Computer News & Safety – Harry Waldron Rotating Header Image

March, 2018:

Microsoft Security – Visual Auditing Security Tool project

Microsoft has launched “Project VAST” which combines Microsoft’s Azure Log Analytics tool with its Power BI data visualization tool

Finally Remove Your Security Blockers: Introducing Project VAST

The Visual Auditing Security Tool (VAST) provides a repeatable, scalable solution to quickly and cost-effectively help mitigate security blockers by visually representing specific infrastructure log and audit events. It also provides specific, actionable KPI-based metrics to measure your organization’s effectiveness in mitigating the risk of devastating credential theft.

Many organizations aggregate log data into query-able aggregation stores such as SIEMs. Even so, experience shows that combing through log files in an effort to correlate security events is typically a time-consuming activity from which you can draw limited conclusions and take limited action. VAST takes a different approach. VAST leverages powerful, relatively new Microsoft technologies – chiefly Azure Log Analytics and Power BI – to present your organization with a rich, visual representation of its security data in a single-pane-of-glass interface. VAST can work along-side your existing solutions – and it adds a dimension to your data that most enterprise SIEMs presently don’t: interactive data visualization.

Office 365 – SharePoint and Excel features update for March 2018

Microsoft shares recent features & other improvements designated for Office 365 subscribers.

https://redmondmag.com/articles/2018/03/30/march-office-365-updates.aspx

https://blogs.office.com/en-us/2018/03/29/new-in-march-rich-data-types-intelligent-search-and-expanded-datacenters/

The updates this month were notable for including perks for SharePoint Online users. Additionally, Office 365 Excel users also are starting to see the fruits of Microsoft’s efforts to improve the end user experience by using artificial intelligence (AI) techniques within the spreadsheet program.

1. SharePoint Web Parts – On the SharePoint Online side, Microsoft this week announced that the new Yammer Web Part has reached “general availability,” meaning it’s deemed ready by Microsoft for production use.

2. SharePoint Admin Center Previews – The Admin Center’s “Site Management” blade will be getting new button to export its data into the comma-separated value (CSV) format, allowing data visualizations using tools like Excel or Microsoft Power BI. IT pros also will be able to save custom views within the Admin Center, although the saved views get shared with all SharePoint administrators.

3. Excel Cloud Data Type Previews – Microsoft is building “cloud-connected data types” into Excel, which use AI to enhance the data sources within an Excel spreadsheet. They tap the “Microsoft Knowledge Graph,” which is also used by Microsoft’s Bing search service.

Leadership – 4 steps for executives to improve corporate culture

The John Maxwell leadership training center shares four steps for executives to improve corporate management practices.  Most critical need of all is for a key executive to sponsor & back those key changes:

http://johnmaxwellcompany.com/blog/leadership-an-executive-sponsor-is-key

Leadership is not something that rises to the surface because of technology, economic necessity or what is currently trending in the business world. Leadership is a trait of being that has existed since the beginning of mankind. And it will always be part of the fabric of living as long as the human race continues to exist. As John C. Maxwell says “Leadership is influence, nothing more, nothing less.”

In fact, a 2015 global study on this issue by Los Angeles-based Korn Ferry points to executive sponsorship as the chief roadblock to leadership development success. The study polled more than 7,500 executives from 107 countries, ultimately uncovering that 55 percent of respondents rank their return on such development efforts as only “fair” to “very poor.”

What was to blame? You guessed it: A general lack of active executive sponsorship, buy-in and support from the top. I urge you to check out the report. It offers specific tips for increasing the effectiveness of your organization’s leadership development plan, including:

1. Embed leadership development in the culture and strategy. Embrace the idea that leadership development is a continuous process and not just made up of one-time classes or one-off events.

2. Make leadership development more relevant and engaging by focusing programs on the organization’s current strategies and business issues.

3. Roll out relevant and appropriate development for all levels in the organization, including senior-most executives and the C-suite.

4. Don’t cut back on investing in leadership development when times get tough. That is the time to double down on efforts.

Data Breach – Popular app MyFitnessPal attacked during FEB 2018

Under Armour’s MyFitnessPal has just reported a data breach where usernames, email addresses, and password data from 150 million users were exposed. Fortunately, no customer e-commerce details were exposed and a mandatory password change will occur to protect customer accounts. 

https://www.pcmag.com/news/360166/under-armours-myfitnesspal-suffers-massive-data-breach

http://investor.underarmour.com/releasedetail.cfm?ReleaseID=1062368

The MyFitnessPal service from Under Armour has suffered a data breach that affects about 150 million users.  The breach occurred in late February and involved an “unauthorized party” accessing usernames, email addresses and password data, Under Armour said on Friday.

Fortunately, the exposed passwords were scrambled with the bcrypt hashing algorithm, which will make them tough to crack. “Payment card data was also not affected because it is collected and processed separately,” the company said.

As precaution, Under Armour is advising MyFitnessPal users to change their passwords for any other internet accounts that used the same login credentials. The usernames and email addresses exposed in the data breach were scrambled with an older hashing algorithm called SHA-1, making them easier to decipher.

“Review your accounts for suspicious activity,” the company said in a FAQ about the breach. “Be cautious of any unsolicited communications that ask for your personal data or refer you to a web page asking for personal data.”

Windows 10 – Insiders Preview build 17133 release fixes minor bugs

The Windows 10 Preview build 17133 was launched to Insiders to fix minor current issues (beta testers)

https://www.windowscentral.com/windows-10-build-preview-17133-rolls-out-insiders-slow-ring

Microsoft is rolling out a fresh Insider preview build for those enrolled in the Slow ring today. Today’s build is 17133, and it comes just three days after it first landed for Insiders in the Fast ring. Build 17133 is also expected to be the RTM build of the Windows 10 Spring Creators Update, set to roll out in April.

Microsoft cautions that it is using this release to test the engineering systems responsible for the deployment of Windows 10 updates, so it may not be available to everyone in the Slow ring right away. However, it should reach full availability for Slow ring Insiders by Monday, April 2. Here’s a look at the small list of changes included in this build:

1. We fixed an issue resulting in certain devices with BitLocker enabled unexpectedly booting nto BitLocker recovery in recent flights.

2. We fixed an issue resulting in not being able to change the display resolution when there were 4 or more monitors connected, due to the confirmation prompt hanging when you selected “Keep changes”.

3. We fixed an issue where clicking suggested search terms when typing in the Microsoft Edge URL bar didn’t do anything.

Security – CIS Controls Version 7 released

Version 7 of CIS Controls have been finalized as follows:

https://isc.sans.edu/forums/diary/Version+7+of+the+CIS+Controls+Released/23499/

https://www.cisecurity.org/controls/

https://learn.cisecurity.org/20-controls-download

The CIS Controls serve as a “prioritized set of actions to protect your organization and data from known cyber attack vectors.”. Embraced by several organizations as outlined in the Case Studies section, significant improvements to their cyber security programs are listed and can serve as an inspiration to consider this approach to effective cyber defense.  Recently Version 7 of the CIS Controls were released. This work reflects the engagement of over many volunteers who helped shape this update. Several key changes made to the CIS Controls are listed below, including the following seven principles.

KEY IMPROVEMENTS IN NEW V7 RELEASE

1. Improve the consistency and simplify the wording of each sub-control
2. Implement “one ask” per sub-control
3. Bring more focus on authentication, encryption, and application whitelisting
4. Account for improvements in security technology and emerging security problems
5. Better align with other frameworks (such as the NIST CSF)
6. Support the development of related products (e.g. measurements/metrics, implementation guides)
7. Identify types of CIS controls (basic, foundational, and organizational)

CIS Controls

Internet Security – FBI shares fraud prevention tips March 2018

The FBI shares fraud prevention tips as part of a recent bulletin when users are falsely contacted in unusual ways by technical companies, banks, delivery companies, retail, etc., in an attempt to trick & defraud 

https://www.ic3.gov/media/2018/180328.aspx

Suggestions for Protection

1. Remember that legitimate customer, security, or tech support companies will not initiate unsolicited contact with individuals.
2. Install ad-blocking software that eliminates or reduces pop-ups and malvertising (online advertising to spread malware).
3. Be cautious of customer support numbers obtained via open source searching. Phone numbers listed in a “sponsored” results section are likely boosted as a result of Search Engine Advertising.
4. Recognize fraudulent attempts and cease all communication with the criminal.
5. Resist the pressure to act quickly. Criminals will urge the victim to act fast to protect their device. The criminals create a sense of urgency to produce fear and lure the victim into immediate action.
6. Do not give unknown, unverified persons remote access to devices or accounts.
7. Ensure all computer anti-virus, security, and malware protection is up to date. Some victims report their anti-virus software provided warnings prior to attempt.

If you are a Victim

1. Individuals who receive a pop-up or locked screen, should shut down the device immediately. Ignore any pop-ups instructing to not power off or restart the computer. Victims who reported shutting down the device and waiting a short time to restart usually find the pop-up or screen lock has disappeared.
2. Do not re-contact fraudulent tech scam companies. Expect additional fraudulent calls as these companies often share their customer database information.
3. Should a criminal gain access to a device or an account, individuals should take precautions to protect their identity. Immediately contact financial institutions to place protection on accounts as well as change passwords and actively monitor accounts and personal information for suspicious activity.

Apple – iOS 11.3 allows disable of battery throttling

Apple’s iOS 11.3 release contains numerous new features & the disable of battery throttling is a widely sought after feature for older devices where users have more control & info on power management … this review by BGR also lists the many additional features in this key release 

iOS 11.3 is here, and you can finally disable battery throttling

iOS 11.3, Apple’s third major update to iOS 11 and the one that everyone’s really been waiting for, is finally here. Anyone running iOS 11 on their iPhone or iPad can go download the over-the-air update right now; as ever, just make sure you’ve got a recent backup, a good Wi-Fi connection, and lots of juice left in your battery. iOS 11.3 brings a bunch of new features to iOS 11 that we’ve broken down below, but there’s really only one thing that most people are looking for: The off switch for Apple’s battery-related performance restrictions.

We’ve had a chance to play around extensively with the new features in iOS 11.3 betas already, so nothing in this new release should come as a surprise. The biggest change is the introduction of several battery health features, which are supposed to make customers happy about Apple’s battery-related performance throttling. The new features are contained within a new “Battery Health” menu, which is under the “Battery” tab on iOS 11.3. The page only really has two fields: Maximum Capacity, which shows what percentage of the original charge your battery can still hold; and Peak Performance Capacity, which tells you if your phone’s performance is being throttled due to the battery.

FBI Warning – Fake Tech Support call attacks increase in 2017

An 86% percent increase in fake tech support call attacks occurred during 2017 verses 2016.  The FBI shares an excellent analysis of this malicious activity & how to better protect from these attacks

https://www.ic3.gov/media/2018/180328.aspx

Based on new reporting, the Internet Crime Complaint Center (IC3) is providing updated guidance regarding technical support fraud. Tech Support Fraud involves a criminal claiming to provide customer, security, or technical support in an effort to defraud unwitting individuals. This type of fraud continues to be a problematic and widespread scam.

In 2017, the IC3 received approximately 11,000 complaints related to tech support fraud. The claimed losses amounted to nearly $15 million, which represented an 86% increase in losses from 2016. While a majority of tech support fraud involves victims in the United States, IC3 has received complaints from victims in 85 different countries.

Criminals may pose as a security, customer, or technical support representative offering to resolve such issues as a compromised e-mail or bank account, a virus on a computer, or to assist with a software license renewal. Some recent complaints involve criminals posing as technical support representatives for GPS, printer, or cable companies, or support for virtual currency exchangers.

 

Initial contact with the victim typically occurs through the following methods:

Telephone: A victim receives an unsolicited telephone call from an individual claiming the victim’s device or computer is infected with a virus or is sending error messages to the caller. Callers are generally reported to have strong, foreign accents.

Search Engine Advertising: Individuals in need of tech support may use online search engines to find technical support companies. Criminals pay to have their fraudulent tech support company’s link show higher in search results hoping victims will choose one of the top links in search results.

Pop-up message: The victim receives an on-screen pop-up message claiming a virus has been found on their computer. In order to receive assistance, the message requests the victim call a phone number associated with the fraudulent tech support company.

Locked screen on a device: The victim’s device displays a frozen, locked screen with a phone number and instructions to contact a fraudulent tech support company. Some victims have reported being redirected to alternate Web sites before the locked screen occurs.

Phishing e-mail warning: The victim receives a phishing e-mail warning of a possible intrusion to their computer or an e-mail warning of a fraudulent account charge to their bank accounts or credit cards. The e-mail provides a phone number for the recipient to contact the fraudulent tech support.

Ransomware – City of Atlanta resumes operations 5 days after attack

After investigation and forensics by authorities, all City of Atlanta operations resumed with heavy security monitoring to ensure any remaining contaminations of the ransomware agent were quickly found & addressed

http://searchsecurity.techtarget.com/news/252437715/Five-days-after-Atlanta-ransomware-attack-recovery-begins

Atlanta’s city hall has given the all-clear for workers to turn systems back on following a ransomware attack that caused issues with certain scheduling and procurement processes.  The Atlanta ransomware attack began early in the morning on March 22 and the FBI, Department of Homeland Security, Microsoft and Cisco were brought in early on to investigate and help the city remediate the issues.

Today, the City of Atlanta is advising its employees to turn on computers and printers for the first time since the March 22 cyberattack,” wrote Anne Torres, director of the Mayor’s Office of Communications, and Nikki Forman, press secretary for the city, in the statement. “It is expected that some computers will operate as usual and employees will return to normal use. It is also expected that some computers may be affected or affected [sic] in some way and employees will continue using manual or alternative processes. This is part of the City’s ongoing assessment as part of the restoration and recovery process.”