Thursday, October 8, 2020

New Android malware marks the latest evolution of mobile ransomware

 Attackers are persistent and motivated to continuously evolve – and no platform is immune. That is why Microsoft has been working to extend its industry-leading endpoint protection capabilities beyond Windows. The addition of mobile threat defense into these capabilities means that Microsoft Defender for Endpoint (previously Microsoft Defender Advanced Threat Protection) now delivers protection on all major platforms.

Microsoft’s mobile threat defense capabilities further enrich the visibility that organizations have on threats in their networks, as well as provide more tools to detect and respond to threats across domains and across platforms. Like all of Microsoft’s security solutions, these new capabilities are likewise backed by a global network of threat researchers and security experts whose deep understanding of the threat landscape guide the continuous innovation of security features and ensure that customers are protected from ever-evolving threats.

For example, we found a piece of a particularly sophisticated Android ransomware with novel techniques and behavior, exemplifying the rapid evolution of mobile threats that we have also observed on other platforms. The mobile ransomware is the latest variant of a ransomware family that’s been in the wild for a while but has been evolving non-stop. This ransomware family is known for being hosted on arbitrary websites and circulated on online forums using various social engineering lures, including masquerading as popular apps, cracked games, or video players. The new variant caught our attention because it’s an advanced malware with unmistakable malicious characteristic and behavior and yet manages to evade many available protections, registering a low detection rate against security solutions.

As with most Android ransomware, this new threat doesn’t actually block access to files by encrypting them. Instead, it blocks access to devices by displaying a screen that appears over every other window, such that the user can’t do anything else. The said screen is the ransom note, which contains threats and instructions to pay the ransom.

What’s innovative about this ransomware is how it displays its ransom note. In this blog, we’ll detail the innovative ways in which this ransomware surfaces its ransom note using Android features we haven’t seen leveraged by malware before, as well as incorporating an open-source machine learning module designed for context-aware cropping of its ransom note.

To read the full article  on Microsoft SECURITY Blog go to

Microsoft Digital Defense Report 2020: Cyber Threat Sophistication on the Rise

 For years I have talk about the security while papers and docs that talk about what's happening in the world of IT and security... Here is a new report Cyber Threat Sophistication on the Rise..

Today, Microsoft is releasing a new annual report, called the Digital Defense Report, covering cybersecurity trends from the past year. This report makes it clear that threat actors have rapidly increased in sophistication over the past year, using techniques that make them harder to spot and that threaten even the savviest targets. For example, nation-state actors are engaging in new reconnaissance techniques that increase their chances of compromising high-value targets, criminal groups targeting businesses have moved their infrastructure to the cloud to hide among legitimate services, and attackers have developed new ways to scour the internet for systems vulnerable to ransomware.

In addition to attacks becoming more sophisticated, threat actors are showing clear preferences for certain techniques, with notable shifts towards credential harvesting and ransomware, as well as an increasing focus on Internet of Things (IoT) devices. Among the most significant statistics on these trends:

  • In 2019 we blocked over 13 billion malicious and suspicious mails, out of which more than 1 billion were URLs set up for the explicit purpose of launching a phishing credential attack.
  • Ransomware is the most common reason behind our incident response engagements from October 2019 through July 2020.
  • The most common attack techniques used by nation-state actors in the past year are reconnaissance, credential harvesting, malware, and Virtual Private Network (VPN) exploits.
  • IoT threats are constantly expanding and evolving. The first half of 2020 saw an approximate 35% increase in total attack volume compared to the second half of 2019.

Given the leap in attack sophistication in the past year, it is more important than ever that we take steps to establish new rules of the road for cyberspace; that all organizations, whether government agencies or businesses, invest in people and technology to help stop attacks; and that people focus on the basics, including regular application of security updates, comprehensive backup policies, and, especially, enabling multi-factor authentication (MFA).  Our data shows that enabling MFA would alone have prevented the vast majority of successful attacks.

To read the full blog and download the Digital Defense Report visit the Microsoft On-the-issues Blog.

Content from Microsoft

Wednesday, October 7, 2020

New York Metro Joint Cyber-Security Conference

 I will be teaching at the New York Metro Joint Cyber-Security Conference (NYMJCSC.ORG).

This conference 2 day of security content that is being offered by the following Groups

Organizational Partners:

  • InfraGard Members Alliance - New York Metro Chapter
  • Information Systems Audit and Control Association (ISACA) - New Jersey Chapter
  • Information Systems Audit and Control Association (ISACA) - Greater Hartford CT Chapter
  • High Technology Crime Investigation Association (HTCIA) - New York City Metro Chapter
  • Internet Society (ISOC) - New York Chapter
  • Information Systems Security Association (ISSA) - New York Chapter

Community Partners:

  • (ISC)2 - New Jersey Chapter
  • Information Systems Audit and Control Association (ISACA) - New York Metro Chapter
  • Cloud Security Alliance (CSA) - New York Metro Chapter
  • Association of Certified Fraud Examiners (ACFE) - New Jersey Chapter
  • Association of Continuity Professionals (ACP) - New York City Metro Chapter
Please look at this link and i believe you find some great content at a very reasonable price.

The link is NYMJCSC.ORG

Tuesday, October 6, 2020

Latest Microsoft Security blog posts

 Title: Find your unscanned and overexposed shares on-premises with an on-premises scanner

Overview: Microsoft Information Protection is a built-in, intelligent, unified, and extensible solution to protect sensitive data across your enterprise – in Microsoft 365 cloud services, on-premises, third-party SaaS applications, and more. Microsoft Information Protection provides a unified set of capabilities to know your data, protect your data, and prevent data loss across cloud services, devices, and on-premises file shares.


Title: Microsoft Information Protection and Compliance Resources
Overview: The Microsoft Information Protection and Compliance Customer Experience (CXE) team work with Microsoft's largest enterprise customers to provide guidance and advisory services to help them deploy our information protection and compliance solutions.


Title: Why integrated phishing-attack training is reshaping cybersecurity—Microsoft Security
Overview: Phishing is still one of the most significant risk vectors facing enterprises today. Innovative email security technology like Microsoft Defender for Office 365 stops a majority of phishing attacks before they hit user inboxes, but no technology in the world can prevent 100 percent of phishing attacks from hitting user inboxes. At that point in…


Title: Azure Sentinel To-Go (Part2): Integrating a Basic Windows Lab ๐Ÿงช via ARM Templates ๐Ÿš€
Overview: Most of the time when we think about the basics of a detection research lab, it is an environment with Windows endpoints, audit policies configured, a log shipper, a server to centralize security event logs and an interface to query, correlate and visualize the data collected.


Title: 3 ways Microsoft helps build cyber safety awareness for all
Overview: Learn how Microsoft is helping secure your online life through user education, cybersecurity workshops, and continued diversity in hiring.


Title: Migrating from Exchange Transport Rules to Unified DLP - The complete playbook
Overview: This document provides an overview of how enterprise customers can migrate their existing Exchange Transport Rules to Unified DLP portal. It walks through the different stages of migration and shows the effectiveness of the unified DLP portal as a single place to define all aspects of your DLP strategy.
In summary, this play book will help to
Understand the migration process.
Understand the unified console and interface.
Develop a strategy for the migration.
Ensure a smooth migration process.
Find resources to support the migration process. 


Python for Beginners a free resource from Microsoft

 Probably the largest hurdle when learning any new programming language is simply knowing where to get started. This is why we, Chris and Susan, decided to create this series about Python for Beginners!

Even though we won’t cover everything there is to know about Python in the course, we want to make sure we give you the foundation on programming in Python, starting from common everyday code and scenarios. At the end of the course, you’ll be able to go and learn on your own, for example with docs, tutorials, or books.
This is all on
Go to this LINK

Beginner's Series to: JavaScript a free resource from Microsoft

 Learning a new framework or development environment is made even more difficult when you don't know the programming language. Fortunately, we're here to help! We've created this series of videos to focus on the core concepts of JavaScript.

While we don't cover every aspect of JavaScript, we will help you build a foundation from which you can continue to grow. By the end of this series, you'll be able to work through tutorials, quick starts, books, and other resources, continuing to grow on your own. The video series is designed to be consumed as you see fit. You can watch from start to finish, or you can dive into specific topics. You can always bookmark and come back as you need.
This is a YouTube videos 51 different video to help you to learn JavaScript

Go to this link

Monday, October 5, 2020

CVE-2020-1472 | Netlogon Elevation of Privilege Vulnerability

 An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An attacker who successfully exploited the vulnerability could run a specially crafted application on a device on the network.

To exploit the vulnerability, an unauthenticated attacker would be required to use MS-NRPC to connect to a domain controller to obtain domain administrator access.

Microsoft is addressing the vulnerability in a phased two-part rollout. These updates address the vulnerability by modifying how Netlogon handles the usage of Netlogon secure channels.

For guidelines on how to manage the changes required for this vulnerability and more information on the phased rollout, see How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472 (updated September 28, 2020).

When the second phase of Windows updates become available in Q1 2021, customers will be notified via a revision to this security vulnerability. If you wish to be notified when these updates are released, we recommend that you register for the security notifications mailer to be alerted of content changes to this advisory. See Microsoft Technical Security Notifications.

Blockchain Networks: Token Design and Management Overview – Draft NISTIR 8301 Available for Comment

Traditional data and operations management across organizations and on the web can involve inefficient transaction reconciliation between siloed databases, password fatigue, and single points of failure. This often results in concerns over interoperability, security, and privacy of data that affect both users and businesses.

Blockchain technology has enabled a new software paradigm for managing digital ownership in partial or zero-trust environments. It uses tokens to conduct transactions, exchange verifiable data, and achieve coordination across organizations and on the web. Data models with varied capabilities and scopes have been defined to issue tokens. By allowing for the design of programmable digital assets that can represent different forms of ownership, these models enable users to store, move, and even create value on top of shared or public digital infrastructures.

NIST announces the release of Draft NISTIR 8301, Blockchain Networks: Token Design and Management Overviewwhich provides a high-level technical overview and conceptual framework of token designs and management methods. The document highlights the different types of tokens and how they are held in custody. It then examines transaction management under three fundamental aspects: validation, submission, and viewability. Infrastructure tools used to develop applications that integrate blockchain networks and second layer protocols are also reviewed. Finally, the paper presents deployment scenarios and use cases for tokens before concluding with potential breakthroughs in privacy-preserving verifiable data exchange. The terminology, concepts, properties, and architectures introduced in this work can facilitate understanding and communications among business owners, software developers, cybersecurity professionals within an organization, and individuals who are or will be using such systems.

A public comment period for this document is open through October 30, 2020. See the publication details for a copy of the document and instructions for submitting comments.

NOTE: A call for patent claims is included on page iv of this draft. For additional information, see the Information Technology Laboratory (ITL) Patent Policy--Inclusion of Patents in ITL Publications.

ITL Patent Policy:

CISA and MS-ISAC Release Ransomware Guide


The Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing & Analysis Center (MS-ISAC) have released a joint Ransomware Guide that details practices that organizations should continuously engage in to help manage the risk posed by ransomware and other cyber threats. The in-depth guide provides actionable best practices for ransomware prevention as well as a ransomware response checklist that can serve as a ransomware-specific addendum to organization cyber incident response plans.

CISA encourages users and administrators to review the Ransomware Guide and CISA’s Ransomware webpage for additional information.