Security Protection – Harry Waldron MVP Rotating Header Image

Uncategorized

Windows 10 – Anniversary update preview evaluated by ComputerWorld

Around July 2016, Windows 10 is slated for another major build and evaluation of preview version is shared below:

http://www.computerworld.com/article/3061153/microsoft-windows/first-look-the-new-windows-10-anniversary-update-preview.html

The first big update to Windows 10 will come this summer, a year after the operating system’s initial launch, with the release of what Microsoft is calling the Windows 10 Anniversary Update. The update’s exact release date hasn’t been set yet. Windows 10 was officially released on July 29, 2015 — but that doesn’t mean that the Anniversary Update will hit on the exact date.

When it is ready, the update will be delivered — as usual — via Windows Update. That means you won’t have to do anything manually — it will install automatically on its own. But you don’t have to wait until the official release date to install and use the update. Microsoft is releasing preview builds well before then — including one that you can install today.

As of this writing, the latest update is Windows 10 Insider Preview Build 14328. What follows includes information about features that Microsoft has announced will be in the final as well as features that are implemented in some way in the most recent build. Although the update is being called the Windows Anniversary Update, don’t expect many big presents. While there are some very solid and useful additions, this isn’t a big-bang change to the operating system.

Facebook – Government Data Requests on rise in 2016

As shared in article below requests from Government entities have increased during past year:

http://www.pcmag.com/news/344131/report-government-requests-for-facebook-data-on-the-rise

More than half of the requests for data that Facebook received from US law enforcement agencies in the second half of 2015 contained a non-disclosure order that prohibited the company from notifying the user whose data was requested, according to a report released today.  Facebook’s bi-annual report on global government data requests indicated that there were 19,235 requests in the US during from July to December 2015, up from 17,500 in the first half of the year. The company handed over data in 81 percent of cases.

Worldwide, government requests for account data increased by 13 percent, from 41,214 requests to 46,763. The number of items on the social network restricted for violating local law saw an even more dramatic jump, to 55,827 items, up from 20,568.  There were also up to 499 secret requests made for data under the Foreign Intelligence Surveillance Act (FISA).

In a blog post, Facebook’s Deputy General Counsel Chris Sonderby wrote that it does not provide any law enforcement agency access to data unless it determines the request to be legitimate.  “We scrutinize each request for user data we receive for legal sufficiency, no matter which country is making the request,” Sonderby wrote. “If a request appears to be deficient or overly broad, we push back hard and will fight in court, if necessary.”

Windows 10 – Cortana to enforce Edge and Bing standards

Within Windows 10, the Cortana search box will be standardize on use of Edge and Bing standards for a consistant and more secure user experience.  Other search and browser standards will continue to be supported outside of Cortana 

https://blogs.windows.com/windowsexperience/2016/04/28/delivering-personalized-search-experiences-in-windows-10-through-cortana/

With Windows 10, we have invested in delivering comprehensive, end-to-end search capabilities that make Windows more personal, intuitive and helpful. The Cortana search box, in the bottom left of the Windows 10 taskbar, allows you to easily search across apps, documents, settings and the Web all with the help of your truly personal digital assistant.

Unfortunately, as Windows 10 has grown in adoption and usage, we have seen some software programs circumvent the design of Windows 10 and redirect you to search providers that were not designed to work with Cortana. The result is a compromised experience that is less reliable and predictable. The continuity of these types of task completion scenarios is disrupted if Cortana can’t depend on Bing as the search provider and Microsoft Edge as the browser. The only way we can confidently deliver this personalized, end-to-end search experience is through the integration of Cortana, Microsoft Edge and Bing – all designed to do more for you.

Of course, you can continue to use your search engine and browser of choice on Windows 10.  They can be accessed and used as you always have.  You can easily use our centralized default manager to choose your preferred default program for everything from browsing to email, and you can configure the search default setting in Microsoft Edge and Internet Explorer, which are available when you directly access those programs.

FBI – Dangers of Ransomware increase during 2016

An informative security bulletin for April 2016 has been issued by FBI documenting the increasing number of corporate and home ransomware attacks

https://www.fbi.gov/news/stories/2016/april/incidents-of-ransomware-on-the-rise/incidents-of-ransomware-on-the-rise

Hospitals, school districts, state and local governments, law enforcement agencies, small businesses, large businesses—these are just some of the entities impacted recently by ransomware, an insidious type of malware that encrypts, or locks, valuable digital files and demands a ransom to release them.  The inability to access the important data these kinds of organizations keep can be catastrophic in terms of the loss of sensitive or proprietary information, the disruption to regular operations, financial losses incurred to restore systems and files, and the potential harm to an organization’s reputation.

And, of course, home computers are just as susceptible to ransomware, and the loss of access to personal and often irreplaceable items—including family photos, videos, and other data—can be devastating for individuals as well.  Ransomware has been around for a few years, but during 2015, law enforcement saw an increase in these types of cyber attacks, particularly against organizations because the payoffs are higher. And if the first three months of this year are any indication, the number of ransomware incidents—and the ensuing damage they cause—will grow even more in 2016 if individuals and organizations don’t prepare for these attacks in advance.

In a ransomware attack, victims—upon seeing an e-mail addressed to them—will open it and may click on an attachment that appears legitimate, like an invoice or an electronic fax, but which actually contains the malicious ransomware code. Or the e-mail might contain a legitimate-looking URL, but when a victim clicks on it, they are directed to a website that infects their computer with malicious software.

Once the infection is present, the malware begins encrypting files and folders on local drives, any attached drives, backup drives, and potentially other computers on the same network that the victim computer is attached to. Users and organizations are generally not aware they have been infected until they can no longer access their data or until they begin to see computer messages advising them of the attack and demands for a ransom payment in exchange for a decryption key. These messages include instructions on how to pay the ransom, usually with bitcoins because of the anonymity this virtual currency provides.

Ransomware attacks are not only proliferating, they’re becoming more sophisticated. The FBI has developed a brochure of safety and risk mitigation tips for the growing threat of ransomware.

https://www.fbi.gov/about-us/investigate/cyber/ransomware-brochure

FBI – Ransomware Prevention Brochure 2016

The FBI has developed a brochure of safety and risk mitigation tips for the growing threat of ransomware.

https://www.fbi.gov/about-us/investigate/cyber/ransomware-brochure

Prevention Considerations

* Implement an awareness and training program. Because end users are targeted, employees and individuals should be made aware of the threat of ransomware and how it is delivered.

* Patch operating systems, software, and firmware on devices, which may be made easier through a centralized patch management system.

* Ensure anti-virus and anti-malware solutions are set to automatically update and that regular scans are conducted.

* Manage the use of privileged accounts. Implement the principle of least privilege: no users should be assigned administrative access unless absolutely needed; those with a need for administrator accounts should only use them when necessary.

* Configure access controls, including file, directory, and network share permissions, with least privilege in mind. If a user only needs to read specific files, they should not have write access to those files, directories, or shares.

* Disable macro scripts from office files transmitted via e-mail. Consider using Office Viewer software to open Microsoft Office files transmitted via e-mail instead of full office suite applications.

* Implement Software Restriction Policies (SRP) or other controls to prevent programs from executing from common ransomware locations, such as temporary folders supporting popular Internet browsers

Business Continuity Considerations

* Back up data regularly, and regularly verify the integrity of those backups.

* Secure your backups. Ensure backups are not connected to the computers and networks they are backing up. Examples might be securing backups in the cloud or physically storing offline.

Other Considerations

* Implement application whitelisting; only allow systems to execute programs known and permitted by security policy.

* Execute operating system environments or specific programs in a virtualized environment.

* Categorize data based on organizational value, and implement physical/logical separation of networks and data for different organizational units.

PCI DSS standards 3.2 release

The PCI/DSS 3.2 release are designed to improve point-of-sale and e-commerce standards.  This new version will require moving away from older and less secure TCP/IP networking protocols by June 2016.  Full compliance with 3.2 standards are set for June 2018.

https://isc.sans.edu/forums/diary/New+release+of+PCI+DSS+version+32+is+available/21003/

https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2_Summary_of_Changes.pdf

A new version of the standard was released today, version 3.2. There are a number of changes that will affect those that need to comply with the standard, especially for service providers.  For service providers struggling to move customers away from SSL and weak TLS there is some good news.  The deadline for this requirement has been moved to June 30 2018.  Service providers will however be required to have a secure environment (i.e. accepting TLS v1.2 or v1.1) by June 30 2016 (yes two months). This shouldn’t be to onerous as most service providers will already have this in place.

There are a few new requirements in the standard. The majority of these only apply to service providers and relate to ensuring that processes are followed throughout the year rather than a once a year effort.  A number of these are also quarterly requirements.  They include:

* 3.5.1 – Maintain a documented description of the cryptographic architecture.
* 11.3.4.1 – If segmentation is used, confirm PCI DSS scope by performing penetration testing on segmentation controls at least every six months and after any changes to segmentation controls/methods.
* 12.4 – Executive management shall establish responsibility for the protection of cardholder data and a PCI DSS compliance program.
* 12.11 – Perform reviews at least quarterly to confirm personnel are following security policies and operational procedures.

Malware – QBOT Bank Information Theft Trojan evolves in 2016

The QBOT family is a Bank Information Theft threat that emerged in 2008.  As documented in this excellent TALOS report, this threat has evolved significantly and it is on the rise.

http://blog.talosintel.com/2016/04/qbot-on-the-rise.html

Qbot, AKA Qakbot, has been around for since at least 2008, but it recently experienced a large surge in development and deployments. Qbot primarily targets sensitive information like banking credentials. Here we are unveiling recent changes to the malware that haven’t been made public yet.

Qbot’s primary means of infection is as a payload in browser exploit kits. Website administrators often use FTP to access their servers, so Qbot attempts to steal FTP credentials to add these servers to its malware hosting infrastructure. Qbot can also spread across a network using SMB, which makes it very difficult to remove from an unprotected network.

Packer — Qbot uses a packer that can change drastically between samples. The packer’s strings and code blocks are randomized in ways that make it difficult to create a detection signature. Randomization is a common theme in Qbot since filenames, domain names, and encryption keys are randomly generated.

Installation — Once the packer finishes loading the unpacked executable in memory, Qbot checks to see if it has already been installed. If Qbot is not running it copies itself there and executes the copy.

Logging — Qbot logs to an encrypted file in the install path. The log file can be identified as having a DLL extension, and a filename one letter short of the directory name where Qbot is installed in. The log file is encrypted with an RC4 key generated by converting the folder name to lowercase, then taking the SHA1 hash of the resulting string.

Updater — Qbot updates itself using an obfuscated script with the extension “.wpl”. This script attempts to download an encrypted executable hosted from numerous domains in URIs. The script hex decodes the server response, then uses the first 20 bytes as an RC4 key to decrypt the remaining bytes.

Info Theft — Qbot primarily targets sensitive information like banking credentials. It does so by stealing data like stored cookies or credentials, and by injecting code into web browsers to manipulate live browsing sessions. Qbot lets malicious actors piggyback on the victim’s browsing sessions, enabling them to bypass security like simple implementations of two-factor authentication.

Evolution — We automated unpacking 618 Qbot samples via Pykd, then created Python scripts to decrypt and decompress the embedded resources. We extracted DLLs and config data, as well as Qbot version information and Compile Times for each file. Compile times are often used to attribute malicious activity, though it is important to note compile times can be manipulated.

Leadership – Influence is earned through actions over time

Influence is present as a function of the position itself.  However, great leaders emerge through their actions, relationship, and sincerity over time.  John Maxwell reflects on this as follows:

http://www.johnmaxwell.com/blog/the-key-to-gaining-influence-is-earning-it-not-borrowing-it

“Leadership is influencenothing more, nothing less — The more I speak to leaders of all stripes, the more I’m reminded of the truth of this statement. No matter who you are, no matter where you serve, if you have influence with people, you can lead them.

So the question becomes, How can I gain influence? — In fact, I get asked that question a lot. And I’m going to tell you the secret to influence today. It’s not hard to understand, and once you’ve got it, you’ll be able to gain influence almost anywhere you go.  But first, a foundational principle: You can’t build influence without other people. From bake sales to board meetings, there is no leadership without others, because influence comes from other people. It’s something they give in response to who they perceive you to be. The moment people perceive you differently is the moment that influence is withdrawn.

Borrowing versus Earning influence — Every leader either borrows influence or earns it. When people give you permission to lead in their lives because of your actions, you’ve earned influence. When people give you permission to lead in their lives because of your words, you’ve borrowed influence. With borrowed influence, the permission followers give the leader isn’t strong enough to extend to anyone else on the team. Unless the leader’s words are backed by actions—and results—his or her influence has limits. Earned influence is based on something tangible, so the leader can freely share and use it to lift others to positions of influence.

Which Kind of Influence Do You Have? — When leaders settle for borrowing influence instead of earning it, they fail to meet their capacity in leadership. Once they have been burned, however, it takes a genuine leader who can do something positive and meaningful to get people to give influence away again.  To lift and lead others in the long term, you must be a leader who continually earns influence with your actions. Leadership is influence, and the best kind of influence comes when people give you permission to lead in their lives based on your actions. If you want to get real influence, you have to get busy—and earn it from the people you lead.

Android Security – Overlay malware attacks increase in 2016

Overlay malware allows attackers to create hidden invisible windows that sits top of legitimate Android applications and intercept information which can compromise both security and privacy.  These attacks are growing both in terms of numbers and sophistication.

https://threatpost.com/scourge-of-android-overlay-malware-on-rise/117720/

https://securityintelligence.com/mobile-malware-competition-rises-in-underground-markets/

The black market for malicious Android software is heating up thanks to a rise in popularity of overlay malware, which can siphon credentials off Android devices and give crooks a tool to defeat two-factor identification schemes, according to security researchers at IBM’s X-Force.

Overlay malware allows attackers to create an overlay to be displayed on top of legitimate Android applications. The overlay then tricks users into entering their access credentials into a fake window that will grab and forward them to a remote attacker.  Interest in overlay malware, X-Force wrote in a research note posted Thursday, has triggered price wars and a flood of new variants of overlay malware in recent months.

GM Bot was originally spotted in 2014. It, along with Bilal Bot, Cron Bot, and KNL Bot, all exploit a vulnerability found in older versions of Google’s Android operating system (prior to the release of Android 5.0) that enables activity hijacking.  In the case of Bilal Bot, Cron Bot, and KNL Bot, Kessem said, it’s unclear if they share the same base code as GM Bot. “There is a good chance they do, we just haven’t analyzed the samples yet,” she said.

Similar also is the overlay malware APK’s feature set that go beyond overlay screens and include: SMS hijacking, call forwarding and CC grabbing. Attackers also have the ability evade detection via a polymorphic code features that can recompile the malware periodically to avoid signature detection by security software.

Leadership – Three types of mentors for personal growth

John Maxwell shares an excellent article on the value of mentors in building leadership skills

http://www.johnmaxwell.com/blog/the-three-types-of-mentors-every-person-needs-to-help-them-grow

 I’m not a self-made man. It took a lot of people investing in me to get me where I am today. You may wonder: Who helped you, John?

Mentors – A mentor is someone who teaches, guides and lifts you up by virtue of his or her experience and insight. They’re usually someone a little farther ahead of you on the path—though that doesn’t always mean they’re older! A mentor is someone with a head full of experience and heart full of generosity that brings those things together in your life.

Started Close to Home — My first mentor was my father, Melvin. His investment into me as an individual was the foundation for everything I’ve achieved. My father’s encouragement, observation and advice helped shape everything from my mindset to my belief about the future. Without him, I’m not sure where I would’ve ended up.  But not every mentor in my life was a family member! There came a time when I had to seek mentors beyond my family tree in order to be successful. That required me to have the self-awareness necessary to choose mentors who could help me be the best version of myself possible.

For me, there have been three types of mentors:

1. Those Who Knew Me and Knew They Made a Difference — The greatest example of this type of mentor in my life was Coach John Wooden. I intentionally sought Coach out to learn about teamwork, leadership, vision, and character. I’ll never forget how much work I put into our first meeting—I came armed with pages of questions that took me hours to write! And the preparation paid off; not only did I come away from that initial meeting with a thousand ideas to consider, I also earned the right to sit down again with Coach Wooden several more times before he passed away.

2. Those Who Knew Me and Didn’t Know They Made a Difference — For me, the greatest example of this in my life is Kurt Campmeier, who introduced me to the concept of having a personal growth plan way back at the beginning of my career. Kurt’s influence on my life and work is far greater than the amount of time he spent with me, but time isn’t always equal to impact. For years, I don’t think Kurt had any idea of the impression he’d made on me. But a few years ago, my team tracked him down, and I had the opportunity to see him again and thank him.

3. Those Who Didn’t Know Me and Yet Made a Difference — And that intentionality extends even to those mentors whom I’ve never met. That may sound strange, but the truth is that all of us have access to long-distance mentors we may never meet in person! Speakers, books, magazine articles, webinars – the list of available mentors is endless.

Be Intentional about Finding Your Own Mentors — No one gets to the top alone. We all have help. It’s why I’ve made mentoring such a crucial part of my growth—and it’s why I mentor people along the way. It’s the inspiration for my Maximum Impact Mentoring call each month, and the reason I continue to write and speak to audiences each year. I want to help as many people as possible become all they can be.

Featuring WPMU Bloglist Widget by YD WordPress Developer