Malvertising – Ransomware that is installed by clickable ads.

Ransomware is a type of malware that restricts access to the infected computer system in some way, and demands that the user pay a ransom to the malware operators to remove the restriction.  The usual way one get infected is by open an email with an attachment. But now there is a new way.

Malvertising hits global news sites.

Some site on the internet including the NY Times, the BBC, AOL and a host of other major news and entertainment websites inadvertently ran malicious ads that attempted to hijack the computers of visitors and demand a ransom, according to security researchers Malwarebytes and Trend Micro.

Your best protection is to have a GOOD, Current Backup of your systems. Get and use a backup solution that you trust and then verify that you can restore your data.
.

Examining Windows 10 Security at ISACA’s North America CACS Conference

Rolling Meadows, IL,
USA (March 17 2016)—
Jay Ferron will discuss Windows 10 Security at ISACA’s
ISACA’s
North America CACS
conference 2-4 May 2016 in New Orleans, Louisiana, USA.
Attendees will gain discuss solutions and strategies in assurance, risk and
security, including how assurance professionals can advance their careers and
impact their enterprises.
 

In Jays presentation, titled “Windows 10 Security,” Jay will discuss;

 Understand
the new features that protect data at rest, and controlling the
configurations of the operating system
  • Discover
    new features that protect the operating system from virus and malware, and
    limit applications from running
  • Learn New
    method of using 2 factor authentication
  • Understand
    the upgrade path

ISACA, a
global association serving more than 140,000 members and certification holders
in 180 countries, will offer more than 60 sessions in seven tracks for the
North America Computer Audit, Control and Security (CACS) Conference: IS Audit & Assurance; Data Governance; Security/Cybersecurity;
Privacy; GRC; Career & Communications Management; and Industry Trends &
Insights.

The conference will feature valuable
career guidance from renowned keynote speakers:

·      
Tim Sanders, Internet pioneer, best-selling author of Love
Is the Killer App: How to Win Business & Influence Friends
,
who
will present “Multiply Your Value, Starting Here and Now.” He will explain how
sharing knowledge with colleagues builds trust and lays the groundwork to
produce outstanding results for the enterprise.

·      
Simon T.
Bailey
, global influencer and author, who will present “Shift Your
Brilliance—Harness the Power of You, Inc.” He will share strategies to produce
real-life results and achieve individual goals through a shift in mindset.

Pre- and
post-conference workshops will offer hands-on training on privacy programs,
database security and audit, risk strategies and data analysis. Additionally, a
cybersecurity workshop will help attendees
prepare for the
Cybersecurity Fundamentals Certificate exam.

 
Attendees can earn up to 39
continuing professional education (CPE) hours, and an early-bird registration
rate is available through 24 February 2016. Additional details, registration
and venue information can be found at www.isaca.org/NA-CACS2016.

Video for helping pass Microsoft Exams

The MCP exam prep sessions you know and love at Microsoft conferences, now available on Channel 9! In these hour-long videos, Microsoft Certified Trainers and MVPs take you through the exam objectives and get you ready for test day
 
Prepare for Microsoft Exam 70-697: Configuring Windows Devices with MVP/MCT Chris Rhodes. Passing this exam earns you a Microsoft Specialist certification. 
 
Prepare for Microsoft Exam 70-347: Enabling Office 365 Services with MVP/MCT Andy Malone
 
Prepare for Microsoft Exam 70-346: Managing Office 365 Identities and Requirements with MVP/MCT Andy Malone
 
Prepare for Microsoft Exam 70-532: Developing Microsoft Azure Solutions with Sidney Andrews, Microsoft Certified Trainer.
 
Prepare for Microsoft Exam 70-534: Architecting Microsoft Azure Solutions with Sidney Andrews, Microsoft Certified Trainer
 
Prepare for Microsoft Exams 70-695 + 70-696 MCSE: Enterprise Devices and Apps with MVP/MCT Chris Rhodes and Michael Bender. This is part one of two exam prep sessions
 
Prepare for Microsoft Exams 70-695 + 70-696 MCSE: Enterprise Devices and Apps with MVP/MCT Chris Rhodes and Michael Bender. This is part two of two exam prep session
 
Prepare for Microsoft Exam 70-480: Programming in HTML5 with JavaScript and CSS3 with Christopher Harrison,
 
Prepare for Microsoft Exam 70-483: Programming in C# with Christopher Harrison
 

NIST Released the following Draft Special Publications (SP) Your Comments are Welcome

NIST Released the following Draft Special
Publications (SP):

(1) Draft Special Publication (SP) 800-175B, Guideline for Using
Cryptographic Standards in the Federal Government: Cryptographic Mechanisms

(2) Draft SP 800-46 Revision 2, Guide to Enterprise Telework, Remote
Access, and Bring Your Own Device (BYOD) Security

(3) Draft SP 800-114 Revision 1, User’s Guide to Telework and Bring Your
Own Device (BYOD) Security

(4)
Draft SP 800-154, Guide to
Data-Centric System Threat Modeling, and

(5) PRE-DRAFT SP 800-53 (Revision 5), Security and Privacy Controls for
Federal Information Systems and Organizations

All 4 of these Draft and 1 PRE-Draft SPs are
available for public comment and can be found on the NIST CSRC website. 
See below for further details on these 5 draft documents.

 1. Draft SP 800-175B:
Information and links to Draft SP 800-175B can be found on the NIST CSRC Draft
publications page. Below is the link to this Draft:
http://csrc.nist.gov/publications/PubsDrafts.html#800-175B

Deadline
to submit comments: Friday,
April 29, 2016

Email
comments or questions about this draft document to:
SP800-175@nist.gov

2. Draft SP 800-46 Revision 2
Information and links to Draft SP 800-46 Revision 2 can be found on the
NIST CSRC Draft publications page. There is also a comment template available
to use to submit comments. Below is the link to this Draft: 
http://csrc.nist.gov/publications/PubsDrafts.html#800-46r2

Deadline
to submit comments: April
15, 2016

Email
comments or questions about this draft document to:
800-46comments@nist.gov

NIST
Public Affairs Office issued a press release about this draft and also for
Draft SP 800-114 Revision 1:
http://www.nist.gov/itl/csd/attackers-honing-in-on-teleworkers-how-organizations-can-secure-their-datata.cfm

3. Draft SP 800-114 Revision 1
Information and links to Draft SP 800-114 Revision 1 can be found on the
NIST CSRC Draft publications page. There is also a comment template available
to use to submit comments. Below is the link to this Draft: 
http://csrc.nist.gov/publications/PubsDrafts.html#800-114r1

Deadline
to submit comments: April
15, 2016

Email
comments or questions about this draft document to:
800-114comments@nist.gov

4. Draft SP 800-154
Information and links to Draft SP 800-154 can be found on the NIST CSRC Draft
publications page. There is also a comment template available to use to submit
comments. Below is the link to this Draft: 
http://csrc.nist.gov/publications/PubsDrafts.html#800-154

Deadline
to submit comments: April
15, 2016

Email
comments or questions about this draft document to:
800-154comments@nist.gov

5. (PRE-DRAFT) NIST SP 800-53 Revision 5

Full
details can be found on the CSRC website:
http://csrc.nist.gov/groups/SMA/fisma/sp800-53r5_pre-draft.html

Please
respond by April 1st 2016
to the call for comments to:
sec-cert@nist.gov

**Important
Note:  There is no actual document for Revision 5 as
yet.  To submit your comments / suggestions, you will need to refer to and
reference from SP 800-53 Revision 4 to formulate your feedback to potentially
help improve this document  to a Revision 5. Click the 1st link
above to this Pre-Draft to learn all the details on this exercise.

Free Cyber Security & Ethical Hacking Training Course

I found this on LinkedIn and thought this might be of interest to others.
 
The exponential growth in Cybercrime has created an emergency situation, the infosec community has also realized that we don’t have enough workforce to work and counter the increasing hacking attacks. People from every corner of the world has started to learn the cyber security principles and ethical hacking techniques,

The free cyber security and ethical hacking training is the course that teaches the principle of penetration testing, attacking methodologies and techniques. The aim of this course is to prepare beginners to conduct the penetration testing. This is an idea course for beginners to learn the practice and be ready to learn some advance techniques in future.
This course goes from basic to advance where you will get a chance to learn:
  • Information gathering
  • Scanning enumeration & footprinting
  • Open source intelligence gathering
  • Utilizing opensource tools to find the information
  • System hacking
  • Proxy server and chaining
  • Keyloggers, Trojan and other viruses
  • Networking sniffing and session hijacking
  • SQL Injection and cross site scripting
  • Buffer overflow and exploit writing
  • Reverse engineering
  • Cryptography
  • And more…
To learn more go here

Free Ebook on Windows 10 for IT Pro

 
 
Introducing Windows 10 for IT
Professionals, Technical Overview
Get information what will help you get more
out of your evaluation of Windows 10. This free e-book will walk you through
the enterprise-focused features that are different from the Windows versions
you and your organization are using today so that you can start planning for
deployment.

Great Resource on Windows 10 Device Guard and Credential Guard Demystified

While helping Windows Enterprise customers deploy and realize the benefits of Windows 10, I’ve observed there’s still a lot of confusion regarding the security features of the operating system. This is a shame since some of the key benefits of Windows 10 involve these deep security features. This post serves to detail the Device Guard and Credential Guard feature sets, and their relationship to each other.
 
First, let’s set the foundation by thinking about the purpose of each feature:
 
Device Guard is a group of key features, designed to harden a computer system against malware. Its focus is preventing malicious code from running by ensuring only known good code can run.
 
Credential Guard is a specific feature that is not part of Device Guard that aims to isolate and harden key system and user secrets against compromise, helping to minimize the impact and breadth of a Pass the Hash style attack in the event that malicious code is already running via a local or network based vector.
 
The two are different, but complimentary as they offer different protections against different types of threats. Let’s dive in and take a logical approach to understanding each.
It’s worth noting here that these are enterprise features, and as such are included only in the Windows Enterprise client.
 
The rest of the article can be found here.
 
 

IRS Alerts Payroll and HR Professionals to Phishing Scheme Involving W-2s

WASHINGTON   The
Internal Revenue Service today issued an alert to payroll and human resources
professionals to beware of an emerging phishing email scheme that purports to
be from company executives and requests personal information on employees.

 The IRS has learned this scheme   part of the surge in phishing emails seen
this year   already has claimed several
victims as payroll and human resources offices mistakenly email payroll data
including Forms

W-2 that contain Social Security numbers and other
personally identifiable information to cybercriminals posing as company
executives.

  This is a new
twist on an old scheme using the cover of the tax season and W-2 filings to try
tricking people into sharing personal data. Now the criminals are focusing
their schemes on company payroll departments, 
said IRS Commissioner John Koskinen. 
If your CEO appears to be emailing you for a list of company employees,
check it out before you respond. Everyone has a responsibility to remain
diligent about confirming the identity of people requesting personal
information about employees.

IRS Criminal Investigation already is reviewing several
cases in which people have been tricked into sharing SSNs with what turned out
to be cybercriminals. Criminals using personal information stolen elsewhere
seek to monetize data, including by filing fraudulent tax returns for refunds.

This phishing variation is known as a  spoofing 
email. It will contain, for example, the actual name of the company
chief executive officer. In this variation, the 
CEO  sends an email to a company
payroll office employee and requests a list of employees and information
including SSNs.

The following are some of the details contained in the
e-mails:

               Kindly send me the individual 2015
W-2 (PDF) and earnings summary of

all W-2 of our company staff for a quick review.

               Can you send me the updated list
of employees with full details

(Name, Social Security Number, Date of Birth, Home
Address, Salary).

               I want you to send me the list of
W-2 copy of employees wage and tax

statement for 2015, I need them in PDF file type, you can
send it as an attachment. Kindly prepare the lists and email them to me asap.

 
The IRS recently renewed a wider consumer alert for
e-mail schemes after seeing an approximate 400 percent surge in phishing and
malware incidents so far this tax season and other reports of scams targeting
others in a wider tax community.

 The emails are designed to trick taxpayers into thinking
these are official communications from the IRS or others in the tax industry,
including tax software companies. The phishing schemes can ask taxpayers about
a wide range of topics. E-mails can seek information related to refunds, filing
status, confirming personal information, ordering transcripts and verifying PIN
information.

 Go here for more information…..

 
FYI  this is a repost that  i believe is interest to readers of my blog.

Microsoft Virtual Academy Courses for IT Pros

Microsoft has Microsoft Virtual Academy (MVA) that has lots of good content for you … Here are some IT Pros classes the are all free

Using PowerShell for Active Directory

IT Pros, if you want to automate redundant tasks correctly watch this course and discover how to turn your real-time management and automation scripts into useful reusable tools and cmdlets. Learn to use PowerShell to better create, query, update, delete, and manage your Active Directory. Our expert instructors show you what you need to know about how PowerShell works, and how to put it to work for you!


Enterprise Mobility Suite: Beyond “Bring Your Own Device”

In this course, you’ll learn the basics of Advanced Threat Analytics (ATA), including what it does and how it works. You’ll also get an in-depth look at the supporting services and infrastructure to further implement, manage, and protect your technology assets through on-premises and user-owned technologies and devices. Take what you’ve learned about Enterprise Mobility Suite (EMS) and “Bring Your Own Device” (BYOD) to the next level in this demo-rich training course!


Azure Active Directory Core Skills Jump Start

If you’re constantly resetting customer passwords, this course could solve the problem! Microsoft Corporate Vice President Brad Anderson and Microsoft Technical Evangelist Simon May dive into enterprise mobility, BYOD, and Identity and Access Management (IAM). Don’t miss this in-depth exploration of Azure Active Directory.​​​


Windows 10: Top Features for Consumers

Watch this course for hands-on Windows 10 training for consumers and IT Pros! You’ll get an in-depth look with popular author and technology journalist Ed Bott and Microsoft Worldwide Retail Sales & Marketing Director Ben Rudolph. Explore Windows Hello and the Start menu, along with Cortana, OneDrive, mail, and photos, get practical tips for using Windows 10, and learn about Microsoft Edge

Getting Started with Azure Security for the IT Professional

Does a cloud solution meet your bar for security? If you’re looking at the cloud, you probably have a lot of questions about available solutions, including whether it meets industry standards, attestations, and ISO certifications. Get the information and the confidence you need, from the pros who know, as they demystify security in the cloud. Watch here.

Hybrid IT Management Part 1: Insights, Visibility, and Security Analytics

Watch this course to get deep insights and visibility into your infrastructure, and learn to help protect your IT environment. Microsoft experts show you how to make the most of powerful, robust security and threat analytics capabilities as you modernize your datacenter, in this first in a multi-part series on hybrid IT management.

Deep Dive into Azure Resource Manager Scenarios and Patterns

IT Professionals and Architects, if you’ve got an Azure application with a lot of components or if you’re setting up an Azure deployment, watch this course. An international team of experts shows you how to use Azure Resource Manager (ARM) to manage your Resource Groups and to easily spin up or spin down elements of your application infrastructure.

Microsoft Intune and System Center Configuration Manager Core Skills

Are you continuously balancing flexibility and security, as you enable mobility? We can help! Watch this course as Microsoft Director of Program Management Michael Wallent, Microsoft Technical Evangelist Simon May, and Microsoft engineers teach you how to enable BYOD by deploying a mobile device management (MDM) solution.

A Deep Dive into Nano Server

How does Nano Server fit into the software-defined datacenter? Watch here to get the details, in this fact-filled exploration of Nano Server, led by a team of experts. Learn how to build, deploy, and manage Nano Server to increase speed and agility, tighten security, decrease resource consumption, and boost ROI in the integrated datacenter and into the cloud.


Security in a Cloud-Enabled World

How secure is your data in the cloud? Watch here to find out, with Microsoft Chief Security Advisor Tim Rains and Microsoft Solutions Architect Mark Simos, as they walk you through the customer responsibility roadmap in the Microsoft Cloud Security for Enterprise Architects poster. Whether you’re securing IT assets in a public cloud or a hybrid implementation, if you’re concerned about the increase in cybersecurity threats, don’t miss this opportunity to learn from the same framework that the Microsoft cybersecurity team uses.​

Azure Active Directory Core Skills Jump Start

Watch this course as Microsoft Corporate Vice President Brad Anderson and Microsoft Technical Evangelist Simon May help you prepare your environment for mobility with Windows 10, including Identity and Access Management (IAM) in Azure AD, single sign-on, user self-service management, multifactor authentication, and more!

 
Security in the Enterprise
In this course, experts Simon May and Erdal Ozkaya take you through
social media platforms to discover how they really work. Get tips and practical advice on social
networking security, and explore methods of developing a secure baseline and how to harden your
Windows Enterprise architectures and applications from pass-the-hash and other advanced attacks.
Learn how to help improve your organization’s security with Microsoft operating systems and tools.




 

Microsoft Virtual Academy Courses for Azure users

Microsoft has Microsoft Virtual Academy (MVA) that has lots of good content for you … Here are some Azure classes the are all free


Azure Active Directory Core Skills Jump Start

If you’re constantly resetting customer passwords, this course could solve the problem! Microsoft Corporate Vice President Brad Anderson and Microsoft Technical Evangelist Simon May dive into enterprise mobility, BYOD, and Identity and Access Management (IAM). Don’t miss this in-depth exploration of Azure Active Directory.​​​

Getting Started with Azure Security for the IT Professional

Does a cloud solution meet your bar for security? If you’re looking at the cloud, you probably have a lot of questions about available solutions, including whether it meets industry standards, attestations, and ISO certifications. Get the information and the confidence you need, from the pros who know, as they demystify security in the cloud. Watch here.

Hybrid IT Management Part 1: Insights, Visibility, and Security Analytics

Watch this course to get deep insights and visibility into your infrastructure, and learn to help protect your IT environment. Microsoft experts show you how to make the most of powerful, robust security and threat analytics capabilities as you modernize your datacenter, in this first in a multi-part series on hybrid IT management.

Deep Dive into Azure Resource Manager Scenarios and Patterns

IT Professionals and Architects, if you’ve got an Azure application with a lot of components or if you’re setting up an Azure deployment, watch this course. An international team of experts shows you how to use Azure Resource Manager (ARM) to manage your Resource Groups and to easily spin up or spin down elements of your application infrastructure.

Azure Active Directory Core Skills Jump Start

Watch this course as Microsoft Corporate Vice President Brad Anderson and Microsoft Technical Evangelist Simon May help you prepare your environment for mobility with Windows 10, including Identity and Access Management (IAM) in Azure AD, single sign-on, user self-service management, multifactor authentication, and more!

 
Using XML in SQL Server and Azure SQL Database

View this course to learn about XML, a commonly used data format often used to store and
communicate data structures used by applications. Our instructors show you how SQL Server
and Azure SQL Database provide built-in support for XML that enables application developers
to combine relational and XML data structures at the database