My information Resource (blog.mir.net)

Sponsored by InfraGard ∴ ISACA ∴ (ISC)2 ∴ ISSA ∴ OWASP ∴ HTCIA ∴ ACFE .

The conference will be opened with a keynote address by Tim Rains, Chief Security Advisor, WW Cybersecurity & Data Protection, Enterprise & Partner Group, Microsoft Corporation followed with a keynote by Ron Ross, Fellow at the National Institute of Standards and Technology (NIST).

You can and should register here this will sell out and no walking will be allowed

The event will be held at

 Microsoft NYC Office
11 Times Square, New York City, NY

The schedule includes

You can and should register here this will sell out and no walking will be allowed

 

Sponsored by InfraGard ∴ ISACA ∴ (ISC)2 ∴ ISSA ∴ OWASP ∴ HTCIA ∴ ACFE

NYMJCSC is also offering a pre-conference workshop on Tuesday, October 13th featuring four in-depth full-day hands-on classroom-style educational courses to expand your knowledge and foster security discussions.

Register here this will sell out and no walking will be allowed.

Workshops will be offered at

NY Seminar and Conference Center
71 West 23rd Street
Chelsea Center
New York City, NY 10010

Workshop 1: PowerShell for Auditors

Speaker Guy Hermann

Hand on PowerShell for IT security and auditors … requires BYOD Instructor: Guy Hermann PowerShell is a remarkably powerful tool that can be used by administrators to automate many aspects of their environment. PowerShell really starts to shine when used to audit and secure a Microsoft Windows ecosystem. Starting with an introduction to PowerShell, this brief overview explores PowerShell and exposes how it can be used to help secure Windows. This one-day session covers PowerShell from beginning to end, exposing participants to the wide range of tools available through PowerShell.

Workshop 2: Wireless Shock and Awe 

Speaker Tim Singletary

Be worried about what exposed via Wireless Instructor: Tim Singletary The ease of use, mobility, and convenience has made wireless technologies not only prevalent but the defacto standard for most individuals as well as corporate America. Wireless throughout the years has not become magically secure just because it is more often used than not. Both companies and individuals are at risk of many variants of wireless attacks, from basic war driving to rogue access points.

Workshop 3: Privacy and the Dark Net

Speaker Chris Roberts

What the Internet knows about you and your company

Workshop 4: Application Security

Speakers

Tom Brennan, Ken Belva, Vladislav Gostomelsky 

Part 1: Take a tour of the OWASP foundation:

Part 2: Live hacking demonstration using OWASP ZAP and OWASP WebGoat to find vulnerabilities.

Part 3: Deep dive into specific application threat surfaces.

Register here this will sell out and no walking will be allowed.

 

If you are a user of Apple IOS devices like iPhone and iPad please be aware that legitimate apps in the App Store were made with an infected copy of Xcode .

Xcode is used for developing iOS and OS X apps by developers.  If you are a user of Apple IOS devices like iPhone and iPad please be aware that legitimate apps in the App Store were made with an infected copy of Xcode.  This malicious code infected an unknown number of iOS apps and reports range from 0v34 80 apps depending on the news media report you read. 

If you find you have installed one of the infected apps, the solution is to uninstall the app or update if available and some of the infected have not been replaced and are currently unavailable in the App Store. Once you have removed or updated all the infected apps you should change your iCloud password and any other passwords inputted on your iOS device as a precaution.

http://bgr.com/2015/09/21/app-store-hack-iphone-malware-apps-list/

http://researchcenter.paloaltonetworks.com/2015/09/malware-xcodeghost-infects-39-ios-apps-including-wechat-affecting-hundreds-of-millions-of-users/

 

Device Guard relies on Windows 10’s virtualization-based security to allow only trusted applications to run on devices.

Microsoft Device Guard is a feature set that consists of both hardware and software system integrity hardening features that revolutionize the Windows operating system’s security. Windows 10 employs Device Guard as well as code integrity and advanced hardware features such as CPU virtualization extensions, Trusted Platform Module, and second-level address translation to offer comprehensive modern security to its users.

You can learn more about this feature here

Credential Guard protects corporate identities by isolating them in a hardware-based virtual environment. Microsoft isolates critical Windows services in the virtual machine to block attackers from tampering with the kernel and other sensitive processes. The new features rely on the same hypervisor technology already used by Hyper-V.

Credential Guard offers the following features and solutions:

Using hardware-based virtualization to extend whitelisting and protecting credentials. Hardware-Based security has the advantage of platform security features, such as Secure Boot and virtualization to increase security

Microsoft has also fixed the issue that could result in to credential theft attacks, such as Pass-the-Hash or Pass-The-Ticket, with, Credential Guard. This new technology uses virtualization-based security to isolate secrets so that only privileged system software can access them when they are stored on disk or in memory.

You can learn more about Credential Guard here

Windows Hello is a more personal, more secure way to get instant access to your Windows 10 devices using fingerprint, face, or eye recognition. Most PCs with fingerprint readers are ready to use Windows Hello now, and more devices that can recognize your face and iris are coming soon. For face recognition you will need a special camera like the Intel® RealSense™ .

You can learn more about Hello here

 

 

 

 

 

 

 

Download all formats (PDF, Mobi and ePub) at the Microsoft Virtual Academy.

July 15, 2015 update: You can now get this eBook with interactive features by downloading the free Microsoft Press Guided Tours app from the Windows Store.

 

Getting Started with Azure Security for the IT Professional If you’re an IT Professional interested in cloud security options you will want to watch this course. Get the information and the confidence you need from Rick Claus and a team of security experts and Azure engineers, as they take you beyond the basic certifications and explore what’s possible inside Azure. Find out how to ensure that your cloud solution meets (and exceeds!) your own personal and your organization’s bar for security, including industry standards, attestations, and International Organization for Standardization (ISO) certifications.

Click Here for the class

Windows 10: Update for IT Pros

Watch this course as Australia Senior Evangelist, Jeff Alexander explores Windows as a Service, and what it means for your business. He discusses Windows 10 deployment, and the new and updated ways to update devices. You’ll learn what’s new in management and the Windows Store, the new runtime provisioning feature in Windows 10, and the new era of security features in Windows 10. ​

Click Here for the Class

 

The conference will be opened with a keynote address by Tim Rains, Chief Security Advisor, WW Cyber security & Data Protection, Enterprise & Partner Group, Microsoft Corporation followed with a keynote by Ron Ross, Fellow at the National Institute of Standards and Technology (NIST).

For 2015, NYMJCSC is offering a pre-conference workshop on Tuesday, October 13th featuring four in-depth full-day hands-on classroom-style educational courses to expand your knowledge and foster security discussions.

NYMJCSC: Who We Are
The New York Metro Joint Cyber Security Conference is a collaborative event cooperatively developed, organized and sponsored by the leading information security industry organizations and chapters.

• InfraGard (New York Metro)
• ISACA (New York Metro, New Jersey and Greater Hartford Connecticut)
• (ISC)2 (New Jersey)
• ISSA (New York)
• OWASP (New York Metro, Long Island, Brooklyn)
• HTCIA (North East Region)
• ACFE (New Jersey)

Driven by the collaboration between members of this coalition, the strength of organizational membership, the provision of desirable CPE credits and the concurrence of National Cyber Security Awareness Month, the NYMJCSC promises — once again — to be a well-attended by members of the information technology, information security, audit, academic, and business communities.

As part of our educational mission as a coalition of non-profit organizations, registration fees are only to cover the costs of the facility, food and refreshments.

Schedule for workshops OCT 13 is Here

Schedule for Oct 14 is Here

 

This article, Major flaw in Android texting discovered, originally appeared on TechRepublic.com.

View gallery

.

Recently, a rather disturbing flaw has been discovered in the Android platform. Joshua Drak, from Zimperium zLabs, reported some serious flaws in the Android platform back in April, 2015. Simply by knowing a user’s phone number, someone could send a text to that number and break into the device. The end user doesn’t need to open a file, click on a link, or install a third-party piece of software. They only need receive a text.

To make matters worse, the malicious code takes over the second said text is received, even before Android has had a chance to notify you of the incoming missive.

How it works is simple:

1. The hacker creates a short video
2. The hacker tucks malicious code inside the video
3. The hacker texts the video to your number

If you’re using the Google Hangouts messenger app, the video processes the second it is received. The attacker could even delete the message before you noticed (if you ever noticed) anything had gone on. If, on the other hand, you’re using the default messenger app, you would actually have to view the text before processing begins.

The flaw resides in the Android media playback system called Stagefright, which allows users to infiltrate a device and exfiltrate data. There are six major remote code execution bugs, and they are said to be the worst Android flaws to ever be uncovered. To make matters worse, most affected software has not been patched.

In some older devices, such as the Samsung Galaxy S4, the malicious code runs with escalated privileges, so the attacker gains access to even more data.

The good news is the patch for this vulnerability has been submitted and should find its way to your device very soon.

What to do now

Until the patch has managed to make its way to your device, your best bet is to not use Google Hangouts. Period. If you’ve adopted Hangouts as your default messaging tool, unset it. To do this, follow these steps:

1. Open Hangouts
2. Tap the overflow menu (three horizontal lines in the top left corner)
3. Tap Settings in the sidebar
4. Tap the account associated with Hangouts
5. Locate Messages (under GOOGLE VOICE)
6. Tap to uncheck Messages
7. Open the default Android Messenger app
8. Tap the menu button
9. Tap Settings
10. Tap Default SMS app
11. Again, tap Default SMS app
12. Select Messenger (Figure A)

Figure A

View gallery

.

Image: Jack Wallen

Unsetting Google Hangouts as the default SMS client.

You should also consider using an SMS blocker tool, such as TEXT BLOCKER to help prevent incoming texts from unknown numbers.

At this point, at least you know that, in order for the malicious code to reach your system, you’ll have to view the message (you don’t even have to play the video). The safest bet is to not even view messages from unknown numbers.

Considering these bugs were reported back in April, it’s fairly shocking to find out they still remain. I hope that the recent release of the known bug (and the ensuing barrage of media coverage) will help light a fire under Google and other application developers to fix this vulnerability.

Second Shot provides you with a free retake on your exam should you need it – at no additional cost to you. To qualify as free, the retake must be the same exam as the one you didn’t pass. Plus, either exam can be taken in a testing center or through Online Proctoring (OP), offering you greater exam taking flexibility. Find out if OP is available in your country.

To qualify for Second Shot,

• Schedule and take an MCP exam between July 12, 2015, and January 12, 2016. Simply go to https://www.microsoft.com/learning, log in, and schedule your exam.

• After your exam, log in to check your personal dashboard at https://www.microsoft.com/learning to verify testing results. Please allow up to 24 hours for results to show up on the dashboard.

• Register for your retake within 30 days of the date from the failed exam date.

• Review the Pearson VUE testing center availability for your specific exam and then schedule your retake.

• For complete terms and conditions of this offer, visit the Second Shot page on our website.

For More Info go here

 

Here are a few classes that you might want attend.

What’s New in Windows Server 2016 Preview Jump Start

Would you like to get your IT department out of the business of managing routine, manual, error-prone tasks so you can finally focus on higher value improvement and deployment activities that delight your enterprise users? Join us for a demo-packed look at Windows Server 2016 Preview, and see why it is the platform of choice for the integrated datacenter.
A team of experts walks you through a host of new automation features and support for partner technologies and your open source solution investments. In these two half-day sessions, explore enhanced virtualization functionality, together with automated processes and configuration to help you spin up compute, storage, and networking resources faster. Preview new features that reduce system downtime, find out how rolling upgrades can help you adopt updates and operating systems faster for Hyper-V and Scale-Out File Server, and take a look at new storage replication technology. Plus, check out the zero-footprint, cloud-optimized Nano Server technology, along with scripting with the new PowerShell Desired State Configuration features. Build on your Windows Server knowledge, and find out what’s new in Windows Server 2016 Preview!

Course Outline:

• Introducing Windows Server 2016 Preview
• Server Virtualization in Windows Server 2016 Preview
• Introducing Nano Server
• Introducing Windows and Hyper-V Containers
• Software-Defined Storage in Windows Server 2016 Preview
• Software-Defined Networking in Windows Server 2016 Preview
• Automation in Windows Server 2016 Preview

Register Here

Preparing Your Enterprise for Windows 10 as a Service

What do you need to begin testing Windows 10 for your organization? Find out, in the fifth episode of the Enterprise Mobility Core Skills series. Learn about and see some of the features that make Windows 10 useful to your users and a powerful technical platform for IT Pros.
Gain core skills around new infrastructure components to take advantage of everything in Windows 10. Find out how Windows will evolve through servicing, and learn how you can make the most of servicing to get new features to your users faster.

Register Here

 

Getting Started with Windows 10 for IT Professionals

Here is a online course you can take about windows 10

Register Here