Following “isolated” reports of users’ files being completely erased during upgrades Microsoft announced a “pause” of the Windows 2018 Fall Update. Microsoft has gone so far as saying that if you have a copy of the upgrade already, you should delete it instead of installing it.
Starting with the next generation of WiFi devices, WiFi will finally have a comprehensible naming scheme. In the past, different versions of wifi went by various letters, that were hard to keep track of even if you were in the industry. 802.11, 802.11a, 802.11b, 802.11g and so on up to 802.11ay. Each version works with the last version but unless you memorized all the versions it was hard to know which was which.
Now, WiFi will go by simple numbering, and the latest standards will be renamed WiFi 6.
It’s nearly the best thing since sliced bread.
The News Sentinel is reporting that Knox County computer systems were breached the night of the primary. It was a two stage attack, complete with with a distraction. Here is the short version.
First, the website to report election results came under a distributed denial of service (DDoS) attack. The bad guys sent more traffic to it than it could handle. This is remarkably easy to do today, as multiple services on the dark web will allow you to purchase attacks against websites of your choice. This attack, while real, wasn’t the target, it was just meant to draw IT’s attention away from the core infrastructure and servers.
Sword and Shield, a Knoxville based security company, was contracted to investigate the incident. Their official report says that logs indicate an attempt to access the database sitting behind the webserver. Further testing revealed that there was a security hole that was active on election night, although it would not have been possible to tamper with the election results remotely.
Double staged attacks like this are very common today: as noted above it’s easy to start a DDoS attack against a website, which is highly noticeable. It quickly draws away the top level talent in an organization to deal with it while hackers attempt to quietly infiltrate in a different route. It’s the digital equivalent of setting a paper bag on fire on the front porch and then going and breaking in the basement window. The fire is meant to be noticed.
It’s fortunate that the election results were not tampered with, and the Knox County appears to have done a great job designing the voting system to make hacking it very difficult. This would be a good time for them to look at prevention on website attacks as well.
Further Reading
Consumer backup provider Backblaze has released their quarterly hard drive performance report. This report is always notable because it is the largest ongoing study across a variety of non-enterprise hard drives. In other words: it measures what matters.
The #1 takeaway for us? HGST comes out looking really good compared to Seagate and Western Digital (even though Western Digital owns HGST). The 12TB Seagate and 8TB HGST have higher failure rates than we’d want to see for what we assume are newer drives.
Finally, these results are aimed at NAS drives, at JM Addington and Kairos Dynamic Digital we use SSDs nearly exclusively in day-to-day operations, such as workstations and laptops.
This afternoon one of our technicians was chatting with a legitimate support rep from a well-known vendor. The support rep correctly said that he could not help with the issue over web chat but to call 855-785-2511. When our technician called it was clearly a scam company behind the operation:
- They wanted to charge for free support
- They wanted to use remote tools that this vendor does not use
- They didn’t have a clue on how to solve the issue
This post exists just to serve as a warning to others that 855-785-2511 is clearly a scam phone number.
Apple just announced a battery replacement program for certain 13 inch MacBook Pro’s (non touch bar) manufactured between October 2016 and October 2017.
From Apple:
Apple has determined that, in a limited number of 13-inch MacBook Pro (non Touch Bar) units, a component may fail causing the built-in battery to expand. This is not a safety issue and Apple will replace eligible batteries, free of charge. Affected units were manufactured between October 2016 and October 2017 and eligibility is determined by the product serial number.
You can see if your laptop is affected here. All managed services customers of JM Addington and Kairos Dynamic Digital Managed Services have already had their serial numbers run across the the program by JM Addington staff.
Find more reporting by Ars Technica here.
We recently came across this error, “A critical software update is required for your Mac.” Attempting to install this update would result in another error, “A critical software update is required for your Mac, but an error was encountered while installing this update.”
Unlike some others on the web we found that simply reinstalling the OS did not resolve the issue. However, booting into safe mode (left shift button while powering on) would work. From there, one can create a Time Machine backup. After we successfully backed up the machine we went into the recovery console (Apple+R on boot), ERASED the “Macintosh HD” partition and then re-installed.
This still prompted for the update but we were able to successfully install it. After a fresh install, Migration Assistant loaded the fresh Time Machine backup back onto the machine.
Summary
On Monday, September 18th, Cisco’s Talos reported that the popular computer cleaning utility, CCleaner, was found to distributing Malware for about the last month.
For a period of time, the legitimate signed version of CCleaner 5.33 being distributed by Avast also contained a multi-stage malware payload that rode on top of the installation of CCleaner. CCleaner boasted over 2 billion total downloads by November of 2016 with a growth rate of 5 million additional users per week.
For our managed services customers, we are actively uninstalled CCleaner and running clean up scans immediately. We highly recommend that anyone that does not have IT managed services actively monitoring and fixing this, uninstall CCleaner themselves (or contact us) and then follow up with an antivirus scan, such as Webroot or MalwareBytes.
Impact
At this point it is too early to know what impact the malware has had, if any. No early reports indicate that it was “activated” in a way to cause malicious actions on end computers. However, we expect to learn more over the next few days and may well discover that it has impacted specific organizations.
Technical
Scripting CCleaner Uninstall: http://www.itninja.com/blog/view/how-to-install-run-and-remove-ccleaner-silently-script-in-k1000
Talos Post: http://blog.talosintelligence.com/2017/09/avast-distributes-malware.html
Piriform’s announcement: http://www.piriform.com/news/blog/2017/9/18/security-notification-for-ccleaner-v5336162-and-ccleaner-cloud-v1073191-for-32-bit-windows-users
