Computer News & Safety tips  – Harry Waldron MVP Rotating Header Image

Leadership – How to Bridge the Generation Gap in 2018

The John Maxwell leadership training center shares an excellent article in looking ahead to challenges of 2018.  It focuses on older leaders can bridge the generation gap to foster an improved spirit of teamwork in their diverse organizations.

http://johnmaxwellcompany.com/blog/how-to-bridge-generation-gap-in-the-workplace

1.Invest in professional growth – Investing portions of your human capital training budget into interactive, onsite workshops is a great place to start

2.Capitalize on the social affinity of millennials – Millennials thrive in social settings and like to network electronically worldwide. Harness this skill and assist them in building their professional relationships and leaping over the generation gap in the workplace.

3.Encourage people to be creative – Let employees know that their input is valued. Micro-management is the barrier to innovation. Communicate the mission and values of a project, and then take a step back.

4.Listen – Communication is about the sharing of information; it is not about talking at someone. Millennials are interested in contributing, building and being a part of something that matters. When employees feel comfortable sharing their own ideas, their goals develop real meaning.

5.Don’t forget your sense of humor – Humor is disarming, and is critical for team-building. When a team laughs together it helps to facilitate a sense of community and enhances a cohesive corporate culture.

6. Make younger employees feel welcome – Bridging the generation gap in the workplace is in essence about belonging, feeling valued and having confidence that your voice is being heard – no matter our defined generational identity

Malware – Necurs top spam and ransomware botnet after 5 years

Talos Security shares a research report on the Necurs botnet family, which has been in circulation for over 5 years

http://blog.talosintelligence.com/2018/01/the-many-tentacles-of-necurs-botnet.html

Over the past five years the Necurs botnet has established itself as the largest purveyor of spam worldwide. Necurs is responsible for emailing massive amounts of banking malware, ransomware, dating spam, pump-n-dump stock scams, work from home schemes, and even cryptocurrency wallet credential phishing. Necurs sends so much spam that at times Necurs’ spam campaigns can make up more than 90% of all spam seen by Cisco Talos in one day.

Typically email campaigns from Necurs fall into one of two categories: high-volume weekday campaigns, or low volume continuous campaigns. Necurs has occasionally been seen sending high volume campaigns on weekends, but the vast majority of the time high volume campaigns are limited to the business week only. The mailing list database Necurs is using seems to be segmented, such that the high volume campaigns use one subset of email addresses from the DB, and the low volume campaigns use a different set of email addresses.

Of course one of Necurs’ most well-known payloads is ransomware. Necurs has been one of the biggest distributors of the Locky ransomware. Locky also works on an affiliate model. Inside of each locky sample, in the metadata, is an affiliate ID, which is always the same for Necurs mailings. Most of the time, very little investment is made in the design of the messages themselves, as in the following example.

Now that Necurs is back from their regular holiday break they are attempting to fill our inboxes with junk mail and malware once again. On one hand, the size of the Necurs botnet, and its ability to send from different nodes in every campaign makes it difficult to defend against; Standard IP address blacklists are ineffective against such tactics. Fortunately for network defenders, the fact that Necurs does relatively little to curate their recipient database limits the damage they can do. There are only so many times the same recipients will fall for Necurs’ same, repetitive tricks. We can expect that Necurs will continue to try variations on some of their tried and true attacks, and so user education against these threats remains paramount.

Java programming language – 2018 predictions

An IBM research report shares continued popularity and predictions for the Java programming language in 2018:

http://www.eweek.com/development/ibm-outlines-prospects-for-java-in-2018

There may be no more pervasive computer code anywhere in the world than Java, created by Dr. James Gosling and his team at Sun Microsystems in the early 1990s and released in 1995 as a core component of Sun’s Java Platform.

Java is a general-purpose computer programming language that is concurrent, class-based, object-oriented and specifically designed to have as few implementation dependencies as possible. This is why it has not been passed by despite so many advancements in IT during the 23 years it has been a major factor in the IT world.  It’s everywhere–in virtually every mobile device, server, IT system and network. Java applications are typically compiled to bytecode that can run on any Java virtual machine (JVM) regardless of computer architecture.

KEY PREDICTIONS for 2018
1.Will remain one of most Popular Languages in the World
2.2018 will be the year of Eclipse Foundation
3.Java convergence with containers will become more common & seamless
4.Kotlin will become the next hot language with Java Interoperability
5.New 6 month release model will drive faster innovation
6.Serverless platforms will begin a major reshaping of Java

Word Press – Steps in building your own website JAN-2018

Word Press provides a robust environment for website development as shared in this informative PC Magazine article:

https://www.pcmag.com/article/358019/how-to-get-started-with-wordpress

WordPress is the free content management system (CMS) that powers everything from your favorite anime fan site to CNN’s online presence. In fact, WordPress.org, the website that houses the open-source software, states that WordPress powers 29 percent of the sites on the World Wide Web.

WordPress is a remarkably flexible content management system that has many themes and plug-ins to enhance the front-end and back-end experiences. There’s no coding required, unless you want a truly customized website feature or layout. As a result, building a WordPress-powered website isn’t particularly difficult. Still, people who aren’t familiar with the process may need a guiding hand.

BASIC STEPS for creating your own website

1.Pick a URL name and ISP provider
2.Find a Theme
3.Pick Your Plug-Ins
4.Protect Your Admin access & prevent spam posters
5.Optimize and Manage WordPress Hosting

Malware – 2018 Winter Olympics targeted attacks circulating

McAfee Labs warns of targeted attacks circulating in-the-wild, using the theme of 2018 Winter Olympics

https://securingtomorrow.mcafee.com/mcafee-labs/malicious-document-targets-pyeongchang-olympics/

McAfee Advanced Threat Research analysts have discovered a campaign targeting organizations involved with the Pyeongchang Olympics.  The campaign to target Pyeongchang Olympics began December 22, 2017 with the most recent activity appearing December 28. The attackers originally embedded an implant into the malicious document as a hypertext application (HTA) file, and then quickly moved to hide it in an image on a remote server and used obfuscated Visual Basic macros to launch the decoder script. They also wrote custom PowerShell code to decode the hidden image and reveal the implant.

With the upcoming Olympics, we expect to see an increase in cyberattacks using Olympics-related themes. In similar past cases, the victims were targeted for their passwords and financial information. In this case the adversary is targeting the organizations involved in the Winter Olympics by using several techniques to make it more tempting to open the weaponized document:

*** Spoofed email address from South Korea’s National Counter-Terrorism Council
*** Use of Korean language
*** Asking users to open the content because the document is in protected mode
*** Partial use of the original South Korean Ministry of Agriculture and Forestry domain in a registered fake domain for malicious intent

 

 

Consumer Electronic Show 2018 – Top Technical Highlights

PC Magazine has informative recaps of CES 2018 as noted in links below.

https://www.pcmag.com/feature/358468/ces-2018-top-tech-trends/

https://www.pcmag.com/article/358452/the-best-of-ces-2018

It’s easy to get lost in the slew of product announcements at CES on a micro level, but if you step back and look at the big picture, you can see some trends emerge:

1.Artificial Intelligent Assistants Everywhere
2.Large Screen developments
3.Virtual and Augmented Reality
4.Sleep Tech
5.Cars Driving Themselves
6.Robots
7.Tech Toys to Teach
8.Enhanced Security

Wireless Security – New WPA3 Wi-Fi standards announcement

A new WPA3 Wi-Fi standard is being developed which will strengthen wireless security controls in future devices

http://www.zdnet.com/article/wpa3-wireless-standard-tougher-wifi-security-revealed/

The Wi-Fi Alliance, an industry body made up of device makers including Apple, Microsoft, and Qualcomm, announced Monday its next-generation wireless network security standard, WPA3.

One of the key improvements in WPA3 will aim to solve a common security problem: open Wi-Fi networks. Seen in coffee shops and airports, open Wi-Fi networks are convenient but unencrypted, allowing anyone on the same network to intercept data sent from other devices.

WPA3 employs individualized data encryption, which scramble the connection between each device on the network and the router, ensuring secrets are kept safe and sites that you visit haven’t been manipulated.

Another key improvement in WPA3 will protect against brute-force dictionary attacks, making it tougher for attackers near your Wi-Fi network to guess a list of possible passwords. The new wireless security protocol will also block an attacker after too many failed password guesses.

WPA2, the current incarnation of the wireless security standard since 2004, uses a four-way handshake to securely allows new devices with a pre-shared password to join a network. The newer WPA3 will use a newer kind of handshake, Mathy Vanhoef, a computer security academic, told ZDNet, which will “not be vulnerable to dictionary attacks.”

Microsoft Security – Spectre and Meltdown performance impacts on 2015 and earlier CPUs

The most performance impacts will be older WIN7 devices as documented below: 

https://redmondmag.com/articles/2018/01/09/microsoft-meltdown-spectre-slowdown.aspx

Understanding the performance impact of Spectre and Meltdown mitigations on Windows Systems

Performance slowdowns will be most apparent for older Windows client systems, such as Windows 7 and Windows 8, particularly when using Intel Haswell chips on “2015-era PCs,” according to an announcement by Terry Myerson, executive vice president of the Windows and Devices Group. Microsoft expects “most users to notice a decrease in system performance” on these older Windows clients.

Leadership – 10 barriers that can impact corporate creativity

The John Maxwell leadership training center shares an excellent article in looking ahead to challenges of 2018.  It focuses on how leaders should foster an improved spirit of creativity in their organizations.

http://johnmaxwellcompany.com/blog/expressions-that-can-kill-creativity-at-work

Creativity goes hand in hand with innovation.  The best creative cultures remove barriers or creativity killers so employees can continue with the flow of a good idea.  Share these 10 hazardous expressions with the leaders in your company and challenge them to recall the last time they detected them:

1.I’m not a creative person. Everyone is creative even though each person brings unique strengths to each situation.

2.Don’t ask questions. Good leaders ask great questions, and they only get answers to questions they ask.

3.Don’t be different. The fact is that being different is how progress happens. Your team can’t get where you want to go by staying where you are.

4.Stay within the lines. Lines can be valuable things, but some lines exist only because they have never been questioned and examined.

5.There is only one way. Thomas Edison said it best: “There is always a better way—find it!”

6.Be practical. Although practical thinking is vital to execution, it can kill creative thinking if applied too soon. Good leaders give their teams time to be creative before leading them to get practical.

7.Think of your image. Leaders who are more concerned with how they look than how their team performs will have issues. Great performance begins with great thinking.

8.It’s too much work. Coasting is always easier in the short-term than thinking outside the box. But leaders who aren’t willing to to do the work will eventually be out of work.

9.We can’t afford to make a mistake. Some of the greatest inventions in human history were born from mistakes made in the messy, creative process.The leader who never makes a mistake soon takes his orders from one who does.

10.Failure is final. The more leaders do, the more they fail. The more they fail, the more they learn. The more they learn, the better they get.

Microsoft Security – JANUARY 2018 issues related to Spectre and Meltdown fixes

The Spectre and Meltdown fixes are complex and require some prerequisite work for Anti-virus vendors and other companies to update their products before the JAN-2018 Windows updates will applied.  Microsoft is blocking updates in some cases where incompatibilities have been discovered.  

https://www.grahamcluley.com/anti-virus-registry-key-windows-security-updates/

https://redmondmag.com/articles/2018/01/09/windows-fixes-brick-amd-pcs.aspx

Well, things just got a heck lot more complicated for users of some anti-virus programs.   That’s because Microsoft has said that customers who are running certain anti-virus products will not receive its bundle of January 2018 security patches (including mitigations against the Spectre and Meltdown CPU flaws) unless their products certify that they don’t make unsupported calls into Windows kernel memory.

According to Redmond, some security products jump through some hoops to bypass the Kernel Patch Protection built into the operating system. And unfortunately, those techniques, are incompatible with Microsoft’s latest patches – and cause computers to blue screen.  So, Microsoft is demanding that anti-virus products certify that their software work with its fixes by adding a registry key every time they startup.