Computer Safety & News

Key links for this key virtual conference are noted below:

Microsoft Build 2022: 10 Key Products Hitting General Availability — Redmondmag.com

Microsoft Build 2022

https://mybuild.microsoft.com

Microsoft’s annual Build conference for developers kicked off on Tuesday as a virtual event with the usual deluge of product announcements. Below we’ve distilled Microsoft’s lengthy “Book of News” to spotlight the general availability release milestones of 10 of the most interesting Microsoft technologies for IT pros and developers.

1. Single-Node Azure Stack HCI
2. Microsoft Intelligent Data Platform
3. Azure Container Apps
4. .NET MAUI
5. Teams Toolkit for Visual Studio Code
6. Azure DCsv3 VMs with Intel Software Guard Extensions
7. Azure Communication Services Mobile UI Library
8. Azure App Service Landing Zone Accelerator
9. Service Bus Explorer in Azure Portal
10. MySQL Flexible Server ‘Business Critical’ Tier

An improved version of OneNote will integrate classic & modern designs into a single product in forthcoming future release

Microsoft’s New OneNote for Windows Looks Great (howtogeek.com)

Microsoft confirmed last year that it was merging the modern (“OneNote for Windows 10”) and classic (Win32) OneNote applications on Windows into one combined application, and now the company has detailed its recent and upcoming changes.   The updated OneNote app has a similar layout as the classic OneNote app, but with a completely refreshed look and feel to match Windows 11 (and Microsoft’s other modern apps). There’s still a ribbon interface at the top with tabs for switching between tools, just like all the other Office applications. For anyone used to the simpler view in OneNote for Windows 11, there’s a toggle to switch to a simplified ribbon with fewer buttons.

As crime does not pay long term, a major arrest has just occurred for the leader of a major Nigerian cybercrime group

Interpol Nabs Nigerian Man Behind Massive Email Phishing Campaigns | PCMag

Suspected head of cybercrime gang arrested in Nigeria (interpol.int)

The unnamed 37-year-old suspect allegedly launched phishing schemes and business email compromise attacks on thousands of companies and individual victims.  Interpol identified the head of a Nigerian cybercrime gang responsible for launching phishing email attacks on four continents.  Interpol arrested the 37-year-old Nigerian man with the help of local police in his country and IT security firms, including Palo Alto Networks, Group-IB, and Trend Micro. The unnamed man allegedly orchestrated phishing attacks and business email compromise schemes targeting thousands of companies and individual users, according to Group-IB.

Palo Alto Networks added it was able to identify 240 internet domains the Nigerian man allegedly used in his phishing schemes. “Of that number, over 50 were used to provide command and control for malware. Most notably, this actor falsely provided a street address in New York City associated with a major financial institution when registering his malicious domains,” the company wrote in its report.

The FTC shares an awareness of active scams, while baby formula supply is in process of being increased.  As some parents may be desperate for needed supplies, scammers can unfortunately take advantage of folks.  Please be careful in only using safe & reliable mainstream resources. 

Not enough baby formula means plenty of scammers | Consumer Advice (ftc.gov)

Scammers exploiting the high demand for baby formula have sunk to new lows. They’re popping up online and tricking desperate parents and caregivers into paying steep prices for formula that never arrives.  Scammers may set up fake websites or profiles on social media platforms with product images and logos of well-known formula brands — all to make you think you’re buying products from the companies’ official websites.

Best practices to avoid SCAM attacks

• Check out the company or product by typing its name in a search engine with terms like “review,” “complaint,” or “scam.” See what other people say about it.
• Consider how you pay. Credit cards often give you the strongest protections, so you can sometimes get your money back if you ordered something but didn’t get it. But anyone who demands payment by gift card, money transfer, or cryptocurrency is a scammer.
• Know your rights. When you shop online, sellers are supposed to ship your order within the time stated in their ads, or within 30 days if the ads don’t give a time. If a seller can’t ship within the promised time, it has to give you a revised shipping date, with the chance to either cancel your order for a full refund or accept the new shipping date.
• Search for local resources. Call your pediatrician to see if they have formula in stock. Pediatricians often get samples of different formulas and may be able to help. If you are a participant in the Women, Infants and Children (WIC) nutrition assistance program, contact your local office to find formula.

The FTC shares an awareness of scam approaches for those seeking employment … never pay for special services offered as noted in awareness below

Applying for jobs? Be on the lookout for scams | Consumer Advice (ftc.gov)

You might have just graduated from college, but there’s still more to learn when you’re on the job hunt. Not every posting or job recruiter is legit. Learn how to spot the scams.  We’ve been getting reports about a scam that starts out with a job recruiter reaching out to ask for your resume. Sounds normal — right?   Well, that’s where “normal” ends. After you send that over, you’re told that the format is “incompatible.” The next thing you know, you’re asked to send your resume to a website to “reformat” it — for a fee. In other words, they’re asking you to pay for a job.

To avoid job scams

• Do an online search. Look up the name of the company or the person who’s hiring you, plus the words “scam,” “review,” or “complaint.” You might find out they’ve scammed other people.
• Talk to someone you trust. Describe the offer to them. What do they think? You don’t want to be rushed into a decision.
• Don’t pay for the promise of a job. Legitimate employers, including the federal government, will never ask you to pay to get a job. Anyone who does is a scammer.

Ransomware-as-a-service (RaaS) is a new targeted mode where attackers manually gradually gain access to network rather than users clicking on an infected file, attachment, or web link,  Using social engineering, targeted attacks & hacking the “bad guys” can eventually gain access to the network & deploy their payloads more effectively.  This is a dangerous & popular mode of attack & Microsoft provides an in-depth research report

Microsoft Offers Extensive Advice To Address Human-Operated Ransomware Threats — Redmondmag.com

Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself – Microsoft Security Blog

Within this category of threats, Microsoft has been tracking the trend in the ransomware-as-a-service (RaaS) gig economy, called human-operated ransomware, which remains one of the most impactful threats to organizations. We coined the industry term “human-operated ransomware” to clarify that these threats are driven by humans who make decisions at every stage of their attacks based on what they find in their target’s network.

Unlike the broad targeting and opportunistic approach of earlier ransomware infections, attackers behind these human-operated campaigns vary their attack patterns depending on their discoveries—for example, a security product that isn‘t configured to prevent tampering or a service that’s running as a highly privileged account like a domain admin. Attackers can use those weaknesses to elevate their privileges to steal even more valuable data, leading to a bigger payout for them—with no guarantee they’ll leave their target environment once they’ve been paid. Attackers are also often more determined to stay on a network once they gain access and sometimes repeatedly monetize that access with additional attacks using different malware or ransomware payloads if they aren’t successfully evicted.

1. How RaaS redefines our understanding of ransomware incidents
   • The RaaS affiliate model explained
   • Access for sale and mercurial targeting
2. “Human-operated” means human decisions
   • Exfiltration and double extortion
   • Persistent and sneaky access methods
3. Threat actors and campaigns deep dive: Threat intelligence-driven response to human-operated ransomware attacks
4. Defending against ransomware: Moving beyond protection by detection
   • Building credential hygiene
   • Auditing credential exposure
   • Prioritizing deployment of Active Directory updates
   • Cloud hardening
   • Addressing security blind spots
   • Reducing the attack surface
   • Hardening internet-facing assets and understanding your perimeter

All home & corporate users should ensure high levels of safety in privacy.  The link below shares how to tune the Privacy Dashboard to harden settings for WIN10 or WIN11

How to Protect Your Privacy in Windows | PCMag

After you’ve set up and started using Windows 10 or 11, you should review your privacy settings. In Windows 10, go to Settings > Privacy. In Windows 11, go to Settings > Privacy & security. Most of the categories and settings for privacy are the same in Windows 10 and 11, however, there are a few differences here and there.

Many older users past 70 never grew up with computers & FTC is promoting best practices to avoid romance & other scams  where targeting occurs.  If it’s too good to be true, one should treat email or ad links as if it were a telemarketing call.  All users should be cautious as billions of $$$ have be lost online.

Avoid a scammer’s money grab during Older Americans Month | Consumer Advice (ftc.gov)

Scammers use lots of different tactics — stories about grandchildren in distress, million-dollar prizes, a romantic future, or a business deal — to try to steal peoples’ money. Scammers may demand payment by wire transfers, gift cards, and cryptocurrency — methods that transfer funds quickly and anonymously.  During Older Americans Month, the Consumer Financial Protection Bureau and the Federal Trade Commission are partnering together to help older adults and their families and friends know what to do if someone demands payment by these methods, and where to report fraud.

To protect against scams and fraud

• • Don’t wire money. Wiring money is like sending cash. Once you send it, you usually can’t get it back. Don’t wire money even if someone sends you a check, tells you to deposit it, and wire some of the money back to them. That’s a fake check scam, and the bank will want you to repay the money you withdrew and sent. That may also be a money mule scam that will involve you in moving stolen money.

• • Don’t pay with a gift card. Gift cards are for gifts. As soon as you tell someone the numbers on the back of the gift card, they get control of the card and your money is gone forever. No legitimate business or government agency will insist that you pay with a gift card.

• • Don’t pay with cryptocurrency. If someone requires you to pay for something with Bitcoin, Ether, or some other type of cryptocurrency, they’re probably a scammer. Cryptocurrency payments don’t come with legal protections. If you pay with cryptocurrency, you usually can’t get your money back unless the person you paid sends it back.

• • Report fraud to the FTC. If you’re contacted by someone telling you to pay or send money using these methods, please tell the FTC about it at ftc.gov. The information you share can help protect your community from fraud, scams, and bad business practices.

Google Chat has been enhanced recently to warn users before they click on suspicious links. 

https://www.pcmag.com/news/google-chat-is-warning-users-about-suspicious-links

Google Workspace Updates: New banners in Google Chat protect against malicious links (googleblog.com)

Learn how Google Chat protects you – Google Chat Help

In Google Chat, you’ll see banners warning against potential phishing and malware messages coming from users with personal Google Accounts. These warning banners, which are already available in Gmail and Google Drive, help protect users against malicious actors, keeping data safe. In Gmail, warning banners are displayed when responding to emails sent from outside of your organization. Now, Android warning banners are also displayed as you add new external recipients. Admins can turn these specific warning labels on or off for their organization.

 128 Laptops were recently evaluated by PC Magazine — in a timely article for the start of college in Fall 2022.  Models are categorized by the types of needs students may have (graphics, computer science, general studies, etc).

2022 Grad’s Guide: The Best Laptop for Each Type of Graduate | PCMag

If you’re ready to trade your cap and gown in for business-casual (or sweatpants and slippers, for those of you planning on working at home), one of the biggest questions you might be asking yourself is, “Which laptop should I get?” As you embark on the first leg of your professional journey, it pays to be properly equipped, so we looked at several of the top graduating majors and the technical needs for each.

Simply asking “What’s the best laptop for a college graduate?” doesn’t narrow things down very much, though. According to college advising website MyMajors.com(Opens in a new window), the list of common college majors has more than 1,800 different areas of study, from Agriculture to Visual and Performing Arts.  So we turn to data, not only to see the most popular majors and professions, but how many find themselves wondering what’s the best laptop for their type of work. According to both graduation statistics and search volume, here are the seven most popular fields that require computers tailored to their specific needs.