January 2021
Download
Windows 10 version 1903 (and earlier) reached end of support on December 8, 2020. There will be no security updates, making your computer more vulnerable to malware.
Windows 7 and Server 2008 have been unsupported for a year now.
The FBI “has observed cyber criminals targeting computer network infrastructure after an operating system achieves end-of-life status,” and added that “continuing to use Windows 7 within an enterprise may provide cyber criminals access into computer systems.”
FBI warning (PDF). Top 10 Windows 7 Vulnerabilities.
As of January 5th, QuickBooks has still not updated the tax tables with the correct 2021 CA SDI tax rate. Check the CA SDI rate on the payroll item list before doing payroll.
Microsoft Edge Legacy desktop application support will end on March 9, 2021. There is a newer version of MS Edge, which should automatically install with Windows updates. You may see it pop up after the update is installed asking you to configure Edge.
Google is shutting down Cloud Print this week.
Line2.com provides a way to keep a phone number separate from your phone devices. Pricing starts at $15/Month. Including TXT, voicemail and forwarding. This may be an economical alternative to a PBX for smaller businesses. It is similar to Google Voice, with more features.
The FAA today announced that it will be issuing two new rules for drone pilots in the U.S. including Remote ID.
Adobe Flash Player officially ended on Dec. 31, 2020.
You should have already uninstalled it from your browsers.
The FCC has been adopting more and more measures to combat robocalls, and the latest set of rules (PDF) it’s implementing include limiting even non-telemarketing calls made to residential phones.
Automakers will stop developing internal combustion engines for future models.
LA residents can use their phones to provide COVID-19 vaccination proof. Other companies like IBM and non-profit organizations are also working on digital “vaccine passports” that will eventually allow folks to travel or enter stadiums, movie theaters and other venues.
CDC list of approved home COVID tests.
Test kits allow you to send in your sample, home testing is a complete do-it-yourself test.
This list from the FDA shows how effective various COVID tests are.
IoT sensors and software help move COVID-19 vaccines.
Splashtop remote desktop software is available free of charge for 60 days.
Security
Solarwinds Orion Security Breach
As you may have seen on the news, the Solarwinds Orion software was hacked. Torian Group does not use the Solarwinds Orion product, and your network is not affected.
A group of Russian government hackers were able to modify the Solarwinds Orion software source code, which was then distributed to all of the software’s users as a software update. Users include major corporations and government agencies: Commerce, Treasury, Justice, NSA, Homeland Security, and Energy departments; the National Institutes of Health; Microsoft; Cisco; AT&T; Intel; Equifax– a partial list is here. The set of potential victims is not just the 18,000 SolarWinds customers who may have downloaded the compromised updates, but also all of those organizations’ customers, and potentially the clients of those organizations as well—and so on.
Microsoft has determined that some of their source code was accessed, but that no customer data was compromised. They claim there is no risk to customers.
As part of the analysis, it was found that a key Solarwinds server had a password of solarwinds123. This may not have been the cause, but it was clearly negligent. Solarwinds is facing a class action lawsuit.
It appears that a recently patched flaw in VMWare may have played a part in the hacking.
Here is a detailed technical analysis of the hack, and the analysis by the Cybersecurity agency (CISA) and a list of affected Solarwinds products.
Here is the notification from SolarWinds.
NY Times summary of what is known.
T-Mobile data breach exposed phone numbers, call records.
T-Mobile previously suffered from breaches in 2018 that exposed customers’ information, 2019 for prepaid customers, and in March 2020 that exposed customer and financial data.
Iranian cyber actors are likely behind a campaign that encouraged deadly violence against U.S. state officials certifying the 2020 election results.
Backdoor discovered in Zyxel firewalls and AP controllers.
Torian Group
As mentioned above and in the news, SolarWinds was involved in a security breach. We have been assured by SolarWinds executives during multiple online meetings that there is no link between the product that was hacked (SolarWinds Orion) and the product we use for monitoring and maintenance (SolarWinds N-Central). However, to err on the side of caution, we are replacing the SolarWinds N-Central product with a product from a different vendor (ConnectWise Automate).
Pricing for the workstation software we use to assist clients who have signed up for proactive maintenance and managed antivirus will go up from $5 to $6 starting January 2021. We are upgrading to more robust management software and antivirus. It uses significantly fewer resources and provides better protection. Pricing for Server backups will go from $50 to $55. Please call or email us if you have any questions.
By Tim Torian