Home

​There is an issue with Draytek routers that started yesterday causing internet outages. After a long and convoluted process I have discovered that there is a mass router issue affecting certain routers with certain firmware (older routers with older firmware?). If your internet isn't down, this isn’t relevant for you.

DrayTek advises as per the email screen shot below and are pointing to this link: https://faq.draytek.com.au/docs/draytek-routers-rebooting-how-to-solve-this-issue/

In short if your down looks like you need a firmware update but there is a specific way of doing it so you don't 'brick' the router.

Welcome to the new year and another type of social attack whereby people are trying to scam money from organisations.

A whaling attack, also referred to as a whaling phishing attack, is a type of social engineering attack specifically targeting staff within an organisation that would have the ability to be able to transfer money or make changes in some way that would allow the scammer to fraudulently get money out of your organisation.

This is an example of how it can work (Mostly a true story some details changed to illustrate relevant points):

An attacker will visit your company website find out the name of the CEO or admin staff or even the wages person. They work out what that uses email addresses is, which they can usually pretty easily guess even if it's not displayed on the website itself. Let's call her Karen.

Then they find the name of another employee let's call him Tony. Then the scammer sends an email to Karen pretending to be Tony asking that they transfer money into a certain account or change the account that the wages are paid into or some version of this limited only by your imagination.

Once the wages person Karen receives the email she diligently processes it. Replies to say that it's been done (which of course goes back to the attacker) and a month later Tony can't understand why his wages haven't gone in.
Here is a couple of emails that illustrate this exact scenario except that the attacker sent the email to the office manager who then sent it on to the wages person adding more credibility to the claim because the wages person had legitimately received an emailed set of instructions from the actual office manager.

Here is more detail on the type of attack:
https://www.cisco.com/site/us/en/learn/topics/security/what-is-a-whaling-attack.html

These types of attacks can be very difficult to spot because the attacker has sometimes invested considerable amounts of time learning about staff within an organisation. Who the appropriate person to attack is and how to make their claim seam believable. It also doesn't require that they gain access to anybody's email because you can reasonably convincingly just send an email from Gmail as has been done in the images below.
Be on the lookout for this type of attack and if you are one of my customers and would like to discuss any more details please contact me.

In this instance the attacker even set a follow-up message to the second staff member.

 Digital pacific warns about phishing emails that look like notifications from them asking customers to renew their "expiring" Domains and SSL certificates.

Don't get caught

4sysops is reporting that Microsoft won't release Windows 11 non-security updates until 2025

Microsoft has announced that there will be no non-security updates for Windows 11 in December due to the holiday season, focusing only on security fixes. Normal servicing, including both security and non-security updates, will resume in January 2025. This decision aligns with past practices where Microsoft reduces operations during the holidays. Additionally, a recent error message regarding "end of service" was identified as a bug linked to the KB5046633 security update, which Microsoft acknowledged. Improvements were made in the November update for Task Manager and connectivity issues in the 24H2 version, alongside support for Windows 11 23H2 until November 2025.

(Which means less to break in December, Rex)

ESET, the security and antivirus software provider, has released a short security Ebook entitled 'Social engineering handbook'. Its worth keeping up to date on this information even if it isn't new to you. It good to refresh your thinking on the topic. Security should be a perpetual focus.

Staff/User education is an important part of security also (...and they love it)

Get it here: https://digitalwelcomemat.com/files/ESET_Social_engineering_handbook_v6.pdf
 

BitLocker data encryption may be happening without your knowledge, that means that your automaticity getting extra security from Microsoft without any effort required on your part, but also a caution...

When you add an outlook.com home user account to a new Windows PC as part of the initialisation (as Microsoft now requires) Microsoft can/will/may auto-encrypt the hard drive with windows BitLocker. It does this without asking or telling you. It associates the long encryption key with your Microsoft account (normally a hotmail.com or outlook.com account) and stores the encryption key under your account on the web.
The reason that they do this is to make your PC more secure so if the hard drive is removed from the PC or laptop it can't be just plugged into another PC and have data read. While this is good in theory, forcing data encryption on unwitting home or small business users without asking or telling them I don't feel is a good policy. In an enterprise IT environment significant planning and testing would be implemented before even considering(!) encrypting the data. Having data is no use whatsoever if you can't access it.
There are a few things that can go wrong, under certain circumstances you PC may prompt for the key before stating Windows and if you don't have it your never (never ever, EVER) getting your 30 years worth of data back. Here are some examples:

• Sometimes Microsoft just doesn't store the key (yes, I have seen it!)
• A random Microsoft account may be used to setup the PC (for example a service providers account) then a local or domain accounts may be use from that point onward, in 5 years' time you may not know which Microsoft account was used or have access to it to find the key.
• What if you get hacked and locked out of your Microsoft account?

So what should you do? That's difficult, I'm not going to 'recommend' that you deliberately use 'less security' than you could but here are some thoughts.

• At least now you know, you've been warned
• Consider going on to https://account.microsoft.com/ and printing out your BitLocker key and putting it in a safe place
• BACKUP ALL YOUR DATA periodically to an independent medium or location

A PC that just sits in a factory, contains no data and/or just connects to a remote desktop session does NOT need BitLocker turned on its an unnecessary overhead.

Email scam, don't click...

I have encountered an unusual and concerning Office 365 antispam issue today. A customers emails with PDF attachments to an Office 365 mailbox have been 'silently' blocked (quarantined) by O365 because they had a PDF that contained a big pond (Telstra) email address in the footer. After a [long] period of investigation removing the big pond email address resolved the issue. The reason that was given by Office 365 was "Detection technologies: URL detonation reputation".

My biggest concern with this is that MS was 'quarantining' the email which means they weren't letting the recipient know that there was an email and wasn't letting the sender know that it wasn't being delivered. To me this breaks the fundamental rules of how email is meant to work. Either it should be delivered, or you should get an error message bounce back. This issue only occurred in the last week, the customer has been sending the same PDF for more than a year.

I will take this up with Microsoft and see what they say. My concern is how many other users have been sending PDF documents or quotes out to customers that contain emails or links that have them silently not delivered.

Note this finding is based on all the evidence I have been able to gather to-date.

Don't plug a heater or other high current draw appliances into a UPS:

With winter upon us I wanted to remind you not to plug a heater or other high current draw appliances into a UPS (uninterruptable power supply). A UPS is a 'box' that contains a battery and some electronics to allow for a limited amount of 'runtime' for your computer if the power goes off. They have the ability to deliver only a relatively small amount of current (stated in its VA/Watt rating) anything beyond that will overload the UPS, shut everything off and possibly cause damage.

Examples of equipment that should *NOT* be plugged into a UPS

• Laser printers
• Heaters
• Air conditioners
• Photo copiers
• Paper shredders
• Vacuum cleaners
• Kettles/jugs, anything that cooks or heats food
• Hair driers, curling irons

The only things that should generally be plugged into the UPS are computers, networking equipment (switches routers etc) another other small sensitive electronic equipment such as EFTPOS terminals and similar.

Plug your 'high current draw' devices direct into a power-point/wall socket, some experts suggest these should not even be plugged into a power board either for fire safety reasons.

If your using Microsoft Outlook, (i.e. the ~$250 value product that comes with Microsoft office) and you get an option to 'Try the new Outlook' I strongly suggest you don't do that, if you do you you will possibly lose a LOT of functionality and go from the business grade $250 value product to essentially the free web based version that everyone with a Hotmail or outlook.com email account gets for free. A lot of features will disappear including Outlook add-in utility's and any secondary emails you may have setup. 

You can see more detail here on this email from a Microsoft outlook add-in developer.

A number of people have reported receiving a "review document" email.

This email looks like a scam from my perspective and several organisations are reporting that this is the case. (Example https://us.norton.com/blog/online-scams/docusign-phishing-scams)

Don't click on the links in this email, just delete it

Microsoft Office 2013 has moved out of being officially supported this month. That means no more security updates and eventually, Outlook will stop working with office 365 at some point (no indication of when that will be). 

If your still running Office 2013 (or older) you need to make a plan to move to a supported version for security sake at least.

Office 2016 is no longer supported after October 2025

People who know about these things are getting a bit worried about the LastPass data breach. If you use LastPass you need to evaluate what action to take.

Late last year a hacker broke into LastPass and stole their entire data vault, that included all your logons and passwords if you use LastPass (or even have an old account that you don't use anymore).

LastPass say that they, and consequently the hackers, don't have access to your logon data because its encrypted and protected by the master password that only you know. They have advised that it would take 'millions of years' to crack open the vaults and get access to your data.

However, as time has gone on, we have been hearing that there are caveats to this and it depends on the length of the master password and some of the default settings that you had setup in LastPass, some of those settings have changed their defaults over time so If you have an older account, you may have less protection. The end result of that is that some online security sites are saying in reference to the 'millions of years' claim that in actuality "it may be a lot less than that!"

Advice is extremely varied about what to do, here are some examples:

• LastPass are saying 'millions of years' to crack open, assuming you have a 12 digit complex password, your PBKDF2 iterations is set to 100,100 or more and [OBVIOUSLY] you never reuse your master password on other websites
• Almost all are saying change the LastPass master vault password
• Some are saying change all your passwords for any accounts that are stored in LastPass and change the LastPass master vault password
• Some are saying dump LastPass altogether and move to another password manager, plus changing all your passwords as above

Whatever action you decide on, do it soon as the clock is ticking if the hackers are trying to brute force crack the data. Some sites are reporting that LastPass have been very coy about the details including when the data was even stolen and as such how long the hackers may have been working on the data, and some say that general communication about the whole event has been poor which brings about a loss of confidence in the service.

The LastPass notice:
https://blog.lastpass.com/2022/12/notice-of-recent-security-incident/

Some other sites information:
https://www.wired.com/story/lastpass-breach-vaults-password-managers/

https://www.bostonglobe.com/2023/01/09/business/lastpass-security-breach-was-worse-than-youve-heard-heres-what-do/

https://blog.1password.com/not-in-a-million-years/

Finally, almost all security experts still recommend a password manager for managing your passwords. The general consensus is that having strong complex passwords for all your sites and services that you don't have to remember, all stored within a very secure service, protected by a single unique, strong password still provides the best protection compared to the alternatives.

This blog post has been provided for the benefit of digitalwelcomemat IT customers. Treat this information as informative only and do not take actions or make decisions on the basis of the information contained here. All IT decisions and actions should be made after consultation with your chosen IT professional taking into account all the of the relevant factors.

Digitalwelcomemat will be on Christmas break starting this afternoon. I will be on leave from 22/12/22 - 08/01/23 inclusive then working part time for the week of 09/01 - 13/01. 

I will be checking email during this period for any urgent issues.

Thank you to all my customers for 2022 and I look forward to being able to support you in 2023, I hope you have a good break and a Merry Christmas.

This is a typical example of a phishing email. If you click on the link the bad guys will harvest your username and password and start using them to access you email inbox, send emails or worse.

This is a 'obvious' fake email, but people keep getting caught out so I will keep reminding you. Admin and management staff, consider sending this information on so your staff can be reminded.

Multi factor authentication on your Microsoft account will mitigate the impact of being fooled into clicking this. Talk to me if you want this turned on.

Some users are reporting a persistent password popup in their mail application this morning, this is due to Microsoft changing the Microsoft/Office 365 authentication method and requiring 'modern authentication' by default.

If you are using Outlook 2013 this can easily be solved by changing\adding a Registry setting in Windows which is normal and 'IT support level' change:

(more details here https://learn.microsoft.com/en-gb/microsoft-365/enterprise/modern-auth-for-office-2013-and-2016?view=o365-worldwide)

This can also be easily pushed out by 'group policy' if you have a Windows domain.

If you're seeing this in another mail app for example on your phone this will require further investigation and planning.

Here is some further reading on the subject:
https://techcommunity.microsoft.com/t5/exchange-team-blog/basic-authentication-deprecation-in-exchange-online-september/ba-p/3609437​

ACSC (Australian [Government] cyber security centre) are recommending that all business purchase their equivalent domain name to prevent "...to help protect your business from opportunistic cybercriminals" before 20 September 2022.

To help protect your business from opportunistic cybercriminals, the Australian Cyber Security Centre (ACSC) recommends that all Australian businesses with existing domain names register their .au equivalents before 20 September 2022. If a business does not reserve their .au equivalent direct domain name during this six-month period, that name will become available to the public on a first come, first served basis. 

https://www.cyber.gov.au/acsc/view-all-content/alerts/new-domain-name-changes-could-leave-your-business-or-organisation-risk

Digital pacific is reporting that the pre-order process for new .au domains now open now go here: https://digitalpacificdomains.com.au for details.

If you have reallylongdomainname.com.au this may be your opportunity to purchase imshort.au instead or to secure your business identity and reputation by purchasing mydomainname.au as well as your existing mydomainname.com.au (before your competitors do) I don't know what the allocation process is but I strongly suggest you act quickly if your interested.

I advised last week that there were problems with the 21H2 Windows update from Microsoft. Microsoft has reported that the 'MSI install issue' is resolved now with another patch. As far as the Intel sound card driver conflict goes this is a Windows 11 only issue so Windows 10 users can allow updates to naturally instal now as usual. If you put a 7 day pause on your windows updates they will automatically begin again in a few days.

For Windows 11 users MS has setup a compatibility block so the offending upgrade shouldn't auto install however they say 'We recommend that you do not attempt to manually upgrade using the Update now button or the Media Creation Tool until this issue has been resolved and the safeguard removed.

Here is the link if your running Windows 11 and want to track this issue:
https://docs.microsoft.com/en-au/windows/release-health/status-windows-11-21h2#2746msgdesc

For those customers where I manage Windows updates via Windows Update services, I have now release the 21H2 update for Windows 10 as it resolves a number of vulnerabilities.

Just a reminder about allowing Windows updates to install, I strongly recommend logging off each evening and restarting your computer once a week. This allows a few things to happen which should enhance your computing experience as well as allow for better security. I also recommend leaving your computer on overnight at least once per week to allow installs to complete (that is if you don't leave it on all the time anyway)

Some of the befits of logging off and restarting:

• It allows windows updates to auto-occur when they are needed, at least on a 24 hour basis.
• Logging off closes all your programs/applications which releases all the memory back to windows to be 'cleaned-up' and reused, it closes all open programs and resolves any transient 'weirdness' that may be happing. 
• Restarting does the same as logging off but it also does same for system processes and Windows services
• If you have roaming user profiles setup in your organisation data is only saved back to the servers when you log off, if you have a power outage before that time data may be lost.
• It forces you to clean-up, save your documents and close off the clutter. It could be just me but I can't see how having 15 word documents open at the same time for a month helps with productivity! (but perhaps that's just me:-/ )
  

 A number of users are reporting and issue when saving-as from within Adobe acrobat reader. When trying the save, instead of a dialogue box allowing you to choose the save location all you see is a blank dialogue box form/screen.

Click here for the workaround