Computer News & Safety – Harry Waldron Rotating Header Image

June, 2018:

Windows 10 – Redstone 5 build 17704 offers improved Edge security

Microsoft adds new security, privacy, Edge features to latest Windows 10 test build

https://www.zdnet.com/article/microsoft-adds-new-security-privacy-edge-features-to-latest-windows-10-test-build/

Microsoft has released a new Windows 10 “Redstone 5” test Build 17704 that includes a bunch of new features and removes at least major one: Sets.

Build 17704, which Microsoft released to Fast and Skip Ahead Ring testers on June 27, has several Edge improvements, some new security features and a new addition to the Diagnostic Data Viewer, which is a new feature aimed at improving transparency and privacy around the telemetry data that Microsoft collects.

On the Edge front, Microsoft has enabled video autoplay blocking as of this build. Microsoft also is introducing an Edge “Beta” icon to help users distinguish whether they are using an officially released or test build of Edge. And Microsoft is working to redesign the Edge settings menu with some tweaks as of Build 17704.

Apple – MAPS application being re-built for iOS version 12

For iOS version 12, the MAPS application is being re-built as follows:

Apple is rebuilding Maps from the ground up

After a rough first impression, an apology from the CEO, several years of patching holes with data partnerships and some glimmers of light with long-awaited transit directions and improvements in business, parking and place data, Apple i Maps is still not where it needs to be to be considered a world class service.

Maps needs fixing. Apple, it turns out, is aware of this, so it’s re-building the maps part of Maps.  It’s doing this by using first-party data gathered by iPhones with a privacy-first methodology and its own fleet of cars packed with sensors and cameras. The new product will launch in San Francisco and the Bay Area with the next iOS 12 Beta and will cover Northern California by fall.

Every version of iOS will get the updated maps eventually and they will be more responsive to changes in roadways and construction, more visually rich depending on the specific context they’re viewed in and feature more detailed ground cover, foliage, pools, pedestrian pathways and more.

Security – Cisco warns to patch ASA devices for CVE-2018-0296 exploits

The Cisco Adaptive Security Appliance (ASA) devices patch should be applied promptly due to active development of CVE-2018-0296  exploits

https://www.zdnet.com/article/cisco-patch-now-attackers-are-exploiting-asa-dos-flaw-to-take-down-security/

After observing attacks on customers, Cisco is telling users to install the fix for a recently disclosed denial-of-service flaw affecting a number of its security appliances.  The flaw, tracked as CVE-2018-0296, was detailed in an advisory on June 6 and affects Cisco ASA Software and Cisco Firepower Threat Defense (FTD) Software.

Vulnerable products include 3000 Series Industrial Security Appliance (ISA), ASA 1000V Cloud Firewall, ASA 5500 Series Adaptive Security Appliances, ASA 5500-X Series Next-Generation Firewalls, ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, Adaptive Security Virtual Appliance (ASAv), Firepower 2100 Series Security Appliance, Firepower 4100 Series Security Appliance, Firepower 9300 ASA Security Module, and FTD Virtual (FTDv).

Leadership – Four steps to become a more authentic leader in 2018

The John Maxwell leadership training center shares valuable insight on how to become a more authentic leader in 2018

http://johnmaxwellcompany.com/blog/authentic-leadership-enabling-individuals

Authenticity is not measured only by how we as leaders perform, but also how we allow our employees to perform. Enable your people to work as their authentic selves and watch your product or service come alive. Stifle their creativity and watch your organization hit the wall. As leaders, our job is to learn about our employees and identify how we can get the most out of them. Here are four ways we can do just that:

1. Define Authenticity — Before committing to a more authentic leadership culture, you first must define what that means for your organization. The concept and true source of authenticity are often misunderstood. You cannot call yourself “authentic.” Whether or not you possess this critical characteristic is up to those around you to debate. We must lead by example if we hope to authentically inspire and motivate our people. Control your emotions when you’re on the hot seat.

2. Channel Your Self-Awareness — When is the last time you channeled your self-awareness into tangible action? When you become cognizant of where you stand in the eyes of your employees, you unlock a whole new world of potential opportunity to develop the leadership skills of those around you. That’s because authentic leaders use awareness of their own strengths, weaknesses and emotional tendencies to identify the same characteristics in others.

3. Master the ‘Permission’ Level of Leadership — When a leader learns to function on the Permission level, people actually start to follow them. Not because they have the title of manager or executive, but because the leader begins to influence people by building relationships with them. Doing so develops a foundation for effective leadership and de-silos an organization’s infrastructure.

4. Find Common Ground — As an executive leader, there are projects and plans that you must control. There are others that call for close collaboration with your team. A truly authentic leader trusts his or her followers to perform, and gives them the leeway to make mistakes. Without this flexibility and open-mindedness, employee retention issues find their way into the conversation. People want to work for those they trust – and those who show trust in them.

Microsoft Outlook – Do not Disturb setting on Android and iOS

Microsoft Outlook is now testing a “Do not Disturb” feature setting on Android and iOS as shared below:

Outlook Now Lets You Avoid Distractions on Android and iOS

 

Microsoft is testing a new update for Outlook on Android and iOS that will help users reduce distractions. The company is introducing an in-app Do Not Disturb feature that will let you turn off notifications for new emails and events when you want to focus on work or life.

The new Do Not Disturb lets you mute notifications for an hour, until the next day, during events, during work hours, and more importantly, during weekends. This means you can get your mind off work when you are enjoying your weekends, and don’t have to worry much about an upcoming project deadline, or something similar.

Microsoft is also updating some of the other Office 365 apps on mobile — Word now shows word count when you scroll on Android and iOS, you can now share images from PowerPoint on Android, you can now view comments and notes on PowerPoint for Android, delete contacts on Outlook for Android, and sync draft emails on Outlook for iOS. All available with the latest updates for Office Insiders.

Malware – Cryptocurrency miners use 50 percent less CPU to evade detection

The SANS ISC shares a new design for Cryptocurrency miners, which use 50 percent less CPU. This change allows them to run more transparently, where this malware is less likely to be detected by users.

https://isc.sans.edu/forums/diary/New+and+Improved+Cryptominers+Now+with+50+less+Greed/23812/

Cryptominers are still all the rage. I really wish that attackers would actually come up with a new scheme to make money so life will be more interesting. But then again, sometimes it is nice if security is a bit boring and not too exciting. The latest cryptocoin miners I have seen try to make it a bit more difficult to detect them by being less greedy and not asking for all the CPU cycles at once. They also take better advantage of some newer CPU features like AES support. This particular sample starts out, like so many of them, with a Struts exploit. I highlighted the “interesting” part in red below.

Data Breach – Adidas Website Hacked JUNE 2018

Adidas has promptly disclosed their website has been compromised, but no credit cards or health records were accessed.  They are working with authorities to contain and mitigate this data breach:

https://www.pcmag.com/news/362173/adidas-website-hacked-millions-of-us-customer-details-stole

On Tuesday, Adidas discovered that its US website had been hacked and an unauthorized party had accessed customers data. Millions of customer records have been stolen, but thankfully no credit card details were taken. As Bloomberg reports, Adidas discovered “an unauthorized party” had gained access to its servers and stolen data on June 26. Customers were informed yesterday and the full extent of the breach is still being investigated. So far, Adidas believes contact information, usernames, and encrypted passwords were taken for “a few million consumers.”

Thankfully, it looks as though payment information including credit card details, and health data were not accessed. However, if you’ve purchased products from the Adidas US websites there’s a chance your contact details have been leaked and Adidas will be contacting you. In the meantime, it’s worth changing the password for your Adidas account as a precaution.

In a statement the company said, “Adidas is committed to the privacy and security of its consumers’ personal data. Adidas immediately began taking steps to determine the scope of the issue and to alert relevant consumers. Adidas is working with leading data security firms and law enforcement authorities to investigate the issue.”

FBI – Health Care fraud of over 2 billion dollars JUNE 2018

The FBI shares an article related to $2 billion in Health Care fraud based on fake billing and other scams 

https://www.fbi.gov/news/stories/national-health-care-fraud-takedown-062818

FBI Deputy Director David Bowdich took part in a press conference today with U.S. Attorney General Jeff Sessions, Health and Human Services (HHS) Secretary Alex Azar III, and other federal officials to announce a nationwide health care fraud and opioid takedown that has resulted in charges against 601 defendants around the country, along with a total of more than $2 billion in fraud losses.

This takedown, the largest health care enforcement action taken to date by the joint Department of Justice and HHS Medicare Fraud Strike Force, involved numerous federal and state agencies working together on the front lines in the fight against health care fraud. “But our work is not finished—we are just getting started,” said Sessions. “We will continue to find, arrest, prosecute, convict, and incarcerate fraudsters and drug dealers, wherever they are.”

The charges announced today aggressively targeted schemes billing Medicare, Medicaid, TRICARE (a health insurance program for members and veterans of the armed forces and family members), and private insurance companies. Some of these schemes involved medically unnecessary prescription drugs and compounded medications that were often never even purchased and/or distributed to beneficiaries. In other cases, patient recruiters, beneficiaries, and other co-conspirators were allegedly paid cash kickbacks in return for supplying beneficiary information to providers, so that the providers could then submit fraudulent bills for services that were medically unnecessary or never performed.

Project Management – Managing Innovation in 2018

Dr. Harold Kerzner, International Institute for Learning, Inc. (IIL), shares that innovation is required today, as companies cannot grow from cost reduction and reengineering efforts alone

https://blog.iil.com/innovation-project-management/

Companies need growth for survival. Companies cannot grow simply through cost reduction and reengineering efforts. Companies are recognizing that brand loyalty accompanied by a higher level of quality does not always equate to customer retention unless supported by some innovations.

According to management guru Peter Drucker, there are only two sources for growth: marketing and innovation. Innovation is often viewed as the Holy Grail of business and the primary driver for growth. Innovation forces companies to adapt to an ever-changing environment and to be able to take advantage of opportunities as they arise.

Companies are also aware that their competitors will eventually come to market with new products and services that will make some existing products and services obsolete, causing the competitive environment to change. Continuous innovation is needed, regardless of current economic conditions, to provide a firm with a sustainable competitive advantage and to differentiate themselves from their competitors. The question, of course, is “How do we manage innovation needs?”

Innovation requires:

* An acceptance of significant risk, more so than in traditional project management
* A great deal of uncertainty
* A focus on strategic goals and possibly no business case exists
* Unknown constraints and assumptions that continuously change
* Decision making in an unfamiliar landscape
* A creative mindset
* Collaboration across all enterprise organizational boundaries
* Significant interfacing with customers in every market segment
* A different leadership style than with traditional project management
* A set of tools different than what is being taught in traditional project management courses

Some tools typically used when managing innovation include:

* Design thinking
* Storytelling
* Decision-making flow charts
* Value proposition
* Business model thinking
* Wall of ideas with post-it notes
* Ideation
* Prototyping, perhaps continuously

Windows 10 – Windows Sets TAB interface postponed in Redstone 5

The Windows 10 FALL 2018 feature release will not include the new “Windows Sets” tabular interface as shared below:

https://arstechnica.com/gadgets/2018/06/windows-sets-tabs-in-every-window-feature-wont-be-in-the-next-big-update/

Windows Sets is a new Windows interface feature that was first previewed in November 2017 and will make every window into a tabbed window—has been removed from the latest Insider Preview build of Windows 10. Moreover, the Verge is reporting that the feature won’t be coming back in this year’s next major update, due in October.

The promise of Sets is certainly high. Putting tabs in every window is a way of solving certain long-standing requests, such as the demand for tabs in Explorer. But Sets went far beyond this, allowing collections of different applications to be grouped together with tabs to switch them. As such, Sets became a way of managing one’s workspace, allowing you to combine, say, a Word window of a school paper with the online resources that you’re using to write the paper.

The next version of Windows, likely to be version 1809 with the codename “Redstone 5,” is also going to be a special release. Version 1809 is going to be blessed as a long-term support channel (LTSC) release, meaning that instead of 18 months of patches and support, it’ll receive the traditional 10 years of support and security fixes. If it weren’t an LTSC release, one might expect Microsoft to release a first iteration of Sets—for example, a Sets that only worked with modern applications built using the UWP API along with Win32 applications that used standard title bars.

Microsoft says that it’s still working on improving the Sets experience and that the feature isn’t gone for good. But Sets looks like it needs more time in development than is available.