For a limited time, take any Microsoft Certified Professional (MCP) exam, and get a free retake if you don’t pass!
Monday, December 14, 2015
Microsoft offers free Second Shot on test
Act now to get a free Second Shot
For a limited time, take any Microsoft Certified Professional (MCP) exam, and get a free retake if you don’t pass!
For a limited time, take any Microsoft Certified Professional (MCP) exam, and get a free retake if you don’t pass!
Microsoft OneDrive update
News from Microsoft about OneDrive
- Subscribers to Office 365 non-business editions (Home, Personal, and University), will receive 1 TB of OneDrive storage per user. For the small number of OneDrive users who had their storage allotment boosted to 10 TB and have used some or all of that space, the extra storage will continue to be available for at least 12 months. A full refund is available for any customer who isn't satisfied with that decision.
- Anyone with a free OneDrive account who currently has more than 5 GB of content stored will receive one free year of Office 365 Personal, which includes 1 TB of storage. This offer will arrive via email early next year.
- For OneDrive customers who currently have a 15 GB free storage allotment and a 15 GB camera roll bonus, Microsoft is offering to preserve those features, but only for those who opt in using this link, which is valid until January 31, 2016.
- All OneDrive customers with free accounts who do not opt in to the loyalty offer will see their free storage cut to 5 GB and the camera roll bonus will disappear.
Technorati
Tags: One Drive Update and 15 gig free for camera roll
Monday, November 30, 2015
Free Live training at Microsoft NYC on Azure
Azure Certification Jump Start – Free Event
70-534 Architecting Microsoft Azure Solutions
Join this training for a full day focused on architecting Microsoft Azure systems and solutions. You'll also discover what's required to pass the MCP Azure Certification exam.
We'll cover all the exam objectives, including PowerShell, through live demos, hands-on labs and discussions, and we will tailor the agenda to fit your needs and concerns. View detailed agenda
Everyone who attends will receive a copy of the Microsoft Press guide, 70-534 Exam Reference: Architecting Microsoft Azure Solutions (co-authored by Dan and a $40 value). The event also includes breakfast, lunch, and drinks during the social hour — all at no cost to you, thanks to our generous sponsors.
Dec 7th 2015 – Microsoft –
11 Times Square NYC, NY
Schedule is
8:00 Registration, Breakfast, Networking and say thanks to our sponsors
8:30 Sharp: 70-534 Introduction & Exam Tips and Tricks (Don’t be late!!!!)
9:15 Design Microsoft Azure infrastructure and networking (15–20%)
10:15 Secure resources (15–20%)
11:15 Design websites (15–20%)
12:00 Lunch & Meet Sponsors & Networking
1:00 Labs & Special Tribute (Hands-On-Labs - Bring your laptops & Power)
1:45 Design an application storage and data access strategy (15–20%)
2:45 Design an advanced application (15–20%)
3:45 Design a management, monitoring, and business continuity strategy (15–20%)
– hardest module plan on staying
5:15 Evaluations, Book Signing and Social
Registration at: http://aka.ms/70-534
Saturday, November 7, 2015
Phone Security
I been seeing issues with phone recently and though I would talk about them… You might forget that a Smartphone today is much more powerful that the pc you use 10 years ago. But how do you protect them?
I seen over and over again phone with anti-virus or malware protection. You would not do that on PC why not protect your phone.
In the last few week I blogged about Problems with IPhones, and Android devices.. But wait there much more to worry about ….
Per Michael Bentley at lookout blog
Lookout has detected over 20,000 samples of this type of trojanized adware masquerading as legitimate top applications, including Candy Crush, Facebook, GoogleNow, NYTimes, Okta, Snapchat, Twitter, WhatsApp, and many others.
Over the past year, Lookout has studied three interconnected families of adware. Lookout discovered the family Shuanet, which, like all of these families, auto-roots the device and hides in the system directory. Kemoge, or what we call ShiftyBug, recently made headlines for rooting the victim’s device and installing secondary payload apps. Another family, Shedun, also referred to as GhostPush, is yet another example of this trojanized adware. While many classify these as simple “adware,” these families are trojans.
Together, the three are responsible for over 20,000 repackaged apps, including Okta’s two-factor authentication app. We are in contact with Okta regarding this malicious repackaging of its app.
The repercussions
For individuals, getting infected with Shedun, Shuanet, and ShiftyBug might mean a trip to the store to buy a new phone. Because these pieces of adware root the device and install themselves as system applications, they become nearly impossible to remove, usually forcing victims to replace their device in order to regain normalcy.
For enterprises, having rooted devices on the network is a concern, especially if those devices were rooted by a repackaged version of a legitimate and popular enterprise app. In this rooted state, an everyday victim won’t have the proper interface to control what apps on the phone request root access. The problem here is that these apps may gain access to data they shouldn’t have access to, given their escalated privileges.
With just a quick search for “malware” on this site you can find many stories about this topic. According to internet security firm McAfee, instances of mobile malware have increased by as much as 700 percent since 2011. It’s time to set things straight once and for all. This is the truth about Android malware.
Less you think IPhone are secure, a new Malware app called YiSpecter, the was discovered by security company Palo Alto Networks, the same entity that first detailed the XcodeGhost hack.
YiSpecter can infiltrate any iOS device via a variety of means, posing as a genuine Apple-signed app once installed. Once on your iOS device, the app can then make itself invisible to the user by disguising itself as an actual iOS app, or hiding itself from the home screen – which means the user has no means of deleting it.
“On infected iOS devices, YiSpecter can download, install and launch arbitrary iOS apps, replace existing apps with those it downloads, hijack other apps’ execution to display advertisements, change Safari’s default search engine, bookmarks and opened pages, and upload device information to the C2 [command and control] server,” the researchers revealed.
Even if manually deleted, the malware will automatically re-appear.
Software for a Phone like Lookout for IOS devices or Android will help protect you NOW before you compromise your device
Get and use AV protection for your phone
I like Lookout but there are other vendors that you can choose. but do nothing and it only time till you download something that take over your device
Tuesday, November 3, 2015
2015 Microsoft Expert Series: The Future of Security in the Cloud
When
Where
In just the past 12 months, the breadth and cost of data breaches have increased significantly.
In the wake of seemingly unrelenting security failures at organizations of all sizes, from Anthem and OPM to Ubiquity and the IRS, CIOs and CISOs are being asked to create and enforce security programs that can effectively protect their data and reputations. In seeking to balance security against productivity, how can organizations remain nimble without compromising their security posture, especially with highly collaborative cloud tools and platforms? What new trends will dominate minds and budgets in the months to come?
Join us for an evening of lively conversation and diverse perspective on the future of security in the cloud, hosted at Microsoft’s exclusive Technology Center at 11 Times Square, New York, NY. Our featured keynote speaker will be Harold Moss, Senior Director of Security Strategy at Akamai.
Please note that registration is required, as no walk-ins will be allowed by building security.
All proceeds will be donated to the Food Bank for NYC, the city’s major hunger-relief organization
To register go here
Technorati Tags: 2015 Microsoft Expert Series,The Future of Security in the Cloud
Thursday, October 8, 2015
Windows 10 Enterprise for IT Pros free live webcast
The MVP Award Program and the Windows IT Pro teams are pleased to offer a *free* live webcast, as part of a global community event, to provide first hand guidance about Windows 10 Enterprise for IT Pros. Join Microsoft MVPs as they take you through topics such an overview of the Windows 10 Enterprise, Windows Security, Windows as a Service, Windows Deployment, Windows Management & Store, and Windows Networking. Hope you are able to join us! This webcast is a great opportunity for you to learn and also participate live in Q&A session with some of the top Windows IT Pro experts.
Learn more about Windows 10!
The Windows team is empowering the MVPs with technical content and a specific private training so each MVP delivering the session is fully equipped with content, and guidance to better support you as an attendee of the webcast. We hope you are able to join us in this global community event!
I will be one of the MVP presenting
Topics include
To register click HERE
Do you own Microsoft Press
Go digital and save 90%
For a limited time, tell us what Microsoft Press book is on your shelf and receive a special discount code to save 90% on the multi-format eBook edition!
Locate the ISBN on your book’s copyright page or back cover to get started. A unique code will be displayed on screen after you submit this form.
Please note: Products submitted for this special offer will not be listed as registered products in your microsoftpressstore.com account. For additional benefits, register your book today.
I just found this on Microsoft Site..
Technorati Tags: Microsoft Press book discount code to add digital version
Friday, October 2, 2015
2015 NY Metro Joint Cyber Security Workshop “PowerShell for Auditing and Security”
Spotlight on “PowerShell for Auditing and Security.” workshop speaker Guy Herman
PowerShell for Auditing and Security
PowerShell is a remarkably powerful tool that can be used by administrators to automate many aspects of their environment. PowerShell really starts to shine when used to audit and secure a Microsoft Windows ecosystem. Starting with an introduction to PowerShell, this brief overview explores PowerShell and exposes how it can be used to help secure Windows. This one-day session covers PowerShell from beginning to end, exposing participants to the wide range of tools available through PowerShell.
Starting with the basics of using the shell and cmdlets along with the included help system, we examine the command syntax, command discovery, and how to work with the PowerShell Pipeline. We then progress into some of the many things you can do with PowerShell right now to audit and secure your environment. We then delve into some of the more sophisticated aspects of PowerShell and how it can be best used by Windows Administrators. You will be exposed to the Desired State Configuration tool, as well as Best Practices and specialized techniques for auditing and securing your environment.
This session is packed full of Hands-On-Labs to demonstrate just how easy to use and powerful PowerShell really is:
- Lab: Configuring Windows PowerShell
- · PowerShell Console Application
- · PowerShell ISE Application
- Lab: Finding and Running Basic Commands
- · Finding Commands
- · Running Commands
- · Using "About" Files
- Lab: Using the Pipeline
- · Selecting and Sorting Data
- Lab: Converting, Exporting, and Importing Objects
- · Converting Objects
- · Importing and Exporting Objects
- Lab: Filtering Objects
- · Filtering Objects
- Lab: Enumerating Objects
- · Enumerating Objects
- Lab: Working with Pipeline Parameter Binding
- · Predicting Pipeline Behavior
- Lab : Formatting Output
- · Formatting Command Output
- · Reproducing Specified Output
- Lab : Working with WMI and CIM
- · Querying Information by Using WMI
- · Querying Information by Using CIM
- · Invoking Methods
- Lab : Moving From Command to Script
- · Test the Command
- · Parameterize Changing Values
- · Add Verbose Output
- · Add Comment-Based Help
- Lab : Moving From Script to Function to Module
- · Convert the Script to a Function
- · Save the Script as a Script Module
- · Add Debugging Breakpoints
- Lab : Implementing Basic Error Handling
- · Add Error Handling to a Function
- · Add Error Handling to a New Function
- Lab : Creating an Advanced Function
- · Test an Existing Command
- · Create a Parameterized Function
- · Handle Multiple Targets
- · Add Error Handling
- Lab : Using Basic Remoting
- · Enable Remoting on the Local Computer
- · Performing One-to-One Remoting
- · Performing One-to-Many Remoting
- Lab : Using Remoting Sessions
- · Using Implicit Remoting
- · Multicomputer Management
- Lab: Desired State Configuration
- · Enabling or disabling server roles and features (like IIS)
- · Managing registry settings
- · Managing files and directories
- · Starting, stopping, and managing processes and services
- · Managing groups and user accounts
- · Managing environment variables
- Lab : Documenting Servers and Workstations
- · Finding the Right Script
- · Performing the Inventory
- Lab : Auditing User Passwords
Come and learn what PowerShell can do for you, and how you can use it to audit and secure your Windows ecosystem.
This session will be offered as a pre-conference workshop on Tuesday, October 13th at
NY Seminar and Conference Center
71 West 23rd Street
Chelsea Center
New York City, NY 10010
Register here this will sell out and no walking will be allowed
Thursday, October 1, 2015
2015 NY Metro Joint Cyber Security Workshop “Wireless Shock and Awe” Be worried about what exposed via Wireless
Instructor: Tim Singletary, Technical Director, Cyber Security Services, Harris Inc.
The ease of use, mobility, and convenience has made wireless technologies not only prevalent but the defacto standard for most individuals as well as corporate America. Wireless throughout the years has not become magically secure just because it is more often used than not. Both companies and individuals are at risk of many variants of wireless attacks, from basic war driving to rogue access points.
From smartphones, tablets, wearables, to the IOT (Internet of Things), wireless technologies have taken over both consumers and corporate America. Knowing the types of attacks and inherent weaknesses and vulnerabilities of wireless networks is half the battle, in keeping both your personal and corporate information secure and away from prying eyes.
In this presentation we will talk about issues within wireless technologies that every individual using wireless should know. We will see firsthand demonstrations of weaknesses in wireless and how to mitigate those risks and protect critical resources (personal and corporate)
Deployments of wireless LANs (WLANs) are being used today more and more in our business and home use. While this technology has made it easy to create a mobile workforce, it has some security issues that we need to deal with. In this session you will learn about Wireless technologies include WI-FI, Bluetooth, IRDA, 3g/4g., How they works, what are the risks to you data and company.
Most enterprises have some degree of wireless connectivity to their networks. Even if wireless technology is not formally sanctioned or supported by the IT organization, the end user community may have installed some wireless devices. Such widespread use of wireless technology may present substantial risk to the organization, not only to the wireless network but also to the wired network. WLANs eliminate physical barriers that have traditionally been used to separate trusted internal network traffic from unauthorized users outside of the organization, and therefore present an appealing target for attackers. You will learn about WEP, WPA1, WAP2, TKIP, Preshared Key, AES, and use of cryptographic techniques that you will use to you design and security of your network. The session will then demonstrate how security is so important by breaking in to wireless networks.
This session will be offered as a pre-conference workshop on Tuesday, October 13th at
NY Seminar and Conference Center
71 West 23rd Street
Chelsea Center
New York City, NY 10010
Register here this will sell out and no walking will be allowed.
Tuesday, September 29, 2015
2015 NY Metro Joint Cyber Security Workshop “All your data belongs to us.”
Spotlight on “All your data belongs to us.” workshop speaker Chris Roberts
“All your data belongs to us.”
This simple statement is becoming more of a reality as both technologies accelerate and we (the soggy human element) get left behind. The variety of means and methods for storing and transmitting data have increased exponentially over the past few years and the tidal wave that is the Internet of Things (or IofE) is set to continue that trend. We have found ever-inventive means for distributing our data and our very lives across the electronic spectrum that we no longer really understand the extent of the saturation. This trend is not constrained to our personal lives as those delineation marks between personal and “work” have significantly blurred with both society and technological shifts. It is these traits among others that make the art of human engineering and intelligence gathering so much more involved.
Outline:
- We have simply become walking attack vectors…
- Digital footprints, what are they, why are we talking about feet and what use are they to us as we work through the masses of data?
- We are going to take a look at the core of an organization…its data. We will strip away the misconceptions that the data still is in the control of the organization and begin to understand WHERE the data is, HOW it got there and how WE can access it, learn from it and ultimately use it against our intended targets.
- Targeting and attack vectors, looking beyond the perimeter. Reviewing an organizations structure, it’s VAR’s, partners, suppliers and other entities that are either trusted or shared resource entities.
- We all love the IT department, the developers and the resources they use without thinking.
- When YOU and YOUR work bleeds into your personal life...and the reverse. Why your E-Mail is one of the best fingerprints you leave behind. Why your HOA or your kids soccer team should never have your company mail address.
- Targeting it outside of the borders, how much easier it is to attack in certain territories.
- What public tools are out there, how GoogleFu is good, but not always adequate.
- CLEAR/LEXIS NEXIS, what data can you gather from there vs. other entities, what works and what needs supplemental sources. At this point we’ll take a look at the other options open to individuals doing their own research.
- The Darker side of the Internet, what it is, how to get to it and how useful it CAN be (if only the Feds would stop closing down sites!)
- Making sure the DarkNet doesn’t follow you home, HOW to search, what tools to use and when to throw the computer away… The art of the VM and how to anonymize yourself.
- All this and we’ve yet to actually “touch” the company, no CFA violations, no laws bent and nothing that’s going to show up on the radar…all this legally done, above board and simply piecing together the jigsaw. We now have our target, our attack vectors and our plans, what’s next?
- Reversing the mindset, how we can take ALL of this and use it in a defensive manner, how to actually be PROACTIVE in security and start to consider the preemptive capabilities of intelligence gathering in the commercial world.
This session will be offered as a pre-conference workshop on Tuesday, October 13th at
NY Seminar and Conference Center
71 West 23rd Street
Chelsea Center
New York City, NY 10010
Register here this will sell out and no walking will be allowed.
Friday, September 25, 2015
2015 NY Metro Joint Cyber Conference Wednesday October 15. 2015
Sponsored by InfraGard ∴ ISACA ∴ (ISC)2 ∴ ISSA ∴ OWASP ∴ HTCIA ∴ ACFE .
The conference will be opened with a keynote address by Tim Rains, Chief Security Advisor, WW Cybersecurity & Data Protection, Enterprise & Partner Group, Microsoft Corporation followed with a keynote by Ron Ross, Fellow at the National Institute of Standards and Technology (NIST).
You can and should register here this will sell out and no walking will be allowed
The event will be held at
Microsoft NYC Office
11 Times Square, New York City, NY
The schedule includes
You can and should register here this will sell out and no walking will be allowed
2015 NY Metro Joint Cyber Security Workshop Classes
Sponsored by InfraGard ∴ ISACA ∴ (ISC)2 ∴ ISSA ∴ OWASP ∴ HTCIA ∴ ACFE
NYMJCSC is also offering a pre-conference workshop on Tuesday, October 13th featuring four in-depth full-day hands-on classroom-style educational courses to expand your knowledge and foster security discussions.
Register here this will sell out and no walking will be allowed.
Workshops will be offered at
NY Seminar and Conference Center
71 West 23rd Street
Chelsea Center
New York City, NY 10010
Workshop 1: PowerShell for Auditors
Speaker Guy Hermann
Hand on PowerShell for IT security and auditors ... requires BYOD Instructor: Guy Hermann PowerShell is a remarkably powerful tool that can be used by administrators to automate many aspects of their environment. PowerShell really starts to shine when used to audit and secure a Microsoft Windows ecosystem. Starting with an introduction to PowerShell, this brief overview explores PowerShell and exposes how it can be used to help secure Windows. This one-day session covers PowerShell from beginning to end, exposing participants to the wide range of tools available through PowerShell.
Workshop 2: Wireless Shock and Awe
Speaker Tim Singletary
Be worried about what exposed via Wireless Instructor: Tim Singletary The ease of use, mobility, and convenience has made wireless technologies not only prevalent but the defacto standard for most individuals as well as corporate America. Wireless throughout the years has not become magically secure just because it is more often used than not. Both companies and individuals are at risk of many variants of wireless attacks, from basic war driving to rogue access points.
Workshop 3: Privacy and the Dark Net
Speaker Chris Roberts
What the Internet knows about you and your company
Workshop 4: Application Security
Speakers
Tom Brennan, Ken Belva, Vladislav Gostomelsky
Part 1: Take a tour of the OWASP foundation:
Part 2: Live hacking demonstration using OWASP ZAP and OWASP WebGoat to find vulnerabilities.
Part 3: Deep dive into specific application threat surfaces.
Register here this will sell out and no walking will be allowed.
Tuesday, September 22, 2015
Apple IOS Apps Hacked are you using apps like Angry Birds 2 there over 85 app that infected with this issue
If you are a user of Apple IOS devices like iPhone and iPad please be aware that legitimate apps in the App Store were made with an infected copy of Xcode .
Xcode is used for developing iOS and OS X apps by developers. If you are a user of Apple IOS devices like iPhone and iPad please be aware that legitimate apps in the App Store were made with an infected copy of Xcode. This malicious code infected an unknown number of iOS apps and reports range from 0v34 80 apps depending on the news media report you read.
If you find you have installed one of the infected apps, the solution is to uninstall the app or update if available and some of the infected have not been replaced and are currently unavailable in the App Store. Once you have removed or updated all the infected apps you should change your iCloud password and any other passwords inputted on your iOS device as a precaution.
http://bgr.com/2015/09/21/app-store-hack-iphone-malware-apps-list/
Technorati Tags: Apple IOS Apps Hacked,Xcode Issue
Friday, September 18, 2015
New Security features in Windows 10
Device Guard relies on Windows 10’s virtualization-based security to allow only trusted applications to run on devices.
Microsoft Device Guard is a feature set that consists of both hardware and software system integrity hardening features that revolutionize the Windows operating system’s security. Windows 10 employs Device Guard as well as code integrity and advanced hardware features such as CPU virtualization extensions, Trusted Platform Module, and second-level address translation to offer comprehensive modern security to its users.
You can learn more about this feature here
Credential Guard protects corporate identities by isolating them in a hardware-based virtual environment. Microsoft isolates critical Windows services in the virtual machine to block attackers from tampering with the kernel and other sensitive processes. The new features rely on the same hypervisor technology already used by Hyper-V.
Credential Guard offers the following features and solutions:
Using hardware-based virtualization to extend whitelisting and protecting credentials. Hardware-Based security has the advantage of platform security features, such as Secure Boot and virtualization to increase security
Microsoft has also fixed the issue that could result in to credential theft attacks, such as Pass-the-Hash or Pass-The-Ticket, with, Credential Guard. This new technology uses virtualization-based security to isolate secrets so that only privileged system software can access them when they are stored on disk or in memory.
You can learn more about Credential Guard here
Windows Hello is a more personal, more secure way to get instant access to your Windows 10 devices using fingerprint, face, or eye recognition. Most PCs with fingerprint readers are ready to use Windows Hello now, and more devices that can recognize your face and iris are coming soon. For face recognition you will need a special camera like the Intel® RealSense™ .
You can learn more about Hello here
Free ebook: Introducing Windows 10 for IT Professionals, Preview Edition
Download all formats (PDF, Mobi and ePub) at the Microsoft Virtual Academy.
July 15, 2015 update: You can now get this eBook with interactive features by downloading the free Microsoft Press Guided Tours app from the Windows Store.
More Free Training From Microsoft
Getting Started with Azure Security for the IT Professional If you're an IT Professional interested in cloud security options you will want to watch this course. Get the information and the confidence you need from Rick Claus and a team of security experts and Azure engineers, as they take you beyond the basic certifications and explore what's possible inside Azure. Find out how to ensure that your cloud solution meets (and exceeds!) your own personal and your organization's bar for security, including industry standards, attestations, and International Organization for Standardization (ISO) certifications.
Click Here for the class
Windows 10: Update for IT Pros
Watch this course as Australia Senior Evangelist, Jeff Alexander explores Windows as a Service, and what it means for your business. He discusses Windows 10 deployment, and the new and updated ways to update devices. You'll learn what's new in management and the Windows Store, the new runtime provisioning feature in Windows 10, and the new era of security features in Windows 10.
Click Here for the Class
Tuesday, September 8, 2015
Cyber Conference Oct. 13-14, 2015 in NYC.
The conference will be opened with a keynote address by Tim Rains, Chief Security Advisor, WW Cyber security & Data Protection, Enterprise & Partner Group, Microsoft Corporation followed with a keynote by Ron Ross, Fellow at the National Institute of Standards and Technology (NIST).
For 2015, NYMJCSC is offering a pre-conference workshop on Tuesday, October 13th featuring four in-depth full-day hands-on classroom-style educational courses to expand your knowledge and foster security discussions.
NYMJCSC: Who We Are
The New York Metro Joint Cyber Security Conference is a collaborative event cooperatively developed, organized and sponsored by the leading information security industry organizations and chapters.
- InfraGard (New York Metro)
- ISACA (New York Metro, New Jersey and Greater Hartford Connecticut)
- (ISC)2 (New Jersey)
- ISSA (New York)
- OWASP (New York Metro, Long Island, Brooklyn)
- HTCIA (North East Region)
- ACFE (New Jersey)
Driven by the collaboration between members of this coalition, the strength of organizational membership, the provision of desirable CPE credits and the concurrence of National Cyber Security Awareness Month, the NYMJCSC promises -- once again -- to be a well-attended by members of the information technology, information security, audit, academic, and business communities.
As part of our educational mission as a coalition of non-profit organizations, registration fees are only to cover the costs of the facility, food and refreshments.
Schedule for workshops OCT 13 is Here
Schedule for Oct 14 is Here
Technorati Tags: NYMJCSC Security conferance,NYC CYBER Security Conferance
Monday, August 17, 2015
Android Magic Security Flaw
This article, Major flaw in Android texting discovered, originally appeared on TechRepublic.com.
View gallery
.
Recently, a rather disturbing flaw has been discovered in the Android platform. Joshua Drak, from Zimperium zLabs, reported some serious flaws in the Android platform back in April, 2015. Simply by knowing a user's phone number, someone could send a text to that number and break into the device. The end user doesn't need to open a file, click on a link, or install a third-party piece of software. They only need receive a text.
To make matters worse, the malicious code takes over the second said text is received, even before Android has had a chance to notify you of the incoming missive.
How it works is simple:
- The hacker creates a short video
- The hacker tucks malicious code inside the video
- The hacker texts the video to your number
If you're using the Google Hangouts messenger app, the video processes the second it is received. The attacker could even delete the message before you noticed (if you ever noticed) anything had gone on. If, on the other hand, you're using the default messenger app, you would actually have to view the text before processing begins.
The flaw resides in the Android media playback system called Stagefright, which allows users to infiltrate a device and exfiltrate data. There are six major remote code execution bugs, and they are said to be the worst Android flaws to ever be uncovered. To make matters worse, most affected software has not been patched.
In some older devices, such as the Samsung Galaxy S4, the malicious code runs with escalated privileges, so the attacker gains access to even more data.
The good news is the patch for this vulnerability has been submitted and should find its way to your device very soon.
What to do now
Until the patch has managed to make its way to your device, your best bet is to not use Google Hangouts. Period. If you've adopted Hangouts as your default messaging tool, unset it. To do this, follow these steps:
- Open Hangouts
- Tap the overflow menu (three horizontal lines in the top left corner)
- Tap Settings in the sidebar
- Tap the account associated with Hangouts
- Locate Messages (under GOOGLE VOICE)
- Tap to uncheck Messages
- Open the default Android Messenger app
- Tap the menu button
- Tap Settings
- Tap Default SMS app
- Again, tap Default SMS app
- Select Messenger (Figure A)
Figure A
View gallery
.
Image: Jack Wallen
Unsetting Google Hangouts as the default SMS client.
You should also consider using an SMS blocker tool, such as TEXT BLOCKER to help prevent incoming texts from unknown numbers.
At this point, at least you know that, in order for the malicious code to reach your system, you'll have to view the message (you don't even have to play the video). The safest bet is to not even view messages from unknown numbers.
Considering these bugs were reported back in April, it's fairly shocking to find out they still remain. I hope that the recent release of the known bug (and the ensuing barrage of media coverage) will help light a fire under Google and other application developers to fix this vulnerability.
Thursday, July 23, 2015
Second Shot Tests are Back For Microsoft !
Second Shot provides you with a free retake on your exam should you need it – at no additional cost to you. To qualify as free, the retake must be the same exam as the one you didn't pass. Plus, either exam can be taken in a testing center or through Online Proctoring (OP), offering you greater exam taking flexibility. Find out if OP is available in your country.
To qualify for Second Shot,
-
Schedule and take an MCP exam between July 12, 2015, and January 12, 2016. Simply go to https://www.microsoft.com/learning, log in, and schedule your exam.
-
After your exam, log in to check your personal dashboard at https://www.microsoft.com/learning to verify testing results. Please allow up to 24 hours for results to show up on the dashboard.
-
Register for your retake within 30 days of the date from the failed exam date.
-
Review the Pearson VUE testing center availability for your specific exam and then schedule your retake.
-
For complete terms and conditions of this offer, visit the Second Shot page on our website.
For More Info go here
Technorati Tags: Second Shot Tests are Back For Microsoft !
Microsoft Virtual Academy Classes
Here are a few classes that you might want attend.
What's New in Windows Server 2016 Preview Jump Start
Would you like to get your IT department out of the business of managing routine, manual, error-prone tasks so you can finally focus on higher value improvement and deployment activities that delight your enterprise users? Join us for a demo-packed look at Windows Server 2016 Preview, and see why it is the platform of choice for the integrated datacenter.
A team of experts walks you through a host of new automation features and support for partner technologies and your open source solution investments. In these two half-day sessions, explore enhanced virtualization functionality, together with automated processes and configuration to help you spin up compute, storage, and networking resources faster. Preview new features that reduce system downtime, find out how rolling upgrades can help you adopt updates and operating systems faster for Hyper-V and Scale-Out File Server, and take a look at new storage replication technology. Plus, check out the zero-footprint, cloud-optimized Nano Server technology, along with scripting with the new PowerShell Desired State Configuration features. Build on your Windows Server knowledge, and find out what's new in Windows Server 2016 Preview!
Course Outline:
- Introducing Windows Server 2016 Preview
- Server Virtualization in Windows Server 2016 Preview
- Introducing Nano Server
- Introducing Windows and Hyper-V Containers
- Software-Defined Storage in Windows Server 2016 Preview
- Software-Defined Networking in Windows Server 2016 Preview
- Automation in Windows Server 2016 Preview
Register Here
Preparing Your Enterprise for Windows 10 as a Service
What do you need to begin testing Windows 10 for your organization? Find out, in the fifth episode of the Enterprise Mobility Core Skills series. Learn about and see some of the features that make Windows 10 useful to your users and a powerful technical platform for IT Pros.
Gain core skills around new infrastructure components to take advantage of everything in Windows 10. Find out how Windows will evolve through servicing, and learn how you can make the most of servicing to get new features to your users faster.
Register Here
Getting Started with Windows 10 for IT Professionals
Here is a online course you can take about windows 10
Register Here
Wednesday, July 15, 2015
PowerShell IP Commands
Here is a second in a series of articles on using PowerShell I would suggest for the beginner use PowerShell ISE this will help you with the commands. We cover IP configuration in this article.
Some Commands that you can use in PowerShell are;
Get-NetAdapter
Restart-NetAdapter
Get-NetIPInterface
Get-NetIPAddress
Get-NetRoute
Get-NetConnectionProfile
Get-DNSClientCache
Get-DNSClientServerAddress
Register-DnsClient
Set-DnsClient
Set-DnsClientGlobalSetting
Set-DnsClientServerAddress
Set‑NetIPAddress
Set‑NetIPv4Protocol
Set‑NetIPInterface
Test-Connection
Test-NetConnection
Resolve-Dnsname
By knowing this we can use this to do IPv4 Troubleshooting Process, we could use the old command line tools, but with PowerShell we can save results and pipe some commands. For example;
| Step | Windows PowerShell | Command-line tool |
| Verify the network configuration is correct | Get-NetIPAddress | ipconfig |
| Identify the network path between hosts | Test-NetConnection -TraceRoute | tracert |
| See if the remote host responds | Test-NetConnection | ping |
| Test the service on a remote host | Test-NetConnection -Port | Telnet |
| See if the default gateway responds | Test-NetConnection | ping |
Technorati Tags: PowerShell IP Cmdlets
PowerShell for Security and Auditors
Here is a start of a series of articles on using PowerShell I would suggest for the beginner use PowerShell ISE this will help you with the commands.
Here are some cmdlets that Manage User Accounts
| Cmdlet | Description |
| New-ADUser | Creates user accounts |
| Set-ADUser | Modifies properties of user accounts |
| Remove-ADUser | Deletes user accounts |
| Set-ADAccountPassword | Resets the password of a user account |
| Set-ADAccountExpiration | Modifies the expiration date of a user account |
| Unlock-ADAccount | Unlocks a user account after it has become locked after too many incorrect login attempts |
| Enable-ADAccount | Enables a user account |
| Disable-ADAccount | Disables a user account |
Here are some cmdlets that Manage Groups
| Cmdlet | Description |
| New-ADGroup | Creates new groups |
| Set-ADGroup | Modifies properties of groups |
| Get-ADGroup | Displays properties of groups |
| Remove-ADGroup | Deletes groups |
| Add-ADGroupMember | Adds members to groups |
| Get-ADGroupMember | Displays membership of groups |
| Remove-ADGroupMember | Removes members from groups |
| Add-ADPrincipalGroupMembership | Adds group membership to objects |
| Get-ADPrincipalGroupMembership | Displays group membership of objects |
| Remove-ADPrincipalGroupMembership | Removes group membership from an object |
Here are some cmdlets that Manage Computer Accounts
| Cmdlet | Description |
| New-ADComputer | Creates new computer accounts |
| Set-ADComputer | Modifies properties of computer accounts |
| Get-ADComputer | Displays properties of computer accounts |
| Remove-ADComputer | Deletes computer accounts |
| Test-ComputerSecureChannel | Verifies or repairs the trust relationship between a computer and the domain |
| Reset -ComputerMachinePassword | Resets the password for a computer account |
Here are some cmdlets that Manage OUs
| Cmdlet | Description |
| New-ADOrganizationalUnit | Creates OUs |
| Set-ADOrganizationalUnit | Modifies properties of OUs |
| Get-ADOrganizationalUnit | Views properties of OUs |
| Remove-ADOrganizationalUnit | Deletes OUs |
So now that we have basic commands look what we can do just using the Get-ADuser PowerShell command.
Show all the properties for a user account:
Get-ADUser –Name “Administrator” -Properties
Show all the user accounts in the Sales OU and all its sub containers in the foo.com domain
Get-ADUser –Filter * -SearchBase "ou=Sales,dc=foo, dc=com" -SearchScope subtree
Show all of the user accounts with a last logon date older than a specific date:
Get-ADUser -Filter {lastlogondate -lt "January 1, 2015"}
Show all of the user accounts in the Sales department that have a last logon date older than a specific date:
Get-ADUser -Filter {(lastlogondate -lt "January 1, 2015") -and (department -eq "Sales")}
Now let’s get Wild…… Let show how to make this really easy to use by the use of Pipes.
Use the pipe character ( | ) to pass a list of objects to a cmdlet for further processing (think about the results of 1 cmdlet being used by the next.
So this script will look for users who have not login since January 1, 2015 and the use that to then disable those accounts….
Get‑ADUser ‑Filter {lastlogondate ‑lt "January 1, 2012"} | Disable‑ADAccount
I could have saved the first part of the command to a text file called users.txt and then ran
Get-Content C:\users.txt | Disable-ADAccount
Monday, July 13, 2015
Windows 10 Coming
Here are some resources for you to get up to speed.. July 29 is the day .
These are Video from the Ignite conference ..
| • | Overview of Windows 10 for Enterprises - Jim Alkove |
| • | Secure Authentication with Windows Hello - Nelly Porter |
| • | A New Era of Threat Resistance for the Windows 10 Platform - Chris Hallum |
| • | The New User Experience with Windows 10 - Chaitanya Sareen |
| • | What's New in Windows 10 Management and the Windows Store – Michael Niehaus |
| • | Windows 10 Mobile Device Management (MDM) in Depth - Janani Vasudevan |
| • | Top Features of Windows 10 – Simon May |
| • | Provisioning Windows 10 Devices with New Tools - Vladimir Holostov |
| • | Windows as a Service: What Does It Mean for Your Business? - Michael Beck |
| • | Windows 10: Ask the Experts – Mark Minasi & Experts
|
Technorati Tags: Videos on Windows 10
More PowerShell scripts for security and IT professionals
Advances in scripting security and protection in Windows 10 and PowerShell V5.
Learn how the Windows PowerShell team has significantly advanced security focused logging and detection in Windows 10 and PowerShell v5.
Lear more Here
Technorati Tags: More PowerShell scripts for security and IT professionals
Microsoft Security Intelligence Report
The latest volume of the Microsoft Security Intelligence Report is now available. This volume of the report focuses on the threat landscape in the second half of 2014 when there were some dramatic changes.
The vulnerability disclosure data published in the report suggests that there was a 56.3% increase in vulnerability disclosures between the third and fourth quarters of 2014. After many periods of relatively small changes in disclosure totals, the 4,512 vulnerabilities disclosed during the second half of 2014 is the largest number of vulnerabilities disclosed in any half-year period since the CVE system was launched in 1999. Disclosures of vulnerabilities in applications other than web browsers and operating system applications increased 98.3% in the second half of 2014 and accounted for 76.5% of total disclosures for the period. 
Figure 1. Industry wide vulnerability disclosures between the first half of 2012 (1H12) and the second half of 2014 (2H14)
Figure 2. Industry wide operating system, browser, and application vulnerabilities between the first half of 2012 (1H12) and the second half of 2014 (2H14)
Overall, encounters with Java exploits continued to decrease significantly in the second half of 2014, while Flash Player exploit attempts increased. 
Figure 3. Trends for the top Java exploits detected and blocked by Microsoft real-time antimalware products in 2014
Figure 4. Adobe Flash Player exploits detected and blocked by Microsoft real-time antimalware products in 2014
Regional threat assessments are available for over 100 countries as well as an online tool that enables you to quickly compare two locations. 
Figure 5. Infection and Encounter Rate Trends tool available at www.microsoft.com/security/sir/threat
This post is a copy of the Microsoft June 2015's Security Newsletter and is copied here to share info with you….
This Document is a must read for Any Security or IT professional
Technorati Tags: Microsoft June 2015's Security Newsletter
Tuesday, June 16, 2015
Windows 10 User Talks
With Windows 10 being released on July 29, 2015 I have agreed to do some end user talks on what new with Windows 10
I will be covering;
- Upgrade paths
- New Interfaces
- New browser Edge
- New way to logion (Microsoft Hello)
- Changes to security
- Different Versions of Windows
- Universal Apps
- And other topics
The dates for the first few talk and locations are
Aug. 4, DACS - Danbury Area Computer Society 7pm at
Danbury Hospital Creasy Auditorium, Danbury, CT Website
Aug 6 WPCUG - Westchester PC User Group 7pm at
120 Bloomingdale Rd 1st floor, White Plains NY 10605 Website
Aug 27 TPCUG PC Users Group of Connecticut 7pm at
Trumbull Public Library on Quality Street in Trumbull, CT Website
NetHope Project Haiti
I have been volunteering in Haiti with NetHope working on helping the IT community by doing some training. The people who I work with are very happy when people care and I challenge you to get involved. I taught 2 classes on on Security + and one on ethical hacking. here are some pictures of the class
I challenge to you get involved and help volunteer either locally or international…
to learn more about NetHope Academy Program – in Haiti go Here
Technorati Tags: NetHope and Volunteer
Free ebook: Microsoft Azure Essentials: Azure Web Apps for Developers
Introduction
Azure Web Apps is a fully managed platform that you can use to build mission-critical web applications that are highly available, secure, and scalable to global proportions. Combined with first-class tooling from Visual Studio and the Microsoft Azure Tools, the Azure Web Apps service is the fastest way to get your web application to production. Azure Web Apps is part of the Azure App Service that is designed to empower developers to build web and mobile applications for any device.
. The topics explored in this book include the following:
- Chapter 1, “Microsoft Azure Web Apps”: This chapter starts with an introduction to Azure Resource Groups and App Service Plans and progresses into essential tasks such as creating and configuring a web app. Learn best practices for storing and retrieving app settings and connection strings. Configure deployment slots and set up continuous deployment using Visual Studio Online. Wrap up with a discussion about Role Based Access Control (RBAC) and how you can use it to manage access to your Azure resources.
- Chapter 2, “Azure WebJobs”: Learn everything you need to know to build and deploy background processing tasks using Azure WebJobs. You will learn the basics of the WebJobs feature and proceed into a deeper discussion on how to use the WebJobs SDK. You will learn about the Azure WebJobs Dashboard and how the WebJobs SDK enhances the dashboard experience.
- Chapter 3, “Scaling Azure Web Apps”: Learn how to scale up and scale out your Azure web app and web jobs. You will learn how to configure Autoscale to scale your web app dynamically based on performance metrics and schedules. See how you can use Azure Traffic Manager to achieve global scale for your web apps.
- Chapter 4, “Monitoring and diagnostics”: Learn about the many logging features built into the Azure Web Apps platform and how to configure logging to get the diagnostics data you need to troubleshoot issues. You will learn how to configure storage locations and retention policies for logs, how to view logs in real time using the log streaming service, and even how to debug your web app remotely while it is running in Azure. You will get an introduction to some powerful site extensions you can use to view logs and perform analysis directly from your browser. Finally, you will learn how you can monitor your resource group down to individual resources and how you can use Application Insights to deliver a complete 360-degree view into your application code for monitoring and diagnostic purposes.
Free ebook: Microsoft System Center Data Protection for the Hybrid Cloud
Introduction
If you are responsible for architecting and designing the backup strategy for your organization, especially if you're looking for ways to incorporate cloud backup into your business continuity scenarios, this book is for you. With the increasing trends in virtualization as well as the move to the pubic cloud, IT organizations are headed toward a world where data and applications run in on-premises private clouds as well as in the public cloud. This has key implications for data protection strategy, and it is important to choose the solution that provides the same level of data protection you have afforded so far while allowing you to harness the power of the public cloud.
Download at Microsoft Virtual Academy.
Subscribe to:
Posts (Atom)