Tag Archives: Security

Microsoft Introduces Microsoft Defender – A 365 Online Security App



Microsoft introduced its Microsoft Defender. It is a new Microsoft 365 online security app for you and your family.

Everyone deserves to feel safe online. Securing your personal data and devices is more challenging than ever, increasing malicious threats, more time online, and many connected personal devices can leave us feeling vulnerable. It’s time for online security that provides simplified and secure protection to meet you where you are.

Microsoft Defender for Individuals is a new security app designed to keep individuals and families safer online. Available for Microsoft 365 Personal and Family subscribers starting on June 16, 2022, Microsoft Defender helps simplify your online security through one, unified view into your family’s protections, across your personal phones and computers.

The footnotes attached to parts of that paragraph include: “App requires a Microsoft 365 Family or Personal subscription, and is available as a separate download.” A second footnote says: “App is available on Windows, macOS, Android, and iOS in select Microsoft 356 Family or Personal billing regions.”

Microsoft says that Microsoft Defender extends the production already built into Windows Security beyond your PC to your macOS, iOS, and Android devices. This, too, comes with a footnote which says: “New malware protection is not available where these protections exist in iOS and Windows”. Yet another footnote says: “Security tips are available on Windows and macOS only.”

Corporate Vice President, Security, Compliance, Identity and Management, Vasu Jakkal, wrote a post titled: “Making the world a safer place with Microsoft Defender for individuals”. Here are some key points from that post:

What does Microsoft Defender Do?

Microsoft Defender is simplified online security that meets you and your family where you are by bringing multiple protections together into a single dashboard. It provides online protection across the devices you and your family use. It offers tips and recommendations to strengthen your protection further. And, as you grow your digital footprint by adding family members and devices, Defender grows with you and keeps your defenses up-to-date using trusted technology.

  • This seamless solution, which includes continuous antivirus and anti-phishing protection for your data and devices, will enable you to:
  • Manage your security protections and view security protections for everyone in your family, from a singe, easy-to-use, centralized dashboard.
  • View your existing antivirus protection (such as Norton or McAfee). Defender recognizes these protections within the dashboard.
  • Extend Windows device protections to iOS, Android, and macOS devices for cross-platform malware protection on the devices you and your family use the most.
  • Receive instant security alters, resolution strategies, and expert tips to help keep your data and devices secure.

Personally, I am pleasantly surprised that Microsoft is extending Microsoft Defender to not only people who use PCs and Android devices, but also to those of us who use macOS and iOS devices. It is unusual for a tech company to extend its security protections to those outside of its “universe” of products.


Ukraine picks up six hackers behind Clop ransomware



It’s been a rough spell for hackers, one was just extradited from Mexico to face charges in California for a DDoS attack on the city of Santa Cruz. 

Now six members of a group responsible for the Clop ransomware were picked up in a raid in the Ukraine. It is not clear if these were all the members behind it or just one cell. The search of the home resulted in the seizure of hundreds of thousands of dollars and expensive vehicles such as an AMG 63 and a Tesla. 

A Ukrainian report states that “[in] 2021, the defendants attacked and encrypted the personal data of employees and financial reports of Stanford University Medical School, the University of Maryland and the University of California.” 

As S Korea and the US were also in on this roundup and have charges pending for hacks in both countries, it’s unclear where things go from here. 


MJR Digital Cinemas has upgraded, but what’s wrong with this picture?



Despite the ever-increasing tab at the box office, we all, or most of us, enjoy seeing an occasional movie on the big screen. There are just some flicks that lend themselves to the immersive experience. 

The good news is theaters around the country have been upgrading recently – improved seating and digital systems along with a wider selection of (overpriced) goodies to choose from and dine on during your show. Some now even have bars. 

One theater chain in Michigan, MJR, has been among those to upgrade, however they apparently failed to consult any sort of IT professional, or at least one who knows anything about security. Take a look at the image below and see if any problems seem apparent. 

At least they made the job easy for hackers. In fact, there’s no real job at all, it’s just handed over to them. 


VLC patches multiple security flaws, two critical



There are many options out there for media playback, we’ve come a long way since Windows Media Player and Quicktime.  Alternatives abound, and some of them quite compelling.

Take the Video Lan Client, better known to everyone as VLC, which is capable playing almost any format a user can throw at it. Like any software, however, there are always bugs, and sometimes security holes  that could allow bad things to happen to good people.

VLC is issuing a number of security fixes, 33 of them to be exact, designed to keep your system healthy. Two of these are considered critical, designed to patch an out-of-bound write vulnerability and a stack-buffer-overflow bug.

According ThreatPost “Details are scant on the two high-severity bugs and how they could be exploited. Impacted is VLC 3.0.7 and the EU-FOSSA release of the player, along with code tied to the upcoming 4.0 release of the player.”

The high number of patches comes on the heels of a new bug bounty program started by the European Commission on January 7, 2019.

The updates are being pushed out so users shouldn’t need to do anything except wait, and actually, you may already have it.


UK Government Consults on IoT Security



The UK Government’s Department for Digital, Culture, Media & Sport (aka Ministry of Fun) has announced plans to introduce new laws governing internet-connected devices, i.e. Internet of Things.

Given that there have been some high-profile instances involving connected toys and cameras, this is welcome news. In a perfect world, users should be educated in the basics of IT security such as changing the default password, but sadly it’s case of getting a gadget out of the box and setup as fast as possible.

The Government is consulting on a “Secure by Design” initiative which intends for basic cyber security features to be built into products and for consumers to get better information on how secure the devices are.

Much like food packaging or the energy ratings on white goods, the Government is proposing a mandatory labelling scheme that states the security level of the gadget. Only goods with the applicable “IoT” label could be legally sold in the UK.

The consultation proposes three essential requirements for internet-connected gadgets.

  1. Device passwords must be unique without any standard factory setting
  2. The minimum duration for which the device will receive security updates must explicitly stated
  3. A public point of contact as part of a vulnerability disclosure policy must be given

Point 3 isn’t directly for consumers but rather for security researchers who will be able to directly contact organisations about security issues. All of these points will be a significant deterrent to the “cheap’n’cheerful” IoT gadgets that typically come in from China with zero support.

Overall, this is a very welcome consultation and I would encourage readers to review the proposals and feedback on the options. This is very much about protecting ourselves and our families and reducing the risk of being hacked. For too long, manufacturers have got away with having little responsibility for their devices after they’ve been bought and these ideas address that balance.

If you want to know more on the consultation and comment on the proposals, it’s over here.

Photo by Dan LeFebvre on Unsplash.


23 Million People Use 123456 as a Password



Despite all the warnings, 23 million people worldwide use the password “123456”. This is according the UK’s National Cyber Security Centre which analysed the Have I Been Pwned data set to produce a list of the top 100,000 passwords.

It’s frankly embarrassing – here’s the top 10. Anyone who uses any of these should have their computer, tablet and phone taken away from them immediately.

  1. 123456
  2. 123456789
  3. qwerty
  4. password
  5. 111111
  6. 12345678
  7. abc123
  8. 1234567
  9. password1
  10. 12345

Looking through the full list, there’s a reasonable selection of expletives, and for Brits, variations on “Liverpool” appear twenty eight times. For non-Brits, Liverpool is not only a city in the North of England but a premier league football (soccer) team. James Bond 007 is rich pickings too, with variations into the teens. No matter how smart or unique you think you are, there’s someone else who thinks the same.

The NCSC recommends using three random words for passwords such as “tablehouseblue” and  not to re-use passwords between accounts. It particularly suggests to always have a different password for your email account.

Dr Ian Levy, NCSC Technical Director, said: “Password re-use is a major risk that can be avoided – nobody should protect sensitive data with something that can be guessed, like their first name, local football team or favourite band. Using hard-to-guess passwords is a strong first step and we recommend combining three random but memorable words. Be creative and use words memorable to you, so people can’t guess your password.

You can read the full UK Cyber Survey and there’s more analysis on the password list in this article.

Photo by Kristina Flour on Unsplash


Encrypted Storage with SecureDrive at CES 2018



Encrypted external hard drives and USB memory sticks have been around for at least a decade, but most of the time it’s either locked or unlocked: if you have the password, you’re in. Sergey from SecureDrive shows Scott their security solution to this common problem.

SecureDrive specialise in hardware encrypted data storage. They’ve three product ranges with varying capacity (1 – 5 TB) to address different security and storage requirements.
– SecureDrive BT, which uses Bluetooth and an app for authentication
– SecureDrive KP, which uses keypad authentication
– BackupDrive, which backs up files and encrypts them with built-in anti-malware
For the rapid transfer of large files, all the devices use USB 3.0, and for security, it’s pending FIPS 140-2 level 3. That’s pretty secure.

The unique part of the SecureDrive solution focuses on the BT model, which uses Bluetooth and an authentication app. Instead of the drive only being locked or unlocked, the solution allows additional controls for geo-fencing and time schedules. For example, the SecureDrive BT can be set to only unlock between 9-5 M-F or only if the unit is within company premises. In addition, there’s remote management so authorisations can be revoked and the drive remotely wiped.

The drives are assembled in Ohio, USA, and they’re available for purchase priced at  US$299-$499. The remote management feature is a subscription service.

Scott Ertz is a software developer and video producer at F5 Live: Refreshing Technology.

Become a GNC Insider today!

Support my CES 2020 Sponsor:
30% off on New GoDaddy Product & Services cjcgeek30
$4.99 for a New or Transferred .com cjcgeek99
$1.99 / mo Economy Hosting with a free domain. Promo Code: cjcgeek1h
$2.99 / mo Managed WordPress Hosting with free Domain. Promo Code: cjcgeek1w
Support the show by becoming a Geek News Central Insider