December, 2014:

More details emerge on JP Morgan banking breach earlier this year:

http://bits.blogs.nytimes.com/2014/12/23/daily-report-simple-flaw-allowed-jp-morgan-computer-breach/

The computer breach at JPMorgan Chase this summer — the largest intrusion of an American bank to date — might have been thwarted if the bank had installed a simple security fix to an overlooked server in its vast network, said people who have been briefed on internal and outside investigations into the attack. Big corporations like JPMorgan spend millions — $250 million in the bank’s case — on computer security every year to guard against increasingly sophisticated attacks like the one on Sony Pictures. But the weak spot at JPMorgan appears to have been a basic one, the people said.   The attack against the bank began last spring, after hackers stole the login credentials for a JPMorgan employee, these people said. Still, the attack could have been stopped there.   Most big banks use a double authentication scheme, known as two-factor authentication, which requires a second one-time password to gain access to a protected system. But JPMorgan’s security team had apparently neglected to upgrade one of its network servers with the dual password scheme, the people briefed on the matter said. That left the bank vulnerable to intrusion.

The new OphionLocker ransomware malware agent is described in following links:

http://trojan7malware.blogspot.co.uk/2014/12/ophionlocker-new-ransomware-on-scene.html

https://www.f-secure.com/weblog/archives/00002777.html

Last August, we wrote about a series of ransomware that included  SynoLocker and CryptoWall. In our Cryptowall post, we briefly mentioned the more advanced family of ransomware, CTB-Locker, which uses elliptic curve cryptography for file encryption and Tor for communication with the command & control server.

This week, another ransomware emerged using the same cryptography for encryption. It was first spotted by Trojan7Malware from a malvertising campaign that used RIG exploit kit. They dubbed the malware as OphionLocker.

Upon infection, this malware uses a Tor2web URL for giving instructions on how to send the payment and obtain the decrpytor tool.  Here is the message that will be shown to the user after encryption:  Entering the HWID will display the ransom message that asks for 1 BTC (Bitcoin)

Some projections for 2015 are noted in following article:

http://www.bidnessetc.com/31708-what-to-expect-from-the-wireless-industry-in-2015/

QUOTE:  2014 was a tumultuous year for wireless carriers. The telecom sector has underperformed the overall market due to failed merger attempts, intensifying price wars, and expensive spectrum auctions, The telecom ETF, iShares Dow Jones US Telecom has risen 0.34% year-to-date (YTD), compared to the S&P 500 Index which has risen 13% over the same period. As the year draws to a close, Bidness Etc speculates what investors can expect going into the New Year.

1. Price Wars To Intensify — Price wars were an ongoing theme in 2014.

2. Video Content As A Differentiator — As the price wars in the industry offset the revenue growth due to rising data usage, video content delivery is expected to be the next growth opportunity for wireless carriers.

3. Major Consolidation In The Industry  — With a total of $83.7 billion worth of deals, M&A activity was robust in 2014 in the North American telecom industry, but consolidation is expected to slow down in 2015.

4. Wireless Spectrum — Wireless spectrum will continue to play a major role in the coming year when the results of the ongoing AWS-3 auction become public.

Microsoft may be working on a major update in it’s browser technology as part of the Windows 10 initiative.  Further developments are likely to emerge in future.

http://www.zdnet.com/article/microsoft-is-building-a-new-browser-as-part-of-its-windows-10-push/

There’s been talk for a while that Microsoft was going to make some big changes to Internet Explorer in the Windows 10 time frame, making IE “Spartan” look and feel more like Chrome and Firefox.  Microsoft is building a new browser, codenamed Spartan, which is not IE 12 — at least according to a couple of sources of mine.   Spartan is still going to use Microsoft’s Chakra JavaScript engine and Microsoft’s Trident rendering engine (not WebKit), sources say. As Neowin’s Brad Sams reported back in September, the coming browser will look and feel more like Chrome and Firefox and will support extensions. Sams also reported on December 29 that Microsoft has two different versions of Trident in the works, which also seemingly supports the claim that the company has two different Trident-based browsers.    However, if my sources are right, Spartan is not IE 12. Instead, Spartan is a new, light-weight browser Microsoft is building.

Cyberattacks were launched during holiday season as documented in article below:

http://bits.blogs.nytimes.com/2014/12/26/sony-and-microsoft-game-console-networks-disrupted/

The computer networks for Microsoft’s Xbox and Sony’s PlayStation 4 video game consoles were off line for most of Christmas Day, possibly because of an attack by a group of hackers with a history of targeting video games.

The hackers who call themselves the “Lizard Squad” claimed responsibility on Twitter for the shutdown, which essentially rendered the gaming devices unusable, but neither company confirmed the source of its problems.

Another excellent leadership article:

http://www.johnmaxwell.com/blog/want-a-better-holiday-follow-my-dads-advice

There’s lots of great advice out there about handling relational conflict over the holidays – from setting healthy boundaries to sharing feelings kindly but honestly. And it’s all valuable advice. Today, I’d like to share with you one behavior that my dad modeled in my family growing up, and that I’ve done my best to demonstrate in all my relationships ever since. It’s made the difference in my friendships, my marriage, and my parenting. Here is what my dad advised.  Always travel the high road .. You see, in every interaction, there are three roads that we can take:

1. The low road, where I’m out to get you,
2. The middle road, where I’ll basically treat you as you treat me, and
3. The high road, where I’ll treat you well regardless of how you treat me.

AV-Test is an independent software testing firm. Their latest testing focus on how well Android security products can protect devices with most products scoring well in the evaluation

http://securitywatch.pcmag.com/security-software/330168-report-android-security-apps-improving

FULL REPORT AV-TEST – Android Security Applications NOV2014

http://www.av-test.org/en/antivirus/mobile-devices/android/november-2014/

While there aren’t nearly as many malicious applications aimed at Android devices as there are targeting Windows, that’s no reason to be complacent. If one of those malware apps hits your phone, you’ve got trouble whether it’s common or not. AV-Test Institute rated 31 Android security applications and found that for the most part they’re even more effective than when last tested.  AV-Test CEO Andreas Marx observed that “the malware protection rate of all products—with one exception (51.2 percent)—was in the very good range with an average detection rate of 97.6 percent.” He also noted that the current crop of products generated far fewer false positives (valid files detected as malware), with a total of seven compared with 36 in the previous test.

AV-Comparatives is an independent software testing firm. The latest AV product tests focus on how well they can clean infected systems in removing malware and correcting damages to the registry and overall Windows system.

http://securitywatch.pcmag.com/security-software/330210-pc-infected-which-antivirus-does-the-best-cleanup

FULL DETAILED PDF – AV-Comparatives tests Virus cleaning DEC2014
http://www.av-comparatives.org/wp-content/uploads/2014/12/avc_rem_201411_en.pdf

TABLE SUMMARIZING TEST RESULTS BY VENDOR
http://www.pcmag.com/image_popup/0,1740,iid=441354,00.asp

The AV-Comparatives researchers used a fairly simple system to convert these grades in to numeric ratings for comparison. A product that earned a D grade for removal or convenience got zero of 100 possible points. Perfect removal earned 100, 90, or 80 points, depending on whether the convenience grade was A, B, or C. Removal with executables remaining (a B grade) earned 70, 60, or 50 points, again depending on the convenience grade. And so on. Average point totals for the products tested ranged from AhnLab’s low of 68 to a high score of 88, shared by AVG and Bitdefender. Panda and Kaspersky came close, with 87 and 86 points respectively

While safe practices can go along way in protecting users, this brief article highlights the complementary need for technology defenses as well.

http://securitywatch.pcmag.com/security-software/330459-why-you-need-antivirus-software

These days, “antivirus” is just a word for a tool that protects your data and your PC against viruses, Trojans, botnets, rootkits, rogue security software, ransomware, and all types of malicious software. Actual viruses are the least of your worries, since they lay low to avoid detection.   “But I only use my PC to surf the Web,” you may say. “I don’t keep any personal information on it. Who cares if a virus or some bad program goes along for the ride?” Well, it’s not as simple as that.    A Trojan horse gets onto your system by pretending to be useful, but once inside the walls, it releases a malicious payload. You say you don’t store personal data? How about your email address—that’s about as personal as it gets. A Trojan might try to capture your email address and password, or insert itself into financial transactions to drain your bank account. That’s bank robbery with no need for a mask or a gun.

Excellent advice for coming year is found at John Maxwell’s leadership blog.  These strategies can provide improved techniques to help take on the challenges for coming year:

http://www.johnmaxwell.com/blog/5-surefire-ways-to-sharpen-your-skills

QUOTE: Recently, another leader asked me about how he should go about sharpening his skills in the areas where he was naturally gifted. Here are the thoughts I shared with him that day. To sharpen our skills in a strength area, we should seek to…

1. Gain Experience – Once you get some experience under your belt, it gives you both confidence and examples of what works and what doesn’t. Having dealt with a similar situation before really makes you confident that you can handle it this time.

2. Get Feedback – feedback from any number of people can be really valuable.

3. Write Down YOur Thoughts – I’ve discovered that when I write a thought on paper and then examine it, I can think of all sorts of ways to improve it.

4. Participate in a Small Group of People – Sitting in a group discussing ideas is huge because it allows us to flesh out great thinking. That’s because as a group, we can all contribute to improving an idea.

5. Study Available Resources – if you will spend one hour a day every day on a certain subject, within five years you will become an expert on that subject.

SUMMARY: I’ve always said that we should focus on growing in our areas of strength, more than in areas of weakness. Once you’ve figured out which way you’re naturally wired, work on gaining experience, getting feedback, participating in groups, and studying great resources. Your efforts in these areas will yield great dividends in your personal growth.