Massive vulnerability in Windows Defender leaves most Windows PCs vulnerable

Massive vulnerability in Windows Defender leaves most Windows PCs vulnerable (CVE-2017-0290)

A vulnerability has been identified in the malware protection engine (Windows Defender) that is used in almost every recent version of Windows (7, 8, 8.1, 10, and Server 2016). Since Windows Defender is installed by default on all Windows PCs, it leaves many enterprises and users vulnerable to it.
This exploit allows remote attackers to take over the system, without any intervention by the system owner. Attackers could craft an email or an instant message, which when scanned by the vulnerable system, could lead to remotely taking over the system. Anything that can be automatically scanned by Windows Defender e.g. file shares, websites etc. could be used to attack the system. This exploit could also be written as a worm to scan other vulnerable systems and replicate it.
Microsoft has released and pushed an immediate patch against this code execution vulnerability. According to Microsoft, the risk is lower on Windows 10 and Windows 8.1 system because of its security feature to protect against memory corruption on these systems.
You are advised to perform a manual check whether your PC has been updated. To do so, go to “Windows Defender settings” and if the Engine version number is 1.1.13704.0 or higher means the system is patched. For others, you need to act immediately to install the latest updates to avoid being vulnerable to future attacks.

Reference by Gajshield

How to prevent Wannacry or WannaCrypt Ransomware

Best practices to prevent ransomware attacks:

  • Perform regular backups of all critical information to limit the impact of data or system loss and to help expedite the recovery process. Ideally, this data should be kept on a separate device, and backups should be stored offline.
  • Establish a Sender Policy Framework (SPF), Domain Message Authentication Reporting and Conformance (DMARC), and DomainKeys Identified Mail (DKIM) for your domain, which is an email validation system designed to prevent spam by detecting email spoofing by which most of the ransomware samples successfully reaches the corporate email boxes.
  • Don’t open attachments in unsolicited e-mails, even if they come from people in your contact list, and never click on a URL contained in an unsolicited e-mail, even if the link seems benign. In cases of genuine URLs close out the e-mail and go to the organisation’s website directly through browser
  • Restrict execution of PowerShell /WSCRIPT in enterprise environment Ensure installation and use of the latest version (currently v5.0) of PowerShell, with enhanced logging enabled. script block logging and transcription enabled. Send the associated logs to a centralised log repository for monitoring and analysis.
  • Application whitelisting/Strict implementation of Software Restriction Policies (SRP) to block binaries running from %APPDATA%, %PROGRAMDATA% and %TEMP% paths. Ransomware sample drops and executes generally from these locations. Enforce application whitelisting on all endpoint workstations.
  • Deploy web and email filters on the network. Configure these devices to scan for known bad domains, sources, and addresses; block these before receiving and downloading messages. Scan all emails, attachments, and downloads both on the host and at the mail gateway with a reputable antivirus solution.
  • Disable macros in Microsoft Office products. Some Office products allow for the disabling of macros that originate from outside of an organisation and can provide a hybrid approach when the organisation depends on the legitimate use of macros. For Windows, specific settings can block macros originating from the Internet from running.
  • Configure access controls including file, directory, and network share permissions with least privilege in mind. If a user only needs to read specific files, they should not have write access to those files, directories, or shares.
  • Maintain updated Antivirus software on all systems
  • Consider installing Enhanced Mitigation Experience Toolkit, or similar host-level anti-exploitation tools.
  • Block the attachments of file types, exe|pif|tmp|url|vb|vbe|scr|reg|cer|pst|cmd|com|bat|dll|dat|hlp|hta|js|wsf
  • Regularly check the contents of backup files of databases for any unauthorized encrypted contents of data records or external elements, (backdoors /malicious scripts.)
  • Keep the operating system third party applications (MS office, browsers, browser Plugins) up-to-date with the latest patches.
  • Follow safe practices when browsing the web. Ensure the web browsers are secured enough with appropriate content controls.
  • Network segmentation and segregation into security zones – help protect sensitive information and critical services. Separate administrative network from business processes with physical controls and Virtual Local Area Networks.
  • Disable remote Desktop Connections, employ least-privileged accounts.
  • Ensure integrity of the codes /scripts being used in database, authentication and sensitive systems, Check regularly for the integrity of the information stored in the databases.
  • Restrict users’ abilities (permissions) to install and run unwanted software applications.
  • Enable personal firewalls on workstations.
  • Implement strict External Device (USB drive) usage policy.
  • Employ data-at-rest and data-in-transit encryption.
  • Carry out vulnerability Assessment and Penetration Testing (VAPT) and information security audit of critical networks/systems, especially database servers from CERT-IN empaneled auditors. Repeat audits at regular intervals.
  • Individuals or organisations are not encouraged to pay the ransom, as this does not guarantee files will be released. Report such instances of fraud to CERT-In and Law Enforcement agencies

 

Reference by google.com

Using Google Migration Tool for Outlook Migration

Steps on how to setup Google Migration Tool for Outlook Migration

  1. Download and run the G Suite Migration for Microsoft Outlook® tool using the button on the top right of the page if it has not already been installed.
  2. Make sure to make Google chrome your default browser. Also make sure you take backup of your existing outlook pst file before starting any of the steps below for safety. Also make sure to close your ms outlook before starting migration
  3. Go to the Windows Start menu, type in “Google apps migration” and click the “Google Apps Migration for Microsoft Outlook” to open it
    gsuitemigration1
  4. Enter your Gsuite username and password when prompted
  5. Allow the migration tool to manage Google items by clicking “Allow” at the bottom of the page.
    gsuitemigration2
  6. You will see the “Authorization has been granted successfully. Please switch to your application.” notification.
  7. Select “From PST file(s)…” at the bottom of the pull down menu.
  8. Select your backup PST file
  9. Choose the default, “Migrate all data” and click “Next”
    gsuitemigration3
  10. Choose the default, “Migrate all data” and click “Next” (if you are migrating your emails first time, else you will choose migrate only new data)
  11. Use the defaults selected for the Calendar, Contacts, and Email messages and click “Migrate”.
    gsuitemigration4
  12. The process will display a progress screen with “Pause Migration” and “Cancel” buttons at the bottom similar to the one below. The buttons will change to “Start new migration” and “Close” once the migration is complete.
    Google Migration Tool for Outlook Migration

Brute force attack on Microsoft SQL

In recent events, we have been observing that hackers have started targeting Microsoft SQL (MSSQL) servers using its open TCP port. The database is configured with a weak password, despite administrators agreeing to the importance of it. The reasons could be ease of use to the operator, lack of security awareness or simply underestimating risk factors.

By default, Microsoft SQL runs on TCP ports 1433/1434 with ‘SA’ as an administrator user.

Microsoft SQL Brute Force Attack Flow:

  1. The attacker uses port scanning techniques to identify the open ports on target system
  2. Once the attacker found port 1433/1434 in open state, it starts brute forcing the SA login which is a default administrator account
  3. The attacker usually holds a dictionary with the most common passwords used by database administrators, thus making the attack faster and successful in most cases
  4. Once the attacker has access to the ‘SA’ user, he gets the complete access of the database. Attacker may further exploit the system if Microsoft SQL server has vulnerabilities allowing the attacker to gain complete access of the operating system

The Indication of Infection:

  1. Microsoft SQL ‘SA’ user password changed unknowingly
  2. Multiple failed attempts to access ‘SA’ user

How much damage this attack can cause:

  1. Hacker can get the administrative access of database which is an integral part of any organization further which may result in loss of data and/or data getting stolen

How you can safeguard your system from this attack:

  1. Set complex password for database user like ‘SA’ user
  2. Disable the default user ‘SA’ and create another user with same privileges
  3. Change default TCP port i.e. 1433 to random port so that attacker cannot guess it easily
  4. Disable the Microsoft SQL(MSSQL) service if not used.

Ensuring above actions are in place is the primary prevention to stay away from these type of attacks. We also recommend customising ‘Quick Heal Firewall’ which allows users to set the firewall rules to suit individual needs. If properly configured, Quick Heal Firewall can protect against these intrusion attacks by bottlenecking the network traffic to safeguard your network infrastructure.

Also, use Quick Heal Vulnerability Scanner to identify vulnerabilities and further patch/fix them to avoid getting exploited by such miscreants.

 

Reference by Quick heal ( http://blogs.quickheal.com/brute-force-attack-microsoft-sql/ )

Move Google Drive files and folders into Team Drives

Following the launch of Team Drives in March, it’s likely you and your users have existing content that needs to be moved from traditional Google Drive locations (e.g. My Drive) into these new shared spaces. As a G Suite admin, there are three ways you can do this:

1. Allow users to migrate files 
If you enable this setting in the Admin console (Apps > G Suite > Drive and Docs > Migration settings > User options > Allow users to migrate files to Team Drives), users in your domain will be able to move individual files into Team Drives, as long as they have Edit access to those files and the current file owners are members of the destination Team Drive.

Migration Settings

2. Migrate folders as a super admin
If you’re a super admin and have view access or higher to an existing My Drive folder, you can move that folder to a Team Drive yourself. Check out the Help Center for detailed instructions.

3. Delegate admin migration rights to individual users
If you’re a super admin, you can delegate the admin rights described in option 2 to any user in your domain. He or she will then be able to move My Drive folders into Team Drives. For a step-by-step guide to granting these admin migration rights, see the Help Center.

Migration Privilege

No matter which option you choose, there are a few important things to remember when moving files and folders into Team Drives:

  • Any file moved to a Team Drive will then be owned by the Team Drive—not an individual.
  • Moved files will remain in the user’s Shared with me and Recent locations, but they’ll be removed from all other Drive locations (e.g. My Drive).
  • A file’s permissions and sharing link will not change when it’s moved into a Team Drive. People who aren’t Team Drive members will still be able to access that file with their previously granted permissions.

For additional details and key considerations, please visit the Help Center.

Launch Details
Release track:
Launching to both Rapid release and Scheduled release

Editions:
Available to G Suite Business, Education, Nonprofit, and Enterprise editions only

Rollout pace:
Full rollout (1–3 days for feature visibility)

Impact:
Admins and end users

Action:
Admin action suggested/FYI

 

 Reference by Google.com

 

Quick Heal supports the Windows 10 Creators Update

A couple of years ago, Microsoft launched Windows 10 and it created quite a spur among PC users all around the world. Celebrating the anniversary of this launch, Microsoft released the Windows 10 Anniversary Update in August last year. In 2017, Microsoft is ready with the Windows 10 Creators Update. This post lists some of the highlights of the Creators Update and Quick Heal’s compatibility with the OS.

The Windows 10 Creators Update highlights

  • The concept of 3D in Windows. For example, the Paint application is now 3D
  • Microsoft Edge is now faster and safer with better browsing and entertainment
  • Additional security and privacy protection

You can learn more about the Creators Update here.

Which versions of Quick Heal will support the Windows 10 Creators Update?

Support via Builds
The latest Quick Heal Builds of v17.00 onwards, downloaded from Quick Heal website, support the Windows 10 Creators Update.

Support via Quick Heal update
Support for the Creators Update is being rolled out to existing users via the latest Quick Heal updates.

What must Quick Heal users do before getting the Creators Update?
Quick Heal users with Win10 RS1 or lower Operating System must take the latest Quick Heal updates and then proceed with the Creators Update. Failing to do so might cause Quick Heal or the system to behave abnormally.

How to apply the latest Quick Heal Update?

  • The update will be applied automatically if your Quick Heal’s Automatic Update is turned ON.
  • You can also apply the update manually. You can do this by following any one of the following methods:
    1. Click on the Update Now button on your Quick Heal dashboard
    2. Go to Help -> About, click on Update Now
    3. Right click on the Quick Heal icon in the system tray and click on Update Now
    4. Go to Start -> All Programs -> Quick Heal -> Click on Quick Update

How to know if the Quick Heal update has been successfully installed and is compatible with the Creators Update?
If your Quick Heal Virus Database Date falls after 1st Feb 2017, it means that the latest updates compatible with the Creators Update have been installed on your computer.

Note – Fresh installation of Quick Heal version 16.00 and below is not supported by the Creators Update.

 

 

 

Reference by Quick Heal

Setup Journaling , Backup, watchdog , routing in Gsuite

The following is a step to setup Journaling, backup, watchdog, routing in Gsuite

  1. Login to google admin console.
  2. Go to manage users
  3. There create email id for journaling
  4. Now go back to admin console page in search just type routing you will land to Apps > Gsuite > Settings For Gsuite> Advance settings or  From the Admin console dashboard, go to Appsand thenG Suiteand thenGmailand thenAdvanced settings.
  5. On the left, select the organization.
  6. Scroll to the Routing setting in the Routing section, hover over the setting and click Configure. If the setting is already configured, hover over the setting and click Edit or Add another.
  7. Enter a unique name that’ll help you identify the setting.
  8. Go to the next step to configure the setting.
  9. You can set up the routing policy for:Inbound (any incoming messages)
    Outbound (any outgoing messages)
    Internal sending (internal message sent to another user in your organization)
    Internal receiving (internal message received by another user in your organization)
    Note: This includes messages originating outside of Gmail that are SPF or DKIM authenticated by one of
    your domains.For example, select Inbound, Internal-receiving, or both, to set up split delivery, dual delivery, or a catch-all address (or all 3) and to route messages to additional recipients.

    Check the boxes next to the messages you want the policy to apply to.
    For split delivery or dual delivery, select Inbound, Internal-receiving, or both.
    To set up a catch-all address or to route messages to additional recipients, select Inbound, Internal-receiving, or both.

    Go to the next step to continue.

    After that you will see Also Deliver to: there you will have to mention your journalling email id.

    10.You will have to save it.

    11. You will see a message at bottom of the screen to save it. You will have to  save it again.

    12.At last you will see something like below

     

    Setup Journaling , Backup, watchdog , routing in Gsuite

  10. All your policy is created.

 

 

How to configure an e-mail account in Outlook Express

If you have an email account set up on the server, you may want to configure Outlook or Outlook express to send/receive email from this email address. To configure Outlook to connect to your account, please do the following:

  1. Open Outlook Express
  2. Go to “Tools” and click on “Accounts
    OutlookExpress
  3. An “Internet Accounts” window will pop up. Select the Mail tab, then “Add“, then click on “Mail“.
    OutlookExpress
  4. This will start up Internet Connection Wizard. Enter your name where it says “Display name:” and click “Next” at the bottom right.
    OutlookExpress
  5. Select the Next button
  6. Enter your Email address in the input box. This does NOT have to be your “username@yourdomain.com”( you can use “john@yourdomain.com, webmaster@yourdomain.com, etc). Then click Next

  7. Click the Next button
  8. In the Incoming mail field type mail.yourdomain.com.In the Outgoing mail (SMTP)field type mail.yourdomain.com
    (so if your domain name is elitepolls.com, then you would put “mail.elitepolls.com” there). Click Next
    OutlookExpress
  9. For the Account Name, type the full email address (including the domain name). In the Password section, type the password for the email.
    OutlookExpress
  10. Click the Next button
  11. Click the Finish button
    OutlookExpress
  12. You should still see the Mail tab, so click the Properties button
  13. Select the Servers tab
  14. Check the box at the bottom which says “My server requires authentication”
  15. Select the Advanced tab
  16. At the top, you will see “Server Port Numbers” and “Outgoing mail (SMTP):” with a value of 25. You need to change this to port 26 if you are not able to send emails using 25.
  17. Click the Apply button, OK button, and the Close button.
  18. You’re done! Now you can test your email.

Users with legacy Android devices can now access work apps in Google Play

Recently, we announced that your organization’s private apps would move from the “Private Channel” (i.e. the “domain.com” tab) to the “Work Apps” tab in the Google Play Store. We envision this Work Apps section as a single destination where users can find all of the applications they need to be productive on mobile. Using Google Mobile Management, G Suite administrators can offer a curated set of both public and custom apps to their employees in the Work Apps section of Google Play.

Previously, however, employees with Android devices that did not support work profiles could not see the Work Apps tab and the apps their admins had curated. This included any users with Android devices running 5.0 Lollipop or less. With this launch, employees with these older devices can now access the Work Apps tab in Google Play (in their personal profile) and the apps their admins have curated.

Google Play for Work on Legacy Devices

Note that on devices that do support work profiles, the Work Apps tab can only be accessed from Google Play in the work profile.

Launch Details
Release track:
Launching to both Rapid release and Scheduled release

Editions:
Available to all G Suite editions

Rollout pace:
Full rollout (1–3 days for feature visibility)

Impact:
All end users

Action:
Change management suggested/FYI

 

Reference by Google.com

Support for rotated text, accounting number formats, and more in Google Sheets

We’re working hard to ensure that Google Sheets meets your business needs. As part of that effort, today we’re introducing several enterprise-friendly features that you’ve been asking for in Sheets on the web, Android, and iOS:

Rotated text
You can now rotate the text in a cell in Sheets (Format > Text rotation). This is especially useful when you need to fit long header names into thin columns, or when you simply want to fit more text on a single screen.

 

Rotated text 1

Accounting number formats
We’re making it easier to read your budgets, expense reports, and other spreadsheets containing monetary amounts by aligning the currency symbols within them (Format > Number > Accounting). We’re also making improvements to the way numbers, decimal points, and repeated characters line up to make them simpler to scan and analyze.

Accounting number formats 2

More border styles
You can now choose from several new border styles in Sheets, including various thicknesses and double borders, which are commonly used in financial statements like balance sheets (Toolbar > Borders > Border styles).

Additional improvements on mobile
In addition to the features described above, we’re also launching the following improvements to our mobile apps:

  • Support for using a mouse with the Sheets Android app
  • Ability to view and select existing custom colors in the Sheets Android app
  • Ability to drag and drop rows and columns in the Sheets Android and iOS apps
  • Formatting suggestions in Explore in the Sheets iOS app

For more details, check out the Help Center articles below.

Launch Details
Release track:
Launching to both Rapid release and Scheduled release

  • All mobile features
  • Additional border styles on the web

Launching to Rapid release, with Scheduled release coming on March 6, 2017

  • Rotated text on the web
  • Accounting number formats on the web

Editions:
Available to all G Suite editions

Rollout pace:
Gradual rollout (potentially longer than 3 days for feature visibility)

Impact:
All end users

Action:
Change management suggested/FYI

Reference by Google.com