Microsoft makes several changes to family safety features in Windows
Microsoft Windows had family safety features for years now. Recently, Microsoft made changes to Family Safety features to offer better experiences to its users. Read about them below,
Windows 10:
◾Screen time extensions: When your kids ask for more screen time on a Windows 10 PC, you can extend it through email and the website.
◾Safer settings for younger kids: When adults create new child accounts, only kids under 8 years old will have settings automatically turned on. For kids 8 and up, adults need to turn on the settings they want when they make new accounts.
◾Simplified web experience: account.microsoft.com/family is now the one place to manage family settings for Windows Phone and PCs.
◾Web browsing limits now only on Microsoft Edge and Internet Explorer: On Windows 10 PCs, and now on Windows 10 Mobile, web browsing limits will only apply to Microsoft Edge and Internet Explorer. If you decide to prevent your kids from using other browsers, you can choose to block other browsers that are not supported. Learn more about this change.
When your child sets up their Windows 10 Mobile phone with their Microsoft account, the family settings you previously set up for them will automatically apply:
◾Recent activity to see their activity from Windows 10 PC and Windows 10 mobile devices.
◾Web browsing limits to block inappropriate content.
◾Set Apps, games & media limits according to their age and content ratings.
◾Find your child lets you locate your child’s device on a map.
Kids can buy the stuff they want, but you know they’ll stay within the spending and content limits you set.
◾Add money to your kid’s account without giving them your credit card.
◾Kid-friendly Store browsing limited to the app, game, and media limits you set.
◾Review your child’s recent purchases on their Purchase & spending page.
Read more about it here.
A new rash of socially engineered security threats are using emails to trick victims into sending money to attackers by posing as vendors, clients or anyone you might know asking for payment for an invoice via wire transfer.
The FBI has dubbed these attacks “Business Email Compromise” (BEC) scams. According to the FBI, BEC scams have been running since 2013 and have affected users from over 80 countries worldwide. In the US alone, 7,000 businesses have reported a total of $747 million in losses.
“For victims reporting a monetary loss to the IC3, the average individual loss is about $6,000,” said Ellen Oliveto, an FBI analyst assigned to the center. “The average loss to BEC victims is $130,000.”
While there are solutions to prevent such emails from reaching your company, they’re not 100% foolproof. For this reason, use the below recommendations to ensure your company does not fall victim to this crime.
Here are some recommendations:
Awareness
Ensure employees within the company are aware of these targeted attacks as well as your organization’s processes for dealing with and paying approved vendors. The BEC scam has seen an unprecedented rise since the beginning of 2015, increasing 270%.
“They have excellent tradecraft, and they do their homework. They use language specific to the company they are targeting, along with dollar amounts that lend legitimacy to the fraud. The days of these emails having horrible grammar and being easily identified are largely behind us,” says the FBI.
In some cases, scammers have even used malware to steal account credentials and gain access to private company information to use within their communication increasing the legitimacy of their requests and averting suspicion. For example, they may send emails that appear to come from a colleague, typically within the accounting department, a vendor or supplier asking victims to complete a wire payment transaction to settle an invoice.
Lastly, social engineering attacks are not limited to email. We have documented cases of phishing attacks over the phone with both automated systems and real people on the line asking for account numbers!
Technology
Transactions and conversations often take place over email, so using a solid, secure business email solution, like MS Exchange Server or Office 365, is a great first step. In addition, using a multi-factor authentication system and enabling standard email authentication, such as a sender policy framework (SPF), which most mail servers support, will help protect your email environment.
Anti-spam systems are not just for “junk” mail. Most spam solutions use real-time attack information and other dynamic, intelligent systems to identify and quarantine possible threats, such as BEC attacks.
In addition, consider implementing outbound email filtering to prevent sensitive financial information, such as bank account numbers, from being sent outside of the company.
Internal Processes
Establish a system of checks and balances that enable employees to authenticate and validate payable requests. Things such as requiring multiple approvals for wire transfers, stricter controls over changes in vendor or supplier payment details, and using additional forms of verification (such as voice calls or physical documentation) will help ensure that you are conducting a legitimate transaction.
The FBI’s Advice
1.Verify changes in vendor payment location and confirm requests for transfer of funds.
2.Be wary of free, web-based e-mail accounts, which are more susceptible to being hacked.
3.Be careful when posting financial and personnel information to social media and company websites.
4.Regarding wire transfer payments, be suspicious of requests for secrecy or pressure to take action quickly.
5.Consider financial security procedures that include a two-step verification process for wire transfer payments.
6.Create intrusion detection system rules that flag e-mails with extensions that are similar to company e-mail but not exactly the same. For example, .co instead of .com.
7.If possible, register all Internet domains that are slightly different than the actual company domain.
8.Know the habits of your customers, including the reason, detail, and amount of payments. Beware of any significant changes. Learn more by reading the FBI’s Public Service Announcement on BEC
Source: http://www.utgsolutions.com/fbi-warns-about-unprecedented-rise-of-targeted-email-scams/?utm_source=2015-dec-newsletter&utm_medium=email&utm_campaign=newsletter#
New Google Apps Feature Helps Businesses Keep Sensitive Information out of Emails
As Written by: Frederic Lardinois on TechCrunch.com
Google is launching a new privacy tool for Google Apps Unlimited users today. The new Data Loss Prevention feature will make it easier for businesses to make sure that their employees don’t mistakenly (or not so mistakenly) email certain types of sensitive information to people outside of the company.
Businesses that subscribe to this plan for their employees now have the option to turn on this tool and select one of the new predefined rules that, for example, automatically reject or quarantine any email that contains a social security or credit card number. Businesses can choose from these predefined rules and also set up custom detectors (a confidential project keyword, for example). Google says its working on adding more predefined rules, too.
Google created a set of pre-defined rules for data like social security numbers in the U.S., Canada and France, driver’s license and National Health Service numbers in the U.K., as well as for all credit card numbers, bank routing numbers and Swift codes for bank account numbers.
It’s worth noting that Google will scan both the email body and attachments for potential matches.
Rules can be applied to incoming and outgoing messages. Admins are also able to apply these rules to specific departments and employees. For internal messages, they are also able to add a line like “[Internal Only]” to emails that contain information that would have been rejected if the sender had tried to send this email to an external recipient.
Microsoft partners with Linux for Azure certification
Microsoft has shown how much it loves the Linux platform by offering a new certification for those who show they have the knowledge to run Linux servers in Microsoft’s cloud platform. With Microsoft’s new mobile first cloud first strategy, and with the software company embracing it’s competitors lately, this should come at no surprise.
Aptly titled Microsoft Certified Solutions Associate Linux on Azure certification, it requires you to pass the Linux Foundation Certified System Administrator exam and the Implementing Microsoft Azure Infrastructure Solutions exam first, and then you can apply for the new certification.
For those who have already taken one or both of the exams, there is no need to retake the exams, as they count towards this certification, so you need only apply.
“So now, to have half the Marketplace be Linux workloads, and to be doing work like this to get people certified, it really does represent a sea change in the engagement model [for Microsoft],” Shewchuk said in an interview. “And it’s clear that Satya has been at the core of much of this change.”
Find out more about the certification here.
Making mobile phones the authentication hubs for smart homes
By Derek Major as written on gcn.com
Each year, the National Institute of Standards and Technology funds pilot projects to advance the National Strategy for Trusted Identities in Cyberspace. The pilots address barriers to the identity ecosystem and seed the marketplace with “NSTIC-aligned” solutions to enhance privacy, security and convenience in online transactions.
This year, Galois, a computer science research and development company, received a $1.86 million grant to build a user-centric personal data storage system that enables next-generation IoT capabilities without sacrificing privacy. As part of the pilot, Galois will work with partners to integrate its secure system into an Internet of Things-enabled smart home and develop just-in-time transit ticketing on smart phones.
Galois’ authentication and mobile security subsidiary, Tozny, serves as the technical lead for the pilot programs and will build the data storage and sharing platform by tackling one of the weakest links in cybersecurity today: the password. Tozny’s solution replaces the username and password with something people use for almost everything: the smartphone, or wearable device.
Tozny is working with IOTAS, a developer of a home automation platform that integrates preinstalled hardware (light switches, outlets and sensors) with software to create a unique experience in which users learn from and interact with their homes.
Together, the companies are working to help users to log in to the IoT management console installed in their apartments without a password. Tozny is providing cryptographic authentication that is based on mobile phones.
“This is actually a really good idea because people who have tried to deploy authentication devices for smart homes have had a lot of trouble getting them to work, and they’re kind of expensive,” said Isaac Potoczny-Jones, computer security research lead at Galois.“Since a mobile phone can do cryptography, and because we can build beautiful and easy-to-use interfaces on mobile phones, we decided that that would be a much better way to log into a lot of systems -- and it’s easier to use than passwords,” Potoczny-Jones said.
IOTAS is already operating a smart-home pilot in apartment units in Portland, Ore., and San Francisco. IOTAS and Tozny will work to add transparent but privacy-preserving authentication and encryption to this pilot.
Secure mobile transit ticketing
GlobeSherpa, an Oregon-based company that provides a secure mobile ticketing platform for transit systems, is working with Tozny to develop a password-free authentication system that allows users to buy and display tickets on their mobile phones.
“With this you can use your phone to both buy and display tickets, and you don’t have to interface with these often-broken vending machines,” Potoczny-Jones said.
SRI International is also contributing to this project with a biometric authentication solution that will use a person’s walking gait as the biometric. This technology will work with the bus platform to ensure that the person holding the phone and showing the ticket is who he says he is.
“You’re walking up to the bus platform, get your phone, buy your ticket, and the phone has already has a pretty high confidence that you are who you claim to be because it was just observing your walking pattern,” Potoczny-Jones said. “It’s passive, it’s behind the scenes and it’s extremely fast and accurate as well.”
“Anything that you collect that’s behind the scenes or passive needs to have really strong privacy controls built into it,” Potoczny-Jones said. “So we’re very happy with the way these technologies are coming together to provide secure login, privacy controls and really advanced biometric technology.”
EU Model Clauses and HIPAA BAA update now available for all Yammer customers
Post was written by Juliet Wei, senior product marketing manager for the Yammer team.
Yammer’s mission is to enable open team collaboration, and we recognize that sharing goes hand in hand with the right levels of privacy, security and compliance. With more than 85 percent of the Fortune 500 using Yammer to collaborate, our goal is to provide customers with industry-leading privacy and security commitments.
Today I’m thrilled to announce that Yammer has achieved a major compliance milestone to enhance its commitment to the protection of personal data for European customers. Effective immediately, all customers can obtain a Data Processing Agreement with the European Commission’s standard contractual clauses for data processors, known commonly as the “EU Model Clauses (EUMC).” This provides customers with an alternative to transfer personal data from the European Union to the United States.
Additionally, the standard HIPAA Business Associate Agreement (HIPAA BAA) for Microsoft enterprise online services is now available for Yammer customers.
Organizations want a collaboration platform that gives them the right levels of privacy, security, and compliance. The EUMC and use of the standard HIPAA BAA for Microsoft enterprise online services are part of Yammer’s ongoing investments to deliver the protection customers need to collaborate with confidence.
—Juliet Wei
Source: https://blogs.office.com
Built to work nearly seamlessly with Azure, Deep Security provides a suite of security capabilities for your VMs in a single platform for cloud and hybrid deployments. Take advantage of the free 30-day trial and see how easy it is to get the security you need while preserving the agility of Azure.
Visit Marketplace page
REDMOND, Wash., and RALEIGH, N.C. — Nov. 4, 2015 — Microsoft Corp. (Nasdaq “MSFT”) and Red Hat Inc. (NYSE: RHT) on Wednesday announced a partnership that will help customers embrace hybrid cloud computing by providing greater choice and flexibility deploying Red Hat solutions on Microsoft Azure. As a key component of today’s announcement, Microsoft is offering Red Hat Enterprise Linux as the preferred choice for enterprise Linux workloads on Microsoft Azure. In addition, Microsoft and Red Hat are also working together to address common enterprise, ISV and developer needs for building, deploying and managing applications on Red Hat software across private and public clouds.
The two companies will host a webcast at 11 a.m. EST/8 a.m. PST Wednesday, Nov. 4, 2015, to share more details.
Key elements of the partnership include the following:
-
Red Hat solutions available natively to Microsoft Azure customers. In the coming weeks, Microsoft Azure will become a Red Hat Certified Cloud and Service Provider, enabling customers to run their Red Hat Enterprise Linux applications and workloads on Microsoft Azure. Red Hat Cloud Access subscribers will be able to bring their own virtual machine images to run in Microsoft Azure. Microsoft Azure customers can also take advantage of the full value of Red Hat’s application platform, including Red Hat JBoss Enterprise Application Platform, Red Hat JBoss Web Server, Red Hat Gluster Storage and OpenShift, Red Hat’s platform-as-a-service offering. In the coming months, Microsoft and Red Hat plan to provide Red Hat On-Demand — “pay-as-you-go” Red Hat Enterprise Linux images available in the Azure Marketplace, supported by Red Hat.
-
Integrated enterprise-grade support spanning hybrid environments. Customers will be offered cross-platform, cross-company support spanning the Microsoft and Red Hat offerings in an integrated way, unlike any previous partnership in the public cloud. By co-locating support teams on the same premises, the experience will be simple and seamless, at cloud speed.
-
Unified workload management across hybrid cloud deployments. Red Hat CloudForms will interoperate with Microsoft Azure and Microsoft System Center Virtual Machine Manager, offering Red Hat CloudForms customers the ability to manage Red Hat Enterprise Linux on both Hyper-V and Microsoft Azure. Support for managing Azure workloads from Red Hat CloudForms is expected to be added in the next few months, extending the existing System Center capabilities for managing Red Hat Enterprise Linux.
-
Collaboration on .NET for a new generation of application development capabilities. Expanding on the preview of .NET on Linux announced by Microsoft in April, developers will have access to .NET technologies across Red Hat offerings, including Red Hat OpenShift and Red Hat Enterprise Linux, jointly backed by Microsoft and Red Hat. Red Hat Enterprise Linux will be the primary development and reference operating system for .NET Core on Linux.
“This partnership is a powerful win for enterprises, ISVs and developers,” said Scott Guthrie, executive vice president for Microsoft’s Cloud and Enterprise division. “With this partnership, we are expanding our commitment to offering unmatched choice and flexibility in the cloud today, meeting customers where they are so they can do more with their hybrid cloud deployments — all while fulfilling the rigorous security and scalability requirements that enterprises demand.”
“The datacenter is heterogeneous, and the cloud is hybrid,” said Paul Cormier, president, Products and Technologies, Red Hat. “With Red Hat and the leader in enterprise cloud workloads joining forces, our customers are the winners today, as we unite on common solutions to help them solve challenges in this hybrid cloud. Together, we’re offering the most comprehensive support agreement for our mixed technologies to support customers.”
Additional information on the partnership is available on The Official Microsoft Blog and the Red Hat Blog. A live webcast with executives from both companies will begin at 11 a.m. EST/8 a.m. PST Wednesday and can be accessed by the general public at https://vts.inxpo.com/Launch/QReg.htm?ShowKey=28455. Following executive remarks, there will be a question and answer session. A replay of the webcast will be available shortly after the live event has ended.
About Red Hat Inc.
Red Hat is the world’s leading provider of open source software solutions, using a community-powered approach to reliable and high-performing cloud, Linux, middleware, storage and virtualization technologies. Red Hat also offers award-winning support, training, and consulting services. As the connective hub in a global network of enterprises, partners, and open source communities, Red Hat helps create relevant, innovative technologies that liberate resources for growth and prepare customers for the future of IT. Learn more at http://www.redhat.com.
About Microsoft
Microsoft (Nasdaq “MSFT” @microsoft) is the leading platform and productivity company for the mobile-first, cloud-first world, and its mission is to empower every person and every organization on the planet to achieve more.
Red Hat, Red Hat Enterprise Linux, JBoss, Gluster, OpenShift, CloudForms and the Shadowman logo are trademarks of Red Hat, Inc., registered in the U.S. and other countries. Linux® is the registered trademark of Linus Torvalds in the U.S. and other countries. The use of the word “partnership” does not imply a legal partnership between Red Hat and any other company.
Note to editors: For more information, news and perspectives from Microsoft, please visit the Microsoft News Center at http://news.microsoft.com. Web links, telephone numbers and titles were correct at time of publication, but may have changed. For additional assistance, journalists and analysts may contact Microsoft’s Rapid Response Team or other appropriate contacts listed at http://news.microsoft.com/microsoft-public-relations-contacts.
