NYC Geeks - New York City's Computer Repair and IT Service Experts!

Good Morning

Welcome user! NYC Geeks is the premier computer repair and technology service provider for homes and businesses in the New York metropolitan area.

Learn About Us

Technology News

T-Mobile hits back at AT&T and Verizon after spectrum-hoarding accusations:
Carrier battle heats up as FCC prepares to auction more spectrum.
“LokiBot,” the malware that steals your most sensitive data, is on the rise:
“Persistent malicious” activity sees a “notable increase” since July, feds say.
Old TV set interfered with village’s DSL Internet each day for 18 months:
Engineers traced interference with a spectrum analyzer.
A tip from a kid helps detect iOS and Android scam apps’ 2.4 million downloads:
Smartphone apps raked in ~$500,000, in part thanks to shilling on TikTok and Instagram.
Feds issue emergency order for agencies to patch critical Windows flaw:
Agencies that don't update must disconnect all domain controllers from networks.
Traders set to don virtual reality headsets in their home offices:
UBS looks at recreating busy trading floors with HoloLens experiment.
Companies can track your phone’s movements to target ads:
A startup gathers data on when you pick up your phone or go out on a run.
Telegram messages are a focus in newly uncovered hack campaign from Iran:
Active since 2014, “Rampant Kitten” uses Windows and Android infostealers.
Wayback Machine and Cloudflare team up to archive more of the Web:
Cloudflare-enabled sites get automatic archiving through the Wayback Machine.
Comcast shut off Internet to hundreds, saying they were illegally connected:
Comcast says Denver company resold Comcast service without permission.
A bevy of new features makes iOS 14 the most secure mobile OS ever:
Behold: The useful and not-so-useful privacy features you've been waiting for.
Patient dies after ransomware attack reroutes her to remote hospital:
Outage caused an hour delay in treatment for woman with life-threatening condition.
Hammer drops on hackers accused of targeting game and software makers:
Men accused of spying on behalf of China and earning illicit hacking profits on the side.
AT&T wants to put ads on your smartphone in exchange for $5 discount:
AT&T CEO: Customers would accept targeted ads if given $5 or $10 price cut.
Boeing hid design flaws in 737 Max jets from pilots and regulators:
Congressional report finds aerospace group cut corners.
Oracle’s TikTok non-acquisition seeks Treasury, White House approval:
Oracle looks victorious in the TikTok saga—but the deal is far from final.
New Google Fiber plan: $100 for 2Gbps, plus Wi-Fi 6 router and mesh extender:
$100 plan in beta next month, should come to “most” Google Fiber cities in 2021.
New Windows exploit lets you instantly become admin. Have you patched?:
Zerologon lets anyone with a network toehold obtain domain-controller password.
Microsoft declares its underwater data center test was a success:
Underwater pods can reduce latency by moving cloud services closer to customers.
Verizon to buy TracFone, expanding big carriers’ control of prepaid industry:
Verizon would surpass AT&T and T-Mobile in prepaid if TracFone deal is approved.

Security Alerts

Mozilla Releases Security Updates for Firefox and Firefox ESR:
Original release date: September 22, 2020<br/><p>Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system.</p> <p>The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisories for <a href="https://www.mozilla.org/en-US/security/advisories/mfsa2020-42/">Firefox 81</a> and <a href="https://www.mozilla.org/en-US/security/advisories/mfsa2020-43/">Firefox ESR 78.3</a> and apply the necessary updates.</p> <div class="field field--name-body field--type-text-with-summary field--label-hidden field--item"><p class="privacy-and-terms">This product is provided subject to this <a href="https://us-cert.cisa.gov/privacy/notification">Notification</a> and this <a href="https://www.dhs.gov/privacy-policy">Privacy & Use</a> policy.</p> </div>
Google Releases Security Updates for Chrome:
Original release date: September 22, 2020<br/><p>Google has updated the stable channel for Chrome to 85.0.4183.121 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.</p> <p>The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the <a href="https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop_21.html">stable channel update</a> and apply the necessary changes.</p> <div class="field field--name-body field--type-text-with-summary field--label-hidden field--item"><p class="privacy-and-terms">This product is provided subject to this <a href="https://us-cert.cisa.gov/privacy/notification">Notification</a> and this <a href="https://www.dhs.gov/privacy-policy">Privacy & Use</a> policy.</p> </div>
Samba Releases Security Update for CVE-2020-1472:
Original release date: September 21, 2020<br/><p>The Samba Team has released a security update to address a critical vulnerability—CVE-2020-1472—in multiple versions of Samba. This vulnerability could allow a remote attacker to take control of an affected system.</p> <p>The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Samba Security Announcement for <a href="https://www.samba.org/samba/security/CVE-2020-1472.html">CVE-2020-1472</a> and apply the necessary updates or workaround.</p> <div class="field field--name-body field--type-text-with-summary field--label-hidden field--item"><p class="privacy-and-terms">This product is provided subject to this <a href="https://us-cert.cisa.gov/privacy/notification">Notification</a> and this <a href="https://www.dhs.gov/privacy-policy">Privacy & Use</a> policy.</p> </div>
CISA Releases Emergency Directive on Microsoft Windows Netlogon Remote Protocol:
Original release date: September 18, 2020<br/><p>The Cybersecurity and Infrastructure Security Agency (CISA) has released <a href="https://cyber.dhs.gov/ed/20-04/ ">Emergency Directive (ED) 20-04</a> addressing a critical vulnerability— CVE-2020-1472—affecting Microsoft Windows Netlogon Remote Protocol. An unauthenticated attacker with network access to a domain controller could exploit this vulnerability to compromise all Active Directory identity services.</p> <p>Earlier this month, <a href="https://us-cert.cisa.gov/ncas/current-activity/2020/09/14/exploit-netlogon-remote-protocol-vulnerability-cve-2020-1472">exploit code for this vulnerability was publicly released</a>. Given the nature of the exploit and documented adversary behavior, CISA assumes active exploitation of this vulnerability is occurring in the wild.</p> <p>ED 20-04 applies to Executive Branch departments and agencies; however, CISA strongly recommends state and local governments, the private sector, and others patch this critical vulnerability as soon as possible. Review the following resources for more information:</p> <ul> <li><a href="https://cyber.dhs.gov/ed/20-04/">CISA Emergency Directive 20-04: Mitigate Netlogon Elevation of Privilege Vulnerability from August 2020 Patch Tuesday</a></li> <li><a href="https://www.kb.cert.org/vuls/id/490028">CERT/CC Vulnerability Note [VU#490028]</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1472">Microsoft Security Vulnerability Information for CVE-2020-1472</a></li> <li>Microsoft’s guidance on <a href="https://support.microsoft.com/en-us/help/4557222/how-to-manage-the-changes-in-netlogon-secure-channel-connections-assoc">How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472</a></li> </ul> <div class="field field--name-body field--type-text-with-summary field--label-hidden field--item"><p class="privacy-and-terms">This product is provided subject to this <a href="https://us-cert.cisa.gov/privacy/notification">Notification</a> and this <a href="https://www.dhs.gov/privacy-policy">Privacy & Use</a> policy.</p> </div>
CERT/CC Releases Information on Critical Vulnerability in Microsoft Windows Netlogon Remote Protocol:
Original release date: September 17, 2020<br/><p>The CERT Coordination Center (CERT/CC) has released information on CVE-2020-1472, a vulnerability affecting Microsoft Windows Netlogon Remote Protocol. An unauthenticated attacker could exploit this vulnerability to obtain Active Directory domain administrator access. Although Microsoft provided patches for CVE-2020-1472 in August 2020, unpatched systems will be an attractive target for malicious actors.</p> <p>The Cybersecurity and Infrastructure Security Agency (CISA), encourages users and administrators to review the following resources and apply the necessary updates and workaround.</p> <ul> <li>CERT/CC Vulnerability Note <a href="https://www.kb.cert.org/vuls/id/490028">VU#490028</a></li> <li>Microsoft’s Security Advisory for <a href="https://us-cert.cisa.gov https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1472">CVE-2020-1472</a></li> <li>Microsoft’s guidance on <a href="https://support.microsoft.com/en-us/help/4557222/how-to-manage-the-changes-in-netlogon-secure-channel-connections-assoc">How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472</a></li> </ul> <div class="field field--name-body field--type-text-with-summary field--label-hidden field--item"><p class="privacy-and-terms">This product is provided subject to this <a href="https://us-cert.cisa.gov/privacy/notification">Notification</a> and this <a href="https://www.dhs.gov/privacy-policy">Privacy & Use</a> policy.</p> </div>
Drupal Releases Security Updates:
Original release date: September 17, 2020<br/><p>Drupal has released security updates to address vulnerabilities in Drupal 7.x, 8.8.x, 8.9.x, and 9.0.x. An attacker could exploit some of these vulnerabilities to obtain sensitive information or leverage the way HTML is rendered.</p> <p>The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Drupal security updates and apply the necessary updates:</p> <ul> <li><a href="https://www.drupal.org/sa-core-2020-007">SA-CORE-2020-007</a></li> <li><a href="https://www.drupal.org/sa-core-2020-008">SA-CORE-2020-008</a></li> <li><a href="https://us-cert.cisa.gov https://www.drupal.org/sa-core-2020-009">SA-CORE-2020-009</a></li> <li><a href="https://www.drupal.org/sa-core-2020-010">SA-CORE-2020-010</a></li> <li><a href="https://us-cert.cisa.gov https://www.drupal.org/sa-core-2020-011">SA-CORE-2020-011</a></li> </ul> <div class="field field--name-body field--type-text-with-summary field--label-hidden field--item"><p class="privacy-and-terms">This product is provided subject to this <a href="https://us-cert.cisa.gov/privacy/notification">Notification</a> and this <a href="https://www.dhs.gov/privacy-policy">Privacy & Use</a> policy.</p> </div>
Apple Releases Security Updates:
Original release date: September 17, 2020<br/><p>Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.</p> <p>The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Apple security pages for the following products and apply the necessary updates:</p> <ul> <li><a href="https://support.apple.com/en-us/HT211845">Safari 14.0</a></li> <li><a href="https://support.apple.com/en-us/HT211843 ">tvOS 14.0</a></li> <li><a href="https://us-cert.cisa.gov https://support.apple.com/en-us/HT211844 ">watchOS 7.0</a></li> <li><a href="https://us-cert.cisa.gov https://support.apple.com/en-us/HT211850 ">iOS 14.0 and iPadOS 14.0</a></li> <li><a href="https://support.apple.com/en-us/HT211848">Xcode 12.0</a></li> </ul> <div class="field field--name-body field--type-text-with-summary field--label-hidden field--item"><p class="privacy-and-terms">This product is provided subject to this <a href="https://us-cert.cisa.gov/privacy/notification">Notification</a> and this <a href="https://www.dhs.gov/privacy-policy">Privacy & Use</a> policy.</p> </div>
Adobe Releases Security Update for Media Encoder:
Original release date: September 16, 2020<br/><p>Adobe has released a security update to address vulnerabilities in Media Encoder. An attacker could exploit these vulnerabilities to obtain sensitive information.</p> <p>The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Adobe <a href="https://helpx.adobe.com/security/products/media-encoder/apsb20-57.html">Security Bulletin</a> and apply the necessary update.</p> <div class="field field--name-body field--type-text-with-summary field--label-hidden field--item"><p class="privacy-and-terms">This product is provided subject to this <a href="https://us-cert.cisa.gov/privacy/notification">Notification</a> and this <a href="https://www.dhs.gov/privacy-policy">Privacy & Use</a> policy.</p> </div>
Iran-Based Threat Actor Exploits VPN Vulnerabilities:
Original release date: September 15, 2020<br/><p>The Cybersecurity Security and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have released a Joint Cybersecurity Advisory on an Iran-based malicious cyber actor targeting several U.S. federal agencies and other U.S.-based networks. This Advisory analyzes the threat actor’s indicators of compromise (IOCs); and tactics, techniques, and procedures (TTPs); and exploited Common Vulnerabilities and Exposures (CVEs).</p> <p>CISA encourages users and administrators to review the following resources for more information.</p> <ul> <li><a href="https://us-cert.cisa.gov/ncas/alerts/aa20-259a">Joint Cybersecurity Advisory: Iran-Based Threat Actor Exploits VPN Vulnerabilities</a></li> <li><a href="https://us-cert.cisa.gov/ncas/analysis-reports/ar20-259a">MAR-10297887-1.v1: Iranian Web Shells</a></li> </ul> <div class="field field--name-body field--type-text-with-summary field--label-hidden field--item"><p class="privacy-and-terms">This product is provided subject to this <a href="https://us-cert.cisa.gov/privacy/notification">Notification</a> and this <a href="https://www.dhs.gov/privacy-policy">Privacy & Use</a> policy.</p> </div>
Exploit for Netlogon Remote Protocol Vulnerability, CVE-2020-1472:
Original release date: September 14, 2020<br/><p>The Cybersecurity and Infrastructure Security Agency (CISA) is aware of publicly available exploit code for CVE-2020-1472, an elevation of privilege vulnerability in Microsoft’s Netlogon. Although Microsoft provided patches for CVE-2020-1472 in August 2020, unpatched systems will be an attractive target for malicious actors. Attackers could exploit this vulnerability to obtain domain administrator access.</p> <p>CISA encourages users and administrators to review Microsoft’s August Security Advisory for <a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1472 ">CVE-2020-1472</a> and <a href="https://support.microsoft.com/en-us/help/4557222/how-to-manage-the-changes-in-netlogon-secure-channel-connections-assoc">Article</a> for more information and apply the necessary updates.</p> <div class="field field--name-body field--type-text-with-summary field--label-hidden field--item"><p class="privacy-and-terms">This product is provided subject to this <a href="https://us-cert.cisa.gov/privacy/notification">Notification</a> and this <a href="https://www.dhs.gov/privacy-policy">Privacy & Use</a> policy.</p> </div>
:
:
:
:
:
:
:
:
:
:

Good Morning wb_sunny

Request Support live_help

Learn About Us info

Technology News view_quilt

Security Alerts https

Good Morning

Request Support

Learn About Us

Technology News

Security Alerts