Computer News & Safety – Harry Waldron

Microsoft now automatically turns on AMSI macro  technology to protect against malicious macros for Office 365 ProPlus subscribers

https://redmondmag.com/articles/2018/09/17/office-365-proplus-macro-scanner.aspx

https://cloudblogs.microsoft.com/microsoftsecure/2018/09/12/office-vba-amsi-parting-the-veil-on-malicious-macros/

Microsoft has turned on a technology to protect against malicious macros for Office 365 ProPlus subscribers, the company announced last week.

The technology, called Antimalware Scan Interface (AMSI), has been around since 2015, but it’s now newly integrated with Office 365 ProPlus. Microsoft turned AMSI on by default “on the Monthly Channel for Office 365 client applications including Word, Excel, PowerPoint, Access, Visio and Publisher,” Microsoft indicated, in its September 12 announcement.  With AMSI’s integration with Office 365 ProPlus, IT professionals now have new Group Policy security setting called “Macro Runtime Scan Scope.” This policy lets IT pros disable scanning for all documents, enable scanning for low-trust documents or enable scanning for all documents.

Microsoft acquires  artificial intelligence (AI) company Lobe as documented below

https://blogs.microsoft.com/blog/2018/09/13/microsoft-acquires-lobe-to-help-bring-ai-development-capability-to-everyone/

Today, we’re excited to announce the acquisition of Lobe. Based in San Francisco, Lobe is working to make deep learning simple, understandable and accessible to everyone. Lobe’s simple visual interface empowers anyone to develop and apply deep learning and AI models quickly, without writing code. We look forward to continuing the great work by Lobe in putting AI development into the hands of non-engineers and non-experts.  We’re thrilled to have Lobe join Microsoft and are excited about our future together to simplify AI development for everyone.

https://www.lobe.ai/

Drag, drop, learn — Lobe is an easy-to-use visual tool that lets you build custom deep learning models, quickly train them, and ship them directly in your app without writing any code. Start by dragging in a folder of training examples from your desktop. Lobe automatically builds you a custom deep learning model and begins training. When you’re done, you can export a trained model and ship it directly in your app.

Some excellent resources in case IDENTITY THEFT issues are discovered

https://www.irs.gov/individuals/data-theft-information-for-tax-professionals

https://www.identitytheft.gov/Steps

https://identitytheft.gov/

https://www.ftc.gov/ 

All tax professionals should be aware that they, too, are targets of cybercriminals seeking access to client data in order to file fraudulent tax returns for refunds. Are you prepared? Protect your clients and protect yourself by taking a few critical steps.

The IRS recommends tax professionals use Publication 4557, Safeguarding Taxpayer Data, as a guide for conducting a review of your current security measures and to create or update your security plan. It is critical you assess your current security precautions and address any weaknesses.  The IRS also recommends tax professionals create an action plan to outline the steps you would take in the event of a data theft. This will save valuable time should the worst occur.

The “Protect Your Clients; Protect Yourself” campaign to raise awareness among tax professionals is an initiative of the Security Summit, a joint project by the IRS, states and the tax community to combat identity theft. Because of the sensitive client data held by tax professionals, cybercriminals increasingly are targeting the tax preparation community. All tax professionals must take appropriate steps to protect their clients’ data and protect their businesses.

IMPORTANT: Always use robust security software for all computers and devices, and routinely perform deep scans often to identify any malware/virus infections. Use strong password to access computers and client files. Learn to recognize and avoid phishing email schemes.  Should you experience a data compromise – whether by cybercriminals, theft or accident – there are certain basic steps you should take. For a comprehensive list of security actions, consult a security professional.

After significant events, many fake charities surface suddenly.  And these links share that donations are best made through mainstream sites & using safest e-commerce practices.  A BEST PRACTICE is to work through the most mainstream established organizations (e.g., Red Cross, Salvation Army, etc.) rather than a “newly created” one at the time of tragedy.   Mainstream sites are better, because there is history on % of donations that actually go to victims & beneficiaries. 

In “best practices” search, some EXCELLENT resources share avoidance & verification tactics.  As unfortunately the “bad guys” will strike soon.

https://www.trustify.info/blog/how-to-aviod-fake-charities

https://www.scamwatch.gov.au/types-of-scams/fake-charities

https://www.irs.gov/newsroom/fake-charities-on-the-irs-dirty-dozen-list-of-tax-scams-for-2017

https://www.consumer.ftc.gov/features/how-donate-wisely-and-avoid-charity-scams

https://www.aarp.org/money/scams-fraud/info-06-2013/avoiding-charity-scams-during-disasters.html

https://www.huffingtonpost.com/mike-montali/how-to-tell-if-a-charity-_b_9806518.html

How this scam works — Fake charities try to take advantage of your generosity and compassion for others in need. Scammers will steal your money by posing as a genuine charity. Not only do these scams cost you money, they also divert much needed donations away from legitimate charities and causes.  Fake charity approaches occur all year round and often take the form of a response to real disasters or emergencies, such as floods, cyclones, earthquakes and bushfires.

Scammers will pose as either agents of legitimate well-known charities or create their own charity name. This can include charities that conduct medical research or support disease sufferers and their families. They may also pose as individuals needing donations for health or other reasons.

The FBI has launched a new program called “Protected Voices” designed to reduce improper information impacting government & elections from foreign influences.

https://www.fbi.gov/investigate/counterintelligence/foreign-influence/protected-voices

Protected Voices is an FBI initiative to mitigate the risk of cyber influence operations targeting U.S. elections. Part of that initiative is outward-facing and includes efforts by the Bureau to raise awareness among political campaigns about the best ways to fend off possible attempts—by criminals, foreign agents, or others—to infiltrate their information technology infrastructure.

One key to addressing this threat is for a campaign to enhance its own cyber hygiene, the technological equivalent of locking your doors and windows. To this end, the FBI—in partnership with the Department of Homeland Security and the Office of the Director of National Intelligence—has released a number of short videos, embedded below, on the most urgent cybersecurity issues that may leave a campaign’s computer networks vulnerable to attacks. The videos include tips and best practices on how best to protect your organization, based on industry research and our own vast experience investigating cyber crimes.

Below are key resources documenting this recent monthly Microsoft Patch Tuesday release

https://isc.sans.edu/forums/diary/Microsoft+September+Patch+Tuesday+Summary/24088/

https://patchtuesdaydashboard.com/

https://blog.talosintelligence.com/2018/09/ms-tuesday.html

https://portal.msrc.microsoft.com/en-us/security-guidance/summary

Microsoft released its monthly set of security updates today for a variety of its products that address a variety of bugs. The latest Patch Tuesday covers 61 vulnerabilities, 17 of which are rated “critical,” 43 that are rated “important” and one that is considered to have “moderate” severity.

The advisories cover bugs in the Internet Explorer web browser, Jet Database Engine and the Chakra scripting engine, among other products and software.  This update also includes two critical advisories, one of which covers security updates to Adobe Flash, and another that deals with a denial-of-service vulnerability in the Microsoft Windows operating system.

The FBI is hosting their 2018 Safe Online Surfing Challenge (SOS) which is designed to teach students in grades 3-8 safety in a gaming like manner as shared below.  This is an excellent resource, esp. for home school students. 

https://www.fbi.gov/news/stories/safe-online-surfing-open-spanish-available-090718

With participation growing and a Spanish version now available, the FBI’s Safe Online Surfing (SOS) Internet Challenge is reopening for the new school year, offering a game-driven curriculum that teaches students about online risks.

Some of latest features in new build are noted in review of latest WIN10 preview version targeted for early Fall 2018

https://www.techradar.com/news/latest-windows-10-preview-lets-you-text-from-your-pc-via-your-phone-app

Latest Windows 10 preview lets you text from your PC via Your Phone app.  Microsoft has pushed out a couple of new preview builds for the impending Windows 10 October 2018 Update (Redstone 5) in quick succession, bringing texting functionality to the Your Phone app – plus a fresh preview for ‘skip ahead’ testers (working on the update for 19H1, due in the first half of next year) was released with some minor additions.

For the update due next month, build 17754 was deployed – which just contained bug fixes – then that was swiftly followed by build 17755 arriving for fast ring testers, which as mentioned features an improved Your Phone app for Android.  Your Phone has previously been pushed out to testers (and indeed to the Microsoft Store in general), but only with the ability to drag-and-drop photos between your Android phone and Windows 10 PC.

This 9 minute podcast shares John Maxwell five levels of leadership development

http://corporatesolutions.johnmaxwell.com/podcast/executive-leadership-podcast-intro-to-the-5-levels-of-leadership/

Level 1 — People follow you at this level because they have to
Level 2 — This is the level where you have relationships with those that you connect with and work with.
Level 3 — This is where people will follow you because of what you have done for the organization.
Level 4 — This is what we call the people development level. This is also known as the reproduction level. People follow you because of what you have done for them personally.
Level 5 — Level 5 is what we call the pinnacle level. This is the respect level, where people follow you because of who you are, and what you represent, and what you’ve done for them, time after time after time

For the 10th anniversary, Google Chrome version 69 will have several key functional improvements as shared in following PC Magazine article:

https://www.pcmag.com/feature/363464/after-10-years-google-chrome-gets-an-update-8-things-to-try

Chrome has looked pretty similar for a decade, but version 69, a 10th anniversary overhaul, is a significant update.   Google’s Chrome has become the go-to web browser for many. While Firefox and Opera have undergone major redesigns, and newer browsers with their own looks, like Edge and Vivaldi, have appeared, Chrome’s angle-tabbed appearance has remained pretty much the same for a decade. That all changes with the release of version 69, targeted for Sept. 4, which brings what Google calls its Material Design language to the web browser.

29 HIDDEN TIPS IN CHROME BROWSER

https://www.pcmag.com/feature/323996/29-hidden-chrome-features-that-will-make-your-life-easier