October, 2015:

Up to 13 million accounts may be impacted as documented below and users should quickly revise their ID/passwords as advised:

https://threatpost.com/web-hosting-service-000webhost-hacked-information-of-13-million-leaked/115200/

Information on nearly 14 million users of 000webhost, a Lithuanian web hosting service, was spilled earlier this year when a hacker exploited an old version of the company’s website and gained access to the backend.   13.5 million customer usernames, plaintext passwords, email addresses, IP addresses, and names were exposed as part of the breach, according to a Facebook post from the company Thursday morning.

000webhost first disclosed the breach Wednesday morning in a preceding Facebook post but was hazy with details, claiming that at some point a hacker leveraged an exploit on an old PHP version of the company’s site and uploaded some files.

“Although the whole database has been compromised, we are mostly concerned about the leaked client information,” the company wrote, adding that since it discovered the issue, its reset user passwords, and is cautioning any users who used the same password on another service to change it.

SANS (Internet Storm Center) has been an excellent resource for security best practices and breaking news for years. This study documents current challenges in corporate security:

http://www.eweek.com/security/no-surprise-most-enterprises-still-lack-adequate-security.html

http://www.illumio.com/sans-report-2015

In 2015, 148 million records have been breached in 129 reported incidents—incidents that sometimes go undetected for months at a time. As far along as we are in 2015 technology and despite all the security solutions available, a majority of enterprises still do not have adequate basic perimeter security or threat responsiveness to protect their data centers and cloud systems. Hacker break-ins and data theft reports nearly every week in the news bear this out.

The SANS (System Administration, Networking and Security) Institute, a respected global information security training and analysis provider, has come out with its first “State of Dynamic Data Center and Cloud Security in the Modern Enterprise Survey and Research Report,” and most of the findings are disconcerting at best.

The report, released Oct. 14, included the following metrics:

1. Nearly six in 10 (59 percent) organizations say they are able to contain a threat within 24 hours, which is an eternity in security time. A full day leaves systems open to prolonged and increased damages as attacks spread laterally through data centers and clouds.

2. Containment times reported by respondents included: up to 8 hours (37 percent of respondents); up to 24 hours (21 percent); less than a week (19 percent); and more than a week (17 percent).

3. Notably, 55 percent of respondents are dissatisfied with the length of time it takes them to contain and recover from attacks.

4. Traditional tools not stopping breaches: Forty-four percent of enterprises reporting breach information have had sensitive data accessed by attackers; these same respondents were among those using traditional security tools in their data centers and clouds

5. Security losing ground in cloud, distributed computing game: Thirty-seven percent of organizations use distributed cloud and data center computing systems; 44 percent of respondents said their biggest challenge was that cloud providers don’t offer visibility needed to protect users and data; 19 percent say cloud providers don’t give them security support needed; and 49 percent have no formal cloud security strategy in place.

Facebook is testing advertising options that consume less bandwidth than video advertising, as documented below:

http://www.techtimes.com/articles/99603/20151030/facebook-launches-slideshow-ads-for-markets-with-slow-internet.htm

https://www.facebook.com/business/news/slideshow

In a press release on Thursday, Facebook officially announced Facebook Slideshow, a new advertising model targeted for regions with slow Internet connections. Facebook argues that the growth of online video consumption makes users want to engage with more video content, which includes ads.”A recent report suggests that in countries like Nigeria and the Philippines where connectivity can be slow, expensive or both and where feature phones are prevalent, people are even more receptive to video ads,” Facebook elaborates.

However, no matter how engaging a video is, it would fall victim to slow Internet connectivity. Moreover, video ad production, with the budget needed, is often not feasible for small local businesses. Facebook addresses this problem with its introduction of Slideshow, playing lightweight content made using a series of still images.

Facebook is testing new option for local buy/sell opportunities as documented below:

http://www.techtimes.com/articles/101603/20151031/facebook-testing-local-market-buying-selling-feature.htm

Facebook is reportedly testing a new feature called “Local Market,” which is essentially a location to buy and sell items and services, similar to Craigslist. Most users who had access to Local Market found that the section was only live for around two hours. Not only that, but not everyone was able to access the section if they had the option, reporting that it spent a lot of time loading.

It seems as though the section will be accessible both as a dedicated tab on mobile devices and through a bookmark on the desktop version of Facebook. The section will also be populated largely by Facebook groups dedicated to buying and selling products, which is the reason that many of the categories had thousands of items on offer despite the section being completely new.

If Local Market does end up going live to the public, it could certainly pose a challenge to services like Craigslist. While Craigslist has been around for a long time and is a well-established place to buy and sell items, users might enjoy being able to sell things straight from Facebook without having to head to a different website and access a different account.

Facebook will be changing it’s name verification procedures, especially in cases where users have filed fake name reports to ask for more information.  This is intended to lead to less account lockouts where individuals might be unfairly attacked by others.

http://venturebeat.com/2015/10/30/facebook-will-test-improvements-to-its-real-name-policy-in-december/

Facebook wants to make it easier for users to verify that they are using their “real” names. The social networking company will begin testing these improvements starting in December.

In a published letter obtained by BuzzFeed, Facebook’s vice president of growth, Alex Schultz, acknowledged that the current policy doesn’t work for everyone, and that many have complained to Facebook that the process of verifying their name is too difficult.

The EFF letter states that the signatories represent transgender and gender variant individuals, those who use pseudonyms to protect themselves from violence, people who have already been silenced by Facebook’s current policy, and those whose legal names “don’t fit the arbitrary standards of ‘real names’ developed by Facebook.”

Schultz responded to some of these points in his letter by saying that Facebook doesn’t require people to use their legal names, just “the name that other people know them by.” To simplify the verification process, the company is testing a new way to let people provide information about the circumstances surrounding their choice of name.  Additionally, users could soon see a new version of Facebook’s profile reporting process that’ll ask for more information about why someone is requesting action be taken on an account.

One key tactic of IT and business leadership is for fellow teammates to see it as “our vision” rather than just the goals of the leader alone.  John Maxwell reflects on the need for more than the project manager to also ensure other key leaders buy into goals and overall mission for the project 

http://www.johnmaxwell.com/blog/what-do-you-do-when-your-dream-is-bigger-than-you

Last week I talked to you about rewriting your story into one of significance. You may have been thinking more about how you can make a difference in the lives of others. Today I want to encourage you to think big:

How can you partner with like-valued people to make a bigger difference than you could on your own?

Whenever I spoke, I talked about my dream.  I was looking for people with a heart to make a difference and who could make things happen. And as I spread the word about what I wanted to do and how I wanted to include others, many people joined me. I was passionate, and passion is contagious. Many people eagerly climbed aboard “The Maxwell Train.”

At first, I thought that was success. It took me a couple of years to figure out that many of the people who were joining me in the early days just wanted to come along for the ride. They liked my enthusiasm and energy, and they wanted to be close to me, but they didn’t necessarily share the same passion I had for significance, for making a difference with others. They just wanted to hang out. They lacked the passion to make a difference, which meant they didn’t have the same goal or purpose I did.

This required another shift in my thinking. I had to stop the proverbial train and allow everyone who wasn’t holding a significance ticket to get off. Then, I had to proactively go out and attract the right people and begin the journey again.

So, who were the right people? – They were people who were already making a difference in the lives of others, not just people who wanted to hang out with those who were.

How was I going to connect with these people? – I realized I needed to create a clearer picture of what I was trying to accomplish. I needed to communicate clearly about my cause. Then I could see how they would respond. How big is your dream? Do you have a dream that’s bigger than you? If not, why not? Why not dream one size bigger? You can achieve significant things—if you invite others to help you.

I believe your first step is to approach people who are already making a difference in their own way. Then you need to communicate clearly about your big dream. Paint a picture of the significance story you’d like to write together. And invite them to join you. Together, you can achieve great things and make a great change in your world.

The CTA estimates at least $325M in damages and extortions from Ransomeware which encrypts user files on an infected system and holds users hostage unless they wire money to a special Bitcoin account. An article plus the full PDF report can be found below:

http://www.eweek.com/security/ransomware-operation-racked-up-325m-in-damages-security-firms-say.html

http://cyberthreatalliance.org/cryptowall-report.pdf

The latest version of the CryptoWall ransomware program has raked in more than $325 million for the group behind the criminal operation, researchers from Cyber Threat Alliance stated in a report released on Oct. 29.  The Cyber Threat Alliance (CTA), a group of security companies that have pledged to share threat data with each other, combined a variety of information from its members to identify more than 4,000 malware samples, 800 command-and-control sites and 400,000 attempted infections. The 90-day research effort identified 49 different CryptoWall campaigns that likely caused at least $325 million in damages, according to the companies.

This Best Practices article from eWeek offers some excellent personal safety tips for home and corporate users

http://www.eweek.com/security/slideshows/tips-for-improving-enterprise-personal-security-online.html

Enterprises cannot get enough good advice for securing their IT systems, data centers, email accounts, mobile devices and so on. There are so many people offering advice, for one thing. This eWEEK slide show contains some basic, but sometimes overlooked, industry advice from five professionals who know their business. Their suggestions range from checking URLs, to verifying senders, to keeping your browser and operating system up-to-date.

(1) Always Validate that a URL Matches the Site You Want to Visit
(2) Check to See That a Real Person Actually Sent You an Offer
(3) Beware of Scams
(4) Don’t Expose Credit Card Info
(5) Don’t Conduct Transactions Originating From Inbound Email
(6) Install Ad-Blocking Extensions
(7) Exclusively Use Credit Cards Online
(8) Keep Your Browser and Operating System Up-to-Date
(9) Monitor Your Financial Account

Former FBI chief Leo Taddeo affirms the continuing trend that major cyberattacks are expected to continue increasing in months ahead.

http://www.eweek.com/security/former-fbi-cyber-chief-sees-threat-outlook-getting-worse.html

NEWS ANALYSIS: Leo Taddeo reports that cyber-criminals and hackers are getting more sophisticated and now have access to far better tools than before. Hackers at all levels have new capabilities at their disposal, said Leo Taddeo, former special agent in charge of the Special Operations/Cyber Division of the FBI’s New York Field Office. Taddeo is now the chief security officer at Cryptzone, which is entering the U.S. market after years of successful growth in Europe. “Unfortunately,” he said, “there’s no improvement in our ability to deter that capability.”

But the problem goes far beyond just nation-states hacking for military and commercial intelligence. “At the low end are the script kiddies, the hobby hackers,” he said. Those are people who break into networks for recreation, or perhaps bragging rights, but are now getting much better tools to help them do it.
In the middle are the cyber-criminals who are hacking for money, and who are now getting their hands on information and software from nation-states, and are learning how to use it.

Office 2016 was enhanced extensively for both individual user and teams to work in a collaborative approach.

http://www.informationweek.com/software/enterprise-applications/office-2016-8-enterprise-worthy-features-/d/d-id/1322852

QUOTE: The newest version of Office is designed for consumer and business users alike. So, which new features will matter most in the enterprise? Here’s a look at the ones you’ll really want for work.

1. Planner — new addition to Office 365, is still in beta but is a key part of Microsoft’s collaborative vision for Office. Planner is a project management tool for managing tasks, deadlines, and progress for a group of workers. Many people create team schedules in apps such as Excel, which is a clumsy and static tool for keeping track of assignments and due dates for a large group.  The approach to Planner? Fewer words, more design. Graphs and charts show who is working on which assignments, how much progress they have made, and when their project is due. It adds an element of transparency into the group collaboration process.

2. Outlook: Clutter — For business customers, the day starts and ends in Outlook, said Shawn Villaron, group program manager for Office 365. One key focus in the development of Office 2016 was enabling productivity by making it easier to manage crowded inboxes. Clutter is a new capability designed to manage your inbox and automatically flag messages that you delete without reading. It should be noted that Clutter is not a spam filter. The tool doesn’t automatically hide notes from specific senders, Villaron explained. Rather, it’s supposed to learn your individual behavior and store messages it thinks you don’t want to read.

3. Outlook: Smart Attachments — A subtle feature that makes good use of the cloud in the new Office is Outlook’s smart attachment capability. When attaching a file to an email, you’ll see a list of recently used items in place of the traditional file dialogue. A small cloud icon next to the file indicates you’re not sending an actual file. Rather, you’re sending a URL so they can access the document in the cloud. This enables recipients to work on the most recent version of the document without sending several attachments between users.

4. Outlook: Groups — When the team works on a series of related documents over a long period of time this activity can be tracked. The final pattern requires a tool for exchanging several messages within a group, which prompted the creation of Groups. Outlook in Office 2016 has a Groups subhead along the left column where you can create or join groups of people and access messages specific to certain teams.

5. Delve — This is powered by Office Graph, which gathers and analyzes interactions among you and your coworkers in Office 365. For example, it will consider your frequent email contacts, who collaborates on documents with you, or who shares your manager. Based on this data, it recommends content relevant to your work.

6. Excel: Data Visualization —  Modern data visualization is a key business-friendly feature in Office 2016. In the updated Excel, you can highlight your data and select Insert for access to chart types and recommended charts. It’s easy to visualize data in different types of graphs and charts, such as tree and waterfall charts (pictured above).

7. Real-Time Co-Authoring And Skype — The most recent version of Microsoft Word gives you the ability to collaborate in real time with team members and provides visibility into who has recently accessed the document. The Office client apps have also been upgraded to include Skype integration, so you can call, IM, and video chat with colleagues to ask questions or talk about a project without leaving the app. Microsoft promises real-time co-authoring will be rolled out to all native apps.

8. Tell Me And Smart Lookup — Tell Me is handy for finding shortcuts to capabilities across Office apps. For example, if you want a specific graph in Excel, you can type its name into Tell Me, and it will change the depiction of the data set.  Smart Lookup leverages Bing to pull additional online information on content you’re using. For example, if you type the term “carbon dating” but only highlight “dating” for Smart Lookup to research, the tool will recognize the context to narrow down your search results and only include relevant content.