POPULARITY
2 episodes with advanced threat protection
3 episodes with advanced threat protection
2 episodes with advanced threat protection
2 episodes with advanced threat protection
2 episodes with advanced threat protection
2 episodes with advanced threat protection
2 episodes with advanced threat protection
In this episode of the Security Swarm Podcast, the dynamic duo Andy Syrewicze and Paul Schnackenburg discuss the software quality problem in the cybersecurity and technology industry, as highlighted by Jen Easterly, the director of CISA. They delve into the risks associated with software selection, the role of industry analysts, the importance of software stability and security over innovation, and the need for developers to focus on secure coding practices. One area Andy and Paul focus on are the risks associated with software selection, highlighting the importance of evaluating factors such as the software's origin, reputation, and security features when making decisions. Andy and Paul also discuss the role of industry analysts like Gartner and Forrester, and how their focus on innovation and feature sets may not always align with the critical need for stability, security, and reliable support. Do you want to join the conversation? Join us in our Security Lab LinkedIn Group! Key Takeaways: The cybersecurity industry has a software quality problem, not just a security problem. Selecting software requires careful risk assessment, considering factors like the software's origin, reputation, and security features. Industry analysts often focus on innovation and features rather than software stability and security. The technology industry should reward software that is stable, secure, and operates as intended, not just the latest innovative features. Developers need to be trained in secure coding practices, as many graduates lack this knowledge. Understanding how threat actors could exploit vulnerabilities is crucial for developers to write secure code. The software landscape is constantly evolving, and the threat landscape is changing, requiring ongoing education and adaptation. Supply chain risks, such as pre-installed malware on refurbished devices, highlight the need for comprehensive security measures. Timestamps: (06:04) Assessing Software Risks (16:50) The Analyst Approach (21:11) Rewarding Stability and Security (27:16) Secure Coding Practices in Academia (32:59) Developers Understanding Threat Actors (34:33) Supply Chain Risks (37:32) Valuing Stability and Security over Innovation Episode Resources: Paul's Article Andy and Eric's Episode on Vendor Risk -- Proactively protect your organization's email from the growing threat of software vulnerabilities and malicious attacks. 365 Total Protection provides comprehensive security for Microsoft 365, safeguarding your business with advanced threat detection, spam filtering, and email encryption. Ensure your software is secure and your data is protected with Hornetsecurity's industry-leading 365 Total Protection. Defend your organization against sophisticated cyber threats with Hornetsecurity's Advanced Threat Protection, powered by cutting-edge technology. Our advanced system analyzes email content and attachments to detect and block even the most evasive malware and phishing attempts. Stay one step ahead of threat actors and protect your business with Hornetsecurity's Advanced Threat Protection.
In this episode, Andy and Paul, the dynamic duo of the Security Swarm Podcast, delve into the often-overlooked security of the Windows boot process, revealing how recent leaks have compromised its integrity. Join Andy Syrewicze and Paul Schnackenburg as they break down how the boot process has evolved from the BIOS days to today's sophisticated UEFI system. They explore features like Trusted Boot and Secure Boot, which are designed to stop rootkits and other malware from hijacking the system. But things aren't as secure as they seem. Recent leaks of platform keys, including the infamous "PKFail" incident, have exposed vulnerabilities that threaten the whole system. Listen on to discover how these vulnerabilities are being exploited by attackers, the potential risks they pose to your system, and what you can do to safeguard your devices. Do you want to join the conversation? Join us in our Security Lab LinkedIn Group! Key Takeaways: The Windows boot process is more complex than you think: It includes multiple phases, from basic hardware checks to kernel initialization and anti-malware checks, all before you even see the login screen. Secure boot and measured boot aim to protect against rootkits and bootkits: These security features check for trusted components and fingerprint the boot process to detect unauthorized changes. PKFail exposes a major vulnerability: A leaked test key used across 800 motherboard models allows attackers to bypass secure boot and load malicious software during the boot process as if it were legitimate. Firmware vulnerabilities are widespread: The boot process isn't the only place where attackers can hide malware. Network cards, storage devices, and other components with firmware can also be compromised. Rootkits and bootkits are persistent and difficult to remove: They can survive operating system reinstallation and are incredibly difficult to detect and remove, making them highly effective for attackers. Updating firmware is crucial: You need to keep your firmware updated just like you update your operating system and software to protect yourself from vulnerabilities. Beware of the dangers of compromised hardware: While less common than other attacks, these vulnerabilities should be addressed seriously. If you suspect a machine is infected, it's often best to discard it entirely. Timestamps: (01:27) Overview of Boot Process (05:39) Breakdown of the Boot Process Steps (08:44) Secure Boot and its Features (12:13) The PKFail Leak: Leaked Platform Key Weakens Secure Boot (17:18) Bootkits and Rootkits - The Types of Attacks (22:41) Digital Supply Chain Issues and the Leaked Keys (27:42) Mitigating PK Fail & Updating Firmware (30:15) Balancing Risk Profile & Protecting Against Other Attacks (31:39) Why Rootkits are a Major Persistence Threat Episode Resources: Github Repo of known compromised devices Ars Technica Article regarding UEFI Malware Intel Boot Guard News -- Hornetsecurity's Advanced Threat Protection (ATP) can help you stay ahead of these threats. ATP provides: Threat intelligence: Stay informed about emerging security threats like bootkit and rootkit vulnerabilities. Advanced detection: Identify and block these highly sophisticated threats before they can compromise your systems. Real-time protection: Prevent malicious code from executing, even at the boot level. Don't wait for a breach! Contact Hornetsecurity today to learn how Advanced Threat Protection can help you secure your boot process and protect your organization from the most persistent malware threats. Click here to schedule a free consultation with a Hornetsecurity specialist.
In this episode of the Security Swarm Podcast, host Andy Syrewicze and guest Michael Posey discuss the new password guidelines and recommendations released by NIST (National Institute of Standards and Technology). They cover a range of topics related to password security, including the importance of password length over complexity, the move away from composition rules and periodic password changes, the risks associated with knowledge-based authentication, the concept of password entropy, and more! Throughout the conversation, Andy and Michael draw on their extensive experience in the cybersecurity field to offer practical advice and perspectives on the changing landscape of password security. Do you want to join the conversation? Join us in our Security Lab LinkedIn Group! Key Takeaways: NIST recommends a minimum password length of 8 characters, with a suggested length of 15 characters or more. NIST has recommended removal of the requirement for password composition rules, such as the need for special characters, numbers, and uppercase letters. NIST states that password providers SHALL NOT require periodic password changes unless there is evidence of a breach, as this can lead to users creating predictable password patterns. The use of ASCII and Unicode characters is now encouraged, allowing for more diverse and random password options. Password entropy (randomness) is more important than password complexity, as modern computing power can quickly crack simple but complex-looking passwords. For mission-critical systems, organizations may still choose to implement more rigorous password policies, even if they deviate from the NIST recommendations. The industry is exploring new hashing methods and technologies, such as passkeys, to address the challenges posed by GPU-based brute-force attacks. Timestamps: (07:40) Credential Service Provider (CSP) Requirements and Recommendations (10:02) Removing Password Composition Rules (14:21) Ending Periodic Password Changes (19:48) The Importance of Password Entropy and Length (28:30) Phasing Out Knowledge-Based Authentication (30:30) The Impact of Password Length on Cracking Time Episode Resources: NIST Publication 800-63B -- To enhance your organization's security posture, consider implementing Hornetsecurity's Advanced Threat Protection. This solution provides AI-powered defense against sophisticated attacks, ensuring your emails and data remain secure. By adopting best practices in password management and utilizing advanced security features, you can significantly reduce the risk of breaches. Protect your business today and stay one step ahead of cyber threats. Learn more about Advanced Threat Protection here.
In this episode of the Security Swarm Podcast, host Andy Syrewicze and guest Eric Siron provide a comprehensive monthly threat review. They cover several major cybersecurity incidents and trends from the past month, including: The massive data breach at data broker National Public Data exposed over 2.9 billion personal information records. They discuss the risks of this breach, such as increased targeted phishing and social engineering attacks. A joint government agency warning about the Ransom Hub ransomware has impacted over 200 victims since February 2022, including critical infrastructure and high-profile organizations. A case study of an IT administrator who held his employer's systems for ransom by deploying logic bombs, highlighting the risks of insider threats even within trusted IT teams. They also touch on the topics of vendor risk management and the history of election tampering and provide recommendations for organizations to mitigate these threats. In conclusion, EP62 provides valuable insights into the ever-changing cybersecurity landscape and offers practical advice for security professionals. -- Secure your organization against the evolving threat landscape! Discover how Hornetsecurity's Advanced Threat Protection, Security Awareness Service, and 365 Total Protection can safeguard your business from data breaches, insider threats, and more. Learn more and protect your organization today! -- Do you want to join the conversation? Join us in our Security Lab LinkedIn Group! Key Takeaways: The National Public Data breach exposed a vast amount of personal information, including names, email addresses, phone numbers, Social Security numbers, and more. This creates risks of more targeted phishing and social engineering attacks. The continued use of easily abused identification methods like Social Security numbers underscores the urgent need to explore more secure alternatives, such as cryptographic key pairs. This is crucial in reducing the risks of identity theft. Insider threats from trusted IT staff members can pose a significant risk, as evidenced by the case of an IT admin holding their employer's systems for ransom. Implementing practices like just-in-time administration and least-privilege access is crucial to mitigate these potentially devastating threats. Overreliance on cloud-based services and a single vendor for critical business functions can lead to vendor risk and single points of failure. Election security remains a significant concern, with the threat of interference and disinformation campaigns continuing. Ensuring robust cybersecurity measures at the state and local levels is crucial for protecting the integrity of elections. Timestamps: (03:17) The National Public Data Breach (12:21) The Issues with Social Security Numbers (18:02) The Danger of Insider Threats (27:10) The Risks of Vendor Dependence (34:12) Recommendations for Protecting Against Threats Episode Resources: Security Lab LinkedIn Group - Security Lab LinkedIn Group September Monthly Threat Report - In-depth analyses from Hornetsecurity's Security Lab Joint Government Agency Announcement on RansomHub - #StopRansomware: RansomHub Ransomware | CISA Security Swarm Passkeys Episode - Passkeys in Microsoft Entra: Benefits, Implementation Tips & More (hornetsecurity.com) Security Swarm Election Tampering Episode - How Threat Actors Tamper with Elections (hornetsecurity.com)
QR Codes are used everywhere in our society, from reading restaurant menus to accessing Wi-Fi networks and authenticating payments. However, as with any technological advancement, there's a flip side. While QR codes are not malicious in their essence, the landscape has shifted in recent years. Threat actors have evolved their tactics to exploit QR codes in various ways, posing new cybersecurity challenges. In this episode, host Andy teams up with Microsoft Certified Trainer Paul Schnackenburg to discuss the darker side of QR codes and the different ways in which threat actors are deceiving individuals. Episode Resources: The Danger of Malicious OAuth Apps in M365 Train your users to spot malicious emails with the Security Awareness Services Demo Safeguard your users from malicious QR codes with Advanced Threat Protection
Prevent security breaches before they occur with Microsoft Defender for Cloud. Advanced cloud security protection goes beyond general security recommendations and provides predictive and future-facing defense, so users can prioritize security based on connected risks, visualize potential attack paths, and identify vulnerabilities and misconfigurations that attackers might exploit. Recommendations are ranked based on severity and potential impact, so users can focus on the most critical issues first. Adwait Joshi, Cloud Security Senior Director, shows how users can set up and improve their cloud security posture using Microsoft Defender for Cloud. ► QUICK LINKS: 00:00 - Cloud Security Posture Management in Defender for Cloud 02:09 - Demo: How to set it up 02:52 - Improve cloud security posture 05:23 - Cloud Security Explorer 08:37 - Secure Score 09:03 - Wrap up ► Link References For more information, check out https://aka.ms/MDCdocs ► Unfamiliar with Microsoft Mechanics? As Microsoft's official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft. • Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries • Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog • Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast ► Keep getting this insider knowledge, join us on social: • Follow us on Twitter: https://twitter.com/MSFTMechanics • Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/ • Enjoy us on Instagram: https://www.instagram.com/msftmechanics/ • Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics
We're back for another episode with Umut Alemdar - Head of Security Lab here at Hornetsecurity. Today, we're discussing Advanced Threat Protection (ATP) and its crucial role in detecting, preventing, and responding to increasingly sophisticated cyber threats. Throughout the episode, Andy and Umut discuss common ATP techniques such as sandboxing, time of click protection, and spam filters, all of which are critical in fortifying defenses against malicious actors. Furthermore, they emphasize the vital function of the natural language understanding module in ATP in detecting sophisticated social engineering attacks. While this episode focuses on ATP in general, Andy and Umut draw concrete examples from our own ATP scanning methods here at Hornetsecurity. Timestamps: 2:05 – What is Advanced Threat Protection 5:50 – What are common scanning techniques used by ATP technologies 10:35 – How does Sandboxing work in ATP scanning techniques? 13:07 – What is the role of AI within ATP scanning? 18:09 – Concrete example of where ATP saves the day 20:11 – Scanning for malicious QR codes Episode Resources: Advanced Threat Protection We used ChatGPT to Create Ransomware Bit.ly QR Code Index Andy on LinkedIn, Twitter or Mastodon Umut on LinkedIn
Britton Johnson is a Staff Solution Engineer at VMware and in this episode we talk about the new security and advanced threat protection features in NSX 4.1! Resources: https://www.linkedin.com/in/britton-johnson-05872959/ https://twitter.com/vcixnv
Microsoft's M365 solution includes a growing and evolving number of security solutions. These include MFA, Exchange On-Line Protection, Advanced Threat Protection and others, some new, some improved. This podcast will be an overview of the solutions in M365 today, solutions that are either baked in to our existing M365 licenses at no additional cost or available at a nominal cost, that offer the possibility to retire and displace more expensive 3rd party solutions. Moderator: @Mark Manoukian - IT Director, Kegler, Brown, Hill & Ritter Speaker: Paul Edlund - Chief Technologist - Midwest, Microsoft Recorded on 03-04-2022
Bitdefender discovers around 400 new threats each minute and validates around 30 billion threat queries daily, making it one of the industry's most extensive, real-time views of the evolving threat landscape. What role does XDR play in that and how can it help your organization? Shelby Skrhak talks with Daniel Daraban, Group Product Manager at Bitdefender, about: How Bitdefender tracks threats The pros and cons of EDR (endpoint detection and response) The scope of XDR What sets Bitdefender apart For more information, read “Want to get started with XDR? XEDR may be the best place to begin” or email Samantha Sisk (ssisk@bitdefender.com). To join the discussion, follow us on Twitter @IngramTechSol #B2BTechTalk Listen to this episode and more like it by subscribing to B2B Tech Talk on Spotify, Apple Podcasts, or Stitcher. Or, tune in on our website.
Symantec, nu en Enterprise-division af Broadcom, fortsætter med at investere og innovere i Endpoint Security og Advanced Threat Protection, som placerer dem som en topspiller i begge markedssegmenter for sjette år i træk. Lyt med og få indsigt i hvordan trusselsbilledet har ændret sig, hvordan truslerne er blevet mere komplekse og bedre til at skjule sig og hvordan Symantec beskytter virksomhedens data mod nye typer af trusler. I studiet er Kim Borup og Kim Elgaard som dykker ned i Symantec 4 fokus områder: Endpoint Security, Web & Email Security, Information Security og Identity Security og giver konkrete eksempler på i hvilke situationer, det er aktuelt at anvende disse sikkerhedsløsninger i.
Symantec, nu en Enterprise-division af Broadcom, fortsætter med at investere og innovere i Endpoint Security og Advanced Threat Protection, som placerer dem som en topspiller i begge markedssegmenter for sjette år i træk. Lyt med og få indsigt i hvordan trusselsbilledet har ændret sig, hvordan truslerne er blevet mere komplekse og bedre til at skjule sig og hvordan Symantec beskytter virksomhedens data mod nye typer af trusler. I studiet er Kim Borup og Kim Elgaard som dykker ned i Symantec 4 fokus områder: Endpoint Security, Web & Email Security, Information Security og Identity Security og giver konkrete eksempler på i hvilke situationer, det er aktuelt at anvende disse sikkerhedsløsninger i.
Show Links: YouTube Playlist Azure Sentinel webinar: KQL part 3 of 3 - Optimizing Azure Sentinel KQL queries performance What’s new: Office 365 Advanced Threat Protection connector in Public Preview How to Protect Office 365 with Azure Sentinel What’s New: Cross-workspace Analytics Rules
Learn how experts reduce the cost of Office 365 by more than 50%. Learn about Office 365 Advanced Threat Protection, Customer Lockbox, Advanced Data Governance, Manual retention, deletion policies, manual classifications, Auto classification, Assess risk, Office 365 Cloud App Security, MyAnalytics, Power BI Pro, Office 365 PSTN calling, Microsoft Planner, Microsoft Teams, Microsoft Kaizala, Yammer, Microsoft Teams live events, SharePoint Audits, Outlook, Word, Excel, and PowerPoint, and OneNote
Check out updates on how you can manage and secure distributed multi-cloud compute resources in Azure using Azure Arc. This extends a unified management plan to your virtual machines and physical servers on-premises, including your SQL Servers wherever they are. Travis Wright, Principal Group Program Manager from the Azure Data Engineering Team, joins host Jeremy Chapman to share the latest updates. If you're new to Azure Arc, it simplifies complex and distributed environments across on-premises, edge, and multi-cloud into a unified central management plan in Azure. Now you don't have to migrate these resources or move them to a common directory service; they simply stay where they are. This provides a frictionless way of bringing together all the infrastructure and services that you have across the clouds, your data centers, and edge site locations, into a single, consistent view and toolset. Updates include: Manage your entire SQL Server estate from a single point of view and a single toolset from Azure. Azure Arc extends Azure Security Center's vulnerability assessments and Advanced Threat Protection services to SQL Servers in your data center. Azure Policy ensures that services are compliant as they are provisioned. Track compliance in the Azure Policy compliance dashboard. Monitor all your Kubernetes clusters from one place using Azure Monitor. Link References: If you missed our show on Azure Arc for data services, check it out at https://aka.ms/ArcDatabase. Get started with Azure Arc, and sign up for the preview at https://aka.ms/AzureArcData. If you are unfamiliar with Microsoft Mechanics, we are Microsoft’s official video series for IT. You can watch and share valuable content and demos of current and upcoming tech from the people who build it at #Microsoft. Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries?sub_confirmation=1 Follow us on Twitter: https://twitter.com/MSFTMechanics Follow us on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/ Follow us on Facebook: https://facebook.com/microsoftmechanics/ #AzureArc #Kubernetes
Talking Security for news about security, attacks, vulnerabilities and tools.
An episode of Talking Security with Pawel Partyka about Office 365 Advanced Threat Protection and Exchange Online Protection. We have talked about the features within Office ATP and also the integration within Microsoft Threat Protection.
One of the major benefits of Azure SQL Database is that the Azure platform provides additional protection for your database against SQL Injection attacks and Data Exfiltration, amongst other threats. Join Joey D'Antoni as he shows you how to configure Advanced Threat Protection, and some of the protections it offers.[01:37] What is Advanced Threat Protection?[02:46] Microsoft Azure Configuration[03:36] Advanced Threat Protection types[04:48] Enable auditing[05:19] Tracking alertsAbout Joey D'Antoni:Joseph D'Antoni is a Principal Consultant at Denny Cherry and Associates Consulting. He is recognized as a VMWare vExpert and a Microsoft Data Platform MVP, and has over 20 years of experience working in both Fortune 500 and smaller firms. He has worked extensively on database platforms and cloud technologies and has specific expertise in performance tuning, infrastructure, and disaster recovery.About MVPs:Microsoft Most Valuable Professionals, or MVPs, are technology experts who passionately share their knowledge with the community. They are always on the "bleeding edge" and have an unstoppable urge to get their hands on new, exciting technologies. They have very deep knowledge of Microsoft products and services, while also being able to bring together diverse platforms, products and solutions, to solve real world problems. MVPs make up a global community of over 4,000 technical experts and community leaders across 90 countries/regions and are driven by their passion, community spirit, and quest for knowledge. Above all and in addition to their amazing technical abilities, MVPs are always willing to help others - that's what sets them apart. Learn more: https://aka.ms/mvpprogram
In this episode we interview Chris Kachigian, Senior Director, Global Architecture at Crowdstrike and Jeff Minor, OEM Sales Manager at Crowdstrike as well as Ben Rice Vice-President of Business Development at Bitglass. We cover a recent partnership announcement between Bitglass and CrowdStrike to provide Agentless Advanced Threat Protection in the Cloud to the large enterprise and the very latest developments in threat protection technology.
The new SharePoint app for #MicrosoftTeams will let you link to any page or list on any SharePoint site in your tenant. Up until now, we've been limited to referencing SharePoint pages on the Team's SharePoint site. Now you can add news, support pages, communications sites, lists and more, from any site in the tenant. Though it will still respect permissions, so ensure it's a resource your team can get to first. - Publishing commands added to Pages library - Basic Authentication Retirement - Advanced Threat Protection campaign views generally available - New Default Background Image for Microsoft 365 and Azure AD Login Screens - Assign policies to a batch of users or a group in Microsoft Teams admin - Managing unhealthy sharing links in SharePoint and OneDrive - Teams Twitter Connector has been retired - Poll added to Outlook Join Daniel Glenn and Darrell as a Service Webster as they cover the latest messages in the Microsoft 365 Message Center. Check out Daniel and Darrell's own YouTube channels at: Daniel - https://www.youtube.com/DanielGlenn Darrell - https://www.youtube.com/modernworkplacescenarios
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
Malspam Pushes Ursnif https://isc.sans.edu/forums/diary/Malpsam+pushes+Ursnif+through+Italian+language+Word+docs/25792/ Safe Documents in Office 365 Advanced Threat Protection https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/safe-docs Wordpress GDPR Cookie Consent Plugin Vulnerability https://blog.nintechnet.com/wordpress-gdpr-cookie-consent-plugin-fixed-vulnerability/ Apple Joins Fido Alliance https://fidoalliance.org/members/ https://research.kudelskisecurity.com/2020/02/12/fido2-deep-dive-attestations-trust-model-and-security/
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
Malspam Pushes Ursnif https://isc.sans.edu/forums/diary/Malpsam+pushes+Ursnif+through+Italian+language+Word+docs/25792/ Safe Documents in Office 365 Advanced Threat Protection https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/safe-docs Wordpress GDPR Cookie Consent Plugin Vulnerability https://blog.nintechnet.com/wordpress-gdpr-cookie-consent-plugin-fixed-vulnerability/ Apple Joins Fido Alliance https://fidoalliance.org/members/ https://research.kudelskisecurity.com/2020/02/12/fido2-deep-dive-attestations-trust-model-and-security/
In episode 22 Jordan & Scott break down Microsoft's Advanced Threat Protection which is an optional group of features that can be added to your Microsoft Office 365 license. Jordan and Scott begin by covering a bit of the NIST security standards and where ATP fits within their recommendations and then get into ATP and what it is. They discuss the most popular features including: Safe Attachments, Safe Links, Anti-Phishing Policies, and Spoof Intelligence. **NOTE: Our Cybersecurity Webinar is on MARCH 5 at 1:00 pm, it was misspoke in the episode as MAY 5. Register for the FREE event at www.mapletronics.com/events
Welcome! Today there is a ton of stuff going on in the world of Technology, and we are going to hit several topics today. From Technological Protection to tactics. Zero-Day Browser Vulnerabilities, Malware Infected Phones, Vulnerable Broadcom Chipsets in Cable Modems. Why connections always mean hacking. Social Engineering. The absolute need for Updates, Patches. The Coming Cyber War is already here, and more on Tech Talk with Craig Peterson on WGANand more on Tech Talk With Craig Peterson today on WGAN and even more. It is a busy show -- so stay tuned. For more tech tips, news, and updates visit - CraigPeterson.com --- Related Articles: Technology Can Only Protect You So Much --- Then Other Tactics are Needed Zero-Day Browser Vulnerabilities A Free but Malware Infected Phone -- Courtesy of the US Taxpayer A Lesson to Learn - If it is Connected It can Be Hacked Routers and Firewalls with Broadcom Chipsets Are Vulnerable Social Engineering Comes to the Forefront of Attacks Updates, Patches, and Hackers Oh My! Cyber War isn’t Coming It is already here! --- Automated Machine Generated Transcript: Hello, everybody, Craig Peterson here a big week when it comes to security updates, and I mean a massive weekend. Welcome to show number 1043. That's weeks people. I've been doing this for a very long time, glad you have joined us, and if you are watching over on YouTube, I'd love to hear from you. Just email me at Craig Peterson calm you know if you're on YouTube or, or Facebook, I've noticed a few people who have subscribed, and I love that thank you very, very much. I hope you get a lot out of the show. If you're listening on the radio, of course, you can also email me at Craig Peterson calm with any questions that you might have. And I always try and answer them now sometimes it takes me a little longer than others. As you can imagine, I am a busy guy. It is kind of a labor of love, but we do want to answer your questions and help You out with everything. Keep an eye on your mailbox this week. Because I am finishing the course of courses. I am so excited about this, so proud of what we're doing. And what I'm trying to do here is help you get to the point where you have all the information you need. If you're the Operations Manager now responsible for it in a company, or you're a smaller company, you know, doctors office, etc. It is going to be great. So keep an eye on your email. Because what I want from you here as I'm finishing this course up is your questions. I want to make sure they all get answered. As I've been going through putting the course together, I've even noticed that there are things that would help take that kind of extra mile if you will, you know there are these concepts that people just don't understand. And I'm going through this thinking oh my gosh, you know, to me, it's so obvious, but to so many people, it's just not because this isn't what they do every day, and they've done every day for years and years. So we're adding a bunch of different things to this course, different bonuses that are going to help. Of course, as we always do, I will still do free training, that's always part of one of these courses when we lead up to it. And there's a lot of people out there that say, Hey, listen, I can get everything I need just from the free training. And you know, between you and me, that's not true. But you can learn a lot from those. So I hope you will attend. And if you're not on my email list right now, even if you're a home user and not a business person, you're not an office manager. Let's say you're a small business owner, and you're wondering if this is something that you should do or not. I think the answer is yes. Because really, I've never been so excited about something ever. It is something I think you're going to love. I know I have put mine all into this and solos my wife. I've had a couple of other people here in our team helping out as well had a great meeting this week. And it's just man, this is exciting. So anyway, if you're not on my email list, sign up right now so that you can get on you can get not just this, but every week I send out videos, I send out a newsletter. I do Facebook Live training and YouTube Live, and we have pop-up training when there's something that's hit the news that you know you're trying to stay ahead of we do all of this stuff, and that's all for free, but you got to be on that particular email list. So subscribe by going to Craig Peterson comm slash subscribe, make sure you're there. I think you're like it. You know, you can always unsubscribe, which some people do, right? It's not for everybody, but most people have been on there for years now. I have people on there. That man, I'm trying And remember, but it's been probably 25 years on that list. So join now Craig Peterson, calm slash subscribe. Now I started by saying that we have some real security problems this week. So I want I'm going to mention this a couple of times during the show, I want to make sure you guys know first of all, huge, huge, huge windows problem out there. And this problem was reported by the National Security Agency. Now, I made mention of this on the radio this week when I was a guest on the morning drive show, but I think it's worth mentioning again, and that is The National Security Agency when they have found these types of bugs. What do they do? They keep them for themselves. They don't want other people to know about the virus, because then they use that bug now to go and grab onto other people's computers, you know, foreign agencies, bad Guys, good guys, people that they're not sure of right all of this stuff. They've been using it for years. We saw this from Edward Snowden and his leaks, right? He went out, saying everything they are monitoring, and that they are capturing and, and they're putting up on to their computers and their data storage over there in Utah and just terrible things. So we know they're doing this stuff. Well, this was amazing to me, because I realized that here under the Trump administration, this is the first administration where the National Security Agency has recognized a more significant responsibility. It isn't just hacking into other people. It's providing security to us, to you to me, right, and helping us to understand what we need to do which yea yea yea right. I've always been trying to help everybody. Get more secure. So I'm glad the NSA is doing that. Now. They didn't do it under the Obama administration or the Bush administration or the Clinton administration, right? They just haven't done this, and I don't think ever. So kudos to them if they're listening. And of course, we know they are. And kudos to the government agency. So this is a big, big deal here with Windows. And we need to understand kind of what it is it's going on. But basically, it has to do with encryption. It has to do with that part of the windows that we use to try and keep ourselves safe. Now, it's not all encryption. I don't want to get too technical. Everybody, you know, my show here is really to help you guys understand things and not get all cliquey and clinical and buzzwordy, although sometimes I am accused of doing that frequently, I try not to. So it has to do with encryption. And it turns out that in the cases of this time, encryption. Microsoft isn't even validating keys, which, as you can gas, if you don't know anything about encryption, is a huge deal. So update windows pronto. Now, there are no known attacks in the wild, but you can be sure those are coming. Also, a big update this week from Firefox because of a massive security hole. You probably know, I love the Firefox browser. I use that Firefox browser. And I hope you do too. It is important if you use Facebook, because of Firefox browser has a special thing where it's fencing Facebook in so that it can't read all these other sites visited. It's great for that, but there is a security bug. So that's news, I guess. We want to make sure we fix that main, and you can do that by updating Firefox. Now Firefox is one of those browsers that updates itself. So hopefully you've recognized it Firefox came up and said, Hey, I want to restart to install patches, and then let it restart, you have to let it restart. And Chrome started doing that as well. Again, never, ever use Microsoft Internet Explorer, it is the definition of a problem for you. Okay, security and otherwise, so don't use Internet Explorer. And also, of course, the Edge browser. I wouldn't use either. And I'm not fond of Google browser, Google Chrome unless you have to use it, right, because some applications only work well in Chrome. So let's get to our first article of the day here. We're talking about half protected is half empty, and you can see behind me, technology can only protect you and me so much. Many of these threat actors, these cyber guys that are out there, they are coming after you and me. And one of the easiest ways to come after us is using phishing smishing some of these other tactics, and we're going to come up here in another segment Today, I'll be talking about smishing. And how bad that has gotten and how you can avoid it six tips. I'll give you here to avoid smishing. But in reality, right now, we're talking about the human element. And what the wetware You and I, right versus hardware and software you and I are doing, and we're getting confused, and they are taking us to task on this. But we've got to be careful here with our security controls. We got to make sure that people only have as much access to data as they need to know so so many businesses will see this all the time. And I understand if you're doing this because it gets kind of complicated to do it the right way. But so many businesses are sharing their file server with everybody. They've got an Active Directory server or some sort of a network-attached storage device, etc. And all of their files are on it, and everybody has access, you don't want to do that. Because all it takes is one person to get fooled into clicking on a link, downloading some of the malware software. And once that malware loads onto their computer, start to spread. Where is it going to spread? Well, heck, it says Look at this, a network-attached file system a file share. I'll just try start to spread that way, and it does. So keep your security controls in place. Make sure you have the minimum necessary access. Make sure when it comes to your password management, be sure that you are using password vault at a very minimum. You can go all the way up to things like Thychotic, which is just phenomenal; it changes passwords and everything as used. But be very, very careful because this can go a long way towards helping your business to stay safe. Train your personnel and make sure they know what they should be doing. You Google has some free tools you can use. I have some tools. In my weekly newsletter, a lot of businesses use that as their training. They have people go through that read it and then answer some questions. So that's all free at Craig Peterson, calm slash subscribe. So stick around. We're going to come back, and we're going to talk more about this whole Firefox warning. And we'll talk a little bit about browsers. You're listening to Craig Peterson. I'm of course on the air on WGN radio and other stations online at correct Peterson dot com Hey, hello, everybody, Craig Petersson here. Welcome back. We're going to talk a little bit right now about browsers. You know, this is the biggest problem I think many of us have when it comes to being online. which browser should I choose? And where am I going to see the problems? Well, as I just talked about in the last segment, and we're going to talk a little bit about now, we have a security vulnerability out there for Firefox. Now, Firefox is a browser made by the group known as Mozilla. And they've been making this browser for quite a few years. Now. I love this browser. I used to use it almost exclusively. Now, I've changed my tune a little bit. And I have a few different browsers that I use, frankly, for different reasons. So let's go through those reasons pretty quickly. One, if I need the most compatibility in a browser. And this usually means I'm using some sort of software as a service online. So I might be trying to do something extraordinary with a Canva, for instance, which is an amazing tool when it comes to graphics. And it doesn't always work so well with other browsers. It refuses to run under the Opera browser. So if I need the highest level of compatibility, it's Google, Google Chrome. And Google Chrome browser is the most supported, and it's number one out there, the most supportive browser, bar none. It didn't use to be, but it sure is now, the second browser level browser that I use for everything except for Facebook. Lately, I've been using Opera O-P-E-R-A. Now opera has browsers for your desktop, whether it's a Mac or Windows machine. Has it for tablets, it has it for your smartphones. P-opera is great. It is Every fast. That's kind of its claim to fame. It's the fastest browser, but it also has the highest level of security. Well, almost right? But of the common browsers that are going to work with most websites opera. So that's number two. Number three is the Firefox browser. Now, remember, I said, I don't run Facebook, inside of opera. And that's because Firefox has an incredible feature. When it comes to running Facebook. It fences it in quite literally see what far what Facebook's trying to do is get all the information they can get about you. Now, that's not necessarily a terrible thing. Because Facebook is frankly, selling advertising and they Want to know? What are you most likely to buy? And you know what this world runs on advertising. We see ads all the time on TV. We hear ads all the time on the radio like right now, if you're listening to me on the radio, you're going to hear ads, right? That's how the lights get kept on at all of these businesses. Now, would you rather see an ad for cars, new cars, when you're looking to buy a new car? Or do you want to see ads for cars all the time? Personally, if I'm looking for a new car, that's what I want to see. ads for a new car. If I'm looking for shoes, that's what I want to see ads for shoes, right? you get the point here. So if Facebook's able to kind of track what you're interested in what your friends are talking about, then it can give you the ads, and it thinks you're going to be interested in I love that concept. And as somebody who owns a business, I particularly love that concept. So I'm not wasting time or money, not wasting the time of people who aren't my customers and would never become a customer by showing them an ad, right? It's like the Super Bowl ads coming up in a couple of weeks here. But those Super Bowl ads that are almost useless and cost millions of dollars, you know, those are almost useless. So from an advertising standpoint, I love the fact that Facebook keeps that information. As a consumer, I love the fact that pays Facebook keeps that information. However, What I don't like is Facebook's habit of doing what's called cross-site tracking. What that means is Facebook knows Hey, I went to this site I went to that site, and it can help them with selling stuff it knows Hey Greg just went to the Ford website Ford trucks he was looking at, etc. etc. And so now it says Hey, Mr. Chevy dealer Are you interested in maybe buying some advertising is handed off to good old Craig there. And that's how they're making money as well. And so the Chevy guys happy because his ad went to somebody who was potentially going to buy the competition, which by the way, I buy an F 150. Any day over so many of the other products on the market, let me say that we can talk about that some other time, or a rather lengthy discussion. But that's what they're doing. So in the faith in the Firefox browser, when you're running Facebook, what it's doing is it is blocking that cross-site tracking. Because when you like something on Facebook, you might not be aware of it, but it can use some of that information for the cross-site tracking stuff. And there's a lot of information that I just don't want Facebook to have any of their business. Remember, it ends up in the hands of who knows who. Everyone to the Obama campaign. Did you want all of your information given to a political party? Then when Trump ran, they sold some of the information through a third party over in the UK to the Trump campaign. Alright, and so I certainly get it What? Why weren't people upset that the record of literally billions of people was handed right over to the Obama campaign, and yet, few only 10s of millions went to the Trump campaign, and everybody freaks out. Well, I guess that's part of the Trump derangement syndrome, right? So that's why I don't like Facebook to do cross-site tracking. none of their business was out. I'm going online, frankly. And that's where I use the Firefox browser. It's got some excellent cross-site tracking features built-in Plus it has some other features about advertising. And one of the ways that the web sites can figure out who you are, even if you turn off tracking, is to look at what plugins you have installed in your browser, right? A little bit about the history, the cache, the memory in your browser and your computer, right? The operating system version, the computer, the version of the browser, all of that stuff gets pulled out together, come up with a unique picture of who you are. So even if they can't say cookies, they can get all of this information, figure out who you are. Blocking Facebook from doing that when you are on Firefox, and in fact, Firefox blocks that kind of information gathering, no matter which website you're going to, it isn't just Facebook, so check it out. But the Department of Homeland Security now has come out issued a notification encouraging People to upgrade the Firefox browser. It is because there are serious critical actions where they use a security problem with the version of the Firefox browser. So they're warning us, they're advising us, they are encouraging us to make sure we update our Firefox browser up to at least version 72. Now the beautiful thing about the Firefox browser is it always tries to keep itself up to date. And so if your browser, whether it's Chrome or Firefox or anything if your browser comes up and says, Hey, I want to do an update, just let it do the update. Okay? Which usually means you have to quit the browser and restart it. So that's a huge deal because it's likely unless you configured it differently. You can tell it hey, I want you to reopen all the tabs I had open before all of the windows I had open and I do that all the time. I have, by the way, a little browser plugin that I use that you might like, it is called the Great suspender. I figured I should mention this to you guys, the great suspender. And what the great despite suspender does is if you go to a web page in a tab, it will automatically be suspended after an hour, 15 minutes whenever you set it for saving your computer memory and saving your computer execution time. Alright, so if you're like me, and you have a ton of tabs open, check that out the great suspender. So, in summary, if you have to have absolute compatibility, Google Chrome, normal browsing, you probably want to use opera and then Firefox for one year using Facebook, and then you know banks and things. Facebook or excuse me, and Firefox is pretty good. You're listening to Craig Peterson WGAN stick around because I'll be right back Welcome back everybody Greg Peter song here on WGAN and, of course, online as well. If you are watching on YouTube, and you want to see the articles, I post my videos on YouTube. This week we posted a few on Facebook as well. Hopefully, we'll be able to get them all up this week on Facebook as well as YouTube. So how do you find them? simplest way? Go to Craig Peterson comm slash YouTube if your YouTube user or Craig Peterson comm slash Facebook if you are a Facebook user, you know some of us like Facebook some of us don't like Facebook, I use it because of business. There are people on Facebook who are clients and who asked questions I often will put together these pop-up Facebook groups to address specific problems that people are having or the come up in in the news cycle as well. So all of that online at Craig Peterson calm, I'm also we're in the process of changing the website look and feel we got the new one laid out. But we don't have it up and active yet, but we should have it up hopefully within the next few weeks. So keep an eye on that too. I think you're going to like it a lot less confusing homepage than what used to be there. There's just too much stuff on there. So the new homepage has a couple of videos from the weekly summary of the articles. So you can click on them and read them and watch me as well. And then it has this is a new feature that we're adding to our newsletter right now. And that is, we have the top security tactics for the week. So the things you need to So like this week, as I mentioned at the top of the show, we've got a huge Microsoft huge security problem that the NSA told us about Homeland Security warned us about a problem with some of the older releases of Firefox. What software is being attacked right now in the wild? What needs attention now. So that's going to be a new feature of our newsletter as well. So keep an eye out for that. Lots of stuff going on as we get ready for our big training course that's coming up in just a few weeks from now. So keep an eye on your email box, because we're finishing up the course and I'm going to ask you guys what you think maybe I should add, make sure I have in the course. And I'm sure it's going to result in us having to produce a little bit more content than we thought, but the goal is to help you guys understand the security stuff. Now, this article is just mind-blowing to some people. It is from Forbes magazine. You'll find it at Forbes calm. And of course, I have a link to it on my website as well at Craig Peterson calm. But the United States has these programs. You remember all of the bragging people that, wow, I got my Obama phone now that President Obama took over and somehow they figured that it was from him, right. But we have had a program for a very long time for people who don't have much income. And I remember people with dial old rotary phones that got free phones, and the idea was that they could be used to call your doctor to call 911 or something that happened. A quick call to your family and friend. It was even back in the day when the phone call Company charged per minute to make a phone call on a landline. So these programs have been around for many, many years. And more recently, the government has been giving out to people, some of these smartphones. Now they're usually more limited functions and features, and they're trying to keep the costs of these phones down and keep them simple. But in this day and age, I look at it and say, Hey, listen, if we want people to be able to find jobs, they need an online web browser of some sort. So yeah, I love the idea of giving them a smartphone, you know, providing them a charity shouldn't be doing it. The government is doing it right now. But they should be able to go online and do some shopping. Some of the numbers I've seen out of Africa are amazing to me some of these charities I've worked with, who have gone and given phones even just the basic old phones you know, with the ten keypads on It that you can use to what was that called the T something rather. But you could use to spell out words and websites, and it would go there. And they've been giving them those phones, and now they've given them smartphones. But they have had some amazing results, particularly with women in Africa. They were able to build businesses now because they could communicate. Right? capitalism is a terrible, terrible name. Because the capitalists aren't the ones starting the companies. Then it's the entrepreneurs, and it's the people like you and me. Were the ones creating the companies? We're the ones taking the risk of the capitalists are the guys in the banks, who say, yeah, hey, if you don't need the money, we'll loan it to you. Right. Those are the capitalists, the people that are buying and selling stocks, and these big public companies. Yeah, those are capitalists. When we're talking about these African women, who have been some subsistence living for their whole lifetimes. Now being able to have a business where maybe they're making something selling it online, maybe they're selling their herds of animals buying herds, cheese, milk, whatever it might be. Those are entrepreneurs. And giving them the tools that they need, like the ability to be able to communicate is a huge, huge deal. Very, very big. So what are we doing here in the US? For years, the government has provided low-income households with cheap phone service, cheap cell service, and even free smartphones. Sometimes they are completely free, particularly if they are ill or injured, you know, on disability, etc. Well, one provider called assurance wireless, you probably heard of them before, offers a free Android device, along with free data, free trial. 16 and minutes now, this is all in this Forbes magazine article. So it sounds fantastic, right? smartphones can be expensive. Even if you buy the ones I say till I say don't buy, right like the Android phones, they can still be expensive, and they can still be $1,000. For some of these phones, it's not a cheap deal at all. But according to some researchers, the article goes on. There's a catch. The Android phones come with a pre-installed Chinese malware, which effectively opens up a backdoor onto the device and an endangers their private data. One of the malware types is impossible to remove, according to the researchers, and now the researchers here, our company called malware bytes. If you have bought one of my courses before you know Malwarebytes is one of the pieces of software, I recommend that you get it Not perfect right, but it helps much better than antivirus software, right? My gosh, did you realize antivirus software today? Today is effective against zero percent of the newest attacks is zero percent right, so having Malwarebytes is probably an excellent idea. So Malwarebytes said that they tried to warn assurance wireless, which is a Virgin Mobile company. And assurance wireless never got back to them. These devices that we're talking about have a backdoor and one that looks like it's impossible to remove. Those companies are still are those phones that are still out there. Man. So Forbes then after they found out from Malwarebytes about what was going on, Forbes reached out as well to assurance to wireless. Nothing happened. Okay. Then apparently, after the initial publication, this article a spokesperson for Sprint, which owns Virgin Mobile, and assurance wireless said, we are aware of this issue. We are in touch with the device manufacturer, unit max to understand the root cause. However, after our initial testing, we do not believe the applications described in the media are malware. So there you go. Chinese spying on Android smartphones. Well, that's nothing new. Having your phone coming pre-installed with malware. Hey, didn't we just talk about that a few weeks ago, how the latest releases from some of the major manufacturers of Android come pre-installed with over 100 vulnerabilities? So again, don't buy an Android period. Anyhow, let's see if the Craig Peters song. And here on WGAN online and Craig peterson.com. And we're going to talk about the ring controversy when we get back So stick around. Hey, welcome back, everybody Craig Peterson here on WGAN and online at Craig Peterson dot com. Thanks for joining me today. I appreciate it. We enjoy putting the show together, getting the information out helping everybody understand what's going on in the world of technology, you know, and I try and not use some of these industry terms that confuse people. And I've been told many times, that's one of the reasons people love to listen and to watch, and you can do both online at Craig Peterson dot com, and you can find me almost guaranteed in your favorite podcast app. No matter what it is. I'm pretty much there. I've been doing this whole podcasting business now for upwards of 20 years. So I am out there, and I appreciate every listener. Hey, if you enjoy the podcast, If you're listening to this podcast on TuneIn, make sure you spend a minute if you wouldn't mind and go to Craig Peterson dot com slash iTunes. Now iTunes is the 800-pound gorilla still in the marketplace, and they do a lot of statistical tracking. Go to Craig Peterson dot com slash iTunes. And if you would give me a five-star review, let me know what it is you like about the show, the best things. Hopefully, we can get even more people signed up. But I'm also on tune in, and I heart and all over the place. So you can go to Craig Peterson dot com slash, your favorite, whatever that might be tune in, and it'll take you right there, and then you can subscribe to the podcast. Well, we've talked many times about this general problem, and this is called the Internet of Things. What are you supposed to do? What is Well, we'll start there very briefly for those that aren't, you know up to date on this, because it is changing all the time. The Internet of Things now includes some of your clothing, yes, computers embedded in your clothes. Computers are built-in to the newest televisions, obviously, and into the refrigerator and your washer and dryer. At the Consumer Electronics Show, I saw some of the kitchen appliances like your stove, right? You no longer have to turn that knob on the stove. Now you go to an app, and you get your phone out, and it'll turn on or turn off whatever. That's the Internet of Things. The Smart light bulbs that we have the turn on and off the at the front door where you have maybe used to have a key, and now you can hold your phone up near that's the Internet of Things. Now, it brings about a whole lot of significant use cases and, and I love the Internet of Things. I have some of the devices at my home in my office that is all connected to the internet. And there's a good reason for it. And it works well for us. So that's the Internet of Things. Ring, which is a company that was acquired by Amazon a couple of years ago for $1 billion, is a security company. And their claim to fame was this video doorbell that they made, and they still do, and it's even still called Ring, and it's now being sold by Amazon who owns the company, as I mentioned. And the idea is you replace your doorbell on the front door, side door, whatever it might be with this little ring device. And the ring device has built into it a camera, and it's also hooked up to the internet. So if someone rings the doorbell, it will go ahead now, and it'll pop up and alert on your phone. And it'll say, hey, someone's at the door. Now you can not only look at the person at the door, and know that they are, who they are you can talk to them, you can hear what they're saying, you can go ahead and respond to them, have a conversation with them, whatever you might need to do. And then there are other ring devices now, and other devices in your home so you could unlock that front door. And Amazon has a service now that is used primarily in the bigger cities, where they'll walk into your home and leave the package inside by using a unique door lock that they can unlock. I don't know about you, Walmart is doing the same thing. With Walmart, that door lock is exclusive again, but Walmart will only use employees who have been with Walmart for more than a year and have a spot free record. Now that makes sense to me. You don't just want anybody walking in. But I don't want anybody walking into my house. So the idea behind Ring is you can be on that beach, you can be at work, you can be picking up the kids doesn't matter. And you know who has been at your home. So if you got a porch pirate, you can go back and look at the video. You can even turn it over to the police, which is where part of this problem starts. Because Ring has been doing some things that a lot of people say whoa, wait a minute now. Ring has stored all of these video recordings from the front doorbells and storing it in the cloud. Now just because it's in the cloud doesn't mean everyone has access to it, although we have certainly seen that with some cloud databases, which I believe is the problem that Ring had. So what happens then? Because now all of the videos that your ring devices have captured is online. Another problem that these companies had (Ring, Amazon Alexa, and Apple Siri) is that some contractors were looking at these video files listening to the audio. And people thought that was a terrible thing. Oh, you know, frankly, that's not a terrible thing. Because how are you going to make the voice recognition better? If nobody verifies the voice recognition, right? You have to have somebody listened to it. Well, in Rings's case, it turned out that some of their devices were getting hacked. Now we know this happens with the Internet of Things devices. Most of it's like 90 95%. I think all of the security cameras that we have in the United States get manufactured in China. Many of them are eminently hackable. I mean, in a very, very big way. So, if you have a device that's hacked, what does it matter to you? Well, it mattered to some of these people who claim someone hacked that their Ring device because they had a camera in their kid's room. And the bad guy took over the camera and started having a conversation with their kids. Now, if that's not a problem, I don't know what it is. Remember the LA Unified School District with their laptops. And the cameras on the laptops are being turned on remotely by their IT people at the school district. And young ladies had their laptops open in their bedrooms while they were getting changed. Think about the consequences here. They can be pretty steep, and there's no question about it. One of these days, we'll make a comparison of some of the smart devices that are out there. As far as things like smart-speakers go, Amazon has been excellent. They design their echo devices to have a hardware limit on them. So they can't just sit there and listen, unlike Google Home. There are some malicious apps on Google Home that could sit there and listen for hours on end and stream everything said. They heard streaming it all up to the internet. Okay, so Alexa is kind of the way to go there. There are these people whose kids' rooms now had hacked cameras and microphones and speakers going after the company. And in November senator Ed Markey, Democrat from Mass said that he wants to make some changes to something else that Ring has been doing. The other thing the Ring did was cooperating with police departments. What they've been doing with the police departments is sharing the video, live video as well as recorded video, from the doorbells, hopefully just the doorbells. The police are doing an investigation in the neighborhood. The idea is, hey, we can grab. They're up all this stuff from all of these different cameras. We can see this car that went through the neighborhood and spied on people. Right? Maybe, someone marking to come back to later and steal things. Now, that sounds perfectly reasonable to me. The problem was that people didn't know it was going on and didn't sign up for it. They were not aware they could opt-out of it, which is a huge, huge problem. When you get right down to it, we don't have the kinds of standards I think that we should have. There are some significant technical flaws in some of these devices. There have been Hackers accused of breaking into ring products, using the cameras and speakers to yell obscenities at customers in their home and harass children. It is an enormous thing, leaving data online uttering racial slurs issue violent and all kinds of extortion threats to residents. So it's a very, very big deal. Now Amazon responded to these charges, and this was Brian Huisman, an Amazon vice president said they take customer privacy and protection of customer data very seriously. Amazon acknowledged that on for occasions in the last four years, they fired employees for improperly accessing customer videos, and that's what I was talking about before. Ring used to have it set up so that anyone could access anything. It's kind of like God Mode over on Uber, where any of the employees could track any movement of anyone using Uber editor. Employees were using God Mode to track celebrities. It was just incredible login credentials, and a breach of more than 3600 Ring account holders last month. That's personal information. We've got to get more careful. If you are a company that has custom software that you've designed or that is designed for you, I urge you have it code reviewed. Make sure you are using the highest standards available so that you're not going to end up in a lawsuit. Ring is going to end up in a lawsuit over this. It's not just going to be Ed Markey going after him. Hey, you're listening to Craig Peterson on WGAN online and Craig Peterson dot com. Stick around. We got some more news, this time about cable modems. Hey, good afternoon. Welcome back. I should say I like Good morning anyways, it's a better greeting, isn't it then Good afternoon or good evening or Good night. So good morning, everybody. Craig Peterson here on WGAN and of course online and Craig Peterson dot com. We are also putting all of the show up on YouTube and Facebook. And you'll find all of that if you dig a little bit over on Craig Peterson calm, so hopefully, you'll be able to check it out over there. Now we have Greally seen a lot of security problems this week. You might even call it kind of a week of security problems. So just started with just a quick reminder to get everything patched up significant issues with Microsoft this week, and Firefox as well. Now the Microsoft problem was so severe that they released a patch for Windows the same day they announced the bug. They kept everything under wraps, which is how they try and do it. Typically someone will report it. Usually, they'll give 30 to 90 days to the vendor to get it fixed before they all kind of open source it before they tell the world about it. They want the vendor to fix the problem if it's a white hat guy, right? Of course, this time, had the NSA involved. And they did wait until Microsoft had a patch. But sometimes these vendors they'll sit on it for six months or more. And so they the guys that discovered it, say Okay, forget about it, we're just going to go ahead, we're going to release it out into the wild. We know everybody knows, you can usually expect attacks within a month after that happens. So make sure you patch up and patch up soon. You should have automatic updates turned on. We're going to be discussing this during the training that's coming up here in this course. It is going to be phenomenal. Let me tell you, but some of the free training, we're going to talk a little bit about that. We can't do this on the radio because I want to show you screenshots and where to go and what to do and how to do it. But make sure you have that all turned on. Okay. So now let's talk about our next article of the week. And this also has to do with the security problem. Now, if you are a listener to any of the radio shows that I'm on if you listen to have Jeepers, all over New England, any of these stations, you know, this week I was mentioned, I was talking about this problem with cable modems. And there are some huge, huge issues with them. And, you know, we got to be careful when it comes to our networks because that's how the bad guys get in and once they're in whether they came in on your system. Or they came in on that little thumb drive these stuck in the computer. Or maybe they came in some other way no matter how they came in. What we found is they use the network to spread. So what kind of network stuff can you get? What should you do? And most of us want to rely on it. We rely on our cable company, maybe our telephone company, etc., etc. So I'm pulling up right now. I'm just checking some pricing active here on my computer. What should you get? So first of all, this chipset that's used by several different significant vendors out there, including Campolo, net gear, sage, calm, Technicolor, they have ten different models that the researchers have found are vulnerable, which is not a good thing. And right now we know of over 200 Hundred Million cable modems that are affected. It means if you're a small business and man, we see a lot of these guys that get a cable modem because it's cheaper, right? It's going to save a couple of hundred bucks a month as opposed to getting fiber coming in with real professional gear. Yeah, the professional equipment is going to cost you more, but what's ultimately going to cost you more if you get attacked, right? Because 20% of the businesses filed for bankruptcy in less than a week. You know what's going to save you money. There's also the problem of you not knowing what to do or how to do it, and that is the reason I have created courses that help explain it to you? But with 200 million cable modems that are open right now in this is a massive, huge deal. So I've got an article up on my website talking about this that I got from Forbes.com. They don't require any authorization these cable modems to analyze what they call their analyzer. And they have two more. Two more of these vendors used an undeniably awful combination of this software and usernames and passwords a new spectrum for the username and the password to be able to get into these. So a very, very big deal. So what do I recommend? I have a lot of this in my, in my course, right, the DIY course that did last year. It's almost been a year, and I think since I did that course. But what I'm recommending right now, for most people in their homes is something get out a pencil, piece of paper, to text it to yourself, whatever you might need to do. It's called a net gear, or B or B i. Now, you can find these things at the big box retailers. You can buy it from Amazon, and you can get them all over the place. Now you know, I don't like Google stuff because I don't trust Google. Netgear has not been the best when it comes to security stuff. So they came out that's the main reason they came up with this thing. The RV allows you to have your main unit that plugs into the cable modem. And now that from that main unit, you can have used a mesh network is what it's called, you can have other Orbi devices around the house and get excellent coverage. Now in this day and age where everybody's streaming, the kids have streaming televisions in their rooms. Hopefully, you do not use the built-in Smart TV functions, but you have an external little smart box. But our kids have them in the room, so you need more bandwidth. If you see jerkiness when you're watching videos and having troubles on the internet, that's probably why, and you may only be using the old fashioned networks, the 2.4 gigahertz stuff as opposed to the five gigahertz stuff. Orbi of takes care of all of this for you now, it is not cheap. It is also not a professional grade. If you're a business, you should not be using this, and you should be moving up to the better Cisco stuff. Now, thank goodness Cisco got rid of the low-end line. They Cisco had bought, I think it was next year actually and some of their low-end equipment. And they can confuse the industry because people's you know, I got Cisco Well, no, really actually when she got was a home-based router, firewall, whatever it was. Small businesses medium, particularly in large businesses, you should have a Cisco network. Juniper doesn't have anywhere near the security stuff. Palo Alto Networks, nowhere near the security stuff. Cisco is 100%. Okay, so we count me on this. Back to the home users, and the real small business like a small office, Home Office, this Netgear Orbi, a tri-band whole-home mesh Wi-Fi system, is what you want. Three gigabits a second speed. It's very, very good. It's this particular model I'm looking at right now, and Amazon is called an RBK 50. It's a router, and the extender covers up to 5000 square feet. It is two-pack, and it is right now selling for $286 for the pair. You get the main unit, and then you also get another unit that is part of the mesh system that kind of expands the coverage and gives you the coverage you need in this day and age right because we have so much that's going on via the internet. So this works with all internet providers saying replace your existing Wi-Fi router and extender compatible with any internet provider, including cable, satellite fiber, DSL, and more. It has wired Ethernet ports and parental controls and even pauses device internet access. You can view history usage filter websites for free set online time limit schedule, device internet access, and more for five bucks a month, and they have advanced cyber threat protection. Now, it's not a tip. It's not the real commercial Advanced Threat Protection, but this is better than you're getting from the cable company. Okay. Advanced cyber threat protection, what they call net gear armor. And this is something a bit defenders provided but defenders you probably know something I like. Its network-wide anti-virus anti-malware fraud, phishing ransomware security on an unlimited number of devices, and comes to the free 30-day trial. And this is $70 a year for that service. Now you're paying per year like if you're a business and you buy equipment from us, you are paying monthly, and every year we at least right we do major software upgrades we keep the hardware up to date and because we're using the professional's stuff from Cisco. They're taking up literally hundreds of millions of endpoints. They're watching what's going on, and we're providing updates hourly for the commercial gear. Okay, so this is quite good. It's using, you know, mu MIMO. I'm not a big MIMO fan. Smart Connect for one Wi-Fi name being formed beamforming technologies, which is Primo. What that means is it aims a signal at the device so that it's not the kind of stomping over itself and stomping all over other devices, which is just fantastic. It has to be Bay to wireless security protocol, which is the lowest you want to use. It's quite good. Includes guest Wi-Fi access DLS which is a denial of service firewall VPN, Mr. Now we here's why I say guess Wi-Fi is excellent. You know home always talking about how you've got to be careful when it comes to your Internet of Things devices, like your Amazon Echo or your light bulbs or whatever. What you do when you set them up is you configure them to go on to your guest Wi-Fi network, which can still have a password, and then they cannot easily get on to your main Wi-Fi network and go after your computers. So there goes some actionable stuff. We learned that cable modems just aren't what they used to be, especially the ones we get from the cable company. I've got some courses that go into a lot of detail on this, but if you're kind of a techie person, you can probably figure this out. I brought up that at least right now. I still like this Netgear Orbi. It is a great little device. I'm seeing it at this very minute. Over on Amazon. com on the Amazon business site, by the way, an Amazon business they're selling it for $286. So good deal all the way around. Stick around. You are listening to Craig Peterson on WGAN. We will be right back. Hello everybody. Welcome back. Craig Peterson here. Glad you can join us today we are, of course, on WGAN and online at Craig Peterson dot com. Right now, I want to talk a little bit about a problem that you may not have heard about. You've probably heard of phishing, and you know, I talked about that all the time. That's the P-H-I-S-H-I-N-G. That's where someone sends you an email pretending to be someone that they're not trying to get you to do something. Often, it looks like it's from your bank, or maybe a bank you used to have dealings with, and they try and get you to click on something, and that might cause you to download and install something, and now all of a sudden, you are hacked. A lot of times that use this whole phishing thing to use it as a part of social engineering, right? They are trying to get you to do something, so you reveal your password and account numbers to them. Then they can get in, and they approach you and them, you know, make it look like it's all legitimate and hey, you know, we really want to help you out, and it just doesn't happen. That is the basics of phishing. If you're still if I'm not clear if you're still wondering what that is, just think of that good old standby right, the Nigerian prince scam from all those years ago. I wrote some software to help stop some filters. But that particular type of fishing doesn't go on like it used to. It's changed. And part of the reason it's changed is that our habits have changed. Now, how have our habits changed? Well, one of the ways that they have changed and changed hugely is that they have started using SMS. So you know, we're on our phones all of the time, these devices are formerly known as cell phones, these smartphones, these computers in our pockets. And if you look at the overall internet traffic, more than half of it now comes from these smartphone devices. So, by the way, if you have a business and you are not using a smartphone first strategy, you are probably missing out and maybe missing out massively. So make sure you handle that right handle that, okay, handle that for me. So, smartphones are a huge deal. Well, the bad guys aren't stupid. They're just greedy, and maybe even a little bit lazy. And that's where we get into this whole concept now of switching from email, where they're sending you phishing email trying to get you to do something to today, where they have switched over to SMS, where they are trying to get you to do something based on a text. They send you Now, and it used to be that if you send someone a text, the normal text was open within seconds after it was received nowadays. Now, with so much nastiness going on, we very frequently don't pay attention to the text messages. But they're doing the SMS phishing, and they're doing it more. So I wanted to cover five different attack examples so that you can see what they're doing and what it might mean to you. Alright, so let's go through them right now. So the first one up on the screen is a smishing. Example. Now. smishing is fishing over SMS. SMS is, of course, texting or a simple messaging system. Okay. That's what it is. That's what it was. So the first one is your bank account is locked. So you'll get a text message. It looks relatively legitimate. And it'll say from and the biggest example out there right now is the one that's up on my screen. You can see this by the way, by going to Craig Peterson comm slash YouTube, or Craig Peterson comm slash Facebook, if you're a Facebook user, you can see all of the videos from today's show. But it'll say from US Bank, separate US Bank unusual activity. It'll tell you your account is frozen.They want you to unlock it, and you want to go to a URL. Now they're not getting fancy with most of these URLs. And in this particular smishing case, it's taking them to their site. And then it has a question mark US Bank. So you look at it and say, Oh, well, this is from US Bank. I'm going to the US Bank website. I can click on that. so fast that this is not us banks URL at all. When you're looking at a URL, which of course, is what the browser uses to get you somewhere, the question mark just means pass this through to the program that's running on the original website. So there you can use it as a tracker saying, oh, wow, our US Bank submission attacks are working well, right now much better than the XYZ bank. So we're going to send out more than with the US Bank. Okay. So that's that after that question mark, in this case, is used for tracking but not always, right? There's a there are excellent legitimate uses. Not that tracking is not an illegitimate use. But in the case of bad guys, it's illegitimate. So that's number one. Number two is an urgent message about your credit card. And in this case, it's claiming to be from American Express. So if you look at this on the screen, you'll see it's from Amex. the message, which there is no such thing, right. And as you got a card alert and noticed the URL on this. It's WW, Http colon slash slash, www dot American Express dash message.com. So let's break down that URL for a little bit here. First of all, it's HTTP and not HTTPs. It doesn't matter a whole lot to you, if it's a scammer, because what they're trying to do most likely is avoid some of the tracking ability that's inherent in an HTTPS request. To be able to have an SSL certificate or a secure server certificate. They're going to have to at the very least go to a website and get a free certificate, and it's going to do a double verify, making sure they are who they say they are. That's going to record the Right. It's just a big hassle. So they're not going to bother doing that HTTPS thing. So that's why it's HTTP more than likely. And then it says www dot American Express dash message.coYou see that part? Well, again, that is not an American Express URL, not that you know, right. And not that you can verify when you go there. When you go there now, they kind of have Yeah, now in SMS, once you see, and you click on is where you're going. It's not like in an email where you can kind of hide what the real URL is people are going to, and it's going to show you the whole real URL. And when you get there, it's not going to know anything about you. But it's going to look like the American Express website. And it's going to have the login and password, and you're getting a card alert. So you're going to go there you can enter your username you can enter in your password. And tada, you're out of luck. Because now they have a username, password. And then they might redirect you to the real American Express website, and you have to log in again. You say, Well, that's weird. And you go on with life. No big deal. Well, in reality, what just happened is you gave it to them. And they're all set. So they're going to send you on over to the American Express website. And then you're done. Okay, next one up on the screen is you won a prize and click here to get it machine attack. You can see this one appears to come from our friends at Walmart. It says the example here on the screen is congrats, Kelly, we printed your code on your last receipt. You are among seven we randomly picked for $1,000 Walmart gift card promotion, and then it's got a link to a redirect Type site k three x VC dot-info, slash blah, blah, blah, blah. So if you click on that, you're going to their site. And again, they're going to squeeze you in this case for some Walmart information, maybe a bank account saying, Hey, we're going to wire the money to you what's your bank account number. And number four is, we're going to have to go through these last two real quick here and pretending to be from Amazon. You can see these up on the screen right now. And this last one is an unusual account activity from Apple support. So make sure you check these all out Craig Peterson dot com slash YouTube, or Craig Peterson dot com slash Facebook. I'll try and put this up on my homepage as well. You can see examples of these newest mission attacks. Stick around. We're going to talk about why some of these businesses are not patching and are leaving us vulnerable. You're listening to Craig Peterson on WGAN. Wow, can't believe it man is our last half hour together right now. You're listening to Craig Peterson here on WGAN. Thanks for joining me and online Craig Peterson dot com. Make sure you subscribe to my email list. You'll get all of the updates, and my most important videos of the week. You'll also find out about when the nasties are happening like they're happening this week as well. Sign up Craig Peterson dot com slash subscribe. I'd love to see you there. We're going to talk about the biggest problem we as consumers have, we as business people have. These lines cross because businesses are holding our data. With this new California law that's been in place for consumer privacy and keeping everything information safe, letting us know what businesses have about us and requesting its removal. There's a movement afoot to help get a handle on our personal information. You probably know that the Europeans passed a similar law, that when in fact that got teeth last year, went in a couple of years ago, just like the California law did last year. And these laws are rolling out all across the country. Massachusetts has it, and the federal government is looking at a law similar to California has to pass on a national basis. So what this ultimately means is, we could be in better shape as consumers and we could be in a lot worse shape as businesses, as we've been getting calls from businesses lately about how do I go ahead and protect myself as a business here? What do I have to comply with when it comes to this whole California Yeah, consumer privacy thing, right? Very, very, very big deal. So how do we do this? Well, as a business, the simplest thing we need to do is start at the very beginning, because the California law lots and lots, a customer client or prospect come to you and say, Show me the data you have. But there are crazy teeth in place in pretty much every state now that if you lose their data, you are in even deeper trouble. Look at what happened with Equifax. Look at what happened with TJ x right the TJ Maxx type companies who lost tons of our data Home Depot. Some of these companies had good security tools in place, but their people did not know how to use them. They couldn't read the reports. They had multiple vendors tools in place, and they didn't have just a single pane of glass. Lastly, they didn't have the type of automated systems that really can get rid of the false alerts. Man do we are there a lot of false alerts, every day hundreds of thousands, my company it for our clients we get 10s of thousands no think of it of these alerts every day. Oh my gosh, it's crazy. So you as an individual, whether you are just all just right, but if you are a consumer, or if you are a business, you have to patch now it's painful I get it. It is in nowhere near as painful as it used to be, you know, you used to install the windows patch and, and it was like putting your marble on red and Vegas, right? The odds are what 5050 not even quite that you're going to win it, it's crazy because you would install a patch and your machine Wouldn't boot. And so now you had to spend days sometimes trying to figure out, Why won't my machine reboot? What can I do? I think I'll get a new machine and move my data over. Make a good backup and write all of this stuff back and forth. The pros and cons. So how do you do all of that? How do you make that happen? Well, today, it's a lot less of a problem. Most of the time, when Microsoft releases patches, you're okay. It's not like the apple environment with a Mac where it's scarce that you ever have a problem with your Mac, okay, with an upgrade. It's sporadic. So keep that in mind as well. And now, let's go back to this. So if you are a big business like an Equifax and you find out that there is a major security problem with, let's say, some of the middleware that you're using. Now middleware is the stuff that sits between the front, which is typically the way site or your customer service people, and the backend, which is typically your set of databases. So that's your middleware. So let's say that there's a patch for the middleware, which there was. And you look at it and say, Oh, my gosh, this middleware changes. Because usually when they issue a patch, it isn't like, Hey, this is just a patch, install it, and you're fine. It's usually a hey, we've made a bunch of changes to improve things in our middleware, or our software and our web browser or web server software. We've made these changes. And as part of this, by the way, we fixed this other security problem. So when you as a business person now who have complex systems in the background, and you're trying to do an upgrade to make sure that middleware is up to date, or that database software or that front end software is up to date. It may not work properly anymore. It probably won't. Now you have to spend a bunch of engineering time to figure out what do I have to change? What other components do I need to modify? How can I make this whole thing work properly again, and that can cost you a lot of money. So what a lot of businesses have been doing is burying their heads in the sand. Hopefully, that's not you, but burying their heads in the sand. All of a sudden, before you know 200 million US citizens, data is out there. You have all of this inside information about people because your Equifax right now people lost jobs when it came to, to these hacks I just mentioned earlier, and that's probably a good thing. But I also empathize with them because I do outsource CISO, chief information security officer tasks for people. I can tell you most of the people who are in these positions have in their drawer, right there next to them, their resume. If they do get hacked, they'll pull out the resume and start shopping around again because they know it's over with. And yet they could not get the authority from the business to do the upgrades and the updates. So I have done this myself. You sit there, and you say, Oh, my gosh, what's the win here? It is not going to generate more revenue by doing these patches. And I'm just one of what millions of companies worldwide that using this software, open-source or otherwise, probably nothing that I need to worry about. So forget about it. I'm not going to mess with it. Have you fallen victim to that I know I have, and that can end up being a problem and a real problem depending on who you are? So pay businesses is upgrading. Sometimes it's because they don't know, which by the way, is another reason to be on my newsletter list. It's free. But every week now, we're telling you here are the top problems that are out there right now from a security standpoint that are being exercised right now by the bad guys in the wild. And if you don't have these patches done, you are in deep trouble. So that's easy to do just credit Peter song.com slash subscribe, and you'll get those types of things. But we're looking right now this particular article that came from secure World Expo, and they're talking about Paul's secure VPN, which we don't use for any of our clients. We have a much much better VPN software from Cisco. But anyways, patches came out for this a long time ago. months. In fact, and it turns out that most organizations have not done the patches yet. So be very careful here. If you're a member of a board of advisors, a board of directors if you're a business owner, if you have questions, reach out to me at Craig Peterson calm, I'll do what I can, but you have a responsibility. And now, it's fiscal responsibility. Coming June this year, depending on what kind of manufacturer you are, there are criminal liabilities tied into this including, ten years in prison. So hey, guys, pull up your socks and start taking this seriously. So you'll find me online. Greg Peterson dot com, and, of course, I'm right here on WGAN and make sure you subscribe to that newsletter. Craig Peterson dot com slash subscribe. We'll be right back. Hello, everybody, Craig Peterson here. Welcome back. Wow, the last segment of the show today. It's just going by fast, and I love it. I'm so excited about everything now. We have so many, so many things that are going to help you in the works right now. It's just been a phenomenal, phenomenal time for all of us here. So thanks for joining us. I want to do a quick review of what we've covered today. So let's go back here. I got my slides up. And we'll go right back here. So we started with some of our training and tactics. And we talked about technology and how it can only protect us so much. And in fact, part of the problem we have is the wetware. It's you, and it's me responding to things. Next up, we talked about some zero-day browser vulnerabilities. And in this case, we specifically were talking about Firefox and significant weaknesses this week in Firefox. And I told you what version of Firefox you should be running and what you need to do for the windows security vulnerabilities was exposed this week by the NSA. So you know, congrats to them. By the way. Here is your free phone, right? The Obama phones while it's not Obama's phone, it goes back for decades now, this program that we have in place to help underprivileged people who don't have much money, who maybe need some way of contacting their doctor, etc. Well, it turns out that some of these phones from one manufacturer, in particular, come with m
Welcome! Today there is a ton of stuff going on in the world of Technology and we are going to hit a number of topics today. How will Iran Retaliate - Kinetic or Cyber retaliation, Automotive Automation and LIDAR Sensors, CCPA Takes Full Effect, Updating Legacy Technology, Cloud Migration Considerations, Cybercrime Metrics, Industrial Control Systems under Fire from Hackers, Ramping up Insider Threat Intelligence, Budget and Security Decision Surrounding Cloud Adoption and more on Tech Talk With Craig Peterson today on WGAN and even more. It is a busy show -- so stay tuned. For more tech tips, news, and updates visit - CraigPeterson.com --- Related Articles: Bombs will not be Iran's retaliation - Technological hacks are more likely Soon Most New Cars May feature Light Detecting, and Ranging (LIDAR) Sensors Businesses In For Rude Awakening as CCPA Takes Full Effect Hackers Preying on Old and Decrepit Technology Cloud Migration Considerations to Take into Account Metrics Can Not Adequately Describe The Pain of Cybercrime Zeroing In On our Industrial Control Systems How Mature is Your Insider Threat Intelligence? Nebulous Budget and Security Concerns Affecting Cloudy Decisions --- Machine Automated Transcript: Hello, Everybody, Welcome. Welcome. Of course, this is Craig Peterson. I'm live on the radio and WGAN and also heard on the Internet at Craig Peterson dot com. I'm on Facebook and YouTube. I did a couple of lives this week that hopefully, you were able to watch. If you didn't see them live, they're essential to know because I was talking specifically about attacks that were underway from Iran this week. And I'm going to be getting into that a little bit as well today. So continue to pay attention to today's show. Now, if you are a Facebook fan, I love it. If you would go ahead and like my page over on Facebook, Follow me just go to Craig Peterson dot com slash Facebook, Craig Peterson dot com slash Facebook now. You know that I'm continually warning people about Facebook and some of the things Facebook is doing some of the things that are well, perfectly legal, but maybe things you don't want to have done to you, like all of the tracking Facebook does. But that means you might want to use something else. So what else you're going to use? Well, Google YouTube, right? Oh, wait a minute. There are problems with YouTube too. Thus, the lesser of two evils for now, and that's where we're at for the time being. I'm thinking about trying to use WhatsApp for this as well. So we'll see how that goes. Let me know if you'd like to watch this on WhatsApp. But if you go to Craig Peterson comm slash YouTube, you will be able to watch those videos right there because I did them lives on in fact, and I can do simultaneously now on YouTube and Facebook. So make sure you check them out and learn a little bit about what you can do. I went through this article from this week here from the US Department of Homeland Security. And I, you know, I didn't go through all of the details because this is restricted distribution. And so there are some things in here that they don't want generally shared. But I am going to go into more detail and to do that, what I'm going to be doing is some specialized pieces of training now these have always 100% free. I give you great information, you should see all of the compliments I have from people, but it's coming up in a probably about a week from now. So you have to be on my email list if you are going to be able to be informed about this stuff. Okay. So on my email list, what does that mean? Go to Craig Peterson comm slash subscribe. Now when you do that, it's going to ask for your name and your email address. Make sure After you submit that Go to that email box, verify that you got the email the confirmation email, and click okay. What I don't want to have happen is for someone to go in and sign up 100,000 people who don't want to be on my email list. And so I send it out to all these people who don't want to be on my email list. And then I get a bad reputation right as a spammer because people say, why don't you send me this email. So what I've done to help protect my reputation online, is I make you do what's called a double opt-in. So you're going to fill out that form at Craig Peterson com slash subscribe. And then, once you fill out that form, it's going to send you an email to that email address, and you have to click that confirmation. So make sure you do that because if you don't click the confirmation, and I noticed there's like 100 people who have not clicked the confirmation. I want to make sure that you do click it so that you get the information that you need, including these pop-up training webinars that I'm going to be doing coming up here in another week. So Craig Peterson calm slash subscribe right now. You can do it on your mobile phone you can do it on your laptop on your computer. And man, I hate to say this, but I'm not sure if it's working right now, but I have a texting thing as well. Where you can text me directly at 855-385-5553, but as I said, I'm not sure it's working. So you know emails easiest way and sign up right there glad to have you on board, and I believe me I don't spam you. I'm not sitting there trying to sell you stuff all of the time my webinars on one of these Hey, hammer, hammer, hammer, bye, bye-bye, hammer, you know, that's not what I do. I want to get the information out. And you know, I do have things for sale, right? I have to keep the lights on. And so for that You know, I'll ask permission from you. Before I ever offer anything, I don't offer things very often. So I guess, I guess that's a good thing to consider. Alright, so let's get into our first article here. We've got a lot today. We're going to be covering your networks and why they need to be updated today. Many businesses are now doing something called unclouding. They're leaving the cloud. So we're going to talk about why they are leaving me why you might want to leave as well. Of course, we're going to get into Iran. It turns out that they are hacking us, and the hacks this week are up over 50%. And so we'll tell you a little bit about what you can do about that. They're also targeting the Trump campaign for 2020. Like that's a surprise, right. We're going to talk about what Iran is doing to our industrial control systems right now. And how that can affect all of us. Right, you don't have to have the kinetic war, you don't have to be sending bombs back and forth. To have an impact on us a little bit more about the cloud, we're going to talk about the decision to move to the cloud, not use the cloud, some of the things involved in that today. And I'm probably going to put together a course on cloud migration a little bit later on this year, and we'll see how that goes. major changes to our automobiles. But this is kind of cool. Because these LIDAR sensors, I did a scan online, I did a little search and now I'm able to find them for under 100 bucks. That's going to change the automobile industry. So we'll talk about what LIDAR is and why it's going to change. California man, if you are a business, you got to pay attention to this. We're going to talk about the new California Consumer Privacy Act, which is in full force now. And we're going to talk about these insider threat programs that businesses have been Frankly, how they need to grow up. So a lot to cover today. And if you miss anything, you're going to find it in the newsletter I send out every week. And again, where are you going to find that? How are you going to sign up? Craig Peterson comm slash subscribe, so make sure you sign up and sign up right there. Okay, so let's get into our first article of the day. This one's from dark reading. And it's talking about cybersecurity misery index. Now, you know a little bit about this whole misery index thing you hear about it when it's a hot, humid day outside. Oh, my gosh, what should I be doing? It's just too hot. I don't want to do anything. Right. And so you've got the wind chill effect. You've got the humidity effect, all of these things that can affect you. So what does this mean? cybersecurity misery. Well, we already know that about 10 to 20% of businesses. bump 20% will file for bankruptcy almost the next day if they get ransomware. Or if they get this wiper software that we'll talk about later from Iran. 20% of businesses Think about that. If you are responsible for the security for your business, how long is your job going to last when the business has filed for bankruptcy the very next day? Not long. How about you as a business owner, where is your retirement, all your money's tied up in your business? How long is that going to last again? pretty much never. So there is a lot of pain when it comes to cybersecurity breaches. that people don't think about it. It's not just dollars lost, like, you know, we get calls from businesses that say, Hey, listen, we just had our operating account emptied. In cases we have been involved with the amounts varied from about $80,000 up through almost a million dollars. One company had money stolen right out of their main operating bank account. Well, that's miserable because you can't make payroll, right? You can't pay your vendors back vendor payments as part of the way they get some of this information. But there is another side to this. You know, no records loss doesn't mean that there is not going to be any sort of a cost to your business. There are other metrics that matter, as well. So this is from Deloitte and Touche married Galligan. She says you would have to take into account the cost of whether there's going to be an increase in insurance premiums, a loss of customer relationships because right now, most businesses could lose 30 to 50% of their customers. If word of a breach got out, is it going to be last contract revenue is my company's name going to be of less value in the marketplace? I guess it goes back to retirement, right? Are you going to be able to retire by selling that business? What's your exit strategy? So there's a whole lot you have to consider here. They go into some stories here, but a small bank, their web-facing patient portal, was hit by a bot swarm. And they did the credential stuffing. And man, there's just so many things that that you have to consider. This week, we found one of our clients had been under attack, and we're trying to figure it out. It kind of looks like it spread in from someone else in an adjacent business. Their Bluetooth was compromised, and Bluetooth on a laptop and then tried to break into and compromise my client systems. So we caught it. We noticed it because we've got this more advanced threat protection, and that's what you have to have this ATP nowadays, Advanced Threat Protection, which is not Norton. Okay? Currently, there's only one product on the market that meets the requirements at Homeland Security for businesses. It turns out that it is the product that we've been selling for quite a while. I'm not trying to sell anything right now. But pain is inevitable, even if you don't get hacked. Because what ends up happening is your personnel have to track it all down. It's 24 seven, that pager goes off, the phone call comes in. They have to review thousands of log entries, and hopefully not make a mistake. So pull up your socks, and we'll be talking about that a little bit more when we get into Iran. All right, everybody, you listening to me on w GAN? You're watching me on YouTube on Facebook and Craig Peterson. com. Stick around because we'll be right back. Hi, Craig Peterson back here WGAN and online and Craig Peterson dot com. Hey, if you're a Facebook fan, you'll find me on Facebook. One of the easiest ways to get there is Craig Peterson com slash Facebook. And if your YouTube fan Craig Peterson com slash YouTube. Now this week, I did a couple of pieces of training that I hope you're were able to attend these live! The first one was rather short. It was like three, four minutes. The second one was in my book short, it was about 15 minutes, and I went through some of the things you should be doing. When it comes to the Iranian hacks, then I do those fairly frequently, and really, I should be sending out emails. I did send out some text alerts to people about them, and I may do that tomorrow as well. If you want to be on my text alert system, make sure you just email me Me at Craig Peterson calm, let me know you want to be on the text alerts, and I'll be more than glad to add you. I'll need your phone number, and I'll get you all set up for that. Many of us, I think, are a lot like me. Where I am just, you know, hunky-dory happy to have a computer that's ten years old. Because man has, it paid for itself over those ten years. I keep the hardware until it fails. My last laptop was probably the most short-lived I have ever had. It was about three-four years old. And it was an Apple MacBook Pro. And it ended up having like three problems in one year. Apple refunded me 100% of my original purchase price. If you can believe that. Can you believe that? They a three-year-old computer 100% the original purchase price now I had to Apple care on it, and It had been in the shop three times in the last 12 months. So they just gave me my money back. And then, of course, I use that turned around and bought another MacBook Pro. Right. So that's kind of cool. I guess this one will have the same problem in three years. But typically they last us seven to 10 years. Honestly, they do. They're just fantastic computers. I think my wife's Macbook Air is almost 11 years old. They work well while you're using them, plus you have the advantage of their longevity. But the problem is that not everything in that computer is patchable. You take a look at the hardware that's in its like your Bluetooth hardware. What we have found is that while Bluetooth is getting hacked and particularly the old stuff because the chipsets that are in the devices are running a full operating system. It's not like the old days where they only did one little thing. They have a full operating system because they have to handle the interrupt, they have to handle multiple different types of Bluetooth, you know, the new low power extreme low power. Bluetooth is used to control the amount of power that's being output as you walk away from your device, right? That 30-foot range that nowadays can be as far as a quarter-mile. All of that requires some real smart inside this little teeny tiny chip. That's the Bluetooth control chip for your computer. So what happens is like what happened, as I mentioned earlier this week to one of my clients, which is somebody else's Bluetooth, went ahead and kept it to their computer and tried to infect it. Now all of this was caught because of the Advanced Threat Protection that we have in place. That's what we're going to talk about right now. We are All have this old equipment, our operational technology as Derek command key puts it here. And it's not just our laptops, and it's not just the Bluetooth, it's all the devices we have. And those devices, when they become old, have a real drawback. Now it might be that the drawback is, hey, listen, it kind of kinds of a bummer. But you know, this Bluetooth chip has been deprecated and is known to be vulnerable. Okay, well, okay, I get that one. That's a bit of a problem, right? What happens to those computers in the vast majority of businesses? They don't do upgrades. They don't try and fix any problems with the software and the vulnerability in the computer. So what's happening here? what he's talking about is that the cybercriminals, instead of innovating, you know, don't get me wrong, they do innovate. But instead of innovating, they look at these older computers and say, Hey, why are we innovating? I can take you right now on to the dark web on to these websites that sell hacker tools. It includes ransomware, and you can buy some of the old tools for as little as 20 bucks online. That's cheap. Now 20 bucks, is cheap. But to that guy's selling it to are in Eastern Europe or somewhere else in the world, where 20 bucks is a lot of money. Well, to them. Well, as I just said, it's a lot of money, right? So why would hackers spend weeks hours months or a million dollars, which is what it costs for some of these newer zero-day attacks? Why would they try and do any of that when they can just spend 20 bucks? So what they do is they say, Well, I'm going to spend 20 bucks and go out, and they are going to scan systems for different vulnerabilities. We see them every day with our clients and, and our people have to get involved and look into the systems and trying to understand, you know, what's going on here. Is this legit? Is this an attack already protected against it is the system upgraded, right? But most businesses aren't doing any of this stuff. It's usually just the big guys, and we do it for small guys, as well as for ourselves. So we're seeing this all the time. So if your systems are older and not patched, what do you think is going to happen? The bad guys, rather than spending a lot of money or a lot of time, are just going to use old tools. So even though they can innovate, they just don't bother. So for doing that has a stat out right now. And saying that cybercriminals target vulnerabilities ten or more years old, more often than they focus on new attacks. Look at some of these significant breaches that have occurred? They involved vulnerabilities for which patches (fixes) have been available for months or sometimes years. But the organization's never bothered applying the patches, right. They target vulnerabilities from every year between 2007 and now at the same rate as they do vulnerabilities discovered in 2018 and 2019. So that's just huge. They're maximizing their opportunity. It is low hanging fruit to them. And we've got this convergence of operational technology environment with it with our information technology. So I want to make this even a little bit bigger. We're going to talk about this a little bit later on when we get into these control systems we have in our businesses. But when was the last time you patched your photocopier? I got two of them sitting right there. Printers. Okay, well, obviously, it's one in the same scanners. When was the last time you updated the software in your smart light bulbs in cameras? I've got a camera sitting right in front of me, right. Have you been updating all of the software in this operational technology side of things? As well as all of our computers to see, that's where we are falling short, because we got to be thinking about if you're a manufacturing customer, customer, and we have manufacturing customers, right? But if you're in the manufacturing business, how well protected are the valves that control systems, the automated systems that are running your lives, or the robots on the floor? Are those up to date? Think about that are operational technology. We got to learn new tricks. You've got to protect them, right? We got to make sure it all works. Alright, that's it. For right now. We're going to be back. So make sure you stick around. We're going to talk about unclouding. You've heard about cloud services. Have you heard about unclouding services? Right here on WGAN and Craig Peterson dot com. Hello, everybody, Craig Peter song here on WGAN radio and of course online at Craig Peterson dot com. We're going to talk right now about something you may have never heard about before. If you are using anything basically on the internet, you're using what's generically called "the cloud.". Now "the cloud" is used for email. It is for, and well come to think of it, everything, right, Facebook, etc. But in general, terms, when we're talking about the cloud, we're talking about a business process that is online that you have moved from your business, like the server room in the back, the computer closet, etc. You've taken that function, and you've moved it somewhere like to the Amazon Web Services or Maybe Microsoft Azure, or maybe IBM, all of these places have something that's generically known as the cloud. And frankly, the cloud is just another word for somebody else's computer. Now, why have businesses moved to the cloud? What is this whole unclouding thing, all about? There's a great article over on dark reading by Matt Middleton that got me thinking about this. What is "the cloud"? What is "unclouding"? What does this all mean? Well, I have been involved with cloud services and helping businesses migrate for quite a few years. And as a general rule, I still am on the side of don't move to the cloud. Hey, if it's a core function of your business, do you want it to be on the other end of that internet connection, right? What happens when the internet connection goes down in the data center somewhere? You have no control over the data center. You don't know what kind of security the data center has. Or even what type of system is storing your data. Do you want it to be in the cloud and a data center where you don't know if they're backing up? And you don't know even if they are backing up? Have they tried to do a restore of your data? You don't know if they are handling your data in a way that meets all of these federal and state data handling regulations. And we're going to get into California's new laws here in just a little bit. Do you want all of that? So that's one of the reasons businesses are moving away from the car. In other words, they were on the cloud to bring it back home. That's called uncloudy. Security is a very, very big reason they're doing this. Another big reason that they're doing this is cost. One of the significant promised benefits to the cloud is it is going to save us a lot of money. We will have fewer headaches because we're not going to have to have the equipment, we're not going to have to pay for people to run it, right? We're not going to have to do any of that stuff. It's just going to be cheaper. And yeah, in some cases, it is more affordable. But where the cloud makes sense is in kind of a mixed environment. And we've set this up for many customers in the past quite a number, where we have a cluster of computers at their facility, so they have for, you know, anywhere between 50 really and 100 2200 employees, so 50 to a couple hundred employees, and from time to time, they need more resources. So what we do is we have a cluster that is sitting there on site. That cluster allows us to grow that machine as it needs to because of a more massive load, maybe the end of the month, end of the quarter, perhaps when new shipments come in, etc., and also allows us, so that's just within their walls. But it also allows us to ship their machines up to another data center. Now, frankly, that's pretty cool. We can use the cloud then to extend our current processing capability. So we need some more CPU some more horsepower. Maybe they've brought in some temporary workers that are coming in for some seasonal work, and we throw their stuff up in the cloud. But again, being very cautious of security. So what has happened here is kind of something people weren't expecting and goes right back to businesses unclouding because, frankly, the cloud is not what it was all cracked up to be. Gartner group, you probably know those guys, they're forecasting the cloud revenues going to hit almost $400 billion within the next few years. So Cloud revenue is going to be massive. It's not as though everybody's moving away from the cloud, because they're not. And Microsoft has now shown how, frankly, the cloud has become a core element in their business. Amazon makes a good chunk of the profit. I've seen numbers that show it's more than half of the money that they pulled to the bottom line comes from their cloud services. And Microsoft is now moving salesforce.com over to the Azure cloud. So really, the cloud momentum looks unstoppable. But cloud customers are bumping up against the hard reality. So 48% of organizations, the store sensitive data in the cloud, are considering moving that data back on-premise. Now, that's a very costly and very time-consuming proposition. But businesses are thinking about doing it. The question is, why are half of the companies that are already in the cloud, are thinking about moving off the cloud moving services back in-house? So I want to get right into that right now. Excuse me here, a couple of coughs. So this is according to a recent cloud data security report. And as shown in most cases, organizations are unclouded Because they faced unexpected issues. These moves take a lot of planning, and that's why we're going to talk about cloud migration a little bit later here. But initially, 31% of organizations migrated to the cloud to cut costs. 26% migrated to ensure availability for remote workers, which you don't need the cloud to have remote workers. But the survey results show that organizations are ready to unclouded due to their inability to ensure the desired level of protection one-quarter of the businesses. Due to all of these regulations that have come into play for DFARS, HIPAA, FINRA, the FRCP, the new California protection rules, the GDPR out of Europe, companies are facing some real problems. Now among those who moved data to the cloud to cut costs, 29% are ready to uncloud due to unexpectedly high price, though, among those who move data to the cloud for security reasons, 27% would uncloud due to considerable security concerns. All of this is very legitimate. There are secure clouds that meet these requirements. The federal government has a cloud. The military, and you might have just heard the whole back and forth because it came down to Microsoft Azure and Amazon's web services to run this high-security top-secret cloud for information for the military. And Amazon lost it, and Microsoft picked it up and sold them there's a whole lot of people that are very upset. But that is critically acclaimed. And I don't know that the military is going to have a win by moving to the cloud. And mainly when we're talking about these types of expensive secured clouds. The biggest problem with moving to the cloud is most companies weren't able to figure out correctly, what is migrating? What data is moving? How much data got transferred? You get charged for everything in the cloud. Okay. So it is a huge deal and understanding what your data is understanding what data you have. Doing that inventory of your data assets is something critical, no matter what, because you have to know what to protect, how much you protect it if you need to be able to recover it. How do I have an incident response? You got to figure that out, and that's something we'll be covering later. Listening to Craig Peterson, we'll be right back. Hello, everybody, welcome. Welcome, Craig Peterson, here. We are going to talk a little bit about retaliation here right now. Of course, you're joining me on WGAN and online at Craig Peterson dot com. Hopefully, you'll see everything up there. We've been trying to, you know, keep everything up to date. There's just so much going on. And frankly, it's my wife and me. So, you know, keeps us crazy, crazy busy trying to get this information out to everybody. Hey, if you have a kind word to say to word of encouragement for us for doing all of this, because this takes days every week, out of my time out of my wife's time, and that's time that we can't spend trying to make some money, and it's time we can't spend with our family. So words of encouragement are always appreciated. Let us know what Do you get out of the show? What is it you appreciate? What is it you like about the show? And you can send that to just me at Craig Peterson calm and he at Craig Peterson. com. I'd love to hear from you, as would my wife and just words of encouragement, I will pass them along to her. And then we have a couple of other people that help as well. So, you know, thanks to them to Well, let's get into this now. Because this I think it is kind of fascinating for a lot of people. And that is Iran retaliation, and I talked about this week on my FacebookLive, and you can see those videos by going to Craig Peterson dot com slash Facebook. Make sure you hit the Follow button on the Facebook page. So you get notified when I have another one of these little pop-up pieces of training. The same thing On YouTube, if you follow me on youtube at Craig Peterson comm slash YouTube, you hit the subscribe button, it will ding you it'll ding in your browser when I go live. And I'm always there to answer your questions. There's a chat channel, and you can add chats to as well. So make sure you check it out online again, Craig Peterson dot com slash Facebook or Craig Peterson dot com slash YouTube. Now coming up in about a week, we're going to be starting some more training so that you know what to do and exactly how to do it. We've got some free training, and we're going to be doing a few of these things on webinars so you can join us online. And for those of you who don't attend webinars, and that's about 70% of you. I'm going to be sending out some written information. There will be some videos afterward as well If you sign up that you'll be able to watch, okay? Just to do that training, you get that information out. Now, if you've been to webinars before, you might think that I'm going to be beating you to death. But if you've ever attended any of mine, you know that really, I'm trying to get good information out to you and make sure it's in your hands. And that's what I'm doing. That's my primary goal. They usually last about 45 minutes to an hour, an hour and a half, depending on what we're covering. And I try and answer every one of your questions from everybody that Sarah on the webinar, because, again, they're LIVE, it's to answer questions to get you going down the right path. So we're going to be talking about all of these things. Most of them came out for Homeland Security this week, with their alert, and there's some of the software. We cannot cover that is lightly classified as though they tell me anything that was classified, right? So we'll be covering those things. What is it that Homeland Security is saying that we should be doing so that this guy can take over our computers, our systems, and I want to put a plug out there for the FBI Infragard program. If you are involved with security and you are at a business, and particularly if it's critical infrastructure, which nowadays means almost anybody that is manufacturing that's providing services. I don't get this, but you know, they even consider lawyers to be critical. Sorry, sorry about that. Glenn and Ken, but and all of you other lawyers who are out there, but if you are the security person, you will do Well to join these because the FBI does give us information not going to get anywhere else period. Okay? So infragard.org is where you're going to find out more. I volunteered, and talk did webinars for the whole National Infragard community for about two years. And it was even more work. You know, we're doing all of this stuff for you guys. But this was kind of in the national interest. So it's about to give back and help out. And that's, that's what I'm t. But so if you're a security person, make sure you check that out. I'm also thinking later on this year, probably in Septemberish, to have a summit on security, a whole SMB summit, and we're trying to figure that out. If you think that might be interesting. I love to hear from you. What is it that you'd like to get from a cybersecurity summit? Or maybe a more General Security Summit. Is that something that might interest you if you're a small business, a medium business owner? If you have one employee or if you have 200 employees or maybe even bigger organizations, we should be covering as well. Like we did, you know, when I was teaching stuff for the FBI Infragard program, so let me know just me at Craig Peterson calm. So make sure you spend a couple of minutes go to Craig Peterson dot com slash Facebook or slash YouTube. Look at the live training I did this week, where I reviewed some of the alerts from Homeland Security and talked a little bit more about this guy over my shoulder. He kind of kicked off our worries and legitimate worries, legitimate concerns, frankly because they are attacking a solid. Let's get into this right now. Iran has to do something about all of these criminal activities with which they are involved. If you're as old as me, you remember the Shah of Iran, and Iran used to be very Western very, very pro-United States. You know, it was kind of a cool place very, very progressive. Women could have real jobs and didn't have to walk multiple steps behind their men. They could be out without having a male escort, which I just don't understand these people that think that Iran has been a beautiful place and that Islam is is the way it's absolutely the way it doesn't make a lot of sense to me. I'm all for everybody having rights, right, everybody having equal rights, not some people having more rights than others, but that's my libertarian band coming out. Widely considered to be one of the world's most malicious online actors. So you've got Iran, you've got China, you've got Russia. You've got North Korea right there. We have defined the four worst actors when it comes to cybersecurity in the world, okay? It's a very, very big deal. There were charges brought up here in the US back in 2016. Again, seven Iranians, apparently they had infiltrated computers, a dozen American dozens of American banks tend to take control of a small dam and a New York suburb. We're going to be talking about that in the next segment about what they're doing there. They these defendants regularly work for is Ron's Islamic Revolutionary Guard Corps quarter the Justice Justice Department, a tax disabled some of the bank's computers. They're doing what's called a DD are distributed denial of service attack, which brings websites and other types of communications down. Sheldon Adelson, a big supporter of the President they attacked a Las Vegas Sands corporation that he owns runs okay. A cripple the casino and replace the company's websites with a photograph of Adelson with Israeli Prime Minister Benjamin Netanyahu. Can you believe that? Yeah, So going on and on, we've got to be very careful because this is a real problem. We must stop Iran from doing this. Now how is it discontinued? Well, that's why I want you to watch them live from this week either on Facebook or on YouTube that I put up there because I explain the basics of what you should do. I'm going to be going into more detail in about a week is going to take us that long to put all of this training together for you guys. But the Allies here are considered fair game. Iran has been hacking this for years as I just mentioned, they have defaced a state site. It was a state treasurer Department website. They are attacking according to the statistics I've seen this week. They are also b attacking federal government sites. State sites trying to find vulnerabilities, throwing every username and password they can at the site to see if they can log in, which is why you should not ever reuse passwords and usernames. However, Nowadays, most of these sites are requiring you to use your email as your username, which is frankly a security problem. I don't like that sort of stuff. But the Saudis are very nervous because Saudi Aramco, which is their biggest oil producer, there, it's state-owned in Saudi Arabia. They were hit and had 30,000 computers destroyed effectively. So what Iran is doing is something called a wiper attack. And that is where they get onto your computer. They erase the data on it. Now they're coming after you. They want small-medium businesses in the United States to suffer these attacks. You might wonder why, well, I explain all of that in the live training this week. So if you watch those, you're going to get all of the detail. But really, we're concerned. Mike Pompeo came out this week. He's the Secretary of State. He's acknowledging some of the dangers of an Iranian response. said the Iranians have a deep and complex cyber capability to sure know that we've certainly considered that risk. So our federal government is I would say about 70 to 80% protected if I don't think that's insider information. And our businesses are about 20%, protected 20%. So that server, we're going to get in about a week into advanced threat protection help you guys understand, on a small business front what you should be doing, and how you should be doing that. Alright, stick around. When we get back, we're going to be talking more about some of the security stuff and things you need to know. We're going to be talking about these industrial control systems, and what the bad guys are doing to them. So stick around, because we'll be right back. You're listening to Craig Peterson. On WGAN and online Craig Peterson calm. Hello, everybody, here we go. Welcome back. Craig Peterson, here. Hopefully, you are enjoying the show today, as we go through some of the things in the tech world. We're going to talk about some non-security stuff a little bit from now. But, because of what's been happening in Iran, the show is heavier than usual. I am trying to go through all of this security stuff because you have to understand this. You know, one of the articles I did not get to in the last segment that I wanted to make sure that I brought up is that Iranian hackers have targeted the Trump campaign. You know, I mentioned it in passing, frankly, but this is a huge thing because the 2020 elections are What now it's a November so ten months away from now. And this is back in October as a statistic that Microsoft reported, saying that they had seen 2700 plus attempt to identify the email accounts of current and former United States government officials, journalists covering political campaigns and accounts associated with a presidential campaign. That is my friend, a huge thing. Because frankly, when those bad guys start getting involved and start going after all of these accounts, they've got a door into politics, and this door into politics, maybe a lot more than you realize. Because what we're talking about here is the Potential ability to track people. I don't think I got to this, what about two weeks ago? I think it was. The New York Times was able to locate and follow President Trump based on information. It was able to glean from open sources, in other words, from public information, and also found out the name of some of the Secret Service detail people where they lived their family information. So this is critical. You ask yourself, Well, why would anyone care 2700 plus attempt to identify these people back in October? Well, once identified, you can figure out a lot more because now you can get into the email accounts using social engineering. You might be able to get more information. Remember President Obama, when he first became president, was using the His blackberry that was not secured, because that's what he's used to using. And President Trump had his phone that he was using. I can't remember I think it was, was it an iPhone? I can't remember anyways, and he had his phone that he was using. And we tend to carry multiple phones. And that's a bit of an issue to you know if you got the president, okay. He's got his highly secured phone that he's using for his important emails and messages, etc. I am not sure if he is carrying around his iPhone that he uses to tweet with, but if he is, what information does that give out? So Iran, this is back in October, we know, was going after the Trump campaign. And today, it's, of course, gotten a little bit worse. Well, let's talk about another area of Iran's hacking, and this is about industrial control systems. Now, if you're not sure Or what these things are industrial control systems, are the computers used to control things like valves in industrial facilities, they control numerical machines that do the lathing and other types of things in an industrial area. Nowadays, everything is computer-controlled. Now, some of these machines, I have a client, we had to put in special networks to protect them, a client who has Windows XP down on the manufacturing floor, and it's Windows XP because again, it's what we talked about a couple of segments ago. It's older operational technology that is not up to date. If it's not broken, don't fix it. And the manufacturers aren't going to update the control systems from Windows XP to Windows 10. They don't even provide patches for when Those XP systems. So what are you going to do if you're a manufacturer? Do you want to spend another 200 grand or more on a new piece of equipment? Are you going to stick with what you have? So we've got all of this critical infrastructure manufacturing, but we also have a critical infrastructure. For instance, in our hospitals. You probably know for ten years, I was a volunteer in EMS, emergency medical services. And in the back of our ambulance, I was using all kinds of equipment to monitor cardiac rhythms to do defibrillation, to draw blood to, to give d-50 to help people with diabetes who are in a diabetic coma, if you will. So, all of that equipment When was the last time that was updated? When was the last time they did an update in the hospital? We know about problems with pacemakers and people's chests because there are security vulnerabilities All these pacemakers now, Oh, isn't this cool, we got Bluetooth we can control the pacemaker, when you see your doctor, he makes a couple of changes. You can make some minor changes, as well, as and I'm about to exercise, I need to up my heart rate, or my heart rates going to get high, so don't shock me right with an auto defib unit. How about our water processing plants? We've got gates that go up and down to move water between one area and another. Same thing with fresh water as with black water, where we have our waste from our sewage systems that treated and being run through different channels and into ponds. There are electric systems. Hydro Systems, with all of those gates, move up and down, and they go through different turbines. It's moved around inside, depending on power requirements at that time of day. We have coal and our electrical grid, there are thousands of controls across our electrical grid. One of the things I did when I was running the FBI is Infragard program is made sure we did training on these types of industrial control systems because they are so critical to our businesses. We have to understand these we have to take care of them. We can no longer just say, well, it's working, we're not going to touch it anymore. So, there was a cyberwar conference in Arlington, Virginia, just about two months ago, and Microsoft security researcher by the name of Ted Morin said that he found a shift in the activity in the Iranian hacker group is called ABT33. In this case, all known by a few other names, but Microsoft just watch the group carry out so-called past Word sprain attacks. Over the past year, the try few common passwords across user account at 10s of thousands of organizations. And they're saying that the Iranians have narrowed its password sprain to about 2000 organizations per month. More targets, different targets, and what are they trying to get at? They're trying to get at these industrial control systems. We do know how we were able to nail the Iranians with their nuclear ambitions. It came out that it was the Israelis and us. We had come up with a virus, a particular virus that attacked their industrial control systems inside the nuclear refineries where the refining the yellowcake Basically, and we were able to destroy those. So they learn something from that. And they the Iranians are destructive or in their cyber world here, right? We talked about the wiper attacks, or they're doing during my Facebook Lives this week and YouTube lives, how they're trying to destroy equipment. That's what they want. So this represents, according to Microsoft, a disconcerting move as they moved on here. They haven't named any specific control systems. We know some of them. In December of 2016, Russia used a piece of malware that briefly caused a blackout in the Ukrainian capital of Kiev. Some hackers deployed a piece of malware in Saudi Arabia and an oil refinery in 2017, designed to disable the safety systems, which is what we did to the Iranians. So Those attacks had the potential to inflict physical harm as well as mayhem. So we've got to be very, very careful. If you are a business and you have control systems, make sure they are up to date. I can't say that enough. And make sure the manufacturer the networks are providing you with patches demand the patches, tell them Homeland Security says that they have to deliver updates because they can't expect you to replace all of these control systems. Part of the problem many businesses have is even finding all of these control systems that are out there. It gets to be tough, frankly. What are what do we have? Are they up to date? What are they running? You know, I mentioned already, the Windows XP control systems that some of my clients are still running, and they're slowly but surely upgrading some of their systems. So it's a problem. Make sure you watch this week's Facebook Lives that I recorded this past week. They were alive when they were alive. But you'll find them at Craig Peterson comm slash Facebook I go into this Iranian problem a little bit more. I give you some solution, some actionable steps that you can take, and if you don't like Facebook, you'll find them at Craig Peterson comm slash YouTube as well. And I hope you do check them out. I think it's essential. We got to understand this stuff, and we've got to make sure that we are taking care of the problem as we go forward. We got more training coming up, But anyways, you'll find all of that make sure you're on my email list. So you find out about all of these pop-up training, free training I'm doing Craig Peterson dot com slash subscribe. You're listening on WGAN and online. Hello, everybody welcomes welcome. Of course, this is Craig Peterson. Here we are on WGAN the also find us online at Craig Peterson dot com. We've been covering a lot about what's going on with Iran and security. There have been updates this week from our friends at Homeland Security. The FBI, CIA, NSA, I guess not the CIA so much, but the NSA even are warning us about these types of attacks. So we've been talking a lot about that today. You'll find out more online at Craig Peterson comm slash Facebook. Make sure you follow my page there so that you'll get informed when I have these Facebook Lives. So I've got about 20 minutes, 25 minutes worth of content there. I think you'll appreciate it tonight. include some graphics things getting fancy here. And then, of course, this show is up on my website you'll see it there I podcast pretty much anywhere tune in radio, of course where you'll find ga n and many other great stations and shows. And I also have a YouTube channel and everything out. So you know, trying to do it all be everywhere all at once. So, man, it's just the way it goes sometimes, isn't it? So we are going to talk right now about this particular problem, which is how do we as business people know if we should be moving to the cloud should not be moving to the cloud, what should we be doing and how we should be doing it? Right. Does that make sense to you guys? And so that's what we're going to talk about right now. There is a great little article from insights for professionals. They have a lot of details on it. I'm also going to be having some specialized training coming up probably in a couple of months here on cloud migration. Now, if you've been listening to the whole show, you know how several companies are unclouding, about half of the companies that are in the cloud right now are thinking about leaving the cloud. And, and it's because of two big problems that I can't tell you how many people I know how many businesses I know, are thinking about going to the cloud for these reasons, which are number one security, because they look at the cloud as being more secure. They don't have to worry about hiring security people or about having the right hardware. Go to the cloud and have no worries about any of that. And then number two cost savings, they think they're going to have cost savings. So about half of the companies in the cloud are looking at it, saying it's not as secure as I wanted it to be. It's not as cures I needed to be. It doesn't comply with the regulations that I must comply with, which, by the way, is almost every business out there. If you have a single employee, you probably have some HIPAA requirements, medical requirements, because you're providing health insurance. You've probably got their social security number, their name, the home address, any one of which is considered personally identifiable information. So are you just going to throw that up on the cloud, randomly? And then you've heard about, of course, all of the cloud hacks that have happened and it's scary. So, security is kind of the number one reason, and the second reason is they have not seen the savings promised by the cloud. They haven't seen the savings and personnel in overall expenditures, etc. So about half of the companies that have moved are saying, we want to move back. One of the first things you have to do if you're considering moving to the cloud is how a good data inventory. Now your data inventory is something you should be doing anyway, frankly, with data inventory, you know what data you have, where it is how much there is. And you have to do that now. And we'll be talking about the new California regulations here in a few minutes. But you have to do that right now. And if you have any European customers, you already had to do this. If you haven't re, yet, count yourself lucky. The fines have started coming all the way down to small companies. With California starting to fine companies as of the first of this year. It's kind of a Greenfield for these scam artists that like to sue companies. And all they have to do is say, yeah, I'm a California resident, and I went to this website, and I asked the company for all the information they have on me, and I have a right to be forgotten under this category. law. And they didn't do that they didn't do any of it. So now they get to sue you because you didn't comply with the crazy California law. So know where your assets are, know where your data is knowing which data needs the most protection, you should do that no matter what. When we're talking about this cloud migration and a cloud decision framework for moving your data to the cloud. We're also talking about taking all of that data, including the security required for that data, and transferring it to the cloud, and it is essential that we fully understand what that is. But don't forget, half of the companies are now thinking about getting out of the cloud. Getting out of the cloud means how do I migrate my data out of the cloud? Because in many, many cases, you got vendor locked in you, you can't do anything about it. It's a big deal. So how are you? You're going to deal with that. So migrating to the cloud and the decision around the migration is one of the most important and consequential decisions that any IT director can ever make for their firm. Absolutely. It's a highly complex process, especially for larger businesses. And it is something that really could mean the end to your business. I say that, but it's true. I also want to point out another discouraging fact about cloud migrations. About a third of them are considered failures. That's a huge number. Now we already know things if you're a business person, you know things like ERP systems, these systems designed to help your business run and it kind of covers everything from the customers and the sales process through the ordering the manufacturing the show. Shipping, right? The just in time inventory, these big era p systems, you already know that more than half of those are considered failures. So just talking about cloud migrations, third of them are considered failures. So how do you do this? How do you take care of this? And how do you make sure the unclouded migrations going to go well, a little bit later on. That's what a cloud decision framework is all about. That's why you have to spend some time here. You have to assess the benefits of moving an application to the cloud, whether it is to office 365. Online, whether it is an application that's integral to your business. I know a lot of businesses now that are moving their era p systems like car dealers and others to the cloud. But is that the right decision, particularly considering half of the businesses Want to move back out of the cloud? Okay, what impact is that going to have on your wider business? What's going to happen when the cloud server crashes? When your network doesn't work? When there's too much bandwidth on your network because transfers are going on? Or maybe as we've seen many, many times, people are streaming YouTube and other videos in their offices that are showing up all your bandwidth, and you don't have any way to throttle that type of access. Okay, the most common myths of cloud computing can hinder you. So here we go. Some executives MV worry of the cloud is I believe the cloud is inherently less secure than on-premise alternatives. Alternatively, they may have gone and bought into the idea that the cloud is good for everything. Neither one of those is true, the cloud is not more secure than the premise, and on-premise is not necessarily more secure than the cloud. It depends, right? And that's what all this research is about, you know, you got to do planning and evaluation, you've got to select the right solution. There are a lot of cloud vendors out there right now. Are you going for software as a service platform as a service? I access all of those things, right? How are they going to handle your data? How are they going to manage your data? How are they going to back it up? How are they going to test the backups? validation and management, anyways, if you are interested in finding out more if your business is thinking about moving to the cloud, let me know. In case I'm thinking about putting together a little bit of training on that as well. Again, me and Craig Peterson Congress drop me a quick note. I'd love to hear from you. And let's see. I think that's it for now. We're going to come back with a LIDAR. It is kind of cool because we're talking about Kaz, who doesn't love that. Hello everybody, Craig Peterson, here WGAN and, of course online, you'll find me at Craig Peterson dot com. Of course, that's Peterson with an O. Hope you have enjoyed this week, and you're able to attend some of my FacebookLives. There is a lot of training. We've got a lot more coming up. If you want to find out about the training, the best bet is to subscribe to my email list. That's Craig Peterson comm slash subscribe. All free training. I give away hours every year, you know, hundreds literally of hours of different types of training. So make sure that you're on that list Craig Peterson, calm, slash subscribe. Well, I want to talk about something cool right now. And this is something that you're going to be seeing in your life in the fairly near future. It's something called LIDAR. Now I've had the makers and designers of LIDAR on my radio show before. And we talked about what the technology was about how it's going to improve things. But a LIDAR was very, very expensive. It's some of the LIDAR equipment that they use on these test vehicles. Those you see driving around from our friends at Waymo and many others. Even Uber is in the game and, and apples in the game, some others in the game. Still, these cars are driving around with a quarter-million dollars worth of LIDAR on the cars. Now, if you have seen any of these LIDAR pictures in, in the news, it's kind of cool. Let me see if I can pull off up for you. I think I've got Yeah, I do. Okay, so I'm going to pull this up here on the screen. If you're watching and you can see this again at Craig Peterson dot com slash YouTube. Here is a LIDAR picture. Here is showing what looks to be New York Central Park and some of the buildings around, and I'm quite sure that's what it is. And it's a kind of laser radar. And the idea with the laser radar, is I keep wanting to do laser-like our friend. Austin Powers did, right. But this is a kind of laser radar, and you can see it showing the trees and showing buildings and streets and the tops of the buildings. It's very cool stuff. And the idea behind putting this on cars is it gives the car a truly three-dimensional view. What's around it down to the millimeter down to we're just fractions of an inch. It is very cool and beneficial. Now we've got people like Ilan musk out there, who, with his Tesla cars, is exclusively using cameras. And he says LIDAR is useless. We're not going to use LIDAR, and no one's going to use LIDAR forget about LIDAR, why bother with LIDAR? And I can kind of understand why he might want to go that way. When you're talking about a quarter-million dollars worth of equipment in a car. That's a whole different beast. However, I went online today, and I did some searching, and I found those hockey pucks sized LIDAR units wholesale for 100 bucks apiece. That makes it extremely affordable. But you might not want to use those you might want to if you're a car manufacturer have a much better what's word I'm looking for, but a much better provider of the LIDAR. And so this is where everything changes. Bosh, who is a company that makes all kinds of fantastic equipment for cars already, including fuel injection systems, and many other things. Bosh is now entering this crowded LIDAR market. Now what's important about this is Bosh is considered a tier-one provider. They are one of the top providers for automobile equipment in the world. They do some amazing things, things and this Thursday, this last Thursday, Bosh announced that they are going to be providing LIDAR units. Now Bosh can scale this. They've got the infrastructure to do it. unlike so many These smaller companies like the one I found for $99 for a LIDAR unit, okay. Right now, we don't know much about the Bosch LIDAR system. There are several companies. As I said, I interviewed the first one, the guys that came up with the patent. Now, this picture that I have here, this is outing. Here is an Audi. And they have already started shipping some cars with a LIDAR. A Bosch rival makes it by the name of Valeo, and we can expect more carmakers to follow their lead. So the LIDAR doesn't have to be solely in an autonomous vehicle. It can be used for functions like Cadillac uses and many others now. These uses quite a literal radar to track the car in front of you knows it stopped quickly, it'll automatically apply the brakes, that you're getting too close to the jersey barrier in the middle of the road. And so it kind of steers you away from that. There's a lot of things LIDAR in use right now. That's what some of these manufacturers are starting to use it. In the future. The beauty of LIDAR is that it can see everything in 3d. Remember that lady in Phoenix that darted out in front of that autonomous car and was struck. and she probably would have been struck by any driver, whether or not it was autonomous. But she was struck, because the cameras can't see everything, particularly in the dark. And even if you have a camera on each side of the car, looking forward, which gives the car some stereoscopic vision, it is nowhere near as accurate as LIDAR is so this is just a, frankly a huge, huge thing. Another major advantage of LIDAR is the distance involved. LIDAR can see, again, with millimeter precision, over 200 meters in front of the car. So that's the high-end stuff. Audi putting into their cars, they're not going to put a $200,000 LIDAR unit in it, like Google uses when it's driving around neighborhoods, okay? But rumors are suggesting that the LIDAR from Vallejo costs hundreds of dollars in quantity, and it's probably pretty good. So they have a lower range, they have a lower resolution, but they can add a lot of value expect over time. Radar sensors have some real limitations. They have a flat horizontal, vertical resolution like, unlike the LIDAR you saw in that picture. I'll bring it up again here. Let me pull it up. OK, that's up, and behind me, it's put it up big on the screen for those people watching. But you can see the resolution on that this is an expensive LIDAR that took this picture of New York City wall of part of Central Park and part of the buildings. But you can see how good the detail is. And it's plenty of detail for a vehicle to kind of figure out where it is and where it's going. So this is going to improve frankly, everything. Radar can't necessarily distinguish between things like a fire truck and a small car that might be in traveling. Still, it is going to help, and the next generation of this advanced collision avoidance and detection systems are going to be using this used massively. So I think this is very, very cool. So congratulations to Bosch, and Audi for coming up with some of this stuff. And we're seeing More this over at CES this year the Consumer Electronics Show. There are taxis while there's at least one Russian taxi that is over in Vegas right now driving the street with no one behind the wheel at all. And reports are that it hasn't had one accident. Now, if you've driven in Vegas lately, you know how bad the traffic is in Vegas? It has gotten terrible. I was just out there at a wedding just about a month ago and I couldn't believe how bad it now is. Stick around. When we come back. We're going to talk about the new privacy laws. What does that mean to us a consumer? What does it mean to businesses as well? Stick around us into Craig Peterson on WGAN and online. Hey, hello everybody, Craig Peterson here, man, I can't believe it's been an hour. It just goes so, so fast. Hey, welcome back. Of course, you'll find me here every Saturday on WGAN from one till 3 pm. I also have this recorded in the video. And you can see the video by going to YouTube. But also you'll see it over on my website at Craig Peterson dot com. I do a lot of training. I do a lot of FacebookLives, and YouTube lives, you know, pop-up training like I did this week, where we're talking about what you need to do right now, to help protect yourself from the Iranian attacks that are already underway. They've been underway for many years now, but they've gone up over 50% this year. That is a dramatic number. And I'm just I'm sad to see that sort of thing happening, but you know, it's going to happen. You know, guess what, right? So anyhow, be that as it may. It is a pleasure to be here. We have covered a lot today. And I want to get now into just the last couple of things. We've got a big deal now. Hey, if you're a business and you have any medical records, you are covered by HIPAA, you have to comply. There are fines and all kinds of things. If if you are a manufacturer, who sells things to government bodies, and particularly military, where on the military side they have multiple vendors that are selling components and you're selling these components to the military. Well, now you've probably got DFARS. requirements and door ITAR requirements if you are involved in the financial business at all. You also have requirements that are that fall under FINRA. And it just goes on and on, right that the courts all put every business under FRCP, the Federal Rules of Civil Procedure, and where you have to keep emails, you have to keep documents. You have to do all of this stuff. Are you doing it? How about GDPR that came out a couple of years ago now it's been a few years and then last year, got teeth, and they started finding companies, even small companies huge amounts of money. Well, now we've got our friends in California. They have passed what they call the California consumer Privacy Act (CCPA.) This act is starting to cause some problems and some questions here as companies are trying to figure out organizations, including volunteer organizations, including insurance companies, banking companies, they have to comply. This law went into effect on January 1, 2019. And then January 1 of 2020. This year, it got teeth; you had to comply. And one of the provisions of this law is that if someone requests their information, what is it that you have on me? What is it that you're maintaining about me? If they request that you have 45 days to give them all of their information because they have to know what you know about them. That doesn't seem too bad, and 45 days you should be able to handle that, right? Well, consider California has got 30 million people in it. And what happens if a small percentage of them decide they want that information from you? Maybe they think that, hey, listen, it's going to be cool because I'll be able to make some money because, under this California law, I can sue them. And I can get a whole bunch of
Hairless in the Cloud - Microsoft 365 - Security und Collaboration
# News * Windows 10 1903 ist da: https://blogs.windows.com/windowsexperience/2019/05/21/how-to-get-the-windows-10-may-2019-update/ * Yammer in der EU (Limit: Externe und Email): https://docs.microsoft.com/en-us/Yammer/manage-security-and-compliance/data-residency * SPC19 - Intelligent Intranet Announcements: https://techcommunity.microsoft.com/t5/Microsoft-SharePoint-Blog/Intelligent-Intranet-Announcements-from-the-SharePoint/ba-p/621894 * SPC19 - Updates to SharePoint security, administration, and migration: https://techcommunity.microsoft.com/t5/Microsoft-SharePoint-Blog/Updates-to-SharePoint-security-administration-and-migration/ba-p/549585 * SPC19 - SharePoint home sites: a landing for your organization on the intelligent intranet: https://techcommunity.microsoft.com/t5/Microsoft-SharePoint-Blog/SharePoint-home-sites-a-landing-for-your-organization-on-the/ba-p/621933 * SPC19 - Yammer Rich text und Q&A: https://techcommunity.microsoft.com/t5/Yammer-Blog/New-Yammer-investments-announced-at-SharePoint-Conference-add/ba-p/621940 * Advanced Threat Protection for Azure Storage (zu sehen im Azure Security Center) * Access from unusal location * Application Anomaly * Data Exfiltration (large amount of data) * ... * https://docs.microsoft.com/en-us/azure/storage/common/storage-advanced-threat-protection * Vulnerabilty Tasks from MDATP to Intune is in public preview # One drive to rule them all SPC: 28 regions, 54 data centers, 180.000 servers, "OneDrive is the files app for Microsoft 365" * OneDrive kann nun endlich differential Sync für alle Dateitypen: https://www.microsoft.com/microsoft-365/roadmap?filters=&featureid=33412 * Es kann nur schneller werden * Sync mit vielen Dateien war/ist ein Problem, wenn es schnell gehen soll * Demo 00:23 - https://www.microsoft.com/en-us/spvs * File hover cards: https://www.microsoft.com/microsoft-365/roadmap?filters=&featureid=49092 * Save for later: https://www.microsoft.com/microsoft-365/roadmap?filters=&featureid=49095 * Andere Libraries im OneDrive: https://www.microsoft.com/microsoft-365/roadmap?filters=&featureid=49093 * 360° image previews: https://www.microsoft.com/microsoft-365/roadmap?filters=&featureid=49516 * Requests files from others: https://www.microsoft.com/microsoft-365/roadmap?filters=&featureid=27020 * Sharing: Teams chat integration, so ähnlich wie modern Attachment, aber mit Context: https://www.microsoft.com/microsoft-365/roadmap?filters=&featureid=27016 # Autopilot White Glove * Braucht 1903 und TPM 2.0 * Device context Installation * https://docs.microsoft.com/en-us/windows/deployment/windows-autopilot/white-glove # Feedback, Kritik, Lob, Fragen? * Email: podcast@hairlessinthecloud.com * Twitter: @hairlesscloud * Web: www.hairlessinthecloud.com (Links zu allen Podcast Plattformen) * Coverarts & new Audio Intro by CARO (mit Hilfe von pixabay.com)
On today's show, Steve and Jay talk about Office 365 Advanced Threat Protection. What is it and where does it fit within the Microsoft 365 suite? What does it include and what's the best way to configure configure it? Then we tackle the all important question - licensing. Finally we talk about alternatives on the market.
Hairless in the Cloud - Microsoft 365 - Security und Collaboration
# News * Mensch gegen Maschine: https://twitter.com/lexfridman/status/1094330727448145920?s=20 * SharePoint Migration Tool Erweiterungen für Managed Metadata, Webparts und Navigation: https://blogs.technet.microsoft.com/wbaer/2019/02/08/microsoft-365-migration-on-your-terms-with-new-improvements-to-the-sharepoint-migration-tool/ * Yammer jetzt in 64 bit: https://techcommunity.microsoft.com/t5/Yammer-Blog/Some-Yammer-IDs-returned-by-the-REST-API-have-moved-beyond-32/ba-p/334670 * Stream Interaktion + PowerPoint: https://techcommunity.microsoft.com/t5/Microsoft-Stream-Blog/New-interactive-video-features-and-deeper-integrations-with/ba-p/323918 # ATP Everything https://docs.microsoft.com/en-us/office365/securitycompliance/office-365-atp#new-features-are-continually-being-added-to-atp Beginning in February 2019 and rolling out over the next several months, Threat Intelligence capabilities are being added to ATP. In addition, if your organization does not currently have ATP, you'll have new options to consider, including ATP Plan 1 and ATP Plan 2. To learn more, see Office 365 Advanced Threat Protection plans and pricing and the Office 365 Advanced Threat Protection Service Description. License Pläne: https://products.office.com/en-US/exchange/advance-threat-protection#pmg-allup-content * O365 ATP P1 * Add-On zu O365 E3 * O365 ATP P2 * Add-On zu O365 E3 * O365 ATP P1 inklusive * O365 E5 hat O365 ATP P2 inklusive # Teams mit Dateiberechtigungen * Mitglieder dürfen "alles" * Owner kontrollieren Mitglieder * Owner sind Site Collection Admin, aber mit einem Hack, da die AAD Group eingetragen ist * Einzelberechtigungen auf SharePoint Ebene sind möglich z.B. /General/PM-Only * Achtung mit Channel Ordner Berechtigungen (Private Channels sind angedacht) # Feedback, Kritik, Lob, Fragen? * Email: podcast@hairlessinthecloud.com * Twitter: @hairlesscloud * Web: www.hairlessinthecloud.com (Links zu allen Podcast Plattformen) * YouTube: https://www.youtube.com/channel/UCZyx8_G8bbB0YsjMLUGE87Q * Coverarts by CARO (mit Hilfe von pixabay.com)
Windows Defender ATP unterstützt Sicherheitsteams in Unternehmen dabei, neue Angriffsmethoden und Schadprogramme frühzeitig zu erkennen, zu untersuchen und automatisch darauf zu reagieren. Ende letzten Jahres wurde Windows Defender ATP um neue Funktionen erweitert. Wir geben Ihnen einen Überblick darüber, was Windows Defender ATP als cloudbasierte Sicherheitstechnik heute leisten kann. Mit Karsten Kleinschmidt und Thomas Höhner Mehr Infos unter https://glueckkanja.com
This is step 5 in the desktop deployment process - your considerations for security and compliance configurations and tools as part of your desktop deployment. In this step you'll assess your existing security solutions across disk encryption, antivirus, policy and more, then make sure you have improved security once you are running Windows 10 and Office 365 ProPlus. This step covers the apps and services that run on the local computer - like AV and encryption - as well as cloud delivered services - like Advanced Threat Protection, Data Loss Protection, and more. Applies to Windows 10, Office 365 ProPlus, System Center Configuration Manager and related enterprise deployment tools. More resources: Modern Desktop Deployment Center: www.aka.ms/howtoshift Modern Desktop Deployment Essentials on Mechanics: www.aka.ms/watchhowtoshift Modern Desktop Deployment Labs: www.aka.ms/howtoshiftlabs Learn about the user and IT benefits of a modern desktop: www.microsoft365.com/shift
Learn more about FortiSandbox, a key part of Fortinet’s innovative Advanced Threat Protection solution and the Fortinet Security Fabric.
We continue the Security Series with another one of our guests at Infosec. David Fearne and Richard Holmes sit down with Gad Naveh from the Advanced Threat Protection team at Check Point. In this episode the team discuss 5th Generation cyber attacks and the evolution that Check Point has seen in the security landscape.
In Episode 47, Ben and Scott walk through Office 365 Advanced Threat Protection (ATP) and all of the ways it can help you improve your security posture in Office 365 for both Exchange Online and SharePoint Online (including OneDrive for Business and Microsoft Teams!). Office 365 Advanced Threat Protection – Marketing Office 365 Advanced Threat Protection […] The post Episode 47 – Office 365 Advanced Threat Protection appeared first on Microsoft Cloud IT Pro Podcast.
Security experts from Microsoft discuss phishing, malware protection, threat intelligence, and more. They share candid insights and best practices about using Advanced Threat Protection in Azure, Windows 10, and Office 365 to combat sophisticated cyberattacks from advanced adversaries and to protect company data.These questions — and more — are discussed during this session:[01:30] What are the different Advanced Threat Protection (ATP) products that Microsoft offers?[06:10] With regards to phishing threats, what did the Security Operations Center (SOC) use prior to Office 365 ATP and what are the benefits from this?[10:38] Within the SOC, what—if any—SIEM (Security Information and Event Management) tools and third-party threat feeds do you use to complement your intelligence?[20:01] With regards to phishing—there are a lot of tools to help understand and remediate email text, but can I search for emails using URLs?[24:25] For a company with lots of proprietary information, how secure would ATP be if information about files on a network needs to be sent to Microsoft to be analyzed? Are copies of these files kept on Microsoft servers?[25:44] How is ATP different from normal virus scanning?[32:56] How do Microsoft ATP products compare with other third-party products?[40:42] Is ATP analysis available on free email accounts such as Hotmail or live.com within the context of users accessing personal email on work computers?[45:08] In the SOC, what was one of the most significant findings using Defender ATP?[46:26] How does Microsoft technology help against attack trends?[50:46] What is the one key take away that you would like to leave our audience with today?Access additional technical content, discover new and exciting career opportunities in IT, and much more:Microsoft IT ShowcaseMicrosoft IT CareersLinkedInGet the IT Showcase App
Security experts from Microsoft discuss phishing, malware protection, threat intelligence, and more. They share candid insights and best practices about using Advanced Threat Protection in Azure, Windows 10, and Office 365 to combat sophisticated cyberattacks from advanced adversaries and to protect company data.These questions — and more — are discussed during this session:[01:30] What are the different Advanced Threat Protection (ATP) products that Microsoft offers?[06:10] With regards to phishing threats, what did the Security Operations Center (SOC) use prior to Office 365 ATP and what are the benefits from this?[10:38] Within the SOC, what—if any—SIEM (Security Information and Event Management) tools and third-party threat feeds do you use to complement your intelligence?[20:01] With regards to phishing—there are a lot of tools to help understand and remediate email text, but can I search for emails using URLs?[24:25] For a company with lots of proprietary information, how secure would ATP be if information about files on a network needs to be sent to Microsoft to be analyzed? Are copies of these files kept on Microsoft servers?[25:44] How is ATP different from normal virus scanning?[32:56] How do Microsoft ATP products compare with other third-party products?[40:42] Is ATP analysis available on free email accounts such as Hotmail or live.com within the context of users accessing personal email on work computers?[45:08] In the SOC, what was one of the most significant findings using Defender ATP?[46:26] How does Microsoft technology help against attack trends?[50:46] What is the one key take away that you would like to leave our audience with today?Access additional technical content, discover new and exciting career opportunities in IT, and much more:Microsoft IT ShowcaseMicrosoft IT CareersLinkedInGet the IT Showcase App
Security experts from Microsoft discuss phishing, malware protection, threat intelligence, and more. They share candid insights and best practices about using Advanced Threat Protection in Azure, Windows 10, and Office 365 to combat sophisticated cyberattacks from advanced adversaries and to protect company data.These questions — and more — are discussed during this session:[01:30] What are the different Advanced Threat Protection (ATP) products that Microsoft offers?[06:10] With regards to phishing threats, what did the Security Operations Center (SOC) use prior to Office 365 ATP and what are the benefits from this?[10:38] Within the SOC, what—if any—SIEM (Security Information and Event Management) tools and third-party threat feeds do you use to complement your intelligence?[20:01] With regards to phishing—there are a lot of tools to help understand and remediate email text, but can I search for emails using URLs?[24:25] For a company with lots of proprietary information, how secure would ATP be if information about files on a network needs to be sent to Microsoft to be analyzed? Are copies of these files kept on Microsoft servers?[25:44] How is ATP different from normal virus scanning?[32:56] How do Microsoft ATP products compare with other third-party products?[40:42] Is ATP analysis available on free email accounts such as Hotmail or live.com within the context of users accessing personal email on work computers?[45:08] In the SOC, what was one of the most significant findings using Defender ATP?[46:26] How does Microsoft technology help against attack trends?[50:46] What is the one key take away that you would like to leave our audience with today?Access additional technical content, discover new and exciting career opportunities in IT, and much more:Microsoft IT ShowcaseMicrosoft IT CareersLinkedInGet the IT Showcase App
I denne episode snakker vi en masse om Sikker mail i Office 365 (ATP) og SharePoint Virtual Summit. Vi kommer ind på en masse omkring brugervenlige Intranets og hvad Ulrich oplever på SharePoint fronten. Kenneth fortæller en masse om begrebet "Sikker Mail" og hvordan Advanced Threat Protection (ATP) i Office 365 kan beskytte dig imod ting som virus, RansomeWare og andet skidt du ikke vil have på din PC. Vi har ikke musik med i podcasten længere, da det er blevet sværer og sværer at finde noget god musik, der ikke koster penge at medtage. Indtil vi finder en kunstner der vil donere sin musik gratis, vil vi ikke længere have musik i slutningen af episoderne. Liste af links nævnt i podcasten Videoer om beskyttelse af mail i Office 365: https://technet.microsoft.com/library/dn727070(v=exchg.150).aspx Produkt side og Advanced Threat Protection: https://products.office.com/da-dk/exchange/online-email-threat-protection Video fra Microsoft Ignite omkring Exchange Online Protection: https://www.youtube.com/watch?v=fEmkHZxzwqo&t=475s SharePoint og OneDrive nyheder: https://blogs.office.com/2017/05/16/new-sharepoint-and-onedrive-capabilities-accelerate-your-digital-transformation SharePoint Virtual summit top-nyheder: https://blogs.office.com/2017/05/16/sharepoint-virtual-summit-showcases-growth-innovations-and-customer-success Se videoerne fra SharePoint summit: https://event.microsoft.com/events/2017/1705/SharepointSummit/
Welcome to the March 2017 Office 365 Update. The course transcript, complete with links to additional information on everything covered, is available at https://aka.ms/o365update-transcripts. Here is this month's agenda:MyAnalytics [00:34]Power BI [02:08]Outlook Mobile Add-Ins [03:35]Office 365 Administration [05:05]Advanced Threat Protection [06:14]Security and Compliance [07:49]Podcast Availability [09:38]
Welcome to the March 2017 Office 365 Update. The course transcript, complete with links to additional information on everything covered, is available at https://aka.ms/o365update-transcripts. Here is this month's agenda:MyAnalytics [00:34]Power BI [02:08]Outlook Mobile Add-Ins [03:35]Office 365 Administration [05:05]Advanced Threat Protection [06:14]Security and Compliance [07:49]Podcast Availability [09:38]
In this episode we talk about Exchange Online Advanced Threat Protection, Instagram & Twitter live video
In this quick update our risk management expert, John Higday, highlights the updates in ATP 2.0.2 which provides IT security teams with the best visibility in their endpoint environment. Advanced Threat Protection - Expose, prioritize, and remediate sophisticated advanced attacks across endpoints, networks, and email, from one single console. Download our ATP whitepaper at https://www.itsdelivers.com/white-paper-the-arms-race-to-stop-advanced-threats/
This week we meet the founder of SenCbudds smart earphones and try the new Fitbit Blaze and Fitbit Alta. Other topics - Mac Ransomware, 15TB SSD, Amazon Echo Dot and Tap, Microsoft’s new Advanced Threat Protection for Windows and the past/future of email. Running time 0:50:25
Today’s threat environment is evolving at a remarkable rate as cyber criminals improve their ability to change and adapt. With today’s growing number of targeted attacks, it has become virtually impossible to block every threat before it reaches your network. It’s no longer a matter of if you’ll suffer a malware outbreak or data breach, but when. Unfortunately, most businesses are not very good at detecting and responding to these malware attacks when they happen:~ Advanced attackers targeted 5 out 6 large companies in 2014 (Source: Symantec 2015 ISTR)~ 66% of all breaches went undetected for more than 30 days (Source: Verizon Breach Report)~ On average, data breaches were detected 243 days after they happened (Source: Ponemon)~ And the average data breach takes 4 months to remediate (Source: Mandiant ATP 1 Report) Watch this presentation and demo where existing Symantec Endpoint Protection customers will realize how to shift from a “protection only” mindset to a more comprehensive approach to detect quickly, prioritizes what matters most and remediate fast!
© 2020-2025 Ivy Podcast Discovery LLC
