Security Protection – Harry Waldron MVP Rotating Header Image

Uncategorized

Windows 10 Enterprise – Step-by-Step guide to encrypt hard drive

Windows 10 Professional and Enterprise include a tool called Bitlocker, which can provide total hard drive encryption for modern TPM based laptops.  The screenshots included provided excellent step-by-step documentation:

http://www.itpro.co.uk/security/25957/how-to-encrypt-your-hard-disk-in-windows-10

If you’re running a Windows 10 Pro or Enterprise laptop then it’s ridiculously simple to encrypt it using BitLocker.  Our laptops contain almost every detail of our lives, much of it information we’d prefer to keep confidential. Not just personal details, but business-critical documents that would be deeply embarrassing to lose. If your laptop gets stolen, you really don’t want the awkward conversation with your boss about what may leak out.

Don’t think the Windows password is enough to protect you either; determined thieves will find a way to bypass that lock screen. Even if you’ve added extra biometric protection via Windows Hello, they can use the brute-force method of removing the hard disk. If you haven’t encrypted it, it’s child’s play to read the data.

7 Step guide using BitLocker — You’ll need to be logged in as an administrator for the steps below to work. Also note that you might want to print off the password (you can save it to an external drive as well), so connecting a printer beforehand is a good idea.

Microsoft – Skype for Business improvements with UCC during 2016

Microsoft recently acquired UC Commander to improve Skype for Business capabilities during the coming year, as documented in this PC Magazine article: 

http://www.pcmag.com/article2/0,2817,2498484,00.asp

Microsoft isn’t hiding its concerted effort to capture all facets of the cloud-based enterprise communication and collaboration market.  All Microsoft’s services run on the company’s cloud platform on the back end, soon to be rolled into the Microsoft Azure Stack hybrid cloud infrastructure, but the core value for business users is integrating all those disparate offerings.  Microsoft’s recent acquisition of Event Zero’s UC Commander suite is a move to make that happen sooner rather than later.

The acquisition, announced last week, will allow Microsoft to build better native management tools directly into the Office 365 administration dashboard within the Skype for Business client. The strength of the UC Commander unified communications and collaboration (UCC) platform is in diagnostic analytics, monitoring, and reporting, so in integrating the platform Microsoft will add a built-in analysis layer into Skype for Business in which users can collect and analyze call quality and other multimedia data from audio and video calls.

Skype for Business already lets users view basic call quality reports and assign Skype numbers to Office 365 users. Microsoft’s goal, according to Zig Serafin, Microsoft’s Corporate Vice President of Engineering of Skype for Business, is to give businesses an easier way to “connect on-premises deployments they manage with Office 365 services, including hybrid deployments, provisioning of phones, and other endpoints.”

Identity Theft – Best practices and Steps for victims of this crime

Kim Komando shares a list of the major steps victims should follow if they become victims of identity theft:

http://www.komando.com/tips/300138/protect-your-tax-return-from-crooks-and-hackers/3

Report the crime. File a report with your local police and file a complaint with the Federal Trade Commission at www.identitytheft.gov or by calling the FTC Identity Theft Hotline at 1-877-438-4338.

Request a fraud alert. Contact one of the three major credit reporting agencies (Equifax, Experian, or TransUnion) and ask that a fraud alert be placed on your credit records.

Close fraudulent accounts. Close any credit or financial account that has been tampered with by a thief or opened without your permission.

Contact the IRS. Call the number provided on the IRS notice informing you of the fraud. Complete IRS Form 14039, Identity Theft Affidavit. You can use a form at IRS.gov, print, then mail or fax the form as needed as you clear your tax record.

Pay your taxes. Be sure to continue to pay your taxes and file your tax return on time, even if you must do so by mailing in paper forms.

Stay diligent. If you contacted the IRS about taxpayer ID theft and did not receive a resolution, contact the Identity Protection Specialized Unit at 1-800-908-4490 about your case.

2015 Tax Season – Steps to Protect your refund

Kim Komando shares some important tips to safeguard your tax refund as almost $6 billion was stolen by fraudsters last year

http://www.komando.com/tips/300138/protect-your-tax-return-from-crooks-and-hackers

Along with tax season comes a frighteningly easy form of identity theft that can cause you a heap of trouble. Thieves with just a little information about you can file a bogus tax return in your name and claim a huge refund. While it doesn’t always work out so well for the fraudster, the IRS still gives out billions each year in fraudulent refunds. In 2014, for example, it paid out $5.8 billion that it shouldn’t have, and that’s just the fraud it identified. Unfortunately, this year that could be your money.

Your Social Security number is THE key piece of information a scammer needs to file a bogus return on your account. To keep it safe:

* Do not carry your Social Security card in your wallet or purse. Keep your Social Security card and any other document that shows your Social Security number in a safe place. Learn the five steps to survive a lost or stolen wallet.

* Only share your Social Security number when absolutely necessary. For instance, though a doctor’s office will often request your Social Security number, rarely are you actually required to provide it. Learn more about that and other things you need to know before your next doctor’s visit.

* Safeguard your personal financial information in your home and on your computer. Change online passwords regularly. Check out our tip for making safe and secure passwords.

* Review your credit reports and your Social Security Administration earnings statement each year for accuracy. Check out your credit report and score for free. A big unexpected change in your credit score might mean a thief has struck.

Virus Total Security firm – Adds FIRMWARE scanning for malware

Virus Total has enhanced it services to now include Firmware based malware as noted below

https://threatpost.com/virustotal-supports-firmware-scanning/116072/

Successful attacks against firmware are rare but provide hackers with one thing they covet most: persistence.  Advanced attack groups have already accelerated their capabilities in finding ways to burrow into the BIOS and EFI as noted by the Snowden leaks’ description of the NSA’s attempts to develop malware implants for the BIOS. Further, last year’s disclosure by Kaspersky Lab of the Equation Group’s espionage platform, and specifically a persistence module that targets the firmware of a number of leading hardware vendors, demonstrated how resourced attackers could gain undetectable and perpetual persistence on machines.

Virus Total said the new tool supports:

* Apple Mac BIOS detection and reporting.
* Strings-based brand heuristic detection, to identify target systems.
* Extraction of certificates both from the firmware image and from executable files contained in it.
* PCI class code enumeration, allowing device class identification.
* ACPI tables tags extraction.
* NVAR variable names enumeration.
* Option ROM extraction, entry point decompilation and PCI feature listing.
* Extraction of BIOS Portable Executables and identification of potential Windows Executables contained within the image.
* SMBIOS characteristics reporting.

Malware – CenterPOS is evolving new e-commerce threat

Point of Sales attacks are highly sophisticated malware threats designed to transmit credit card and other sensitive information to command-and-control servers. This information can later be used to defraud customers directly or through identity theft. 

https://www.fireeye.com/blog/threat-research/2016/01/centerpos_an_evolvi.html

There has been no shortage of point-of-sale (POS) threats in the past couple of years. This type of malicious software has gained widespread notoriety in recent time due to its use in high-profile breaches, some of which involved well-known brick and mortar retailers and led to the compromise of millions of payment cards. Our investigation into these threats has led to the analysis of a relatively newer POS malware known as CenterPOS.

CenterPOS malware was initially discovered in September 2015 in a directory filled with other POS malware, including NewPoSThings, two Alina variants known as “Spark” and “Joker,” and BlackPOS. Further investigation revealed that there is a new version of CenterPOS, version 2.0, that is functionally very similar to version 1.7. The key difference is that version 2.0 uses a configuration file to store the CnC information. When executed, the malware checks for a configuration file that can be located in one of three locations:

There is an increasing demand for POS malware in the underground as cybercriminals continue to target retailers in order to steal payment card information. CenterPOS, known in the underground as Cerebrus, is continuing to evolve. This version contains functionality that allows cybercriminals to create a configuration file. In contrast to the traditional builder-server model, the configuration file can be created from the payload itself, allowing the operators to easily update the CnC information if necessary.

Google Chrome browser – HTTP based websites highlighted as non-secure

All modern browsers flag unencrypted sites and Google Chrome will further enhance highlighting sites which are less protected.  SSL encryption is needed for password authentication, entry of forms data, and any other senstive operation.

http://motherboard.vice.com/read/google-will-soon-shame-all-websites-that-are-unencrypted-chrome-https

Google already signaled its preference for HTTPS websites when it called for HTTPS to be “everywhere” on the web during its 2014 I/O conference, and when it announced that it would rank encrypted sites higher in search results. But the internet giant is far from the only big player on the web pushing for more HTTPS. Mozilla and Apple have both indicated that they want more web encryption. And even the US government has taken important steps in that direction, requiring all .gov websites to be HTTPS by default before the end of this year.

The rationale is that on every website served over HTTP the data exchanged between the site’s server and the user is in the clear, meaning anyone with the ability to snoop on the connection, be it a hacker at a coffee shop or a repressive government, could steal passwords, private messages, or other sensitive information.

But HTTPS doesn’t just protect user data, it also ensures that the user is really connecting to the right site and not an imposter one. This is important because setting up a fake version of a website users normally trust is a favorite tactic of hackers and malicious actors. HTTPS also ensures that a malicious third party can’t hijack the connection and insert malware or censor information.

Leadership – 2016 Secrets for Success PERSONAL GROWTH

John Maxwell is sharing a new weekly series during 2016 called the “Secrets for Success”.  The second week focuses on personal growth as a professional, which is important for all team leaders

http://www.johnmaxwell.com/blog/the-secrets-of-success-week-one-personal-growth

You’d be surprised at how many people fail because they don’t make growth a priority in their minds and schedules. They have every intention of growing and want to grow, but they lack the ability to translate their intention into action. They need something to help them get growing.

For instance, if I want to continue to grow as a writer, I know I need to spend time each day reading, thinking, filing, asking questions, and—of course—writing! I could do all of those things each day without my Rule of 5, but I wouldn’t be nearly as intentional about it. One or more activities could easily fall through the cracks. It’s a simple system, but it helps me maintain my daily discipline of growing as an author.

To make growth a daily priority, make a Rule of 5 for personal growth. For example, if you want to get better at work, choose the five tasks, attitudes, or habits you need to emphasize each day to improve. It could look something like this:

1. Begin each day with the two most important tasks
2. Spend time connecting with my supervisor and doing more than expected
3. Return client emails in a timely fashion
4. Choose to be positive with co-workers
5. Leave my office tidy and ready for the next day

Leadership – 2016 Secrets for Success HEALTH

John Maxwell is sharing a new weekly series during 2016 called the “Secrets for Success”.  The first week focuses on personal health which is important for all team leaders

http://www.johnmaxwell.com/blog/the-secrets-of-success-week-one-health

As someone who hasn’t always taken his health seriously, I want to emphasize the importance of this area of your life. I took my health for granted until I had my heart attack in 1998 – and even after that, I struggled to embrace healthy living. Fortunately, I’ve gotten better over time. And I’ve discovered that there is no substitute for making daily choices to eat the right amount of nutritious foods and engage in the right amount of physical exercise. I talk regularly with my doctors to know what is safe and effective for me, and that’s a good place for anyone to begin.

You see, how you eat, how you exercise, how you choose to feel about the day, all have significant impact on your quality of life. If you eat poorly, it can make you feel tired. If you go to the gym early, it can be the kick start your day truly needs. Even something as small as waking up and saying to yourself, “Today, I will choose to be positive” can transform how you experience the day.

1. I decide I will be healthy today.
2. I choose to eat, drink and do healthy things today.

That’s it! Nothing more to it – you simply repeat those two steps each day. But to give you some practical handles for this idea, allow me to suggest the following:

* Instead of taking the elevator, take the stairs.
* Instead of drinking a soda, drink water.
* Instead of ordering the super-size meal, order the small.
* Instead of parking next to the building, park farther away and walk.
* Instead of ordering dessert, be content to pass.
* Instead of allowing the day to dictate how you feel, choose to see the good in the day.

4D Printing – Pioneered by Harvard University

4D printing that allows target items to “evolve” over time and some early pioneering work has been conducted by Harvard University

http://www.techtimes.com/articles/128176/20160127/4d-printing-here.htm

http://www.nature.com/nmat/journal/vaop/ncurrent/full/nmat4544.html

https://www.rt.com/usa/330539-3d-printing-4d-flower-invention/

We were all impressed by 3D printing for a hot minute, but that’s all over now. Enter “4D printing,” the printing which also involves the fourth dimension: time. Applause, applause, applause. Scientists at the Wyss Institute for Biologically Inspired Engineering at Harvard have developed hydrogel structures which change their shape when placed in water. In other words, they are able to respond to their environment (in this case, the water) the same way a plant does to its own environment: a sunflower bends toward the light, a vine climbs up a building for support, a pinecone spreads open, and so on.

Featuring WPMU Bloglist Widget by YD WordPress Developer