Monday, April 15, 2019

Microsoft Security Configuration Framework - What to lock down on your computer guidance

Microsoft just came out with a new Microsoft Security Configuration Framework to help users lock down their computers. You can use this to lock down your computer at home.















  • Level 5 Enterprise Security – We recommend this configuration as the minimum security configuration for an enterprise device. Recommendations for this level are generally straightforward and are designed to be deployable within 30 days.
  • Level 4 Enterprise High Security – We recommend this configuration for devices where users access sensitive or confidential information. Some of the controls may have an impact to app compat, and therefore will often go through an audit-configure-enforce workflow. Recommendations for this level are generally accessible to most organizations and are designed to be deployable within 90 days.
  • Level 3 Enterprise VIP Security – We recommend this configuration for devices run by an organization with a larger or more sophisticated security team, or for specific users or groups who are at uniquely high risk (as one example, one organization identified users who handle data whose theft would directly and seriously impact their stock price). An organization likely to be targeted by well-funded and sophisticated adversaries should aspire to this configuration. Recommendations for this level can be complex (for example, removing local admin rights for some organizations can be a long project in and of itself) and can often go beyond 90 days.
  • Level 2 DevOps Workstation – We recommend this configuration for developers and testers, who are an attractive target both for supply chain attacks and access to servers and systems containing high value data or where critical business functions could be disrupted. Level 2 guidance is coming soon!
  • Level 1 Administrator Workstation – Administrators (particularly of identity or security systems) present the highest risk to the organization, through data theft, data alteration, or service disruption.

Along with Secure Score in Windows Defender Security Center, you can get a detail set of action items you need to reduce your attack surface in Windows, which is available in 
Windows Defender ATP in Windows Enterprise Edtns.


Posted by metadataconsulting (profile) at 6:00 AM 0 comments

Wednesday, April 10, 2019

Phishing Email - Subject: RE: [ Reminder ][ Sign-in New Device ] The following changes to your Account, Update Activity Account Submitted Changed to Your Billing

For the record, this is an Apple phishing email attempt that is recently going around and made it through spam filters. What to do?  Report them, goto bottom of page.


From : "support@apple.com"
 
Subject :Subject: RE: [ Reminder ][ Sign-in New Device ] The following changes to your Account, Update Activity Account Submitted Changed to Your Billing


Here's  a preview.

SPAM/ PHISHING LINKs;  

1. https://qoo10.sg/....

How to tell this is a Phishing email ?

  1. Check email address in full, if it's not from originating company then it's phishing.
  2. Hover over all links in email, if it's not from the apple.com site then forget it.

  3. The best way is to look at message source, see below.

How to examine Email Message Source ?

Now lets look at message source
  1. Outlook.com->Actions->View Message Source. 
  2. Gmail.com->More (down arrow to top right)->Show original.
Check for suspicious links, anything that does not originate from apple.com.


Report Phishing Email (not as Spam)

  1. Outlook.com->Junk (at Top)->Phishing Scam
  2. Gmail.com->More (downarrow to top right)->Report Phishing 

Report Phishing URLs at Google now 

If you have recievied this email take further action now by click these links

  1. https://www.google.com/safebrowsing/report_phish/


Report phishing at Microsoft and government agencies

  1. http://www.microsoft.com/security/online-privacy/phishing-faq.aspx

Report phishing emails to Apple 

Forward the email to abuse@icloud.com. This provides Apple's legal department and law enforcement with useful information to help prevent future phishing emails.
Posted by metadataconsulting (profile) at 12:00 PM 0 comments

Tuesday, April 9, 2019

Microsoft Edge Chromium browser still talks to Google

According to the public deck "What Microsoft Edge has contributed/altered in Chromium" ( https://t.co/YVMLFXoluj ), there is still a reporting component that talks to Google mother ship? 


















A challenge : Does any know what is contained information still goes to Google ? 

To enable logging, launch Chrome with these command line flags:

--enable-logging=stderr --v=1  # Linux (newer instructions for Linux: here)
--enable-logging --v=1  # Windows
https://www.chromium.org/for-testers/enable-logging

To enable capture Network Log, goto address chrome://net-export/

 Click the button to start logging future network activity to a file on disk

Choosing Include raw bytes (will include cookies and credentials). In Chromium, this includes encrypted bytes and personal information.

 To view the log contents, goto here https://chromium.googlesource.com/catapult/+/master/netlog_viewer/

and you can upload your capture log to https://netlog-viewer.appspot.com/ to interrogate. 
Posted by metadataconsulting (profile) at 6:00 AM 0 comments
Subscribe to: Posts (Atom)