Instagram Introduces 3D Touch feature to its Android app

The newest update of Instagram is almost identical to the iOS app’s use of 3D Touch. When you long press a thumbnail image (you’ll see this layout when searching or viewing someone’s profile) a full-size expansion of the photo will appear.

users can now long press on an image thumbnail to zoom in on it. Dragging their finger away from the center of the image shrinks it back down to thumbnail size, and moving over one of the buttons under the picture lets them like or share it without ever having to lift their finger. There's even a pleasant haptic feedback given when hovering over one of the buttons.

The new feature is enabled on version 7.13.0 of the app, which you can download from Play Store or grab the latest version from APK Mirror. 

However, Instagram has not officially announced this new feature, It might be that there is some sorts of testing going or maybe Apple may ask them to remove this features.

How to shop online safely

With some simple tips, you can make a safe online shopping experience this holiday season.

Video

As the holiday season approaches, shopping online is an attractive option for grabbing plenty of bargains.
Like any transaction, there are security issues to keep in mind when buying online, but with some common sense you can minimize the risks.
Even if you consider yourself a seasoned online shopper, it's always worth a reminder to make sure your experience is the safest it can be.

General tips

• Do not send your credit card details via email, post them on social media (even in a private message), or enter them on an unsecured website
• Do not give away more information than you need. Retailers generally do not need to know details like your date of birth or social security number, so why if you do not have to disclose it?
• Check for a physical address and contact details like phone numbers for the vendor before buying
• Remember to log out of your account after making a purchase

Keep your PC, Mac or mobile device up to date

This means regularly checking for updates to your operating system, as well as ensuring the apps and browsers are also kept up to date with the latest version. Running regular antivirus and malware scans is recommended to help avoid compromising your personal details to tools such as keyloggers .
Also, get into the habit of using strong, unique passwords for each online store you buy from. If you have not changed your password for an existing account in some time, do it now. Password managers are a great tool if you have trouble generating and remembering unique passwords.

Keep it private (and separate)

Avoid using public computers or public Wi-Fi when shopping online. This includes PCs library or airport.
If you have to make a purchase when out and about, to turn on cellular data on your mobile device rather than using Wi-Fi. VPN is also a great option for adding another layer of security.
It's worth using a separate browser that you keep up to date regularly for shopping and banking online, and another for everyday web user.
Specifically considering opening a second email account for your online shopping Purposes to help minimize spam, and keep a track of which service is using your email address for what purpose.
If you have a Gmail account, you can append a plus symbol (+) to the end of your username to help filter your email. Fr example, you could enter your email address in the format of "osho3mtech+amazon@gmail.co II "and the set up a filter in Gmail to address with you, so that everything goes straight to a label called" Amazon ".

Research your retailer

Make sure to fully check out the retailer's credentials if it's not a big name you have heard of before. A quick search of the site name should turn up results and reviews about the service, but keep an eye out for overly positive reviews on user forums That might not be legitimate.

Both a lock and the https in the URL show you that the site is using a secure connection via SSL.

,,,,, Ensure that the site is using a secure connection, which is marked by https: // in the browser bar and a number of other Indicators including an image of a lock. Some sites have an icon called a trust indicator that the security seal that shows that the retailer is independently verified by a third party, such as an antivirus provider.

Use a payment method with buyer protection

Although debit cards is the business name is is ensure you are using your own cash to make a purchase, many do not offer the same robust buyer protection as other options if something does go wrong. A credit card, PayPal or a virtual wallet option give you more flexibility when it comes to requesting a chargeback.

A chargeback is when a transaction is reversed and a refund is given to you as the buyer. It can either be Initiated by detection of fraudulent activity on your bank, or you can initiate a chargeback Depending on the situation. Check with your bank for details .
Another option that you might consider using to add another layer of protection is a single-use credit card number. These are tied to your regular credit card in provice is a unique number to be used for one transaction so your actual credit card number is not compromised. This is Particularly useful if there is a breach somewhere along the chain that might reveal your credit card details. Again, check with your bank to see if this is an option.
Although it makes it very convenient to make repeat Purchases, it is worth unchecking any option that lets the retailer store your credit card details on file. This way if your account is compromised, at least your financial details are not revealed.

Shopping on your smartphone or tablet

Apart from the tips outlined above, there are a few things to be aware of when shopping on a mobile device. Set a password, pattern or PIN lock on your smartphone, and adjust the settings so the screen automatically locks after a set period of inactivity .
The vendor's own app might be a convenient way to make a purchase, find out what if it is using a secure connection to transmit your personal information and transaction details. If unsure, it's best to use the website through a mobile browser.

Turn off Bluetooth if you are not using it, and check: what applications are asking for permissions before you install them access. Also, jailbreaking or rooting your device may open up more features but it can not leave it more open to ThreatSense.
Finally, if you lose your device and it has personal information on it such as credit card info, or you left it logged in to an account which has access to your credit card or bank details, make sure you can remotely wipe and disable your device . FOR iOS, enable Find My iPhone from the settings. Android users can use Google's Android Device Manager to remotely lock and erase the handset or tablet. Windows Phone owners can use the Find My Phone feature on  windowsphone.co II  to erase the handset if lost.

Calculate the total cost

Take into account shipping, sales tax and any other taxes or charges that might apply, especially when importing goods from overseas. Product does not suit or you need to get a refund? Check the retailer's policies before making the purchase to work out if you need to cover the return costs and any extra fees or charges you need to pay.
It's also worth shopping around to find the best deal on the same product. Do not just assume your favorite online retailer is always going to have the best price, as you might be able to find a better deal elsewhere.

Something went wrong?

Your first port of call if something goes wrong with an online transaction should be the retailer. If you need to report identity theft or fraud, each country has a local service where you can report the issue.
If something looks suspicious, it probably is. Regularly keep an eye out for online scams on the Relevant sites. Find information on usa.gov,  Scam Watch  in Australia,   Action Fraud  in the UK and the  Economic and Financial Crimes Commission  in Nigeria.

LG unveils its new 'G Pay' mobile payment platform

The service could do well in Korea where LG has large market share, but it will be an uphill battle against Apple, Google and Samsung in the U.S.

There are  many other products with the word “Pay” in the name. But that won’t stop LG, which just announced its mobile payment offering called G Pay. 

Add it to the list of formidable foes: Android Pay, Samsung Pay, and of course Apple Pay.

LG made the rumor official Thursday with an announcement on its Facebook page. There could be some room for G Pay in South Korea, where LG has a heavy presence. But in the U.S. it will do battle with Android Pay, which is getting a major push from Google, while Samsung is also trying for attention with its own Samsung Pay. And, increasingly, credit card companies and banks are building mobile payments into their own apps.

At least Samsung’s solution differentiates itself by supporting Magnetic Secure Transmission (MST), which allows you to pay at any terminal with a swipe reader. It picked up the technology when it acquired LoopPay, and supports NFC as well. By all accounts, it appears G Pay will work with the standard NFC model.

The true story: It seems everyone is jumping to the mobile payment System. However, with big giants like Google, Samsung, and Apple already in the ring.

Source

Facebook is working on 'Dislike' button, 

Says Mark Zuckerberg

If you don't Don't like any post, or update on Facebook? don't worry Soon, there will be a button for that.

"Not every moment is a good moment," said Facebook's co-founder and CEO Mark Zuckerberg in a Q&A session at the company's headquarters. He said he realizes people may not want to "like" a current event such as the Syrian refugee crisis or a family member passing away. But he also doesn't want users to merely vote up or down on people's posts.

Ultimately, he said, he hopes to offer users a more expanded way to share their emotional reactions. "It's surprisingly complicated to make an interaction that's that simple," he said.

Website hackers hijack Google webmaster tools to prolong infections

The Google Search Console which was formerly known as the Google Webmaster Tools, is a very useful service for administrators to understand how their websites perform in search results.

In addition to providing analytics about search queries and traffic, it also allows webmasters to submit new content for crawling and to receive alerts when Google detects malware or spam issues on their websites.

That last part is very important, because website infections can quickly lead to lost traffic and reputation. Users who click on links in search results that lead to websites hosting malware or spam will receive scary warnings until those websites are cleaned by their owners.

Google allows more than one person to claim ownership over a website in his or her  own Search Console accounts. That's not unusual because running a website usually involves multiple people. The owner, the site administrator and the search optimization specialist can, and often are, separate individuals and they can all benefit from the Search Console data in their respective roles.

Getting verified as a website owner in the context of the Google Search Console can be done in different ways, but the easiest is to upload an HTML file with a code that's unique for every user into the website's root folder.

However, many of the vulnerabilities that allow attackers to inject malicious code into websites also give them the ability to create rogue files on the underlying Web servers. Therefore, they can use such flaws to verify themselves as new website owners in the Google Search Console by creating the needed HTML files.

Such abuses are actually increasingly common, according to researchers from Web security firm Sucuri, who have seen many webmasters complaining on technical support forums about rogue owners showing up in their Google Search Console.

According to the Sucuri researchers, by becoming verified owners for compromised websites, attackers can track how well their BHSEO campaigns perform in Google Search. They can also submit new spam pages to be indexed faster instead of waiting for them to be discovered naturally by Google's search robots, they can receive alerts if Google flags the websites as compromised, and, most importantly, they can remove legitimate owners of the site from the Search Console.

whenever legitimate website owners receive "new owner" notifications from Google, webmasters should thoroughly investigate them.

"In most cases it means that they had full access to your site, so you should close all the security holes and remove any malicious content that the hackers might have already created on your site," Sinegubko said.

Source

Don't use waterproof Xperia phones underwater, Sony says

Sony Mobile is warning against immersing its waterproof phones in water.

Sony Mobile is changing its stance over its waterproof phones. Apparently, when the company says Xperia phones are waterproof, it just means that if you try to use them underwater you’ll end up with proof that H2O can destroy your phone. Well, not quite—but Sony’s got a lot of explaining to do.

The company was not available for comment at this writing. We’ll update this article should the company respond.

The waterproof explanation page for Sony Mobile Xperia phones now includes the following disclaimer, “Remember not to use the device underwater,” as first noted byXperia Blog. That’s a surprising turnaround considering the company has advertised Xperia waterproof phones with images of people using their phones underwater.

Xperia waterproof phones typically have an IP65/68 rating, which means they are completely resistant to dust, can resist low-pressure water jet spray for at least 3 minutes, and can remain functional after immersion below a minimum 1 meter (3.28 feet) depth.

The problem seems to be that when Sony tested each device to achieve its IP rating the test wasn’t exactly rigorous. “Sony devices that are tested for their waterproof abilities are placed gently inside a container filled with tap water and lowered to a depth of 1.5 meters,” Sony’s waterproof page says. “After 30 minutes in the container, the device is gently taken out and its functions and features are tested.”

In practical terms this means Xperia waterproof phones can stand up to a heavy rainstorm, a non-water immersing web browsing session in the bath, or a run under the bathroom faucet. But all those shots of fun loving people taking videos in lakes and chlorine-laden swimming pools? That's pushing it.

For the most part, however, Sony warns you on the limits of its non-waterproof waterproof phones. Case in point is the company’s Xperia M4 Aqua. Dubbed the “waterproof camera phone for everyone” it has this under the fine print: “You should not put the device completely underwater or expose it to seawater, salt water, chlorinated water, or liquids such as drinks. Abuse and/or improper use of the device will invalidate warranty.”

The impact on you at home: If you have an Xperia waterproof phone you should heed Sony’s warning even if you’ve taken underwater shots with your phone in the past. Should it get damaged during such an excursion, Sony could refuse to help and point to its support materials that warn against taking them into the water. Sure, it has tons of marketing materials encouraging the opposite, but those images aren’t to be taken literally, it seems.

Source

Linux Foundation's Comes up with security tips that can help sysadmins harden workstations

If you use Linux OS, especially as a systems administrator, the Linux Foundation has some security tips to share with you, and they're quite good.

Konstantin Ryabitsev, the Foundation's director of collaborative IT services, published the security checklist that the organization uses to harden the laptops of its remote sysadmins against attacks.

The recommendations aim to balance security decisions with usability and are accompanied by explanations of why they were considered. There are different severity levels: critical, moderate, low and paranoid.

Critical recommendations are those whose implementation should be considered a must-do. They include things like enabling SecureBoot to prevent rootkits or "Evil Maid" attacks, and choosing a Linux distribution that supports native full disk encryption, has timely security updates, provides cryptographic verification of packages and supports Mandatory Access Control (MAC) or Role-Based Access Control (RBAC) mechanisms like SELinux, AppArmor or Grsecurity.

The critical checklist also advises disabling hardware modules with direct full memory access like Firewire or Thunderbolt, filtering all incoming ports and setting up an encrypted backup routine to external storage.

Protecting passwords and cryptographic keys like those used to authenticate over SSH is extremely important, because they are some of the most sought after pieces of information by hackers. 

The Linux Foundation's recommendations include using a password manager, choosing unique passwords for different websites and protecting private keys with strong passphrases.

Recommendations flagged as paranoid are those that have significant security benefits, but which might take some effort to implement or understand. They include running an intrusion detection system and using separate password managers for websites and other types of accounts.

There are many other tips flagged as moderate or low severity that should definitely be considered as well, such as automatic OS updates, disabling the SSH server on the workstation, storing authentication, signing and encryption keys on smartcard devices and putting PGP master keys on removable storage.

When it comes to Web browsing, one of the most common and risky operations that users engage in, the Linux Foundation recommends the use of two separate browsers: Mozilla Firefox with the NoScript, Privacy Badger, HTTPS Everywhere and Certificate Patrol add-ons for work-related sites, and Google Chrome with Privacy Badger and HTTPS Everywhere for everything else.

Following the security tips in the Foundation's document is by no means a guarantee that the system will not get compromised, but it would certainly make the job much harder for attackers.

Ryabitsev said in the document's introduction. "These guidelines are merely a basic set of core safety rules that is neither exhaustive, nor a replacement for experience, vigilance, and common sense.".

Source

Always Endeavour  to stay Secured but not too Secure to be Secured.

Meet WordPress Version 4.3

WordPress  Version 4.3, was released to the public on August 18th, 2015. it was named after jazz musician Billie Holiday,

Features

* Fast previewing changes to Menus in the customizer 

* A new theme template has been added to the Template Hierarchy. 

* Changes to customizer Panels and Sections 

* New customizer Media Controls 

* The Site Icon API is fairly straightforward 

* Site Owners can now manage their site's favicon desktop and mobile.

* Comments are now turned off on pages and custom post types by default.

 And many other Feature. 

Do you think you can be totally secure on the Internet?

AT Defcon , One of The Largest tech Security Conferences of The year, There's No such Thing as Total Security from hackers.

When it comes to being safe from hackers, we could all take steps to do better, recently A Certain Political website was hacked, due to some vulnerabilities caused by carelessness & not putting Proper Security Measures in Place.

The Million Dollar Question Now is:

* What Measure is really safe?

* Do you think you can be totally Secure on the Internet?

The message is that you should always be ready for hack attack of any form, you should carry out routine maintenance, regular update & back up, data loss prevention & recovery measures, and an intrusion detection & prevention system should be put in place. With this measures in place u can be secure to a certain level. but not too secure to stay secured.

Multimedia Hack Affecting 95 Percent of Android Phones

IF You Use an Android phone;  Beware, Your Android smartphones Can BE hacked by Just A malformed text message.

Security Researchers Have found That 95% of  Android  Devices Running version 2.2 to 5.1 of operating System, Which Includes Lollipop and KitKat, are Vulnerable to Security A bug, affecting more Than 950 Million Android smartphones and Tablets.

Almost all Android smart devices available today are open to attack that could allow hackers to access the vulnerable device without the owners being aware of it, according to Joshua Drake, vice president of platform research and exploitation at security firm Zimperium.

The vulnerability resides in Actually A Core Android component called " Stagefright , "A Multimedia playback Library Used by Android to Process, Record and Play Multimedia Files such as PDFs.

A Text Message Received ... Your Is your phone hacked

Drake has developed and published a scary exploit that uses a specially crafted text message using the multimedia message (MMS) format.

How it Works

All A hacker Needs Is The phone Number of The Victim's Android device. The hacker Could Then sends message The Malicious That Will surreptitiously execute Malicious code on The Vulnerable device with No end user action, No Indication, nothing Required.

Source

 Meet 360 Total Security

(Your Unified Solution  For PC Security and Utility)

For Real Time Protection and Timely Updates

How to Make your Chrome and Firefox browse faster 

The Better Solution Is   OneTab . Available for Chrome and  Firefox browsers.

To Install  One Tab Into Google Chrome in under 5 seconds, Click OneTab. 

How to Build an Adaptive Security Culture

By Bruce Cowper, SecTor

If you do not ADAPT, you do not Survive. It's A Principle That Runs throughout Nature and Business - and IT's Just as True in cybersecurity. Security teams Need to BE as adaptable in Their Technological environments as animals are in Their Natural Ones. Often, though, security practitioners are rigid, slow moving and unresponsive.

Things Have to change. It's Time for an Adaptive Approach to Security. This Is True especially now. Since The early 2000s, cybersecurity Threats Have been accelerating.

In 2000, US-CERT logged twenty-One Thousand Seven Hundred Fifty-Six cyberattacks. The Biggest Causes of such incidents AT The Time; Denial of Service attacks, BIND Domain name System software vulnerabilities and The LoveLetter worm. The First botnet HAD only surfaced A year Before, and Windows XP Would not Ship Until A year Later. Social Media did not EXIST.   

Today's Threats Have Expanded in Number. In 2009, PwC Recognized 3.4 Million Cyber ​​incidents. Last year, That Number hit 42.8 Million, Representing A 66 percent CAGR over five years.  

They Also Have deepened in complexity and Type. Cybercrime Is A Commercial Operation. Zeus malware Is Being repurposed to Attack Specific Vertical Markets. Exploit Kits are available off The shelf, and Even mainstream websites Can BE Made Malicious .   

Cyberattackers always Look for Advantage The next, Which typically involves exploiting new Technologies. BECAUSE Systematic Innovation Is in The Technology Sector, They Have Plenty of feedstock.

You do not Fight A multi-headed, Fast-Moving Enemy by freezing. You Adopt A Culture of adaptability, Able to bend and Flow, and counter new Kinds of Attack as They emerge. As Bruce Lee famously put SO: "Become like water."

This culture of adaptive security breaks down into three parts, which map broadly to the three phases of a cyber-incident: before, during and post-attack.

Not so Rigid Risk Management

The First and preventative Part of this Strategy focuses on risk Management. Many risk Management teams take A Rigid and overly structured Approach.

One common mistake Is to Focus on Security Features product. Relying on A Security Appliance to cover All of your Bases May SEEM like an Easy win, But May you find That The Security Capabilities of those Solutions do not Match The Needs of your Organization.

These Needs are Changing as The Technology Changes. Ten years ago, departmental managers Would not Have HAD recourse to Cloud-based Applications such as analytics and CRM. Now They May well Spend Their Own Budget on those Services.

These dissolve Technologies The Traditional perimeter-based Security Model, Creating new Threat vectors. Risk Management and Security Infrastructure Design must BE Fluid Enough to Absorb Them, Which MEANS That cybersecurity teams must BE Willing to Their Perceptions Mold Around Them.

Make No Assumptions

The Second Part of an Adaptive Security Strategy Looks AT How The Organization ACTS When an Attack Is Underway. The First rule Is to Admit your Own vulnerability? Assume you Will BE AT breached Some Point. Acknowledge That Even The Best risk Management Will not make you invincible.

Avoid Making assumptions That Will blind you to Potential Threats During, Agents this Phase. Your cybersecurity Team May Have A tailored Response to Specific Threats, assuming That They are The Most Likely. If you ignore those Threats That you Never Thought Would occur, you May BE Caught unawares and end up taking longer to resolve an attack.

Blindness Can MANIFEST Itself in Other Ways, TOO, particularly When looking AT How you Respond to an Attack Across Different Components of your Technology architecture. Many Systems Directly Affect MANY others. If your Active Directory System Is Compromised, for Example, That May Touch Other Systems such as Human Resource Applications, Access Control Layer Or Collaboration software. Your Response Team must BE Able to Explore These Systems as Quickly as an ATTACKER does.

That Can Challenging BE, BECAUSE companies Tend to Create Organizational Silos Around These Systems That Can STOP Response teams Thinking laterally about Them. Sometimes, Different teams Can Even BE Dedicated to Specific parts of The Technology Infrastructure, Which Can Restrict Cross-System visibility.

Update Your Response and Test

FINALLY, There's The Post-Attack Phase. This Is Where your Team Gets to plug The hole That an ATTACKER exploited. This Is Where an Adaptive Security Strategy Comes Into ITS Own. Running A Post-Incident Review Is One Part of this Process. Security teams can then secure the hole that was exploited and also look for similar vulnerabilities elsewhere in the infrastructure.

The other part of the process is updating the risk management process and the response "playbook" with information gleaned from the attack, so that your company's security is hardened and the response team better equipped to cope next time.

IT's Also Important for Organizations to Test themselves once Fixes Have been Applied, to prove That They Have Adapted. A "War Games" Approach Can BE Useful here, with hired attackers specifically Setting out to Gain Access Via The SAMe Attack vector.

Doing All of These Things Will help companies Close The Circle by Positive Feeding information back Into The Security Process. This Is Where an Adaptive Security architecture Comes Into ITS Own.

Building Security into Organizational Culture

These pointers Will help you Build more Operational and Tactical adaptability Into your cybersecurity Operation. These are Great for Short-to-Mid term Challenges, But There are Longer-term, more Strategic lessons Learned here to BE, TOO. Security Threats Will Just morph as dramatically as Technology does. How Can you ADAPT to These Changes;

Explore The EXTENT Security to Which Is Built Into your Organizational Culture, Rather Than Being merely bolted on. Includes appointing this Security Staff AT A Strategic, Managerial Level and secure driving processes (such as secure software Development and Procurement secure) throughout The Company. Engaging Employees Properly and systematically with user Security awareness Training That Actually Works Is Also A Crucial Part of The Equation. After All, companies are not Just Collections of processes? They're Also Built from People.    

All The Technologies That underpin those processes, and Which are Used by those People, are Going to change Even more dramatically in The next FEW years Than They did The last FEW. Mobility, Cloud computing, The Internet of Things and The Digital Supply Chain are Going to Evolve and Work Together, in Unison. It's All Speeding up, Which MEANS That your cybersecurity Practice Will Need Bruce Lee-like skills. Are you Ready to Become like Water;

Bruce Cowper   Is A Founding Member of The Security Education Conference Toronto (SECTOR), Which Runs Oct. twenty to twenty-one, 2015.


Source

Why Is Fighting Cybercrime So Hard?

It's tough to target the few hundred super hackers that experts believe are behind the majority of cyber attacks.

A few hundred expert hackers offering "crime as a service" are behind a large percentage of all the cybercrime acts committed. That's the conclusion of a group of international law enforcement experts from organizations including the FBI and the UK's National Crime Agency.

Talking at the recent InfoSec Europe security conference in London, FBI agent Michael Driscoll said that there is evidence that just 100 to 200 people around the world are enabling organized crime gangs to mount technical attacks by selling them malware, botnets, distributed denial of service ( DDoS) capabilities and other hacking services.

Despite the small number of people behind many of the attacks, the effects of their actions are devastating, Driscoll said.

"The average loss on the Internet is $ 3,000, and bank losses average $ 1,800. That may not seem like a lot, but we get about 22,000 complains a month and we think that is about 10 percent of the total," he said. "There is constant hacking and online fraud; the volume is huge."

Catching organized crime gang members, and the cybercriminal masterminds who offer services to them, is hard - or in many cases impossible, said Alan Woodward, a professor at the Surrey Centre of Cyber ​​Security. That's because they operate in concert from all over the world.

"Some people think that the financial threats stem from Russia, IP threats come from China and so on, but it is not as simple as that," he explained. "These organized criminal gangs in particular are international and distributed. There might be one member in the Ukraine, one in the UK and so on."

Reach out to Law Enforcement

The good news for anyone whose company faces the threat of attack by cybercriminals - and that means just about any company - is that law enforcement agencies can help you. But before they can be of help, it's essential that you make contact with them.

"One thing that's sure is that you can not be secure on the Internet, so my advice is to make sure you are talking to law enforcement now. Do not wait until you get hit and it is too late," said the FBI's Michael Driscoll.

"You need to engage with the FBI, or with CERT, or with the National Crime Agency," he said. "They push information about criminal activity to companies, so you need to make sure that you are getting that. And you need to be sending information about odd activity that you spot back to law enforcement."

Woodward said that doing so can be crucial to the fight against cybercriminals. "Threat intelligence is very important; do not underestimate it. You need to share intelligence, use what you learn from others, and have a plan for when you get hit."

Hack Attribution

What makes "solving" cybercrimes particularly difficult is that attribution is hard. You may know that your organization has been hacked, but law enforcement agencies may have no idea where the attack came from - let alone who is responsible.

"We are getting better at fingerprinting attacks but it is very easy to put in false flag trails so attribution is difficult," said Woodward.

(The widely publicized Sony Attack in November 2014 HAS been attributed to The North Korean Government, But this only Possible Attribution WAS BECAUSE of information Provided by Local Rather Than Intelligence Agents by A Forensic Analysis of The hack.)  

This is in sharp contrast to traditional criminal landscapes, pointed out Andy Archibald, deputy director of the National Crime Agency's National Cybercrime Unit. He said most cities play host to people involved in illegal activity such as drug dealing, firearms sales, immigration scams and even the provision of hitman services. Law enforcement officers monitor and limit these activities using covert policing to build up a picture of who is involved in each crime field.

How to Fight Cybercrime, at a High Level

Because it is so hard to pin down those involved in cybercrime, the unanimous opinion of the law enforcement experts was that the best way to fight it is to disrupt their activities as much as possible.

How can this be done? Archibald suggested going after so-called bullet proof hosting services - many of which are based in China, other parts of Asia and Russia and its surrounding countries.

Bullet proof hosting services can be used by organized crime gangs to:

• offer downloads of exploit kits and other malware
• serve as botnet command and control centers
• provide drop storage for stolen financial details captured by banking Trojans and other malware
• host forums where stolen credit card information and exploit ideas are exchanged

He also suggested cracking down on money launderers who help organized crime gangs clean the proceeds of their crimes, and even going after anti-virus testing services. These can be used to help malware authors test if their software is susceptible to detection by common anti-virus software used in the enterprise, he said.

Disrupting cybercriminals may well be the most practical way to tackle their illegal activities, but at best it can only limit the number of their attacks, and resulting data breaches, rather than solving the problem completely.

That means that having clear plans in place to mitigate the damage of a data breach when - not if - your company gets hit is vital, Woodward stressed. "The number of businesses that go bust after an attack is growing every day, so knowing how to respond is absolutely key."

SOURCE

Sway is coming to Office 365 for business and education and adding more languages

Sway is coming to Office 365 for business and education and adding more languages

How to use two-step verification with your Microsoft account

Microsoft has offered two-step verification (2FA) process since early 2013. Also known as two-factor authentication or two-step authentication, the process strengthens your account security by requiring you to enter your password (step 1), then a security code (Step 2). The Security code Can BE Sent to you by E-mail, SMS, phone Call Or you Can Use an authenticator app on your Mobile device.

Enabling Two-Step verification on your Microsoft account Will Enable IT Across All Microsoft Services Currently That Support Two-Step verification, like Windows, Outlook.com , Office, and SkyDrive . Here's How to get Started:  

Enable two-step verification

On The 1st Step:  Go to this Account Settings page , and Look for an email Both Address and phone Number under The section titled "Security info Helps Keep your account secure." If either piece of information Is Missing, click on The Add Security info Link and Follow The prompts.   

The SMS functionality of 2FA relies on your phone Number Being Connected to your account, do not Skip SO IT. Otherwise you'll Need Access to your email account to Receive your Secondary log-in code.

On The 2nd Step:  Click on The "Set up Two-Step verification" Link.

On The 3rd Step:  Follow The Setup Process Until you REACH The end, Then click "Done." You May Asked to Provide BE A verification code, Sent to either your phone Via SMS Or to your email Alternate Address, Before you complete The Can Two-Step Setup. Once IT's complete, you shouldnt Receive an email Confirmation from Microsoft Sent to your email Alternate Address.

Pair an authenticator app with your Microsoft account

You Can get Security Codes by email, phone Call Or SMS, But an Even EASIER passing Is to Use an authenticator app on your Mobile device. Authenticator Apps, like Google Authenticator, Run Locally on your device and Work Even IF your device does not Have an Internet Connection. The Use an authenticator app, you First Have to pair IT with your Microsoft account.

On The 1st Step:  Download The authenticator app of your Choice to your device. Android , iOS , and BlackBerry users Can Use Google Authenticator, While Windows Phone users Can Use Microsoft Authenticator .    

On The 2nd Step:  Go back to your Microsoft account Security info page , and you shouldnt See A prompt to Setup an Mobile app. If not, click on "Set up Identity verification app" Link under The Identity verification Apps section.  

Step on The 3rd:  Launch your Preferred authenticator app, Then Scan The bar code on The Screen.

Step on The 4th:  The When Security code appears in The authenticator app, ENTER IT in The Box, Then click on The Pair Button.

Using two-step verification

Once you've enabled Two-Step verification on your Microsoft account, logging in to your Microsoft Services Will Require your account password and A Security code. Fill out The Required information (usually we The Four last digits of your phone Number, Or A Portion of your email Address) to Trigger The Security code Being Sent to your device. Otherwise, Launch Whatever app you Used to set up verification Codes (Google Authenticator, for Example) and Then ENTER The code in The Field text.

Lastly, Some Apps and Devices do not Support Security Codes. In those instances, you Can Go to The Security info page and Create an app password  to log in.

Source