Introducing Goals in Google Calendar on Android and iPhone

Calendars should help users make the most of their time. That’s why starting today, we’re introducing a new feature called Goals in Google Calendar on Android and iPhone to help users find time for personal activities. With Goals, users can add a goal and Calendar will help them find the time and stick to these goals.

Goals are easy to set up

To set a goal (like “Work out more”), a user must simply answer a few questions (like “How often?” and “Best time?”). From there Calendar will look at the user’s schedule and find the best windows to pencil in time for that goal. Goals created in Google Calendar will have the same privacy setting as the default calendar setting.

Goals in google calender on andriod and iphone

Goals adjust to your busy life

Goals aren’t easy—especially when the unexpected comes up—but Calendar can help adjust in a number of important ways. For example, Calendar will automatically reschedule if a user adds another event that’s a direct conflict with a goal.

 Goals reschedule

Users can also defer a goal at any time, and Calendar will make time for it later.

Goals defer

Finally, Calendar actually gets better at scheduling the more it is used—if a goal is deferred or edited then Calendar will choose even better times in the future.

 Goals complete

To get started, users can download the Google Calendar app on Android or iPhone, and set their first goal.

Please note: Currently, events created through Goals does not take into account secondary calendars or other personal calendars synced to the device.

Launch Details
Release track:
Launching to both Rapid and Scheduled release

Rollout pace:
Full rollout (1-3 days for feature visibility)

Impact:
All end users

Action:
Change management suggested/FYI

Reference by Google.com

Set expiration dates for access to Google Drive, Docs, Sheets, and Slides files

We know that businesses today don’t operate in isolation; employees work not only with one another, but with third-party vendors, clients, customers, and other businesses as well—and often on a temporary basis. To keep your organization’s information safe in these situations, we’re introducing the ability to set an “expiration date” for specific user access to files in Google Drive, Docs, Sheets, and Slides.

For instance, imagine your business hires an outside contractor for a project lasting three months. To complete the job, that contractor needs to view a spreadsheet containing the contact information of your employees. Following this launch, you’ll be able to share your employee list in Sheets with the contractor, give them view access only, and set that access to expire when their contract does (in three months). If the contractor attempts to open the spreadsheet after the expiration date has passed, they’ll be denied access.

Expiring dates for Access google drive,docs,sheets and slides

This functionality, coupled with the Information Rights Management (IRM) features we launched last July, should significantly increase the security of your organization’s documents and information.Please note that you’ll only be able to set expiration dates for users with comment or view access; you will not be able to set expiration dates for file owners or users with edit access.

IMPORTANT: This feature will roll out gradually over the course of two to three months; please note that you may not see the feature in your domains until mid- to late Q2 2016.

Launch Details
Release track:
Launching to Rapid release, with Scheduled release coming in two weeks.

Rollout pace:
Gradual rollout (2–3 months for feature visibility)

Impact:
All end users

Action :
Change management suggested/FYI

Reference by Google.com

MazarBOT: New Android Malware Steals SMSs and Wipes Phones

A new Android malware, known as MazarBOT, has been discovered in-the-wild and this dangerous sample has the capability to hijack an unsuspecting user’s smartphone. The malware gets into a victim’s phone with an SMS as follows:
You have received a multimedia message from +[xx] [xxxxxxxxxx]. Follow the link hxxp://www.mmsforyou[.]Net/mms.apk to view the message.

When we tried to access this embedded link at our Quick Heal Threat Research Labs, an APK was downloaded into the vulnerable phone. When analyzed, the APK was found to be an interesting malware strain with extremely dangerous capabilities.
The wordings of the SMS are such that the user will be naturally inclined to click on the link that is included. Once the link is clicked, the APK starts downloading automatically and when this APK is then installed, the user can see the name “MMS Messaging” with an icon that is similar to the in-built Android SMS app.

figure_1
After launching “MMS Messaging” a system prompt is shown as seen in Figure 2 below. This prompt allows the malware to get the privilege of a Device Admin. This privilege is the access right that is given by the Android OS to the malware in order to perform a factory reset of the device. To make the user believe that his permission is required to view the MMS, the malware shows the caption “Get video codec access”. Interestingly, once this page has been opened the user cannot back out or close the prompt. Even if the ‘Cancel’ button or the ‘Home’ button or the ‘Back’ button is pressed, the same window will open immediately until the user clicks on ‘Activate’.Mazarbot

After clicking on ‘Activate’ the app icon gets hidden and the malware starts operating in the background. If the user now feels that something is wrong and tries to uninstall the malware, the process is complicated because the malware has Device Admin privilege. So to do so the user has to first deactivate that privilege. Unfortunately, the malware also has a way to prevent users from deactivating the Device Admin privilege.

Capabilities of MazarBOT to hide network traffic

Another integral feature of MazarBOT is that it makes use of TOR and Polipo Proxy libraries to hide its network traffic from monitoring tools that are used by security researchers. Its Command & Control server is located at hxxp://pc35hiptpcwqezgs[.]onion and is set up on the hidden web which is accessible only through the TOR network.

Actions performed by MazarBOT in the background

  1. All incoming SMSs are forwarded to the C&C server. We sent an SMS to our test device and this SMS was intercepted by the malware and forwarded to the C&C server. That SMS was not visible on the device.

Figure 3_MazarBOT

  1. MazarBOT can wipe all device data when it receives the “hard reset” command from the C&C server.
  2. It can send an SMS to any premium-rate number and this causes the user to get very high mobile usage bills.
  3. The malware can monitor which app is currently being used. If the app is of interest to the malware, it will show an HTML page that is similar to the app. This technique of “Fake Overlay Pages” can be used to steal user credentials of Gmail, Facebook or any mobile banking apps.
  4. The malware can inject itself into Google Chrome and can modify HTML content on open webpages.
  5. The malware can make calls to any number, reject incoming calls or enable call forwarding to numbers of its choice.
  6. It can lock the phone when it receives a ‘lock’ command. The phone will then remain locked until it receives an ‘unlock’ command.

List of C&C commands to MazarBOT

  • Intercept Start
  • Intercept Stop
  • Stop Numbers
  • Unstop Numbers
  • Unstop All Numbers
  • Lock
  • Unlock
  • Send
  • Forward Calls
  • Stop Forward Calls
  • Update HTML
  • Hard Reset
  • Call
  • Sleep
  • Wakeup

How to remove MazarBOT

This malware cannot be easily removed in the traditional way because of its ability to get Device Admin privileges. Moreover, it does not allow users to easily deactivate that privilege. In order to get rid of the malware, the user will need to reboot the device in Safe Mode and then deactivate the Device Admin privilege. Only once this has been done can the user uninstall this malware from the device.

Quick Heal detects this malware on Android smartphones as Android.Mazarbot.A.

 

Courtesy: Quick Heal

Benefits of Symantec MPKI for SSL

Symantec

 

 

 

 

Benefits of Symantec MPKI for SSL.

Symantec™ Managed PKI (MPKI) for SSL cloud-based management console provides centralized control and delegated administration of all your Symantec SSL and code-signing certificates. Extended Validation (EV) and premium certificates include vulnerability assessments and malware scanning to assist in website protection. MPKI for SSL is ideal for a large enterprise that needs to deploy and manage large numbers of SSL certificates.

Symantec MPKI for SSL

 

Secure Multiple Subdomains with One Certificate

Secure Multiple Subdomains

Secure Multiple Subdomains with One Certificate

Symantec SSL certificate with Wildcard is one of several options available for Enterprise to secure their website.Symantec SSL Certificate Wildcard option provides encryption and authentication for multiple subdomains on a single server.Secure Multiple Subdomains

There are several best practice deployments of Symantec SSL Certificate Wildcard option:

  • Secure multiple subdomains starting from several levels down from the top level domain, example, sublevel three or four.
  • Secure multiple domains with domain names that are frequently changing.
  • Secure large number of subdomains (extremely large SANs).
  • Secure multiple different domains.
  • Secure the base subdomain

What is WiFi

What is WiFi?

Wi-Fi (or WiFi) is a local area wireless computer networking technology that allows electronic devices to connect to the network.To access this type of connection, one must have a wireless adapter on their computer. Wi-Fi provides wireless connectivity by emitting frequencies between 2.4 GHz to 5 GHz based on the amount of data on the network. Areas which are enabled with Wi-Fi connectivity are known as Hot Spots. One can use advanced softwares like Wirelessmon to detect and request connection to Hotspots. To start a Wireless connection, it is important that the wireless router is plugged into the internet connection and that all the required settings are properly installed.wifi

What is WiFi and how does it work?

Wireless technology has widely spread lately and you can get connected almost anywhere; at home, at work, in libraries, schools, airports, hotels and even in some restaurants.
Wireless networking is known as Wi-Fi (Wireless Fidelity) or 802.11 networking as it covers the IEEE 802.11 technologies.
The major advantage of Wi-Fi is that it is compatible with almost every operating system, game device and advanced printer.

Like mobile phones, a Wi-Fi network makes use of radio waves to transmit information across a network.
The computer should include a wireless adapter that will translate data sent into a radio signal.
This same signal will be transmitted, via an antenna, to a decoder known as the router. Once decoded, the data will be sent to the Internet through a wired Ethernet connection.
As the wireless network will work as a two-way traffic, the data received from the Internet will also pass through the router to be coded into a radio signal that will be receipted by the computer’s wireless adapter.

A wireless network will transmit at a frequency level of 2.4 GHz or 5GHz to adapt to the amount of data that is being sent by the user.
The 802.11 networking standards will somewhat vary depending mostly on the user’s needs, as explained below:

1. The 802.11a will transmit data at a frequency level of 5GHz. The Orthogonal Frequency-Division Multiplexing (OFDM) used enhances reception by dividing the radio signals into smaller signals before reaching the router. You can transmit a maximum of 54 megabits of data per second.
2. The 802.11b will transmit data at a frequency level of 2.4GHz, which is a relatively slow speed. You can transmit a maximum of 11 megabits of data per second.
3. The 802.11g will transmit data at 2.4GHz but can transmit a maximum of 54 megabits of data per second as it also uses an OFDM coding.
4. The more advanced 802.11n can transmit a maximum of 140 megabits of data per second and uses a frequency level of 5GHz.

The term Hotspot is used to define an area where Wi-Fi access is available.
It can either be through a closed wireless network at home or in public places like restaurants or airports.

As stated earlier, to be able to access Hotspots your computer should include a wireless adapter.
If you are using an advanced laptop model, it will probably include a built-in wireless transmitter already.
Otherwise you can purchase a wireless adapter that will plug into the PCI slot or USB port. Once installed, your system will automatically detect the Wi-Fi hotspots and request connection.
If not, you should use a software to handle this task for you.

How to make a WiFi connection

1. To start your connection with a wireless router, ensure that it is plugged into the internet connection point.
2. You should turn on your external modem first before plugging the router into your computer via an Ethernet cable.
3. Switch on your wireless router until it fully starts up and open your internet browser.
4. For Belkin users, enter http://192.168.0.1.
5. For Linksys users, enter http://192.168.1.1
6. If you are not using either service, enter http://192.168.2.1
7. Then, you can file in your router’s username and password.
8. Set the SSID (wireless capability) active.
9. Type in the username and password provided by your ISP and select either WEP or WPA security. Then, choose a new passkey.

Courtesy :-ccm.net

Global Crackdown on 37,000 Fake Shopping Sites

Ecommerce websites are all the rage around the world today, and millions of goods exchange hands over the festive season in particular. There are several popular sites that a majority of people prefer shopping over; however, some people also choose some relatively unknown sites due to bigger discounts or more enticing deals. This may not be such a great idea after all, keeping in mind the latest news that has come to light about a global crackdown by the US Immigration and Customs Enforcement’s (ICE) Homeland Security Investigations (HSI) unit on more than 37,000 fake shopping websites across 27 countries.

These efforts were not taken in isolation and actively involved the assistance of local law enforcement agencies as well, notably Europol and Interpol were also involved. Most of the sites were discovered to be selling counterfeit goods and were then subsequently shut down due to their fraudulent nature. These efforts have been regularly undertaken by the HSI and this is the 6th year in a row of its operations.

Some of the popular and notable fake goods that were discovered to be sold by these fake shopping sites were as follows:

  • Headphones and earphones
  • Sports clothing and shoes
  • Toiletries
  • Mobile phones
  • Consumer electronics
  • Luxury goods

A lot of these sites used a simple method of lowering the prices of their products in order to entice users and trick them into making purchases over their fake portals. This also led to countless other cases of data theft, privacy violation and credit card fraud. You can read more about this global crackdown here.

7 Reliable Tips for Safe Online Shopping

In the meantime, whenever you decide to shop online, keep these 5 safety tips in mind and you’ll not have to worry about getting your safety or privacy compromised.

  1. Carefully read product reviews and site reviews before purchasing
  2. From an unknown site, always choose the Cash On Delivery (COD) option
  3. Keep a regular check on your bank statements and keep SMS updates ON
  4. Be aware that deals that appear too good to be true are usually fraudulent in nature
  5. Watch out for the HTTPS prefix and the lock symbol before making a purchase
  6. 6. Don’t click on advertising links directly from emails that reach your inbox
  7. Keep a different card with limited account balance that you use only for online shopping

Courtesy :- QuickHeal

 

How to securely manage your finances online

Say goodbye to paper bills, stamps and envelope licking. Say hello to the easy way to manage your finances

 When once checking bank accounts, credit reports and making transfers meant a journey into the local branch of the bank or building society, online banking has dramatically changed the way in which the average person manages their finances.Almost all banks and building societies now have websites and apps that allow users with access to the Internet to manage their various bank accounts. It has always created a paper-free statement system that not only helps to preserve the planet and reduce litter, but to stay more conveniently organised at the same time.
With the rise of online banking allowing users to make quick and easy transfers along with checking bank accounts and statements, online security has also become a greater need for the everyday Internet user, especially as sensitive financial information is so readily accessible.

Managing your investments

How’s your investment portfolio doing today? Well, you could call your broker and ask. Or wait until the end of the month and check your statement. Or go online and take a look right now. You can ask your broker to set up online access for you, or you can go online and sign up yourself. Once online you can:
• Monitor the total value of your portfolio or check the
current price of each security.
• View trends for the whole portfolio or individual securities.
• Buy and sell securities (before you do this, be sure to
get input or recommendations from a licensed broker or,
at the very least, do some astute research of your own).
There have been scams where cybercriminals have accessed the online portion of financial services companies and posed as the account owners to transfer funds overseas. Ask your financial advisor about fraud alerts or additional security measures to prevent such crimes.

Monitoring your credit cards

According to the Federal Bureau of Investigation, credit card fraud is the most common form of consumer fraud. Online monitoring of your credit card transactions can help keep you from becoming a fraud victim and a statistic.

• Go to your credit card company’s website and sign up for online access to your account.
• Monitor your account frequently and identify each transaction.
• If you see a transaction that is suspicious, call the credit card company and report it.
• If the transaction is found to be fraudulent, you can have the charge reversed and, if necessary, your account frozen and a new card issued with a new account number.
By using the various online and mobile tools available from your bank, your credit card provider and your financial investment service, you can stay well informed about the state of your financial affairs. You will also be able to spot fraudulent charges or unauthorized transactions, giving you the ability to stop a cybercrime quickly and limit the damage.

Knowing your credit report and your rights

A credit report is essentially a report about your credit accounts that includes your financial information, transactions and history of repayments. Due to the delicate nature of these reports, a bank, building society or other lender is only given access with your specific permission, though many transactions such as phone contracts and loans require a credit report check.

The report is designed to help lenders assess whether you are a reliable person to lend to. The information comes from some public information, such as court judgements and the electoral roll information, along with credit history information to give a snapshot into your ability to repay previous loans.

As a person’s credit report can influence major aspects of a person’s life including the ability to buy a home, there are certain rights each individual has in regards to their report.

Under the Data Protection Act, everyone has a right to:
• Receive a copy of their credit report within seven working days of a request.
• Dispute any inaccurate information and have this investigated.
• Have the errors corrected within 28 days of reporting the inaccuracy.
In the UK, there are several agencies that are designed to help those either struggling to improve their credit report or who may have questions and queries about the information appearing on the report, along with those who may have concerns about identity theft. The major agencies include the Citizen’s Advice Bureau, the Consumer Credit Counselling Service and the National Debtline.

Taking basic security precautions

Is all this safe? Well, nothing is absolutely safe, but you can take precautions to make sure that your online financial management activities are at least as safe as the same activities would be in the offline world, maybe even safer. You should be aware, vigilant and take routine precautions such as these:

•Secure. Look for the lock icon and/or a Web address that starts with “https://” (the “s” stands for secure). This isn’t a guarantee, but is generally a good indication of a secure site.
•Create strong passwords of at least eight characters that combine letters, numbers, and symbols. Use a different password for each account, and don’t use the same password that you
use to access your PC. Change your passwords frequently and don’t store them on or near your computer.
• When you’re finished with your transaction, log out of the account.
• Secure your PC with Internet security software, such as Norton 360 or Norton Internet Security.
Keep that software updated.
• If you see a transaction that is suspicious, call the credit card company and report it.
• Don’t respond to emails or pop-up windows that ask you to update your security information. Your bank, credit card or investment firm won’t ask you to do that.
• Remember any offer that seems too good to be true probably is. Don’t respond.

Protecting your bottom line

As long as you do everything you reasonably can to secure your PC and take standard precautions in making online transactions, the benefits of managing your finances online will outweigh safety concerns. Say goodbye to paper bills, stamps and envelope licking. Say hello to the easy way to manage your finances (but please be careful).

Courtesy :- Symantec

First Line of Defense: Operation Black Atlas Put Small and Medium-Sized Businesses At Risk With PoS Malware

First Line of Defense Trend Micro

Operation Black Atlas

Operation Black Atlas Put Small and Medium-Sized Businesses At Risk With PoS Malware

In 2013, Target suffered the biggest PoS malware attack where tens of millions of transaction data were stolen. The breach started the same time Black Friday kicked off that year and extended its operation till the tail end of December. Since then, there were several PoS attacks that came after, but thankfully not as damaging. But now, a new campaign involving a bigger PoS threat is already working its way through networks around the world. Our researchers have recently found a powerful, adaptable, and invisible botnet that searches for PoS systems in any network. We are calling this cybercrime campaign as Operation Black Atlas.

” Cybercriminals are utilizing a shotgun approach to PoS malware in which they try to affect as many companies as they can regardless if it’s a major enterprise or a start-up company.”

Operation Black Atlas was operating as early as September2015, doing groundwork for major shopping events such as Thanksgiving, Black Friday, Cyber Monday, and the rest of the holiday season. Besides retail industries and companies, Black Atlas aims to target any industry it can find that rely on credit card payments. This is highly problematic given that most shoppers still rely on credit cards for non-cash payments. And in our paper Follow the Data: Dissecting Data Breach and Debunking Myths, we stated that 47.8% of data breaches come from the retail sector.
The tools used by operators of Operation Black Atlas are what make it dangerous. These cybercriminals basically possess tools of different functions. The tools enable them to penetrate and steal information from different network and security setups. So far, the malware used in Operation Black Atlas includes variants of Alina, NewPOSThings, a Kronos backdoor, and BlackPOS. Alongside the tools, cybercriminals are utilizing a shotgun approach in PoS malware in which they try to affect as many companies as they can regardless if it’s a major enterprise or a start-up company.

With this global threat, we may still experience the crippling power of PoS malware even with new payment processing technologies. Small- and medium-sized business owners are strongly advised to boost their PoS security by using a multi-tiered PoS defense system. For holiday shoppers, make sure you have switched to EMV or chip-and-pin credit cards, or use other payment processing systems when making in-store purchases. To learn more about Operation Black Atlas, read the full article on how Operation Black Atlas threatens the SMB sector, and our updates on Operation Black Atlas.

Ransomware

As 2015 comes to a close, it’s time to gain perspective of the future by taking a look back at the present year’s events – in this case, the ransomware.

Some Quick Stats about the Ransomware’s Menace in 2015

• A new variant of the ransomware family – Teslacrypt, was seen in early 2015. It specifically targets computers with saved games files. Read more about Teslacrypt here.

• A massive surge was detected in the CTB Ransomware – a relatively new variant.

• India seemed to have been hit with the highest number of ransomware attacks this year; accounting to 16000 infections.

• The FBI reported a loss of $18 million because of ransomware attacks worldwide.

Ransomware infections are deemed nasty to such a level that even the FBI stated that they often advise people to pay the ransom. Joseph Bonavolonta, Assistant Special Agent in Charge of the Cyber and Counterintelligence Program in the FBI’s Boston office quoted “The ransomware is that good… To be honest, we often advise people just to pay the ransom.”

So, what’s the prediction for ransomware in 2016?

By the looks of the alarming rate at which the ransomware family is growing, it is wise to assume that this malware is here to stay and not going away anytime soon. For 2016, here’s what ransomware authors may be gearing up for:

1. Getting more personal – hackers may threaten people of releasing encrypted information in public. Instances of this have already occurred. ‘Chimera’ – a recently launched ransomware campaign in Germany, threatened to release the victims’ encrypted files in public, if the ransom was not paid.

2. Targeting Macs – with Mac becoming more popular among users, they are likely to become an attractive prey for ransomware.

3. Extending the ransomware circle – rookie cybercriminals may start offering ransomware as a service, transforming it into a large-scale business-like operation.

4. Targeting Android – attempts of bringing ransomware to the mobile platform have already been noticed in 2015; a popular example is SimpleLocker. In the coming year, we can expect advanced and more complex variants of the same and others alike.

5. Better delivery – hackers will use more sophisticated mechanisms to spread ransomware and more valuable ways to extort money from their victims.

6. Other targets – as more users are becoming aware and getting educated about how to fight ransomware, hackers will target avenues which are still security-deficient such as smart TVs, smart houses, smart fridges, Internet-enabled cars; in short, the Internet of Things.

7. Life Threatening – Frighteningly, ransomware attacks can turn out to be more than a digital threat to people – it can become life-threatening. Attackers are now suspected to go after lifesaving medical devices. There could be a horrid situation where a patient is demanded to pay a ransom in order for their pacemaker to be released from a ransomware’s clutches. Read more on this here.

Ransomware

Steps you Must Take

Cyber criminals don’t take time off from creating and improving upon their tactics and that’s why it is essential that we don’t let our guard down against them. Here are some of the best ways you can protect your device from ransomware:

• Never download attachments or click links in emails received from unwanted or unexpected sources, even if the source looks familiar.

• Don’t respond to unwanted pop-up ads or alerts while visiting unfamiliar or even familiar websites.

• Apply all recommended security updates to your OS, software, and Internet browsers, if not already.

• Take regular backups of all the important files you have on your computer. We recommend you to begin the backup procedure offline and not when you are connected to the Internet. Doing this will ensure that you do not have to meet the ransomware’s demands.

• Have a security software installed in your PC that efficiently blocks spam and malicious emails, and automatically restricts access to malicious websites. Antivirus has an inbuilt anti-ransomware defense that detects and stops ransomware that encrypt data. This defense mechanism works on a behavior-based module – which means, it analyzes programs based on their behavior and the activities carried by them on the users machine. This helps Quick Heal detect malware like ransomware in real-time and prevent possible infections. This anti-ransomware feature remains active in the system even if the antivirus software itself is turned off for some reason.

Courtesy :- Quick Heal