Security Protection – Harry Waldron MVP Rotating Header Image


Malware – Malicious Terror-alerts target users in Middle East and Canada

Symantec shares that an active spam campaign is underway that appears to be terrorism alert messages.  Users should avoid this new malicious and targeted attack underway.

Cybercriminals spoof law enforcement officials in Dubai, Bahrain, Turkey, and Canada to send terror-alert spear-phishing emails containing Backdoor.Sockrat.

Earlier this month, Symantec observed malicious emails spoofing the email address of one United Arab Emirates (UAE) law enforcement agency, particularly the Dubai Police Force. These spear-phishing emails, which read like a warning from the Dubai Police, bank on users’ fear of terror attacks to trick them into executing the malicious attachments. The attachments are disguised as valuable security tips that could help recipients to protect themselves, as well as their companies and their families, from potential terror attacks that may occur in their business location.

To add more credibility to the emails, the crooks impersonate the incumbent Dubai Police lieutenant general, who is also the head of general security for the emirate of Dubai, by signing the email with his name. Symantec advises users to remain vigilant and be wary of social engineering techniques to protect their data. Users are advised to adhere to the following best practices to avoid getting infected:

* Do not open attachments or click on links in suspicious email messages
* Avoid providing any personal information when answering an email
* Never enter personal information in a pop-up page or screen
* Keep security software up to date
* If uncertain about an email’s legitimacy, contact your internal IT department or submit the email to Symantec Security Response through this portal

Facebook – Legal right to block content upheld in court

Facecrooks Security shares a current court case where blocked Facebook content was challenged earlier this week

A U.S. court ruled this week that Facebook has the right to block content without any explanation. The ruling was in response to a lawsuit against Facebook from Sikhs For Justice (SFJ), a group that alleged its Facebook page was blocked for religious discriminatory reasons. “Facebook is an American corporation and owes allegiance to U.S. Constitution which promotes and protects free speech content and not accede to threats of foreign governments, but the ruling failed to cover any of the allegations of SFJ,” said SFJ’s legal advisor and attorney Gurpatwant Singh Pannun.   The judge in the case said that Facebook is protected under the Communications Decency Act, which protects interactive service providers from being held responsible for their users’ content. However, there’s little doubt that SFJ will appeal the ruling, so this case could just be getting started.

Leadership – Expressing gratitude for team members

In any organization, your most valuable resources are the team members.  John Maxwell reflects on the value of expressing appreciation and affirmation as part of the leadership process.

Thursday is Thanksgiving in the United States, and I know I’m looking forward to a wonderful day of food and family. I hope your plans for the holiday will be meaningful and fun.  I don’t know about you, but the Thanksgiving holiday always gets me thinking about gratitude.

Who brings out the best in you? Who are you grateful for? Have you made a list of the people you appreciate? If not, now is the perfect time of year to create your own list. Take time to do so this week. Once you have, it will be difficult for you to forget all of the people who have helped you get to where you are today, because it lives with you and within you. It lives with you because of the things people have done with you. It lives within you because of the way it sustains you. And it can inspire you to get outside of yourself and put others first, just as others have often put you first.

Windows 10 – Gartner predicts 50 percent of Corporations will start rollouts during 2016

During 2016, Gartner forecasts that corporate Windows 10 migration will ramp up more aggressively next year

Half of all enterprises will have at least started their rollouts of Windows 10 by January 2017, according to a Gartner report released Monday, suggesting the OS is on track for rapid adoption. While enterprises are known for taking their time with software updates, Kleynhans says they’re moving fast with Windows 10.

Kleynhans also said that there’s a small amount of pent-up demand for new devices like touchscreen laptops and business-class Windows tablets. Windows 10 has reinvigorated businesses that were previously stymied by having to use Windows 8 if they wanted to roll out those devices.

While the decision to require cumulative updates has caused consternation among IT professionals, Kleynhans thinks that enterprises will be able to handle it okay. “Companies by and large initially were very concerned about it, now that they’re looking at it a little closer, they’re starting to develop some thoughts about how to deal with it and some processes are starting to gel on how they’ll handle those kinds of updates.” “And I think by the time organizations are ready to start real deployments in 2016 and early 2017, they’ll have a process and they’ll feel fairly comfortable about how they’re going to handle those updates.”

Kim Komando – Security Awareness Podcasts for Holidays

Kim Komando offers several special podcasts that warn of scams and other risks associated with  Black Friday and Cyber Monday shopping online.  

Kim Komando On Demand – Recent Podcasts

Kim Komando On Demand – RSS feeds

If you enjoyed any of my podcasts in the past, you can listen to some of my latest podcasts right here!  Warning Black Friday, Cyber Monday can put you at risk!  11/19/15

Microsoft Edge – New version strengthens security by blocking unsigned DLLs

Microsoft Edge security was recently strengthened to block unsigned DLLs which are sometimes present on a malicious site.  Even legitimate sites can become infected from injection attacks that occur due to website security weaknesses. These latest Microsoft Edge release was automatically provided to Windows 10 users recently.

In May, we announced that Microsoft Edge was saying goodbye to binary extensibility models such as ActiveX and Browser Helper Objects. This change made browsing in Windows faster, more secure, and more stable than ever, while paving the way for better interoperability with other browsers and modern extension models. Those improvements are at risk, however, if uninvited extensions in the form of DLLs (Dynamic-Link Library) are injected into the browser. The latest Windows 10 updates strengthen Microsoft Edge with industry-leading enforcement against loading unauthorized DLLs into Microsoft Edge content processes.

Starting with EdgeHTML 13, Microsoft Edge defends the user’s browsing experience by blocking injection of DLLs into the browser unless they are Windows components or signed device drivers. DLLs that are either Microsoft-signed, or WHQL-signed, will be allowed to load, and all others will be blocked. “Microsoft-signed” allows for Edge components, Windows components, and other Microsoft-supplied features to be loaded. WHQL (Windows Hardware Quality Lab) signed DLLs are device drivers for things like the webcam, some of which need to run in-process in Edge to work. For ordinary use, users should not notice any difference in Microsoft Edge.

This change arrives as part of EdgeHTML 13, which is included with the latest automatic updates to Windows 10. Like many other Microsoft Edge security enhancements, this DLL code signing mitigation will make it less likely for the browser to be hacked. It also reinforces Microsoft Edge against unwelcome binary “extensions” that slow down and or destabilize the browser.

PENTEST Security Tools – NMAP VERSION 7 new release

NMAP is popular open source network Penetration Testing tool suite which was just updated and released.  Below are a summary of key improvements found in version 7:

NMAP 7 -HOME page



Hi folks!  After 3.5 years of work by more than 100 contributors and 3,200 code commits since Nmap 6, we’re delighted to announce Nmap 7! Compared to Nmap 6, we now have 171 new NSE scripts, mature IPv6 support for everything from host discovery to port scanning to OS detection, better infrastructure, significant performance improvements, and a lot more!

Here are the top 7 improvements in Nmap 7:

1. Major Nmap Scripting Engine (NSE) Expansion – As the Nmap core has matured, more and more new functionality is developed as part of our NSE subsystem instead. In fact, we’ve added 171 new scripts and 20 libraries since Nmap 6.

2. Mature IPv6 support – IPv6 scanning improvements were a big item in the Nmap 6 release, but Nmap 7 outdoes them all with full IPv6 support for CIDR-style address ranges, Idle Scan, parallel reverse-DNS, and more NSE script coverage.

3. Infrastructure Upgrades – We may be an 18-year-old project, but that doesn’t mean we’ll stick with old, crumbling infrastructure! The Nmap Project continues to adopt the latest technologies to enhance the development process and serve a growing user base. For example, we converted all of Nmap.Org to SSL to reduce the risk of trojan binaries and reduce snooping in general.

4. Faster Scans – Nmap has continually pushed the speed boundaries of synchronous network scanning for 18 years, and this release is no exception. New Nsock engines give a performance boost to Windows and BSD systems, target reordering prevents a nasty edge case on multihomed systems, and NSE tweaks lead to much faster -sV scans.

5. SSL/TLS scanning solution of choice – Transport Layer Security (TLS) and its predecessor, SSL, are the security underpinning of the web, so when big vulnerabilities like Heartbleed, POODLE, and FREAK come calling, Nmap answers with vulnerability detection NSE scripts.

6. Ncat Enhanced – We are excited and proud to announce that Ncat has been adopted by the Red Hat/Fedora family of distributions as the default package to provide the “netcat” and “nc” commands! This cooperation has resulted in a lot of squashed bugs and enhanced compatibility with Netcat’s options.

7. Extreme Portability – Nmap is proudly cross-platform and runs on all sorts of esoteric and archaic systems. But our binary distributions have to be kept up-to-date with the latest popular operating systems. Nmap 7 runs cleanly on Windows 10 all the way back to Windows Vista. By popular request, we even built it to run on Windows XP, though we suggest those users upgrade their systems.

Social Engineering – Tech Support scams rise in 2015

The Talos security blog, sponsored by Cisco systems, highlights an increase in fake telephone calls, emails, and website popups that pretend to aid end users in identifying a virus or other system problem.  Often a scammer with an untraceable telephone number will work with user and convince them to share credit card numbers or allow them to plant “diagnostic” software on their system.  Users should be aware that Microsoft or other companies will not contact users by phone or email in this manner.

The amount of fraudulent actors masquerading as legitimate tech support has been on the rise since 2008. According to David Finn, executive director at the Microsoft Cybercrime Center, tech support scammers have made nearly $1.5 billion off of 3.3 million unwitting victims just this year. These scammers typically convince the victim into allowing them access to his/her computer through remote control applications such as TeamViewer. They then present benign processes as malicious, or at times even spread malware themselves. Afterwards, they charge hundreds of dollars for the service.

There are several avenues through which these scammers reach their victims. One of the most insidious are pop-ups and websites asserting that the user’s computer is riddled with viruses, and that the only way to fix the problem is to call a provided tech support number.

Microsoft – New Cyber Defense Operations Center

Microsoft CEO Satya Nadella announced in Washington, D.C. the need for a new approach to security with the continued growth of cloud based computing.

To support a comprehensive, cross company approach to security, Microsoft invests more than a billion dollars in security research and development, every year. Deepening this commitment, we announced plans to enhance our protection of customer data with a new Cyber Defense Operations Center. This state-of-the-art facility brings together security response experts from across the company to help protect, detect and respond to threats in real-time. Staffed with dedicated teams 24×7, the center has direct access to thousands of security professionals, data analysts, engineers, developers, program managers, and operations specialists throughout Microsoft to ensure rapid response and resolution to security threats. Informed by decades of experience working with the industry to fight threats on a global scale, the center maintains critical connections with industry security partners, governments and enterprise customers, and engages Microsoft’s Digital Crimes Unit when law enforcement needs arise.

Microsoft Security Updates – NOVEMBER 2015

Microsoft recently released a large number of security bulletins for newly discovered vulnerabilities. Some early issues with KB3097877 caused Outlook 2010 and 2013 to abend with certain HTML based email messages and users should be cautious until key issues are worked out with a replacement update.

Microsoft’s Patch Tuesday has arrived. Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release contains 12 bulletins addressing 53 vulnerabilities. Four bulletins are rated critical and address vulnerabilities in Edge, Internet Explorer, Windows Journal, and Windows. The remaining eight bulletins are rated important and address vulnerabilities in .NET, IPsec, Kerberos, Lync/Skype for Business, NDIS, Office, SChannel, and Winsock.

Featuring WPMU Bloglist Widget by YD WordPress Developer