Get ready for the Windows 11 Insider Preview

Check out the updated hardware requirements for Windows 11 and find out how Windows Insiders can get started with a Windows 11 Insider Preview build.

Since launching Windows 10 six years ago, a lot of hardware innovation has happened in the PC space. For Windows to move forward and take better advantage of the latest innovations, we need to update the baseline system requirements for modern PCs. As a result, Windows 11 has updated hardware requirements which will be reflected in the Windows Insider Program. This blog post will outline what this means for Insiders new to flighting as well as Insiders who have already been flighting Insider Preview builds.

Microsoft Safety Scanner

People can download the scanner and check to see if they have any malware and also clean their computers. Check if you have the 32Bit or 64Bit OS, click on the link and select save then click on the view in folder, double click the file and watch what happens

Microsoft Safety Scanner is a scan tool designed to find and remove malware from Windows computers. Simply download it and run a scan to find malware and try to reverse changes made by identified threats.

Windows 11

Microsoft has announced the first Insider Preview for Windows 11.

I was under the impression that Windows 10 was the last version on Windows with half year and annual updates. It seems that this planned pandemic has caused more ructions than we could have imagined. What we have been able to find out that the NSA have been spying on anyone and everyone over the past. They have been working with Microsoft, Linux, Apple and all hard disk and router manufactures to have spyware and backdoors in all operating systems worldwide. They have been the people hat have helped create the internet, all security software being used worldwide.

With the end of the current age and as we head into a new era, there are many changes forecast. One, a new Quantum internet (QI) is being put in place, one where hacking will be eliminated and second a new Quantum Financial system (QFS). This will require many changes to the O/S if we are to retain our current computing power.

So with Microsoft releasing a new OS at this time makes me think that this could be a release that could have everything ready for a switch over to the new QI.

Windows 11 Bug Bash July 7—July 14!

Dealing with Ransomware

Coalition to create framework for dealing with ransomware
Major tech firms including Microsoft and McAfee, as well as research groups and other organizations, are creating a coalition to address cyberattacks against entities in government, education, health care and other critical sectors. The Ransomware Task Force will focus on threat reduction, tech solutions and the development of a standard framework for responding to ransomware for all industries to follow.
Full Story: ZDNet (12/22), StateScoop (12/21)

Create a Bootable USB Flash Drive

Applies To: Windows Server 2016 Essentials, Windows Server 2012 R2 Essentials, Windows Server 2012 Essentials

You can create a bootable USB flash drive to use to deploy Windows Server Essentials. The first step is to prepare the USB flash drive by using DiskPart, which is a command-line utility. For information about DiskPart, see DiskPart Command-Line Options.

 Tip

To create a bootable USB flash drive for use in recovering or reinstalling Windows on a PC instead of a server, see Create a recovery drive.

For additional scenarios in which you may want to create or use a bootable USB flash drive, see the following topics:

To create a bootable USB flash drive

  1. Insert a USB flash drive into a running computer.
  2. Open a Command Prompt window as an administrator.
  3. Type diskpart.
  4. In the new command line window that opens, to determine the USB flash drive number or drive letter, at the command prompt, type list disk, and then click ENTER. The list disk command displays all the disks on the computer. Note the drive number or drive letter of the USB flash drive.
  5. At the command prompt, type select disk <X>, where X is the drive number or drive letter of the USB flash drive, and then click ENTER.
  6. Type clean, and the click ENTER. This command deletes all data from the USB flash drive.
  7. To create a new primary partition on the USB flash drive, type create partition primary, and then click ENTER.
  8. To select the partition that you just created, type select partition 1, and then click ENTER.
  9. To format the partition, type format fs=ntfs quick, and then click ENTER. ImportantIf your server platform supports Unified Extensible Firmware Interface (UEFI), you should format the USB flash drive as FAT32 rather than as NTFS. To format the partition as FAT32, type format fs=fat32 quick, and then click ENTER.
  10. Type active, and then click ENTER.
  11. Type exit, and then click ENTER.
  12. When you finish preparing your custom image, save it to the root of the USB flash drive.

Appreciation

As a trainer when you get a post somewhere like this makes it all worth the effort:

SEO Tips

WordPress Newsletter Article

So you have a terrific online store, and you want it to flourish. One way to increase sales is by driving organic traffic to your site. It’s an effective method for attracting customers without having to spend money on ads. This is why many sites are using SEO to draw customers in, according to Search Engine Journal. Wondering how you can get started? Here are four eCommerce website SEO tips that can help grow your bottom line.

1. Make your site easy to understand and use

First off, make sure your site structure is clear, mobile-optimized, and fairly intuitive. It should be easy for visitors on a variety of devices to understand how to use your site and find what they are looking for. Customers must be able to easily search for and locate the products they want. Using the shopping cart and checking out should be a snap, as well. If visitors find your site accessible and helpful, then search engines will, too — and they’ll boost your search engine ranking, sending more organic traffic your way.

2. Choose relevant keywords

Relevant keywords are essential for your site, particularly if you have an eCommerce blog. You can get started with keyword research using a tool such as WordPress SEO by Yoast, SEMRush, or Google Keyword Planner. First, determine the top two keywords you want to rank on. These should be search terms that your target audience might use when searching for your site. They may be competitive, but you should be able to increase your ranking over time by including them on relevant parts of your site, such as meta descriptions, product pages, blog posts, permalinks, and image names. Consider also including less popular, long-tail keywords that will help customers find you. Once you’ve done this, periodically check the keyword ranking for your site to keep track of how you’re doing.

3. Optimize product images

Images frequently appear in Google search results, presenting you with a golden opportunity to get your products noticed. To do so, optimize your product images and primary category images for SEO. In most cases, especially where product photos are concerned, you’ll want to use a high-quality JPEG image. But make sure that the file size isn’t so large that it’s slow to load. Otherwise, customers may decide to move on and leave the site. If the size of the image file you want to use is too large — say, over 2 MB — you can re-size it with image-editing software.

4. Write great product descriptions

Each product in your store should have a brief, well-written product description that is optimized for SEO. It’s important to include relevant keywords in your product descriptions, but only if they fit naturally. Search engines often penalize sites they think are engaging in keyword stuffing — that is, forcing a particular webpage full of keywords in an attempt to game search engine rankings. Although you can use the manufacturer’s product description, writing your own product description usually produces better results.

With these four eCommerce website SEO tips, you can begin driving more organic traffic to your online store. If you have a WordPress.com Business or eCommerce plan and want to optimize your eCommerce site’s SEO even more, you can explore WordPress.com SEO tools or take a free online course on WordPress.com Business SEO.

Shortcuts to Windows Settings

A simple extension of a brilliant hack by Lucas (@Whistler4Ever), published by Sergey Tkachenko at WinAero, and unearthed by Steven Parker at Neowin gives you a very easy way to put an icon on your Windows 10 Desktop screen that opens to just about any Settings page, where you can change a setting in a nonce.

[ More info: How to fix five Windows 10 headaches ]

Here’s how to make it work:

[ Got a spare hour? Take this online course and learn how to install and configure Windows 10 with the options you need. ]

  1. Right-click or tap and hold any blank place on the Windows 10 Desktop.
  2. Choose New > Shortcut.
  3. Pick one of the ms-settings apps listed below and type it into the input box. For example, to go to the Data Usage app, type ms-settings:datausage in the box marked Type the location of the item.
  4. Click Next, give the shortcut a name, and click Finish.

A new shortcut appears on your desktop. Double-click or tap it, and the Settings app appears.

Settings page App used for the shortcut
Accessibility
Closed captioning ms-settings:easeofaccess-closedcaptioning
High contrast ms-settings:easeofaccess-highcontrast
Keyboard ms-settings:easeofaccess-keyboard
Magnifier ms-settings:easeofaccess-magnifier
Mouse ms-settings:easeofaccess-mouse
Narrator ms-settings:easeofaccess-narrator
Other options ms-settings:easeofaccess-otheroptions
Battery and power
Battery Saver ms-settings:batterysaver
Battery Saver settings ms-settings:batterysaver-settings
Battery use ms-settings:batterysaver-usagedetails
Power and sleep ms-settings:powersleep
Display and user interface
Backgrounds ms-settings:personalization-background
Colors (display) ms-settings:colors
Colors (personaliation) ms-settings:personalization-colors
Date and time ms-settings:dateandtime
Display ms-settings:display
Mouse and touchpad ms-settings:mousetouchpad
Personalization ms-settings:personalization
Region and language ms-settings:regionlanguage
Screen rotation ms-settings:screenrotation
Speech ms-settings:speech
Start ms-settings:personalization-start
Themes ms-settings:themes
Typing ms-settings:typing
Network and radios
Airplane mode ms-settings:network-airplanemode
Bluetooth ms-settings:bluetooth
Cellular ms-settings:network-cellular
Data usage ms-settings:datausage
Dialup ms-settings:network-dialup
DirectAccess ms-settings:network-directaccess
Ethernet ms-settings:network-ethernet
Manage Wi-Fi ms-settings:network-wifisettings
Mobile hotspot ms-settings:network-mobilehotspot
Proxy ms-settings:network-proxy
Wi-Fi ms-settings:network-wifi
VPN ms-settings:network-vpn
Other
For developers ms-settings:developers
Offline maps ms-settings:maps
Optional features ms-settings:optionalfeatures
Privacy
Account info ms-settings:privacy-accountinfo
Calendar ms-settings:privacy-calendar
Camera ms-settings:privacy-webcam
Contacts ms-settings:privacy-contacts
Feedback ms-settings:privacy-feedback
Location ms-settings:privacy-location
Messaging ms-settings:privacy-messaging
Microphone ms-settings:privacy-microphone
Motion ms-settings:privacy-motion
Other devices (privacy) ms-settings:privacy-customdevices
Privacy ms-settings:privacy
Radios ms-settings:privacy-radios
Speech, inking, and typing ms-settings:privacy-speechtyping
System and user
Connected devices ms-settings:connecteddevices
Family and other users ms-settings:otherusers
Lockscreen ms-settings:lockscreen
Notifications and actions ms-settings:notifications
Proximity ms-settings:proximity
Signin options ms-settings:signinoptions
Storage Sense ms-settings:storagesense
Tablet mode ms-settings://tabletmode/
Windows Update ms-settings:windowsupdate
Work access ms-settings:workplace

Spear phishing

Spear phishing

Spear phishing campaigns —they’re sharper than you think

  • Diana Kelley Cybersecurity Field CTO
  • Seema Kathuria Senior Manager, Cybersecurity Solutions Group

Even your most security-savvy users may have difficulty identifying honed spear phishing campaigns. Unlike traditional phishing campaigns that are blasted to a large email list in hopes that just one person will bite, advanced spear phishing campaigns are highly targeted and personal. They are so targeted, in fact, that we sometimes refer to them as “laser” phishing. And because these attacks are so focused, even tech-savvy executives and other senior managers have been duped into handing over money and sensitive files by a well-targeted email. That’s how good they are.

Even though spear phishing campaigns can be highly effective, they aren’t foolproof. If you understand how they work, you can put measures in place to reduce their power. Today, we provide an overview of how these campaigns work and steps you can take to better protect your organization and users.

Graph showing that the percentage of inbound emails associated with phishing on average increased in the past year.

Figure 1. Percentage of inbound emails associated with phishing on average increased in the past year, according to Microsoft security research (source: Microsoft Security Intelligence Report).

Step 1: Select the victims

To illustrate how clever some of these campaigns are, imagine a busy recruiter who is responsible for filling several IT positions. The IT director is under a deadline and desperate for good candidates. The recruiter posts the open roles on their social networks asking people to refer leads. A few days later they receive an email from a prospective candidate who describes the role in the email. The recruiter opens the attached resume and inadvertently infects their computer with malware. They have just been duped by a spear phisher.

How did it happen?

In a spear phishing campaign, the first thing an attacker needs to do is identify the victims. These are typically individuals who have access to the data the attacker wants. In this instance, the attackers want to infiltrate the human resources department because they want to exfiltrate employee social security numbers. To identify potential candidates they conduct extensive research, such as:

  • Review corporate websites to gain insight into processes, departments, and locations.
  • Use scripts to harvest email addresses.
  • Follow company social media accounts to understand company roles and the relationships between different people and departments.

In our example, the attackers learned by browsing the website that the convention for emails is first.last@company.com. They browsed the website, social media, and other digital sources for human resources professionals and potential hooks. It didn’t take long to notice several job openings. Once the recruiter shared details of jobs online, would-be attackers had everything they needed.

Why it might work: In this instance it would be logical for the victim to open the attachment. One of their job responsibilities is to collect resumes from people they don’t know.

Infographic showing the typical campaign path for phish emails, from Reconnaissance to Exfiltration.

Figure 2. Research and the attack are the first steps in a longer strategy to exfiltrate sensitive data.

Step 2: Identify the credible source

Now let’s consider a new executive who receives an email late at night from their boss, the CEO. The CEO is on a trip to China meeting with a vendor, and in the email, the CEO references the city they’re in and requests that the executive immediately wire $10,000 to pay the vendor. The executive wants to impress the new boss, so they jump on the request right away.

How did it happen?

In spear phishing schemes, the attacker needs to identify a credible source whose emails the victim will open and act on. This could be someone who appears to be internal to the company, a friend, or someone from a partner organization. Research into the victim’s relationships informs this selection. In the first example, we imagined a would-be job seeker that the victim doesn’t know. However, in many spear phishing campaigns, such as with our executive, the credible source is someone the victim knows.

To execute the spear phishing campaign against the executive, the attackers uncovered the following information:

  • Identified senior leaders at the company who have authority to sign off on large sums of money.
  • Selected the CEO as the credible source who is most likely to ask for the money.
  • Discovered details about the CEO’s upcoming trip based on social media posts.

Why it might work: Targeting executives by impersonating the CEO is increasingly common—some refer to it as whale phishing. Executives have more authority and access to information and resources than the average employee. People are inclined to respond quickly when the boss emails—especially if they say it’s urgent. This scenario takes advantage of those human power dynamics.

Infographic of the Attack Spectrum, from Broad to Targeted.

Figure 3. The more targeted the campaign, the bigger the potential payoff.

Step 3: Victim acts on the request

The final step in the process is for the victim to act on the request. In our first example, the human resources recruiter could have initiated a payload that would take over his computer or provide a tunnel for the attacker to access information. In our second scenario, the victim could have wired large sums of money to a fraudulent actor. If the victim does accidentally open the spear phishing email and respond to the call to action, open a malicious attachment, or visit an infected webpage, the following could happen:

  • The machine could be infected with malware.
  • Confidential information could be shared with an adversary.
  • A fraudulent payment could be made to an adversary.

Catch more phishy emails

Attackers have improved their phishing campaigns to better target your users, but there are steps you can take to reduce the odds that employees will respond to the call to action. We recommend that you do the following:

  • Educate users on how to detect phishing emails—Spear phishing emails do a great job of effectively impersonating a credible source; however, there are often small details that can give them away. Help users identify phish using training tools that simulate a real phish. Here are a few tells that are found in some phish that you can incorporate into your training:
    • An incorrect email address or one that resembles what you expect but is slightly off.
    • A sense of urgency coupled with a request to break company policy. For example, fast tracking payments without the usual checks and procedures.
    • Emotive language to evoke sympathy or fear. For example, the impersonated CEO might say you’re letting them down if you do not make the urgent payment.
    • Inconsistent wording or terminology. Does the business lingo align with company conventions? Does the source typically use those words?
  • Encourage users to communicate potential phishing emails—It’s important that users flag phishing emails to the proper team. This can be done natively within many enterprise email systems. It can also be helpful if users talk with their peers about the phishing emails they receive. Spear phishers typically don’t send blast emails; however, they may select several people from the same department or with business relationships. Talking will alert other users to be on the lookout for phishy emails.

Figure 4. Enhanced anti-phishing capabilities are available in Microsoft Office 365.

  • Deploy technology designed to block phishing emails—If users don’t receive the phishing email, they can’t act on it! Deploy technology that can help you catch phishing emails before they land in someone’s inbox. For instance, Office 365, one of the world’s largest email providers, offers a variety of protection against phishing attacks by default and through additional offerings such as Microsoft Advanced Threat Protection (ATP) anti-phishing. Importantly, Microsoft has both been advancing the anti-phishing capabilities of Office 365 (see Figure 4 above) and improving catch rates of phishing emails.