by Scott Muniz | Dec 16, 2021 | Security, Technology
This article is contributed. See the original author and article here.
CISA has announced the joint National Security Agency (NSA) and CISA publication of the final of a four-part series, Security Guidance for 5G Cloud Infrastructures. Part IV: Ensure Integrity of Cloud Infrastructure focuses on platform integrity, microservices infrastructure integrity, launch time integrity, and build time security to ensure that 5G cloud resources are not modified without authorization. This series was published under the Enduring Security Framework (ESF), a public-private cross-sector working group led by NSA and CISA.
CISA encourages 5G providers, integrators, and network operators to review the guidance and consider the recommendations. See CISA’s 5G Security and Resilience webpage for more information.
by Scott Muniz | Dec 16, 2021 | Security
This article was originally posted by the FTC. See the original article here.
If you suddenly need to hire a lawyer, you might start searching online. When you do, you’re likely to see lawyers and law firms with fancy-looking seals and badges on their websites claiming they’re among the best in their field. Before you move forward, know that some of these seals or badges might be “vanity” or “ego” awards that lawyers can buy.
It can be tricky to tell whether an award is earned through merit or is simply a marketing ploy, but a few questions can help. How long has this award been in existence? What requirements does someone have to meet to earn the award? How many awards are given out each year? Is a marketing company awarding it? Try searching online for the name of whoever’s giving the award plus words like “vanity,” “ego,” “marketing,” and “scam” to find out.
When choosing a lawyer, be sure to look beyond any seals or badges on lawyers’ websites:
- Ask for recommendations from people you trust who already have experience hiring lawyers. Online reviews can be made up or written by people with personal ties to the lawyers.
- Lawyers must pass a state bar exam to practice law in the U.S., and they often have to be admitted to the bar in the state where they practice. Check the state bar association to see if the attorney is active, inactive, disciplined, or disbarred.
- Look for actual accomplishments and past work experience. Many court documents are public record and you can see if the lawyer you’re considering has experience handling your type of legal issue.
And check out ftc.gov/hiring-lawyer for more information on how to hire the right kind of lawyer and what to ask about lawyers’ fees.
Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.
by Contributed | Dec 16, 2021 | Technology
This article is contributed. See the original author and article here.
Attack Simulation Training is an intelligent phish risk reduction tool that measures behavior change and automates the deployment of an integrated security awareness training program across an organization. It is available with Microsoft 365 E5 or Microsoft Defender for Office 365 P2 plan. In a phishing simulation, admins can use end user email notifications to inform targeted users about their participation in the campaign or to appreciate a successful phishing report.
We’re pleased to announce that these can now be localized, customized, and targeted based on the user’s locale. Security admin will be able to customize 2 different types of notifications:
- Positive Reinforcement Notification
- Simulation Notification
Positive Reinforcement Notification
Positive Reinforcement Notification allows you to send an appreciation mail to the users who report a phish to reinforce positive behavior. You can choose to send these notifications during the campaign as well as after it completes.
Simulation Notification
Simulation Notification allows you to send a notification to the users to inform them about their participation in the phishing campaign when no trainings are assigned to them. You can assign this notification to all users, users who clicked, or to the users who were compromised, and a notification will be sent to those users after the campaign ends.
How to create or access these notifications?
A new library of notifications is provided under a new tab called ‘End user notifications’ which will be used to create, edit, copy and delete notifications. Notifications are either Microsoft curated or customized by a customer.
1. Microsoft curated notifications (Global)
Enables you to choose from Microsoft curated notifications in 12 languages for a ‘click and go’ experience.
2. Custom notification created by a tenant (Tenant)
Enables you to tailor the notification to your requirements in 12 languages. For example, include your own branding, messaging, code, and more.
Creating a custom notification is a great option for enterprises who want to create a notification from scratch using Rich Text Editor. The notification can be created either by using the text tab (RTE) where the content can be created within the editor, copied from external sources, or by using the code tab to input the HTML code.
- Dynamic tag: Allows you to choose the user’s first name, last name, UPN, email address, and payload dynamically.
- Use from Default: Allows you to choose Microsoft defaults landing page with predefined formatting and make additional modifications as necessary.
- Company Logo/images: Allows you to paste the image/logos of your choice and insert videos of up to 4MB.
- Body: Allows you to create content/text of your choice.
- Shows the content of the payload chosen
- The “code” tab that comes along with the rich text editor can be leveraged for additional sophisticated design requirements using HTML code. The code can be saved and reused for new simulations.
How to use notifications in simulations?
A new node called ‘Select end user notification’ is added to the launch simulation and simulation automation workflow where you can choose to not deliver any notification, choose from Microsoft defaults or customized end user notifications. Positive reinforcement notification can be delivered during the campaign or after the campaign whereas Simulation Notification would be delivered after the campaign ends as per the users’ actions-all users, clicked, and compromised.
We hope you enjoy using custom end user notifications in a simulation. Looking forward to your experience and feedback!
Want to learn more about Attack Simulation Training?
Get started with the available documentation today and check out the blogs for Setting up a New Phish Simulation Program-Part One and Part Two. In addition to these, you can read more details about new features in Attack Simulation Training.
by Contributed | Dec 16, 2021 | Dynamics 365, Microsoft 365, Technology
This article is contributed. See the original author and article here.
Organizations have an increasing need to interact with their customers to solicit feedback on products and services, building customer trust with process transparency. Dynamics 365 Customer Service has launched two capabilities in preview to enable organizations to invite customer suggestions and build vibrant communities.
Community managers and moderators can use the first capability, the Dynamics 365 Customer Service Community Preview app, to crowdsource portfolios of ideas and quickly respond to community suggestions.
The second capability is offered with the Modern Community (preview) portal template, which enables organizations to provide their customers with delightful and engaging experiences for posting suggestions in community forums and collaborating to shape the future of products they use by upvoting, commenting, sharing, and flagging ideas posted in the community.
To see examples of these capabilities in action, check out the major public feedback portals for Microsoft Azure, Microsoft 365, and Microsoft Edge, which are now powered by Customer Service Community.
Capabilities for community managers and moderators
The Dynamics 365 Customer Service Community app provides community managers and moderators with the necessary capabilities to capture and evaluate ideas. They can be responsive and “close the loop” as community members give input. Now community managers can:
- Configure the portal to fit their organization’s brand, including colors, custom header and footer, and quick links to digital assets.
- Enforce acceptance of terms of use and privacy statements by users.
- Create and manage idea forums.
- Manage content, including content moderation and merging duplicate ideas.
- Update the status of ideas or requests and respond to community feedback.
- Manage users and assign security roles at the forum level.
Try out the Dynamics 365 Customer Service Community app in your sandbox environment first to learn about its capabilities.
Users experience a vibrant community
The Modern Community (preview) portal template offers all the functions needed to delight users as they share new ideas and collaborate at scale. Users can:
- Browse, search, filter, and sort idea lists.
- Post new ideas. This flow includes autosuggestion of existing ideas to prevent duplicates.
- Collaborate and engage in a community that includes upvoting, commenting, sharing, and following ideas.
- Flag inappropriate content.
- Track the status of ideas that they are engaged with.
Next steps
Customer Service Community Preview has launched and is available to use in the public cloud. Refer to the documentation to learn how to install the Community app and get started.
You can also view a short video introduction about the Community app and portal.
Try out Community with our demo portal.
To ask questions of our team, or to view questions that others have asked, use theDynamics 365 Customer Service Community forum. When posting your question, select Community from the Filters list in the form.
Visit theDynamics 365 Customer Service Ideas forum to share feedback and ideas for how we can improve the Community app.
Feel free to reach out in email to the Customer Service Community team as well.
The post Engage with customers in Dynamics 365 Customer Service Community Preview appeared first on Microsoft Dynamics 365 Blog.
Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.
by Scott Muniz | Dec 15, 2021 | Security, Technology
This article is contributed. See the original author and article here.
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to the federal enterprise.
| CVE Number |
CVE Title |
Remediation Due Date |
| CVE-2021-43890 |
Microsoft Windows AppX Installer Spoofing Vulnerability |
12/29/2021 |
| CVE-2021-4102 |
Google Chromium V8 Engine Use-After-Free Vulnerability |
12/29/2021 |
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known CVEs that carry significant risk to the federal enterprise. BOD 22-01 requires FCEB agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.
Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the Catalog that meet the meet the specified criteria.
Recent Comments