New Android malware marks the latest evolution of mobile ransomware

 Attackers are persistent and motivated to continuously evolve – and no platform is immune. That is why Microsoft has been working to extend its industry-leading endpoint protection capabilities beyond Windows. The addition of mobile threat defense into these capabilities means that Microsoft Defender for Endpoint (previously Microsoft Defender Advanced Threat Protection) now delivers protection on all major platforms.

Microsoft’s mobile threat defense capabilities further enrich the visibility that organizations have on threats in their networks, as well as provide more tools to detect and respond to threats across domains and across platforms. Like all of Microsoft’s security solutions, these new capabilities are likewise backed by a global network of threat researchers and security experts whose deep understanding of the threat landscape guide the continuous innovation of security features and ensure that customers are protected from ever-evolving threats.

For example, we found a piece of a particularly sophisticated Android ransomware with novel techniques and behavior, exemplifying the rapid evolution of mobile threats that we have also observed on other platforms. The mobile ransomware is the latest variant of a ransomware family that’s been in the wild for a while but has been evolving non-stop. This ransomware family is known for being hosted on arbitrary websites and circulated on online forums using various social engineering lures, including masquerading as popular apps, cracked games, or video players. The new variant caught our attention because it’s an advanced malware with unmistakable malicious characteristic and behavior and yet manages to evade many available protections, registering a low detection rate against security solutions.

As with most Android ransomware, this new threat doesn’t actually block access to files by encrypting them. Instead, it blocks access to devices by displaying a screen that appears over every other window, such that the user can’t do anything else. The said screen is the ransom note, which contains threats and instructions to pay the ransom.

What’s innovative about this ransomware is how it displays its ransom note. In this blog, we’ll detail the innovative ways in which this ransomware surfaces its ransom note using Android features we haven’t seen leveraged by malware before, as well as incorporating an open-source machine learning module designed for context-aware cropping of its ransom note.

To read the full article  on Microsoft SECURITY Blog go to  https://www.microsoft.com/security/blog/2020/10/08/sophisticated-new-android-malware-marks-the-latest-evolution-of-mobile-ransomware/

Microsoft Digital Defense Report 2020: Cyber Threat Sophistication on the Rise

 For years I have talk about the security while papers and docs that talk about what’s happening in the world of IT and security… Here is a new report Cyber Threat Sophistication on the Rise..

Today, Microsoft is releasing a new annual report, called the Digital Defense Report, covering cybersecurity trends from the past year. This report makes it clear that threat actors have rapidly increased in sophistication over the past year, using techniques that make them harder to spot and that threaten even the savviest targets. For example, nation-state actors are engaging in new reconnaissance techniques that increase their chances of compromising high-value targets, criminal groups targeting businesses have moved their infrastructure to the cloud to hide among legitimate services, and attackers have developed new ways to scour the internet for systems vulnerable to ransomware.

In addition to attacks becoming more sophisticated, threat actors are showing clear preferences for certain techniques, with notable shifts towards credential harvesting and ransomware, as well as an increasing focus on Internet of Things (IoT) devices. Among the most significant statistics on these trends:

  • In 2019 we blocked over 13 billion malicious and suspicious mails, out of which more than 1 billion were URLs set up for the explicit purpose of launching a phishing credential attack.
  • Ransomware is the most common reason behind our incident response engagements from October 2019 through July 2020.
  • The most common attack techniques used by nation-state actors in the past year are reconnaissance, credential harvesting, malware, and Virtual Private Network (VPN) exploits.
  • IoT threats are constantly expanding and evolving. The first half of 2020 saw an approximate 35% increase in total attack volume compared to the second half of 2019.

Given the leap in attack sophistication in the past year, it is more important than ever that we take steps to establish new rules of the road for cyberspace; that all organizations, whether government agencies or businesses, invest in people and technology to help stop attacks; and that people focus on the basics, including regular application of security updates, comprehensive backup policies, and, especially, enabling multi-factor authentication (MFA).  Our data shows that enabling MFA would alone have prevented the vast majority of successful attacks.

To read the full blog and download the Digital Defense Report visit the Microsoft On-the-issues Blog.

Content from Microsoft

New York Metro Joint Cyber-Security Conference

 I will be teaching at the New York Metro Joint Cyber-Security Conference (NYMJCSC.ORG).

This conference 2 day of security content that is being offered by the following Groups

Organizational Partners:

  • InfraGard Members Alliance – New York Metro Chapter
  • Information Systems Audit and Control Association (ISACA) – New Jersey Chapter
  • Information Systems Audit and Control Association (ISACA) – Greater Hartford CT Chapter
  • High Technology Crime Investigation Association (HTCIA) – New York City Metro Chapter
  • Internet Society (ISOC) – New York Chapter
  • Information Systems Security Association (ISSA) – New York Chapter

Community Partners:

  • (ISC)2 – New Jersey Chapter
  • Information Systems Audit and Control Association (ISACA) – New York Metro Chapter
  • Cloud Security Alliance (CSA) – New York Metro Chapter
  • Association of Certified Fraud Examiners (ACFE) – New Jersey Chapter
  • Association of Continuity Professionals (ACP) – New York City Metro Chapter
Please look at this link and i believe you find some great content at a very reasonable price.

The link is NYMJCSC.ORG

Latest Microsoft Security blog posts

 Title: Find your unscanned and overexposed shares on-premises with an
on-premises scanner

URL: https://techcommunity.microsoft.com/t5/microsoft-security-and/find-your-unscanned-and-overexposed-shares-on-premises-with-an/ba-p/1744783
Overview: Microsoft Information Protection is a built-in, intelligent, unified,
and extensible solution to protect sensitive data across your enterprise – in
Microsoft 365 cloud services, on-premises, third-party SaaS applications, and
more. Microsoft Information Protection provides a unified set of capabilities
to know your data, protect your data, and prevent data loss across cloud services,
devices, and on-premises file shares.

 

Title: Microsoft Information Protection and Compliance Resources
URL: https://techcommunity.microsoft.com/t5/microsoft-security-and/microsoft-information-protection-and-compliance-resources/ba-p/1184950
Overview: The Microsoft Information Protection and Compliance Customer
Experience (CXE) team work with Microsoft’s largest enterprise customers to
provide guidance and advisory services to help them deploy our information
protection and compliance solutions.

 

Title: Why integrated phishing-attack training is reshaping
cybersecurity—Microsoft Security
URL: https://www.microsoft.com/security/blog/2020/10/05/why-integrated-phishing-attack-training-is-reshaping-cybersecurity-microsoft-security/
Overview: Phishing is still one of the most significant risk vectors facing
enterprises today. Innovative email security technology like Microsoft Defender
for Office 365 stops a majority of phishing attacks before they hit user
inboxes, but no technology in the world can prevent 100 percent of phishing
attacks from hitting user inboxes. At that point in…

 

Title: Azure Sentinel To-Go (Part2): Integrating a Basic Windows Lab 🧪
via ARM Templates
🚀
URL: https://techcommunity.microsoft.com/t5/azure-sentinel/azure-sentinel-to-go-part2-integrating-a-basic-windows-lab-via/ba-p/1742165
Overview: Most of the time when we think about the basics of a detection
research lab, it is an environment with Windows endpoints, audit policies
configured, a log shipper, a server to centralize security event logs and an
interface to query, correlate and visualize the data collected.

 

Title: 3 ways Microsoft helps build cyber safety awareness for all
URL: https://www.microsoft.com/security/blog/2020/10/05/3-ways-microsoft-helps-build-cyber-safety-awareness-for-all/
Overview: Learn how Microsoft is helping secure your online life through user
education, cybersecurity workshops, and continued diversity in hiring.

 

Title: Migrating from Exchange Transport Rules to Unified DLP – The
complete playbook

URL: https://techcommunity.microsoft.com/t5/microsoft-security-and/migrating-from-exchange-transport-rules-to-unified-dlp-the/ba-p/1749723
Overview: This document provides an overview of how enterprise customers can
migrate their existing Exchange Transport Rules to Unified DLP portal. It walks
through the different stages of migration and shows the effectiveness of the
unified DLP portal as a single place to define all aspects of your DLP
strategy.
In summary, this play book will help to
Understand the
migration process.
Understand the
unified console and interface.
Develop a
strategy for the migration.
Ensure a smooth
migration process.
Find resources
to support the migration process. 

 

Python for Beginners a free resource from Microsoft

 Probably the largest hurdle when learning any new programming language is simply knowing where to get started. This is why we, Chris and Susan, decided to create this series about Python for Beginners!


Even though we won’t cover everything there is to know about Python in the course, we want to make sure we give you the foundation on programming in Python, starting from common everyday code and scenarios. At the end of the course, you’ll be able to go and learn on your own, for example with docs, tutorials, or books.

This is all on youtube.com
Go to this LINK

Beginner’s Series to: JavaScript a free resource from Microsoft

 Learning a new framework or development environment is made even more difficult when you don’t know the programming language. Fortunately, we’re here to help! We’ve created this series of videos to focus on the core concepts of JavaScript.


While we don’t cover every aspect of JavaScript, we will help you build a foundation from which you can continue to grow. By the end of this series, you’ll be able to work through tutorials, quick starts, books, and other resources, continuing to grow on your own.

The video series is designed to be consumed as you see fit. You can watch from start to finish, or you can dive into specific topics. You can always bookmark and come back as you need.

This is a YouTube videos 51 different video to help you to learn JavaScript

Go to this link

CVE-2020-1472 | Netlogon Elevation of Privilege Vulnerability

 An
elevation of privilege vulnerability exists when an attacker
establishes a vulnerable Netlogon secure channel connection to a domain
controller, using the Netlogon Remote Protocol (MS-NRPC).
An attacker who successfully exploited the vulnerability could run a
specially crafted application on a device on the network.

To exploit the vulnerability, an unauthenticated attacker would be
required to use MS-NRPC to connect to a domain controller to obtain
domain administrator access.

Microsoft is addressing the vulnerability in a phased two-part
rollout. These updates address the vulnerability by modifying how
Netlogon handles the usage of Netlogon secure channels.

For guidelines on how to manage the changes required for this vulnerability and more information on the phased rollout, see How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472 (updated September 28, 2020).

When the second phase of Windows updates
become available in Q1 2021, customers will be notified via a revision
to this security vulnerability. If you wish to be notified when these
updates are released, we recommend that you register for the security
notifications mailer to be alerted of content changes to this advisory.
See Microsoft Technical Security Notifications.

Blockchain Networks: Token Design and Management Overview – Draft NISTIR 8301 Available for Comment

Traditional
data and operations management across organizations and on the web can involve
inefficient transaction reconciliation between siloed databases, password
fatigue, and single points of failure. This often results in concerns over
interoperability, security, and privacy of data that affect both users and
businesses.

Blockchain
technology has enabled a new software paradigm for managing digital ownership
in partial or zero-trust environments. It uses tokens to conduct transactions,
exchange verifiable data, and achieve coordination across organizations and on
the web. Data models with varied capabilities and scopes have been defined to
issue tokens. By allowing for the design of programmable digital assets that
can represent different forms of ownership, these models enable users to store,
move, and even create value on top of shared or public digital infrastructures.

NIST
announces the release of Draft
NISTIR 8301, 
Blockchain
Networks: Token Design and Management Overview
which provides a
high-level technical overview and conceptual framework of token designs and
management methods. The document highlights the different types of tokens and
how they are held in custody. It then examines transaction management under
three fundamental aspects: validation, submission, and viewability.
Infrastructure tools used to develop applications that integrate blockchain
networks and second layer protocols are also reviewed. Finally, the paper
presents deployment scenarios and use cases for tokens before concluding with
potential breakthroughs in privacy-preserving verifiable data exchange. The
terminology, concepts, properties, and architectures introduced in this work
can facilitate understanding and communications among business owners, software
developers, cybersecurity professionals within an organization, and individuals
who are or will be using such systems.

A public comment period for this
document is open
through October 30, 2020
. See the publication
details
 for a copy of the document and instructions for
submitting comments.

NOTE:
A call for patent claims is included on page iv of this draft. For
additional information, see the Information
Technology Laboratory (ITL) Patent Policy–Inclusion of Patents in ITL
Publications
.

ITL
Patent Policy:
https://www.nist.gov/itl/information-technology-laboratory-itl-patent-policy-inclusion-patents-itl-publications

CISA and MS-ISAC Release Ransomware Guide

 

The Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State
Information Sharing & Analysis Center (MS-ISAC)
have released a joint Ransomware
Guide
that details practices that organizations should continuously engage
in to help manage the risk posed by ransomware and other cyber threats. The
in-depth guide provides actionable best practices for ransomware prevention as
well as a ransomware response checklist that can serve as a ransomware-specific
addendum to organization cyber incident response plans.

CISA encourages users and administrators to review the Ransomware
Guide
and CISA’s Ransomware
webpage
for additional information.