Security Protection – Harry Waldron MVP Rotating Header Image

Microsoft Windows 8 Modern UI

The new Windows 8 UI is officially called Windows 8 Modern as defined in this Tech Target article

http://searchenterprisedesktop.techtarget.com/definition/Microsoft-Windows-8-Modern

QUOTE: Microsoft Windows 8 Modern (formerly called Metro) is the user interface(UI) initially released with the Windows 8 operating system (OS). Modern uses bright, high-contrast color schemes and arrays of large icons (called “live tiles”) to create a simple design aesthetic. Modern focuses on reorganizing applications and tasks into intuitive groupings, with icons that use actual content rather than static graphical buttons. For example, a photo-viewing application would actually display the user’s photos in a live tile called “Photos.” Similarly, pictures and avatars representing user’s various phone and email contacts would appear in rotating mosaics across the “Contacts” live tile.

Microsoft Excel – How to Count duplicate and unique values

A few helpful Excel tips can be found in these Tech Republic articles

http://www.techrepublic.com/article/pro-tip-count-duplicates-and-unique-values-in-excel/

http://www.techrepublic.com/blog/microsoft-office/how-to-find-duplicates-in-excel/

QUOTE: Counting duplicate values is a subject that begs definition. What constitutes a duplicate? Within Excel, you can have duplicate values within the same column or you can have duplicate records — a row where every value in the record is repeated. In this article, we’ll focus on duplicate values within the same column. Once you start counting duplicates, you’ll often discover that you need more. For instance, you might need the opposite — how many unique values are in the column.   There are several ways to count duplicate values and unique values. You can work with most any dataset or download the .xlsx or .xls demonstration file (although specific instructions for the .xls format aren’t included in this article).  To get unique values, you can also quickly do an advanced filter, selecting only unique records and copying to another range (In Excel 2010: Data–> Advanced–> complete Advanced Filter dialog).

FBI Warning – Increased man-in-the-middle scams during June 2014

The FBI is warning about increased attacks in recent months:

http://www.networkworld.com/article/2393048/malware-cybercrime/fbi-warns-businesses-man-in-the-e-mail-scam-escalating.html

QUOTE: The FBI and Internet Crime Complaint Center (IC3) are warning businesses to be on the lookout for growing scam that tricks them into paying invoices from established partners that look legitimate but in fact are fraudulent. The FBI says the scam is a tweak of the timeworn “man-in-the-middle” scam and usually involves chief technology officers, chief financial officers, or comptrollers, receiving an e-mail via their business accounts purportedly from a vendor requesting a wire transfer to a designated bank account, the FBI said.  In the “man-in-the-e-mail” scam, e-mails are spoofed by adding, removing, or subtly changing characters in the e-mail address that make it difficult to identify the perpetrator’s e-mail address from the legitimate address. The scheme is usually not detected until the company’s internal fraud detections alert victims to the request or company executives talk to each other to verify the transfer was made.

Android Security – Selfmite SMS worm

A rare Android SMS worm has been discovered that spreads to other users via links in text messages.

http://www.adaptivemobile.com/blog/selfmite-worm

http://www.computerworld.com/s/article/9249430/Self_propagating_SMS_worm_Selfmite_targets_Android_devices

QUOTE: SMS worms for Android smartphones don’t appear very often. The vast majority of Android malware that has been discovered to date can be treated as trojans. But it doesn’t mean that other types of malware like SMS worms don’t exist. Recently an SMS worm dubbed Samsapo was discovered and analysed by a number of antivirus companies. Samsapo used a pretty common monetization mechanism: it was able to subscribe an infected device to a premium-rate service. It was also capable of stealing various types of personal information from a smartphone. AdaptiveMobile has analysed and confirmed a new piece of malware, termed Selfmite, that is also able to propagate via SMS. Potential victims receive the following SMS message containing a URL pointing to the Selfmite worm.

Facebook – How to review older post history

More comprehensive history review techniques are highlighted below:

http://www.nytimes.com/2014/06/26/technology/personaltech/finding-old-posts-on-the-facebook-timeline.html

https://www.facebook.com/help/www/280386008655300

QUOTEQUESTION I was scrolling back through my Facebook Timeline in my web browser and noticed some of my previous posts and photos weren’t there. How do I get them all back?

ANSWER — Facebook typically begins to just show you Timeline “highlights” after about a week. All your previously posted material is still there, but you have to find the menu option to display it.  To find the missing stories, start scrolling down your Timeline page. After you get about seven or eight days into the past, you should see a little gap in the posts and a small menu triangle next to the word “Highlights.”  Click the menu triangle and select “All Stories” instead of “Highlights” to see your previous posts when you scroll through.  If you do not want to spend a lot of time scrolling, you can also jump to a more specific point in your Timeline by clicking the month or year on the vertical gray list to the right of the Timeline column.

AntiVirus – Lastline Labs May 2014 Study

Lastline Labs shares a year long study of AV effectiveness.  While noting AV protection is essential, it isn’t always timely in detecting latest threats.

http://labs.lastline.com/lastline-labs-av-isnt-dead-it-just-cant-keep-up

QUOTE: Much has been said in recent weeks about the state of AV technology. To add facts to the debate, Lastline Labs malware researchers studied hundreds of thousands of pieces of malware they detected for 365 days from May 2013 to May 2014, testing new malware against the 47 vendors featured in VirusTotal to determine which caught the malware samples, and how quickly.  Some other interesting findings of this Lastline Labs research:

1. On Day 0, only 51% of AV scanners detected new malware samples 2. When none of the AV scanners detected a malware sample on the first day, it took an average of two days for at least one AV scanner to detect it 3. After two weeks, there was a notable bump in detection rates (up to 61%), indicating a common lag time for AV vendors 4. Over the course of 365 days, no single AV scanner had a perfect day – a day in which it caught every new malware sample 5. After a year, there are samples that 10% of the scanners still do not detect

Social Networks – Safe practices more critical in 2014

Users must safely navigate social networks where sensitive information may be exchanged:

http://securitywatch.pcmag.com/security/325048-are-social-media-networks-the-next-cyberattack-victims

http://www.zerofox.com/whatthefoxsays/the-anatomy-enterprise-social-cyber-attack-infographic/

QUOTE: The past year has seen a number of security horror stories. Now the big question is, who or what will be targeted next? Social risk management company ZeroFox argues that social media platforms are going to be compromised next. In a recent infographic, the company reveals that cyber-criminals are using popular social networks such as Facebook, Twitter, and LinkedIn, to launch targeted malware and phishing campaigns.

Crooks rely on bot armies to successfully carry out their campaigns, whether it’s malware or phishing. Bots are molded to look like trustworthy social media profiles; they usually have relevant popular content and post viral videos and articles that can reach many users. Two different types of bots exist: a bot account and a “sock puppet”. A bot account is created and operated remotely through software. A “sock puppet” is a fake account operated by a person pretending to be someone he or she isn’t.

After the bot army is made, the cybercriminal will decide on a target. Attacks could be focused against specific organizations, an organization’s customers, or against the general public via trendjacking, a PR tactic that subverts trending topics to highlight different messages. Once a method of attack is chosen, criminals connect their bots to targeted victims by filling their bots’ profiles with funny images or attention-grabbing content

Industry security alliances for 2014

The following article from eWeek provides an update of alliances working for common good of Internet communities.

http://www.eweek.com/security/threat-intel-sharing-communities-spring-up-to-aid-network-defenders.html

QUOTE: Three years ago, companies that wanted to exchange information on the latest cyber-threats needed to belong to one of several exclusive clubs, such as the Financial Services Information Sharing and Analysis Center (FS-ISAC), Microsoft’s Active Protections Program (MAPP) or the Anti-Virus Information Exchange Network (AVIEN). Since then, new information sharing tools and networks have emerged to allow businesses to exchange attack information with other companies. In September 2013, for example, Hewlett-Packard launched a threat-intelligence sharing environment, dubbed Threat Central, which allows its customers to upload threat data and share it with other subscribers. Security and network-management provider AlienVault supports the Open Threat Exchange that allows anyone to upload threat data and post analyses.

Security services firm Cyber Squared offers companies a similar environment known as Threat Connect. While each provider has a different goal for their platform, the offerings allow business customers to gain intelligence and share information on threats, usually in machine-readable format that speeds their response to attacks, Jerry Bryant, lead security strategist for the Microsoft Security Response Center (MSRC), told eWEEK. Defenders need to counter attackers’ ability to quickly share information on network weaknesses, he said.

Adobe Flash Player 14 – June 2014 security update

Users should promptly update their systems to the latest version of Adobe Flash Player 14

http://www.intego.com/mac-security-blog/adobe-tackles-security-flaws-with-flash-update/

http://helpx.adobe.com/security/products/flash-player/apsb14-16.html

QUOTE: Adobe Systems has released a new round of security updates for Adobe Flash Player for Windows and Mac. The company released Adobe Flash Player 14.0.0.125, which tackles a total of 6 “vulnerabilities that could potentially allow an attacker to take control of the affected system,” described Adobe’s security bulletin (APSB14-16).

Firefox version 30 security and features release

Mozilla Firefox 30 provides security and feature enhancements

http://www.eweek.com/security/firefox-30-delivers-7-security-fixes-other-changes.html

http://www.mozilla.org/en-US/firefox/30.0/releasenotes/

QUOTE: In contrast to the fanfare associated with Firefox 29 and its new interface, Firefox 30 delivers security fixes and incremental feature updates.  Not all browser releases are full of exciting, new features users will immediately notice. The Mozilla Firefox 30 browser does not include major new features, yet it does provide users with security fixes and some incremental updates.   Released June 10, Firefox 30 improves on the Firefox 29 browser, which debuted April 29 with the biggest user interface update for the open-source browser in years.  On the user interface side, the Firefox 30.0 release notes indicate that the sidebars button in the browser now enables faster access to social, bookmark and history sidebars. Additionally, with Firefox 30.0, Mozilla is now providing users with support for the GStreamer 1.0 framework for multimedia streaming.  Firefox 30.0 includes seven security advisories attached to the open-source browser release.