Last Patch Tuesday - December 2020 ⛄ Happy Holidays

Welcome to Patch Tuesday for December 2020

It's that time again. Please leave your PC(s) powered on tonight so security updates from Microsoft will be downloaded to your PC around 3:00 a.m. (Make sure you have configured it to avoid hibernation and sleep modes when idle, and while plugged in.) This can be adjusted with the power settings icon in the Control Panel.

Patch Tuesday Forecast

This Patch Tuesday you can expect a smaller but standard set of Microsoft operating system updates this month. We should see the usual monthly rollup and security-only patches for the older operating systems, including the extended security updates (ESU) for Windows 7 and Server 2008. Windows 10 will include the latest 20H2 update.

New TrickBot malware can tamper with UEFI/BIOS firmware. The resulting malware can "brick" your computer and make it very difficult to recover even with a format and rebuild. The new capability was spotted inside part of a new TrickBot module, first seen in the wild at the end of October.

For those who might not know, the UEFI/BIOS area of your computer is the first thing that loads when powering up. It contains the basic information needed to load the operating system i.e. Microsoft Windows.

Did you know plugging your phone or PC into a USB port to charge it, say at the airport, exposes all the data within? This cheap device from Amazon blocks data transfer - Nice Christmas stocking stuffer.

Secure your devices from hackers, viruses!
Prevents data transfer while charging your device
High speed charging from any powered USB port
Metal exterior and ABS plastic interior make for a lightweight yet sturdy design
Works on any USB device

Microsoft says three state-sponsored hacker groups, known as APTs, have targeted seven COVID-19 vaccine makers.

As if coming up with a vaccine for COVID-19 isn't challenging enough, the pharmaceutical companies are also fighting off electronic invaders as well.

Russia's Strontium (Fancy Bear) and North Korea's Zinc (Lazarus Group) and Cerium. The Russian Strontium group has been employing password spraying and brute-force login attempts to obtain login credentials, break into victim accounts, and steal sensitive information. While the North Korean groups have been attempting spear-phishing email campaigns by sending messages with fabricated job descriptions, pretending to be recruiters, and targeting employees working at the targeted companies.

The BIGGEST hacks, data breaches of 2020 (so far)

Cybersecurity may be far from many of our minds this year, and in light of a pandemic and catastrophic economic disruption, remembering to maintain our own personal privacy and security online isn't necessarily a priority.

A large portion of the world's workforce shifted to a work from home model and hackers pivoted to attack individuals 20% of cybersecurity incidents. The article lists the largest data breaches by companies, government agencies, and businesses hacked during 2020, including NASA, IRS Tax Refunds, Estée Lauder, T-Mobile, General Electric, and many others.

You don't have to be a rocket scientist to keep yourself safe while on the internet. While you may fear these hackers are unbeatable, there are common-sense things you can do to protect yourself.

I have assembled 7, one or two-page, PDF files that teach you what to do and watch for. Hackers actually NEED your help to hack into your PC or account. Make it more difficult for them. Click on the image or the button below review these suggestions.

(Image source: The FarSide by Gary Larson)

For what it’s worth:

I have radically updated this bulletin into a user-friendly, efficient report style. If you are reading this, my objective is attained. 😊 If you'd like to share this bulletin with any family or friends who might need some help, just click on the "forward to a friend" link below.

Wishing you a very Merry (and safe) Christmas and Happy New Year!

Gary

Forward to a friend