Use Menu, Help, About to install the most current version.
https://brave.com/

Google Chrome 88.0.4324.150 is a security update. Use Menu, Help, About to install the most current version.
https://www.google.com/chrome/

Microsoft Edge 88.0.705.63 is a security update. Use Menu, Help, About to install the most current version.
https://www.microsoft.com/en-us/edge/business/download

Firefox 85.0.2 is a security update. Use Menu, Help, About to install the most current version.
https://www.mozilla.org/en-US/firefox/new/

Firefox ESR 78.7.1 is a security update. Use Menu, Help, About to install the most current version.
https://www.mozilla.org/en-US/firefox/organizations/all/

SeaMonkey 2.53.6 is a security update. Use Menu, Help, About to install the most current version.
https://www.seamonkey-project.org/

Vivaldi 3.6.2165.36 is a security update. Use Menu, Help, About to install the most current version.
https://vivaldi.com/

Email Updates

One or more of these are likely to be of interest to everyone.

Mailspring 1.8.0 adds account colors, and resolves several bugs. This is not a security update.
https://getmailspring.com/

Thunderbird 78.7.1 is a security update. Use Menu, Help, About to install the most current version.
https://www.thunderbird.net/en-US/

Internet Updates

One or more of these are likely to be of interest to everyone.

BrowsingHistoryView 2.46 adds support for Brave. This is not a security update.
https://www.nirsoft.net/utils/browsing_history_view.html

curl 7.75.0 resolves dozens of bugs and adds several new features. This is not a security update.
https://curl.haxx.se/windows/

Dropbox 115.4.601 doesn’t provide a detailed changelog so should be treated as a security update.
https://www.dropbox.com/

FileZilla Client 3.52.2 resolves several bugs. This is not a security update.
https://filezilla-project.org/

Pocketnet-Core 0.18.18 resolves several bugs. This is not a security update.
https://pocketnet.app/

WinSCP 5.17.10 is a security update.
https://winscp.net/eng/index.php

Zoom 5.5.12494.0204 resolves a couple minor bugs. This is not a security update.
https://zoom.us/

Java 8u281 is a security update.
https://www.java.com/en/download/manual.jsp

Media Updates

These are unlikely to be of interest to most people.

3tene 2.0.10 resolves several bugs. This is not a security update.
https://en.3tene.com/

darktable 3.4.1 resolves about 20 bugs. This is not a security update.
https://www.darktable.org/install/

VLC Media Player 3.0.12 is a security update.
https://www.videolan.org/vlc/

Game Updates

These are unlikely to be of interest to most people.

Steam 2021.02.05 resolves several bugs, improves compatibility, and improves cosmetics. This is not a security update.

PlayStation PS5 20.02-02.50.00 resolves a PS4 installation compatibility issue, improves editing video clips and improves performance. This is not a security update.
https://www.playstation.com/en-us/support/hardware/ps5/system-software/

Office Updates

One or more of these are likely to be of interest to most people.

Atom 1.54.0 updates libraries and resolves several bugs. This is not a security update.
https://atom.io/

Blender 2.91.2 doesn’t have a detailed changelog so should be treated as a security update.
https://www.blender.org/download/

IcoFX 3.5 resolves several bugs. This is not a security update.
https://icofx.ro/

Krita 4.4.2 adds mesh gradients, mesh transform, gradient editor and halftone filter, new brushes, and resolves dozens of bugs. This is not a security update.
https://krita.org/en/download/krita-desktop/

LibreOffice Fresh 7.1.0 resolves hundreds of bugs and improves reliability, stability, and compatibility. This is not a security update. This is beta software and should be avoided by most users.
https://www.libreoffice.org/

Lightworks NLE 2021.1 adds dozens of new features and improvements, and resolves many bugs. This is not a security update.
https://www.lwks.com/

Nextcloud Desktop 3.1.2 adds several new features: SVG client branding, push notifications for file changes, conflict resolution trigger and more. This is not a security update.
https://nextcloud.com/

OpenOffice 4.1.9 improves stability and compatibility. This is not a security update.
https://www.openoffice.org/download/

Paint.net 4.2.15 resolves several bugs. This is not a security update.
https://www.getpaint.net/

FrameMaker 2019 Update 8 64bit (2019.0.8) doesn’t provide a changelog, so should be treated as a security update.
64-bit: https://supportdownloads.adobe.com/detail.jsp?ftpID=7063
32-bit: https://supportdownloads.adobe.com/detail.jsp?ftpID=7065

Adobe Acrobat and Reader 2021.001.20135, 2020.001.30020, and 2017.011.30190 are security updates.
https://helpx.adobe.com/security/products/acrobat/apsb21-09.html

Adobe Animate 21.0.3 is a security update.
https://helpx.adobe.com/security/products/animate/apsb21-11.html

Adobe Dreamweaver 20.2.1 and 21.1 are security updates.
https://helpx.adobe.com/security/products/dreamweaver/apsb21-13.html

Adobe Illustrator 25.2 is a security update.
https://helpx.adobe.com/security/products/illustrator/apsb21-12.html

Adobe Photoshop 21.2.5 and 22.2 are security updates.
https://helpx.adobe.com/security/products/photoshop/apsb21-10.html

Magento 2.4.2, 2.4.1-p1, and 2.3.6-p1 are security updates.
https://helpx.adobe.com/security/products/magento/apsb21-08.html

Security Software Updates

One or more of these is likely to be of interest to most people.

Tails 4.15.1 is a security update.
https://tails.boum.org/install/dvd-download/index.en.html

RogueKiller 14.8.4 resolves several bugs. This is not a security update.
https://www.adlice.com/download/roguekiller/

uBlock Origin 1.33.2 resolves several bugs. This is not a security update.
https://github.com/gorhill/uBlock/releases/latest

VT-CLI 0.9.0 resolves a bug with URL parsing. This is not a security update.
https://github.com/VirusTotal/vt-cli/releases/latest

Capture Updates

These are unlikely to be of interest to most people.

SnagIt 2021.2.0 resolves several bugs. This is not a security update.
https://12pd.com/click?snagit

Utility Updates

These are unlikely to be of interest to most people.

1Password for Windows 7.6.791 resolves several bugs. This is not a security update.
https://1password.com/downloads/windows/

Bitcoin 0.21.0 resolves over a dozen bugs and improves networking. This is not a security update.
https://bitcoin.org/en/download

Bitwarden 1.24.6 improves biometrics, search, and usability. This is not a security update.
https://bitwarden.com/

Carbonite 6.3.8 resolves a bug with NAS backups. This is not a security update.
https://account.carbonite.com/

CCleaner 5.76.8269 improves cleaning and accessibility, and resolves several bugs. This is not a security update.
https://www.ccleaner.com/

CPU-Z 1.95 adds support for newer hardware. This is not a security update.
https://www.cpuid.com/softwares/cpu-z.html

DesktopOK 8.44 improves toolset. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK

DriveImage XML 2.60 doesn’t provide a changelog so should be treated as a security update.
https://www.runtime.org/driveimage-xml.htm

Etcher 1.5.116 updates libraries and improves cleanup of temp files. This is not a security update.
https://www.balena.io/etcher/

Everything 1.4.1.1005 is a security update.
https://www.voidtools.com/

Fido 1.18 adds support for the latest 20H2 refresh. This is not a security update.
https://github.com/pbatard/Fido/releases

GoodSync 11.5.6 improves stability, reliability and sync, and resolves several bugs. This is not a security update.
https://12pd.com/click?goodsync

Homedale 1.92 resolves several bugs. This is not a security update.
https://www.the-sz.com/products/homedale/

IsMyHdOK 2.81 adds automatic update and resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/IsMyHdOK

LessMSI 1.8.1 resolves a display bug. This is not a security update.
https://lessmsi.activescott.com/

NTLite 2.0.0.7784 resolves several bugs. This is not a security update.
https://www.ntlite.com/download/

ProduKey 1.95 adds option to extract partial key from WMI. This is not a security update.
https://www.nirsoft.net/utils/product_cd_key_viewer.html

PSAppDeploy 3.8.4 resolves several bugs. This is not a security update.
https://psappdeploytoolkit.com/

RAMDisk 4.4.0.RC36 resolves several bugs and updates libraries. This is not a security update.
http://memory.dataram.com/products-and-services/software/ramdisk

RoboForm 9.1.1 updates credit card storage data, resolves several bugs, and now uses secure transmission for automatic updates. This is a security update.
https://12pd.com/click?rf

SimpleWMIView 1.42 adds an option to start hidden. This is not a security update.
https://www.nirsoft.net/utils/simple_wmi_view.html

TaskSchedulerView 1.66 adds pagination to the properties widow and adds Task Filename column. This is not a security update.
https://www.nirsoft.net/utils/task_scheduler_view.html

TeamViewer 15.14.5 was released. The TeamViewer release notes have been unavailable for over a month, so while it might be a security update, it would be safer to remove TeamViewer until these issues are resolved.
https://www.teamviewer.com/en/download/windows/

USB Oblivion 1.16.0.0 adds ability to preserve desktop settings and clean UserAssist keys. This is not a security update.
http://www.cherubicsoft.com/en/projects/usboblivion

WinScan2PDF 6.55 resolves several bugs and improves scanner compatibility. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/WinScan2PDF

Developer Updates

These are unlikely to be of interest to most people.

Android Studio 4.1.2.0 resolves a dozen bugs. This is not a security update.
https://developer.android.com/studio

MySQL ConnectorNet 8.0.23 is a security update.
https://dev.mysql.com/downloads/connector/net/

Node.js 15.8.0 resolves dozens of bugs. This is not a security update.
https://nodejs.org/en/

Node.js 14.15.5 resolves several bugs. This is not a security update.
https://nodejs.org/en/

SQLite 3.34.1 adds new features and resolves several bugs. This is not a security update.
https://www.sqlite.org/download.html

StrawberryPerl 5.32.1.1 resolves several bugs. This is not a security update.
https://strawberryperl.com/

Visual Studio Code 1.53 resolves several bugs and adds several features and controls. This is not a security update.
https://code.visualstudio.com/

WinMerge 2.16.10 resolves several bugs and adds new command-line switches and features. This is not a security update.
https://winmerge.org/

Virtual Machine Updates

These are unlikely to be of interest to most people.

PPSSPP 1.11 resolves dozens of bugs. This is not a security update.
https://ppsspp.org/downloads.html

VirtualBox 6.1.18-142142 resolves several stability and reliability bugs. This is not a security update.
https://www.virtualbox.org/wiki/Downloads

Web Package Updates

These are likely to be of interest only to web developers.

Adminer 4.7.9 is a security update.
https://www.adminer.org/en/

Coppermine Gallery 1.6.10 improves compatibility with PHP 8.01. This is not a security update.
https://coppermine-gallery.net/

Docker Desktop 3.1.0 resolves several bugs. This is not a security update.
https://www.docker.com/products/docker-desktop

Drupal 9.0.11 is a security update.
https://drupal.org/download

Drupal 9.1.4 resolves dozens of bugs. This is not a security update.
https://drupal.org/download

HumHub 1.7.2 resolves over a dozen bugs. This is a security update.
https://www.humhub.com/en/download

Nextcloud Server 20.0.7 updates libraries and resolves dozens of bugs. This is not a security update.
https://nextcloud.com/

OpenCart 3.0.3.7 doesn’t provide a detailed changelog so should be treated as a security update.
https://www.opencart.com/

Piwigo 11.3.0 resolves several bugs. This is a security update.
https://piwigo.org/

ScreenConnect 21.2.2159.7699 adds a security tile to configure security options and resolves several bugs. This is not a security update.
https://www.connectwise.com/software/control/download

SMF 2.0.18 is a security update.
https://www.simplemachines.org/

WordPress 5.6.1 resolves several bugs. This is not a security update.
https://wordpress.org/

Social Post Feed 2.18.2 improves GDPR compatibility and resolves a deletion bug. This is not a security update.

Multisite Enhancements 1.6.1 resolves a path bug. This is not a security update.

Redirection 5.0.1 adds support for PHP 8 and resolves several bugs. This is not a security update.

NextScripts Social Networks Auto-Poster 4.3.20 resolves several bugs. This is not a security update.

Sucuri Security 1.8.25 updates the password reset process. This is not a security update.

W3 Total Cache 2.1.0 resolves several bugs and adds cache groups. This is not a security update.

WooCommerce 4.9.2 improves compatibility and disables untested plugins from status and plugin pages. This is not a security update.

WP Mail SMTP 2.6.0 improves compatibility. This is not a security update.

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

 

 

Updates 2020-10-28

Welcome back, Folks!

It’s not Patch Tuesday, but updates from Microsoft, Apple, Google, Mozilla, and many others have triggered an out-of-cycle update.

This Month in Technology

Hackney Council has been hacked, Dickey’s BBQ has been hacked, Carnival Corp was hacked, a Finland psychotherapy center was hacked and the stolen data is being used to blackmail patientsSonicWall VPN Portal can be easily hacked, there’s yet another Bluetooth vulnerability (in all but the latest Linux kernel), dozens of government networks have been targeted (and some hacked) by a “Russian hacker group” (though it’s hard to believe that the Russians are behind anything anymore), and President Trump’s campaign website was hacked. Any password you can remember is a bad password. Even if you’re the President. Or a multinational security company.

Some nutjobs are still supporting the lockdowns, even though the half-baked science encouraging lockdowns and masks have been proven false again and again, but that won’t stop authoritarians from treating people as terrorists.

Facebook is permabanning users for buying $300 VR hardware Facebook sells. Really. That’s okay, it’s time for VR to abandon Facebook anyway.

An overzealous Apple security feature (XProtect) has blocked access to HP printers, Amazon Music and more. They’re humorously contradicting themselves about security. On the one hand, they advise users to never plug any device into a non-Apple power adapter, and on the other hand they say they’re saving the planet by not including power adapters anymore.

Epic Games founder and chief executive Tim Sweeney observes:
“What’s most disturbing about Apple’s position is that they seem to truly believe they “own” all commerce involving phones they make, characterizing direct payment as theft, smuggling, and even shoplifting. It’s a crazy, misguided view.”

Yes, in June T-Mobile broke the entire US cell network. No, they won’t be punished.

Twitter and Facebook are actively censoring actual news based on false claims of hacking and sensitive information…but even if it were true, they didn’t seem to mind when the target of the hacking was of a different political persuasion. Twitter acknowledges that Joe Biden is a child sex predator. It should go without saying that social networks will never treat everyone the same. The FCC and President Trump have repeatedly asserted that they will be “clarifying” Section 230. Wouldn’t it be better if they just enforced it?

Not to be outdone by mere social media, the RIAA has demonstrated that it has too much power. Google has demonstrated that they can control what the world knows and believes, which has painted them into a corner for a federal antitrust case.

Orca Security has a great write-up about Palo Alto Networks defective (and illegal) pursuit of security-by-obscurity.

Now for the good news:

Energy scavenging may soon be a reality, hopefully it won’t be used to send us back to the 18th century like in the TV series Revolution. Isn’t it time that we pedaled for power?

Let’s Get Busy

Microsoft released the newest build of Windows 10 v2009, which isn’t that different from v2004. It’s another minor “major” update that streamlines several features and improves overall performance.
https://www.microsoft.com/en-us/software-download/windows10

Apple released updates for iOS, iPadOS, watchOS, iTunes, and Apple Music 3.4.0 for Android. These are security updates.

iOS 14.1 is a security update. Use Settings, General, Software Update to install the most current version.

iPadOS 14.1 is a security update. Use Settings, General, Software Update to install the most current version.

watchOS 7.0.3 is a security update. Use your updated iPhone to install the most current version through the Watch app.
https://support.apple.com/en-us/HT204641

Google Chrome OS 86.0.4240.112 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.

Fedora 33-1.2 adds PARSEC support, improves interoperability and development environment, updated libraries and resolves several bugs. This is not a security update.
https://getfedora.org/en/workstation/download/

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

Display Driver Uninstaller 18.0.3.4 improves removal capabilities. This is not a security update.
https://www.wagnardsoft.com/display-driver-uninstaller-ddu

MS Mouse and Keyboard Center 13.0 adds support for new hardware. This is not a security update.
https://www.microsoft.com/accessories/en-us/downloads/mouse-keyboard-center

Logitech Options 8.34.82 (and 8.34.91 for macOS) resolves several bugs, adds support for new hardware and plugins, and implements the new permissions options for macOS Mojave compatibility. This is not a security update.
https://www.logitech.com/en-us/product/options

Browser Updates

One or more of these are likely to be of interest to everyone.

Brave 1.16.68 is a security update.
https://brave.com/

Google Chrome 86.0.4240.111 is a security update.

Microsoft Edge 86.0.622.56 is a security update.

Firefox 82.0.2 is a security update.

Firefox ESR 78.4.0 is a security update.

Vivaldi 3.4.2066.86 is a security update.
https://vivaldi.com/

Internet Updates

One or more of these are likely to be of interest to everyone.

BrowsingHistoryView 2.45 adds an option to display QR codes for selected URLs. This is not a security update.
https://www.nirsoft.net/utils/browsing_history_view.html

curl 7.73.0 resolves over a hundred bugs and adds several new switches, improving help and error handling. This is not a security update.
https://curl.haxx.se/windows/

Dropbox 108.4.453 does not provide a detailed changelog, so should be treated as a security update.
https://www.dropbox.com/

FileZilla Client 3.51.0 resolves several bugs. This is not a security update.
https://filezilla-project.org/

TrueNAS 12.0 is the merger of FreeNAS and TrueNAS to build a much more powerful whole. This major update improves quality, reliability and performance, adds and improves support for new file systems and dataset encryption, improves diagnostics, 2FA, API support, quotas and much more. This is not a security update.
https://www.truenas.com/download-truenas-core

Technitium DNS Server 5.4 resolves several bugs, adds QNAME randomization and PTR zone creation. This is not a security update.
https://technitium.com/dns/

WinSCP 5.17.8 is a security update.
https://winscp.net/eng/index.php

Zoom 5.4.58636.1027 resolves several bugs. This is a security update.
https://zoom.us/

Java 8u271 is a security update.
https://www.java.com/en/download/manual.jsp

Media Updates

These are unlikely to be of interest to most people.

iTunes 12.10.10 is a security update. Use Apple Software Update to get the most current version.

3tene 2.0.7 adds 32-bit screen capture, adjusts transition time, and resolves several bugs. This is not a security update.
https://en.3tene.com/

Picard 2.5.1 resolves dozens of bugs, improves reliability, and adds improved privacy controls. This is not a security update.
https://picard.musicbrainz.org/

Game Updates

These are unlikely to be of interest to most people.

Steam 2020.10.23 is a security update.

PlayStation PS4 8.00 is a security update.
https://www.playstation.com/en-us/support/system-updates/ps4/

Office Updates

One or more of these are likely to be of interest to most people.

LibreOffice 6.4.7 resolves over 70 bugs, including stability and reliability issues. This is not a security update.
https://www.libreoffice.org/

Paint.net 4.2.14 improves performance, adds AV1 support, and resolves several bugs. This is not a security update.
https://www.getpaint.net/

Adobe Creative Cloud Desktop Application 5.3 and 2.2 are security updates.
https://helpx.adobe.com/download-install/kb/creative-cloud-desktop-app-download.html

Adobe InDesign 16.0 is a security update.
https://helpx.adobe.com/security/products/indesign/apsb20-66.html

Adobe Media Encoder 14.5 is a security update.
https://helpx.adobe.com/security/products/media-encoder/apsb20-65.html

Adobe Premiere Pro 14.5 is a security update.
https://www.adobe.com/in/creativecloud/catalog/desktop.html

Adobe Photoshop 21.2.3 and 22.0 are security updates.
https://helpx.adobe.com/security/products/photoshop/apsb20-63.html

Adobe After Effects 17.1.3 is a security update.
https://helpx.adobe.com/security/products/after_effects/apsb20-62.html

Adobe Animate 21.0 is a security update.
https://helpx.adobe.com/security/products/animate/apsb20-61.html

Adobe Dreamweaver 21.0 is a security update.
https://helpx.adobe.com/security/products/dreamweaver/apsb20-55.html

Adobe Illustrator 25.0 is a security update.
https://helpx.adobe.com/security/products/illustrator/apsb20-53.html

Marketo 1.4357 is a security update.
https://helpx.adobe.com/security/products/marketo/apsb20-60.html

Magento 2.4.1 and 2.3.6 are security updates.
https://helpx.adobe.com/security/products/magento/apsb20-59.html

Security Software Updates

One or more of these is likely to be of interest to most people.

BelArc Advisor 9.7 doesn’t provide a changelog so should be treated as a security update.
https://www.belarc.com/products_belarc_advisor

RouterPassView 1.90 adds a new display mode including backup files. This is not a security update.
https://www.nirsoft.net/utils/router_password_recovery.html

uBlock Origin 1.30.6 resolves several bugs and adds a click-to-load widget. This is not a security update.
https://github.com/gorhill/uBlock/releases/latest

RogueKiller 14.7.4 improves reliability. This is not a security update.
https://www.adlice.com/download/roguekiller/

HTTP Toolkit 1.0.2 updates libraries. This is not a security update.
https://httptoolkit.tech/

Capture Updates

These are unlikely to be of interest to most people.

SnagIt 2021.0.0 is a major update adding several features, updating Templates, Themes, Simplify, Magnify, and the Editor. This is not a security update.
https://download.techsmith.com/snagit/enu/snagit.exe

Converter Updates

These are unlikely to be of interest to most people.

DVDFab 12.0.0.3 resolves several bugs. This is not a security update.
https://www.dvdfab.cn/download.htm

Utility Updates

These are unlikely to be of interest to most people.

CCleaner 5.73.8130 improves license management. This is not a security update.
https://www.ccleaner.com/

TeamViewer 15.11.6 improves RSA key length, allows flashlight while zooming, and resolves a copy/paste notification bug. This is not a security update.
https://www.teamviewer.com/en/download/windows/

Fido 1.17 adds support for the latest Windows 10 build, v2010. This is not a security update.
https://github.com/pbatard/Fido/releases

GoodSync 11.4.1 improves Google Photos FS access, event handling, GsRunner, CCRunner, updates certificate roots, and resolves several bugs. This is not a security update.
https://12pd.com/click?goodsync

NTLite 2.0.0.7705 updates components and compatibility, and resolves several bugs. This is not a security update.
https://www.ntlite.com/download/

PointerStick 4.71 resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Freeware/PointerStick

Rufus 3.12 adds support for the latest Windows 10 build, v2010, SHA-512 digests, improved Windows To Go support, and resolves several bugs. This is not a security update.
https://rufus.ie/en_IE.html

TaskSchedulerView 1.57 adds options to copy contents of clicked cell. This is not a security update.
https://www.nirsoft.net/utils/task_scheduler_view.html

WinScan2PDF 6.13 resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/WinScan2PDF

VMMap 3.30 identifies .NET Core 3.0 managed heaps. This is not a security update.
https://live.sysinternals.com/

RAMMap 1.60 adds customizable map colors and a new empty system working sets. This is not a security update.
https://live.sysinternals.com/

Sysmon 12.01 is a security update.
https://live.sysinternals.com/

Developer Updates

These are unlikely to be of interest to most people.

MySQL ConnectorNet 8.0.22 resolves several bugs. This is a security update.
https://dev.mysql.com/downloads/connector/net/

Node.js 14.15.0 resolves several bugs and is now officially in Long Term Support (LTS) status. This is not a security update.
https://nodejs.org/en/

Node.js 15.0.1 is a major update adding several new features and removing others, updating libraries and resolves bugs. This is not a security update.
https://nodejs.org/en/

Virtual Machine Updates

These are unlikely to be of interest to most people.

VirtualBox 6.1.16-140961 resolves several bugs. This should be treated as a security update.
https://www.virtualbox.org/wiki/Downloads

Web Package Updates

These are likely to be of interest only to web developers.

Dada Mail 11.12.2 resolves a minor bug. This is not a security update.
http://dadamailproject.com/

phpMyAdmin 4.9.7 and 5.0.4 resolve 2FA bug and PHP compatibility, and resolve several other bugs. This is not a security update.
https://www.phpmyadmin.net/

ScreenConnect 20.11.1385.7587 resolves several bugs. This is not a security update.
https://www.connectwise.com/software/control/download

Nextcloud Server 20.0.1 resolves over 60 bugs and improves performance, reliability and privacy. This is not a security update.
https://nextcloud.com/

Akismet 4.1.7 improves integration. This is not a security update.

Contact Form 7 5.3 resolves several bugs. This is not a security update.

myStickymenu 2.4.7 resolves several bugs. This is not a security update.

NextScripts Social Networks Auto-Poster 4.3.19 improves compatibility and resolves several bugs. This is not a security update.

Redirection 4.9.1 resolves logging and database upgrade bugs. This is not a security update.

Social Post Feed 2.17.1 resolves several bugs. This is not a security update.

WooCommerce 4.6.1 resolves several bugs. This is not a security update.

WP Mail SMTP 2.5.1 adds password encryption, improves Gmail compatibility, and resolves several bugs. This is not a security update.

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Updates 2020-08-11

Welcome back, Folks!

Today is Patch Tuesday for August 2020.

This Month in Technology

I pride myself in my sarcastic wit and infinite patience, but these days I spend so much time shaking my head in such shame for humanity that I’m afraid I’m going to get whiplash.

I’m trying to keep on the topic of technology, but it’s hard when that very technology is being used to silence, stalk, abuse, and defame so many. What’s worse is that when they’re caught they just throw money at those investigating them in order to escape culpability.

Cancel Culture was obvious to authors in the 1930s, but has been ignored over the last decade because those who speak up are themselves cancelled. Richard Stallman explains his position on digital currencies being evil, and how technological tracking will inevitably be used for cancel culture. (Heck, even Bill Maher opposes cancel culture!) Sadly, it may be too late to stop at this point, since cancel culture has now escaped planet Earth to infect the cosmos.

Canon was hacked, Avon was hacked, Intel was hackedGarmin was hacked, Walmart was hacked and is being sued under the CCPA over it, Capital One was finally punished for being hacked, Dave was hackedLedger was hacked, exposing a million accounts and emails, Tor has been hacked (the vulnerabilities have actually been known for *years*), nearly a thousand enterprise VPN servers have been hacked, 62,000 NAS devices have been hacked and infected, and Twitter was hacked (by a Florida teen who exposed Twitter’s “nonexistent” censorship tools). Is it any wonder Twitter was hacked since it took them almost two years to patch an app vulnerability?

A dozen VPN providers used an unprotected and insecure storage to harvest details of over twenty million (20,000,000) users, including payment details and traffic history.

Google is harvesting data from third parties to build rival apps, but it doesn’t stop there – they also “accidentally” enabled their Google Home smart devices to listen 24/7 and record their environments.

A TeamViewer vulnerability allows anyone running a version older than those released *yesterday* to be hacked, and of the 79 Netgear router models that have known security vulnerabilities, Netgear has announced they won’t patch 45 of them – including several AC models that are only 3 years old, and Snapdragon chip vulnerabilities put over a billion Android devices at risk. On the subject of defective hardware, BadPower can light you up!

Microsoft is flagging HOSTS files used to block unwanted telemetry as malicious. Evil extensions continue to be evil. AT&T “accidentally” tells all their customers they have to replace their brand new phones in order to continue to use cell service, Humana (Tricare) “accidentally” told 600,000 US military veterans that they were infected with COVID-19.

Advertisements are evil privacy-erasing monsters, but Ad URLs are worse.

Now for the good(?) news:

Recently, the lockdowns are responsible for more suicides and deaths by overdose than COVID-19. That’s gotta be a silver lining somehow, right?

Let’s Get Busy

Now back to our regularly scheduled program.

Patch Tuesday this month is huge. The typical computer should see roughly 2 GB in updates today. Let’s get started.

Microsoft released updates for Windows, Edge, .NET, Internet Explorer, Office, Servicing Stack, and MSRT (~1.3 GB). This includes security updates. A reboot is required.

Apple released updates for macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra, Safari 13.1.2, Xcode 11.6, iCloud for Windows 11.3, iCloud for Windows 7.20, iTunes 12.10.8 for Windows. This includes security updates. Use Apple Software Update to install these updates. A reboot is required.

iOS 13.6 and 12.4.8, and iPadOS 13.6 are security updates. Use Settings, General, Software Update to install the most current update.

watchOS 6.2.8 and 5.3.8 are security updates. Use the Watch app on your iPhone to install the most current version.

tvOS 13.4.8 is a security update. Use System, Software Update to install the most current version.

Adobe Flash Player 32.0.0.414 is a security update.
Win: https://12pd.com/click?flash
Win: https://12pd.com/click?flashie
Mac: https://12pd.com/click?flashmac

Google Chrome OS 84.0.4147.110 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

The release of macOS Catalina (10.15) means that macOS Sierra (10.12) and older are no longer supported. If you can not install at least macOS High Sierra (10.13) on your Mac then you should immediately remove it from the Internet and use it offline only. It will no longer receive patches or updates and can now no longer be secured.

The now-current release of the Windows 10 (2004) is a huge (about 25% larger than any prior build) so will take a long time to download on slower connections. Windows 10 pushes you to get the latest Windows 10 release every 6 months. If you don’t let it finish and you’re on a slow connection, this process kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need or use, reducing the attack surface.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

Display Driver Uninstaller 18.0.2.8 resolves issues with NVIDIA removal. This is not a security update.
https://www.wagnardsoft.com/display-driver-uninstaller-ddu

Browser Updates

One or more of these are likely to be of interest to everyone.

Brave 1.11.104 is a security update. Use Menu, Help, About to install the most current version.
https://brave.com/

Firefox 79.0 is a security update. Use Menu, Help, About to install the most current version

Firefox ESR 68.11.0 is a security update. Use Menu, Help, About to install the most current version.

Google Chrome 84.0.4147.125 is a security update. Use Menu, Help, About to install the most current version.

Microsoft Edge 84.0.522.59 is a security update. Use Menu, Help, About to install the most current version.

Vivaldi 3.2.1967.41 is a security update. Use Menu, Help, About to install the most current version.
https://vivaldi.com/

Email Updates

One or more of these are likely to be of interest to everyone.

Thunderbird 78.1.0 is a security update. Direct updates are disabled for 78.x so you will need to download and install the update from the Thunderbird website:
https://www.thunderbird.net/en-US/

Internet Updates

One or more of these are likely to be of interest to everyone.

BrowsingHistoryView 2.41 adds support for local /cfg file. This is not a security update.
https://www.nirsoft.net/utils/browsing_history_view.html

Dropbox 103.4.383 doesn’t provide a detailed changelog, so should be treated as a security update.
https://www.dropbox.com/

FileZilla Client 3.49.1 resolves a cosmetic bug. This is not a security update.
https://filezilla-project.org/

FreeFileSync 11.0 improves Google Drive sync and backups, adds WSL symlink support, and resolves several bugs. This is not a security update.
https://www.freefilesync.org/download.php

Npcap 0.9996 resolves several bugs, including stability/crash problems. This is not a security update.
https://nmap.org/npcap/

Technitium DNS Server 5.0.2 resolves several bugs and updates libraries. This is not a security update.
https://technitium.com/dns/

WinSCP 5.17.7 is a security update.
https://winscp.net/eng/index.php

Zoom 5.2.42619.0804 resolves several bugs, improves compatibility and hardware support, and adds several new features. This is not a security update.
https://zoom.us/

Line 9.6.0 adds effects stickers. This is not a security update.
http://line.me/update

Media Updates

These are unlikely to be of interest to most people.

3tene 2.0.2 updates libraries, improves compatibility, and resolves several bugs. This is not a security update.
https://en.3tene.com/

iTunes 12.10.8 is a security update. Use Apple Software Update to install the most current version.

darktable 3.2.1 resolves almost 100 bugs, improves lighttable, CSS styles, Color Picker, preferences, and many more. This is not a security update.
https://www.darktable.org/install/

Picard 2.4.1 resolves a dozen bugs and adds support for new formats, improves functions and stability. This is not a security update.
https://picard.musicbrainz.org/

Office Updates

One or more of these are likely to be of interest to most people.

Adobe Reader DC 20.012.20041 is a security update. Use Menu, Check for updates to get the most current version.

Adobe Lightroom 9.3 is a security update.
https://helpx.adobe.com/security/products/lightroom/apsb20-51.html

Magento 2.4.0 and 2.3.5-p2 are security updates.
https://helpx.adobe.com/security/products/magento/apsb20-47.html

Adobe Reader Mobile 20.3 is a security update.
https://helpx.adobe.com/security/products/reader-mobile/apsb20-50.html

Adobe Prelude 9.0.1 is a security update.
https://helpx.adobe.com/security/products/prelude/apsb20-46.html

Adobe Photoshop 20.0.10 and 21.2.1 are security updates.
https://helpx.adobe.com/security/products/photoshop/apsb20-45.html

Adobe Bridge 10.1.1 is a security update.
https://helpx.adobe.com/security/products/bridge/apsb20-44.html

Atom 1.50.0 resolves several bugs and updates libraries. This is not a security update.
https://atom.io/

Blender 2.83.4 resolves dozens of bugs and improves performance. This is not a security update.
https://www.blender.org/download/

LibreOffice Still 6.4.5 is a major update to the stable version of LibreOffice. This build resolves over 100 bugs and improves stability over the previous beta “Fresh” line. This is not a security update.
https://www.libreoffice.org/

LibreOffice Fresh 7.0.0 is beta software. While this is a major update to the beta version of LibreOffice, nearly 200 bugs were resolved over the last few days so you should only use this if you are comfortable using beta software that is very likely to crash. This is not a security update.
https://www.libreoffice.org/

Notepad++ 7.8.9 resolves 9 bugs that improve cosmetics after the recent updates. This is not a security update.
https://notepad-plus-plus.org/

Paint.net 4.2.13 resolves several bugs and improves low-quality exports. This is not a security update.
https://www.getpaint.net/

Security Software Updates

One or more of these is likely to be of interest to most people.

DNSQuerySniffer 1.81 adds local /cfg file support and adds Select/Deselect All to column settings. This is not a security update.
https://www.nirsoft.net/utils/dns_query_sniffer.html

Gpg4win 3.1.12 resolves several bugs and improves reliability. This is a security update.
https://www.gpg4win.org/download.html

Hashcat 6.1.1 resolves several bugs and adds support for new algorithms. This is not a security update.
https://hashcat.net/hashcat/#downloadlatest

RogueKiller 14.6.3 updates core engine and resolves several bugs. This is not a security update.
https://www.adlice.com/download/roguekiller/

uBlock Origin 1.29.0 resolves several bugs. This is not a security update.
https://github.com/gorhill/uBlock/releases/latest

Capture Updates

These are unlikely to be of interest to most people.

SnagIt 2020.1.4 improves cosmetic controls and resolves several bugs. This is not a security update.
https://download.techsmith.com/snagit/enu/snagit.exe

Converter Updates

These are unlikely to be of interest to most people.

DVDFab 11.1.0.1 adds support for new encodings, adds output configuration exports, batch reporting, and new output profiles. This is not a security update.
https://www.dvdfab.cn/download.htm

MakeMKV 1.15.2 updates muxer to the latest matroska specification, resolves several bugs and adds drive speed control and standalone sdftool. This is not a security update.
https://www.makemkv.com/download/

PDF Creator 4.1.2 resolves a COM interface error and several other bugs. This is not a security update.
https://www.pdfforge.org/pdfcreator

Utility Updates

These are unlikely to be of interest to most people.

1Password for Windows 7.6.780 resolves several bugs and improves cosmetics. This is a security update.
https://1password.com/downloads/windows/

Bitwarden 1.20.1 resolves a crash bug and adds support for Windows Hello or TouchID on macOS to unlock the vault. This is not a security update.
https://bitwarden.com/

CCleaner 5.70.7909 improves compatibility, but is still detected as a “potentially unwanted program” by Windows Defender (and with all the problems CCleaner has had in the last couple years, they could be right).
https://www.ccleaner.com/

CPU-Z Installer 1.93 adds support for newer hardware. This is not a security update.
https://www.cpuid.com/softwares/cpu-z.html

CurrPorts 2.62 adds ‘Copy Remote Address’ option. This is not a security update.
https://www.nirsoft.net/utils/cports.html

Dell Command Update 3.1.3 improves reliability, compatibility, and stability. This is not a security update.
https://www.dell.com/support/article/us/en/04/sln311129/dell-command-update?lang=en

DesktopOK 7.71 resolves several bugs and adds HTTPS updates. This is a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK

Eraser 6.2.0.2990 adds exFAT support but doesn’t have a changelog. This should be treated as a security update.
https://eraser.heidi.ie/download/

Etcher 1.5.102 updates libraries, and resolves several bugs. This is not a security update.
https://www.balena.io/etcher/

Everything 1.4.1.988 reworks some Lite behavior, ensures volumes are mounted before use, and resolves several bugs. This is not a security update.
https://www.voidtools.com/

FolderChangesView 2.32 adds local /cfg support. This is not a security update.
https://www.nirsoft.net/utils/folder_changes_view.html

GoodSync 11.2.8 resolves several bugs and improves reliability. This is not a security update.
https://www.goodsync.com/

Homedale 1.88 adds OWE encryption support. This is not a security update.
https://www.the-sz.com/products/homedale/

IsMyHdOK 2.21 vastly improves SSD support. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/IsMyHdOK

NTLite 2.0.0.7596 resolves several bugs and adds new settings options. This is not a security update.
https://www.ntlite.com/download/

PointerStick 4.25 resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Freeware/PointerStick

PowerToys 0.20.1 resolves several bugs. This is a security update.
https://github.com/microsoft/PowerToys/releases/latest

RoboForm 8.9.1 adds import from Edge and resolves several bugs. This is not a security update.
https://www.roboform.com/

Sysmon 11.11 fixes a bug that prevented USB media from being ejected. This should be treated as a security update.
https://live.sysinternals.com/

TaskSchedulerView 1.56 improves compatibility for devices where the Remote Registry service is disabled. This is not a security update.
https://www.nirsoft.net/utils/task_scheduler_view.html

TeamViewer 15.8.3 is a security update.
https://www.teamviewer.com/en/download/windows/

TraceRouteOK 1.77 resolves several bugs and improves GUI. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/TraceRouteOK

USBDeview 3.00 adds several new timestamp columns that can be read when running elevated, and renames the other timestamp fields. This is not a security update.
https://www.nirsoft.net/utils/usb_devices_view.html

USB Oblivion 1.13.0.0 adds ability to clean the Partition Diagnostic journal. This is not a security update.
https://www.cherubicsoft.com/en/projects/usboblivion

WifiInfoView 2.62 improves local /cfg file behavior. This is not a security update.
https://www.nirsoft.net/utils/wifi_information_view.html

WinScan2PDF 5.88 improves compatibility with multifunction devices. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/WinScan2PDF

Developer Updates

These are unlikely to be of interest to most people.

ADB 30.0.4 resolves several bugs and improves fastboot. This is not a security update.
https://developer.android.com/studio/releases/platform-tools

AutoHotkey 1.1.33.02 resolves several bugs. This is not a security update.
https://www.autohotkey.com/download/

Node.js 14.8.0 resolves dozens of bugs and updates libraries. This should be treated as a security update.
https://nodejs.org/en/

Node.js v12 12.18.3 updates libraries and resolves dozens of bugs. This should be treated as a security update.
https://nodejs.org/en/

Redemption 5.24.0.5736 adds several new methods and properties, and resolves several bugs. This is not a security update.
http://www.dimastr.com/redemption/

Web Package Updates

These are likely to be of interest only to web developers.

Dada Mail 11.11.0 adds Scheduling and validation, makes Open Discussion Lists always available, significantly improves active troubleshooting, and resolves compatibility with StopForumSpam. This is not a security update.
http://dadamailproject.com/

Docker Desktop 2.3.0.4 improves cross-platform compatibility, installation troubleshooting, and WSL 2 support. This is not a security update.
https://www.docker.com/products/docker-desktop

Drupal 9.0.3 resolves over 100 bugs. This is not a security update.
https://drupal.org/download

HumHub 1.6.2 resolves dozens of bugs. This is not a security update.
https://www.humhub.com/en/download

MailEnable 10.31 improves logging, and resolves over 30 bugs. This is not a security update.
https://www.mailenable.com/

Nextcloud Server 19.0.1 resolves dozens of bugs. This is not a security update.
https://nextcloud.com/

OpenCart 3.0.3.6 adds PayPal extensions and removes Openbay Pro. This is not a security update.
https://www.opencart.com/

OpenPetra 2020.06 adds consent storage for compatibility with legal requirements,
https://www.openpetra.org/

ScreenConnect 20.8.29574.7520 resolves several bugs. This is not a security update.
https://www.connectwise.com/software/control/download

Autoptimize 2.7.6 resolves several bugs. This is not a security update.

BuddyPress 6.2.0 resolves several bugs. This is not a security update.

Contact Form 7 5.2.1 resolves several bugs. This is not a security update.

Social Post Feed 2.16 resolves a couple bugs. This is not a security update.

Register IP – Multisite 1.8.2 resolves a cosmetic bug and improves compatibility. This is not a security update.

NextScripts Social Networks Auto-Poster 4.3.16 improves compatibility and resolves two bugs. This is not a security update.

W3 Total Cache 0.14.3 resolves several bugs. This is not a security update.

WooCommerce 4.3.2 resolves several bugs. This is not a security update.

WP Add Custom CSS 1.1.6 updates code editor and improves compatibility. This is not a security update.

WordPress Zero Spam 4.9.12 is the latest in a series of fixes to the 4.0 rewrite. Over a hundred changes and many new features and controls are added. This is not a security update.

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Updates 2020-03-24

Hi, Folks!

It’s not Patch Tuesday, but security updates from Apple, Adobe, Google, and many others have triggered an out-of-cycle update.

This Month/Week in Technology

NPM is joining Github. Cool.

Apple was fined $1.2 billion by French antitrust authorities. And you thought the next iPhone was going to be expensive yesterday? They’ll be rolling the expense of the antitrust settlement into your next iDevice.

Security is all about trust. The thing to remember is that just because something claims to be a security application or service doesn’t mean it is. Antivirus and VPNs are no exception. By the way, if you’re still using Avast, you may as well just send your passwords out to random email addresses along with all your other personal data.

Content Delivery Networks (CDNs) are critical for scalable web distribution. Unfortunately, this makes them prime targets for malware distribution as well.

Salesforce customers will soon no longer be able to use Data Backup Recovery. Consider this a reminder that while the cloud might store everything, it’s not always easy to get it back when you’ve lost it.

The US Department of Defense is glacially slow (8+ years) at fixing security issues. Don’t say you weren’t warned. In their wisdom, the FBI says you shouldn’t save your passwords in your browser. Duh.

Even if you don’t, however, your data is stored by most other entities you interact with. For example, every 10 years the US performs the Census and collects a wide variety of information about every household in the country. When the US Census Bureau data is hacked you can find that data online, too. But that’s not even the worst of what’s wrong with the Census this year. Their website uses a script that performs a unique fingerprint of every single device that connects to their site and attempts to load various sensor features to further profile and access features of the device. Coupled with the “unique” login you use when filling out the Census your online activity can be permanently tied to your devices. And yes, this is the same organization that had a major data leak earlier in this paragraph.

The Internet of Things (IoT) is much less secure than you may have thought, no matter how bad you thought it was. 98% of their traffic is sent unencrypted, more than half of devices suffer from critical vulnerabilities that will likely never be patched, IoT devices are often used as a foothold to gain access to your internal networks, and hospitals are some of the worst offenders for employing insecure and unmaintained IoT devices.

Is it any wonder that the Russian FSB was developing an IoT botnet? Another FSB contractor was hacked and their tools were released in much the same way as the CIA Vault7 hack.

Now for the good news:

Comcast has made their public Wi-Fi hotspots available free to everyone and has removed data caps for the next 60 days as a result of the current pandemic. Just make sure you’re using a VPN. 🙂

Let’s Get Busy

Apple released updates for macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra, Xcode 11.4, Safari 13.1, watchOS 6.2, watchOS 5.3.6, tvOS 13.4, iOS 13.4, iPadOS 13.4, iOS 12.4.6, and iTunes 12.10.5 for Windows. These are security updates. Use the Apple App Store or Apple Software Update to install the most current versions.

iOS 13.4 and 12.4.6 are security updates. Use Settings, General, Software Update to install the most current version.

watchOS 6.2 and 5.3.6 are security updates. Use your updated iPhone to install the most current version through the Watch app.
https://support.apple.com/en-us/HT204641

tvOS 13.4 is a security update. Use Settings, General, Updates to install the most current version.

Adobe Flash Player 32.0.0.344 is a security update.
Win: https://12pd.com/click?flash
Win: https://12pd.com/click?flashie
Mac: https://12pd.com/click?flashmac

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

nVidia 442.75 resolves several compatibility issues and adds app/game profiles. This is not a security update.
https://www.nvidia.com/Download/index.aspx?lang=en-us

Browser Updates

One or more of these are likely to be of interest to everyone.

Brave 1.5.113 is a security update. Use Menu, Help, About to install the most current version.
https://brave.com/

Google Chrome 80.0.3987.149 is a security update. Use Menu, Help, About to install the most current version.

Vivaldi 2.11.1811.49 is a security update. Use Menu, Help, About to install the most current version.
https://vivaldi.com/

Email Updates

One or more of these are likely to be of interest to everyone.

Thunderbird 68.6.0 is a security update. Use Menu, Help, About to install the most current version.

Internet Updates

One or more of these are likely to be of interest to everyone.

BrowsingHistoryView 2.40 adds a new date/time filter. This is not a security update.
https://www.nirsoft.net/utils/browsing_history_view.html

FileZilla Client 3.47.2.1 resolves several bugs. This is not a security update.
https://filezilla-project.org/

FreeFileSync 10.22 resolves several bugs. This is not a security update.
https://www.freefilesync.org/download.php

Npcap 0.9989 resolves several bugs. This should be treated as a security update.
https://nmap.org/npcap/

Prosody 0.11.5 adds foreground/background flags to replace daemon functionality. This is not a security update.
https://prosody.im/download/start

Media Updates

These are unlikely to be of interest to most people.

iTunes 12.10.5 is a security update. Use Apple Software Update to install the most current version.

Office Updates

One or more of these are likely to be of interest to most people.

Adobe Reader DC 20.006.20042 is a security update. Use Help, Check for Updates to install the most current version.

Adobe Creative Cloud Desktop?5.1 is a security update.
https://www.adobe.com/creativecloud/catalog/desktop.html

Adobe Bridge 10.0.3 is a security update.
https://www.adobe.com/products/bridge.html

Adobe ColdFusion 2016.14 and 2018.8 are security updates.
https://helpx.adobe.com/coldfusion/kb/coldfusion-2016-update-14.html
https://helpx.adobe.com/coldfusion/kb/coldfusion-2018-update-8.html

Adobe Experience Manager 6.3.3.8, 6.4.8.0, and 6.5.4.0 are security updates.
https://helpx.adobe.com/experience-manager/aem-releases-updates.html

Adobe Photoshop 20.0.9 and 21.1.1 are security updates. Use Adobe Creative Cloud Desktop to install the most current versions (after you patch it).

Adobe Acrobat 2020.006.20042, 2017.011.30166, and 2015.006.30518 are security updates. Use Adobe Creative Cloud Desktop to install the most current versions (after you patch it).

Adobe Genuine Integrity Service 6.6 is a security update. AdobeGCClient does not have a separate installer or updater, and will update as you patch other programs.

Atom 1.45.0 resolves several bugs and updates libraries. This should be treated as a security update.
https://atom.io/

LibreOffice Fresh 6.4.2 resolves over 90 bugs. This is a security update. LibreOffice Fresh is a beta version, and should be avoided for most users.
https://www.libreoffice.org/

Security Software Updates

One or more of these is likely to be of interest to most people.

RogueKiller 14.3.0 updates libraries, improves reliability and scanning behaviors. This is a security update.
https://www.adlice.com/download/roguekiller/

Capture Updates

These are unlikely to be of interest to most people.

ScreenToGif 2.22.1 resolves a couple bugs and updates translations. This is not a security update.
https://github.com/NickeManarin/ScreenToGif/releases/latest

Converter Updates

These are unlikely to be of interest to most people.

DVDFab 11.0.8.1 adds support for new encodings, improves compatibility, and resolves a couple bugs. This is not a security update.
https://www.dvdfab.cn/download.htm

Utility Updates

These are unlikely to be of interest to most people.

1Password for Windows 7.4.759 resolves several bugs and improves compatibility. This is not a security update.
https://1password.com/downloads/windows/

CurrPorts 2.61 resolves a state-monitoring bug. This is not a security update.
https://www.nirsoft.net/utils/cports.html

Etcher 1.5.80 resolves several bugs and updates electron. This should be treated as a security update.
https://www.balena.io/etcher/

Everything 1.4.1.969 improves stability. This is not a security update.
https://www.voidtools.com/

Fing 9.0.0 adds several new feature shortcuts and an Account tab. This is not a security update.
https://community.fing.com/

GoodSync 10.11.2 resolves several bugs. This is not a security update.
https://12pd.com/click?goodsync

IsMyHdOK 2.11 updates language packs and resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/IsMyHdOK

TeamViewer 15.4.4445 resolves several bugs and adds the tvopt file format for setting portability. This is not a security update.
https://www.teamviewer.com/en/download/windows/

WSUS Offline 12.0 removes support for Windows 7, Windows Server 2008 R2, Win10 v1703, splits Win10 updates to versioned folders for future updates, and updates supercedence values. This is not a security update.
https://download.wsusoffline.net/

Developer Updates

These are unlikely to be of interest to most people.

Inno Setup 6.0.4 improves compatibility, Restart Manager, and RTF, adds Dark Theme, several fixes and HTTPS on the website. This is not a security update.
https://www.jrsoftware.org/isdl.php

Node.js 13.11.0 updates libraries, improves compatibility, and resolves several bugs. This is not a security update.
https://nodejs.org/en/

StrawberryPerl 5.30.2.1 updates libraries, improves compatibility, and resolves several bugs. This is a security update. You probably shouldn’t be using StrawberryPerl though, since they still aren’t using HTTPS even though they can get it free through LetsEncrypt. Sad.
http://strawberryperl.com/

Web Package Updates

These are likely to be of interest only to web developers.

Drupal 8.8.4 is a security update.
https://drupal.org/download

HumHub 1.4.4 resolves several bugs. This is not a security update.
https://www.humhub.com/en/download

phpMyAdmin 4.9.5 is a security update.
https://www.phpmyadmin.net/

Nextcloud Server 18.0.3 is a security update.
https://nextcloud.com/

phpList 3.5.1 updates libraries and resolves several bugs. This is a security update.
https://www.phplist.org/

Connectwise Control 20.2.27450.7387 resolves several bugs. This is not a security update.
https://www.connectwise.com/software/control/download

Akismet 4.1.4 improves compatibility and activation process. This is not a security update.

Custom Facebook Feed 2.12.4 improves compatibility and resolves several bugs. This is not a security update.

myStickymenu 2.3.8 improves compatibility, reduces announcement nag frequency, and allows custom HTML within notification bar. This is not a security update.

Postie 1.9.44 refactors code for separation of purpose and adds an action for registering shortcodes.

Redirection 4.7.1 resolves several bugs. This is not a security update.

WooCommerce 4.0.1 improves Action Scheduler and resolves several bugs. This is not a security update.

WP Mail SMTP 1.9.0 adds several troubleshooting features, improves documentation, About, and warns when settings are not saved. This is not a security update.

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/