Windows Patch Breaks AV except on Windows 10
Bite
Third-party anti-malware solutions are having issues with the latest Windows 7/8 (and older Windows Servers) April rollup patch.
Snack
A heavy combo of older Windows operating systems and third-party anti-malware solutions is having problems with the latest April rollup patch.
KB4493472 (Monthly Rollup) affected devices during log in. When users attempted a login, the systems ground to halt, some devices taking as long as ten or more hours to log in. Login via safe mode was unaffected, and admins were able to get into their devices and remove the patch to restore.
Sophos, Avira, ArcaBit, Avast, and McAfee all had problems with the update. MS blocked the update for devices with the software installed or supplied details for vendors who had put measures in place to resolve. Full details of the workarounds can be obtained from the Microsoft KB article https://support.microsoft.com/en-us/help/4493472/windows-7-update-kb4493472.
My recommendation; start moving your estate to Windows 10 and look at the MS Defender suite for your anti-malware solution.
Meal
To get the full lowdown on the problem head on over to Ars Technica’s article, McAfee joins Sophos, Avira, Avast—the latest Windows update breaks them all.
Increase in Super Dodgy PDF Based Malware Attacks
Bite
PDF malware attacks on the rise. Think before you click.
Snack
It’s the old school trick, open the attachment to cause chaos. Security firm SonicWall recently highlighted that 47,000 attack variants using PDF attachments were recorded last year. This year is much worse! The number significantly jumped this year to 173,000 new attack variants in the first quarter of 2019.
With PDF’s, Office documents and email being the favorite source to trigger the malware, users are lured into trap by being offered deals and bargains. The offers come from what—on first appearances—look to be from a genuine source. Recipients are encouraged to click.
Phishing attacks are extremely hard to mitigate against. Ultimately, the best form of defense is to educate end users against being trigger happy.
Meal
Ingest the full meal at the Register in their article titled, Old-school cruel: Dodgy PDF email attachments enjoying a renaissance.
Password “123456” Is Being Used by 23.2 Million Users Worldwide, No Joke!
Bite
National Cyber Security Centre raises awareness of weak password usage.
Snack
Password “123456” is used by 23.2 million users worldwide, the National Cyber Security Centre (NCSC) has reported recently. The NCSC, part of the Government Communications Headquarters (GCHQ) in the UK, highlighted the dilemma. Of the 1,350 interviewed as part of their poll, only ‘15% say they know a great deal about how to protect themselves from harmful activity’. Other popular passwords include, “qwerty,” “password,” “superman,” “Liverpool” and “blink182.”
The NCSC recommends, rather than using first names, local football teams or favorite bands, make up hard to guess passwords. This could be accomplished by combining three random but memorable words, for example.
Implementing measures in the workplace to mitigate can be as simple as introducing multi-factor authentication. Also, companies can eliminate password usage altogether by implementing Windows Hello for Business.
Microsoft has also introduced an Azure AD feature called Azure AD Password Protection which can be used to mitigate against a password spray attack, where lists of a small number of common passwords are used to brute force a large number of accounts and this feature can be implemented in cloud or hybrid environments.
Azure AD Password Protection can block a defined a list of easily guessable passwords. The feature has a limit of 1000 passwords. You can take a look at the list of top 100,000 passwords published by How Azure AD Password Protection works and available to download on MicroSoft Docs, and start to apply some of those obvious ones. Password123 anyone?
Meal
An overview of the NCSC report is available here.
