Whitepaper called From Zero Credentials to Full Domain Compromise. This paper covers techniques penetration testers can use in order to accomplish an initial foothold on target networks and achieve full domain compromise without executing third party applications or reusing clear text credentials.

What if the coronavirus lasts until the end of the year? Lawrence Yeo has a bleak forecast.

Here is the short answer to the question of how many Microsoft products you can request: You can get 50 of each kind of product in a two-year period — but there are some exceptions.

See Microsoft products

What do you mean by "each kind of product"?

The Microsoft Donation Program divides products into categories called title groups. See the current list of 37. A title group contains products that serve essentially the same purpose, like PowerPoint and PowerPoint for Mac.

You can get products from 10 title groups in your two-year cycle.

When does this two-year cycle start and end? Is it the calendar year?

No. Your nonprofit has its own two-year cycle. Your first cycle started the day you requested your first Microsoft product through TechSoup. You can see when your current cycle ends on your Microsoft Donation Center page.

Outlook and PowerPoint are both title groups. Does that mean we can get 50 of each product?

That's right. They can be all the Windows version, all the Mac version, or a mixture of the two. And you will be able to request products from eight more title groups.

What are the exceptions you mentioned?

They have to do with servers. Microsoft offers two licensing models for its server products.

• Core-based licensing. This licensing is based on the number of cores in the physical processors of your server machines. The product page on TechSoup will tell you whether the server uses this type of licensing. You can request up to 50 of these products from each title group, the same as desktop products. But you might have to request more than one product to fully license all the processors in your server.
• Non-core-based licensing. You can request a total of five server products that do not use core-based licensing. They can be from a single title group or from different title groups, but the total cannot be more than five.

A lot of the title groups are for CALs and MLs. What are the limits for these?

You can get 50 from each title group.

CALs, or client access licenses, give you access to a server from a device like your desktop computer.

MLs, or management licenses, let your device be managed by a management server.

Where can I find out more?

This article goes into a lot more detail and gives examples of how the various allotments work together.

spanhidden

4

In Week 1 of National Cybersecurity Awareness Month (NCSAM) we looked at spoofed emails, cybercriminals' preferred method of spreading malware. Today, in an effort to provide you with the best information out there to keep you safe online, we're hitting you with a double dose of cybersafety news.

Let's take look at the topics for Week 2 and 3 of National Cybersecurity Awareness Month: malware and password security. They're separate but related issues in the world of Internet crime prevention, and a better understanding of each is key to protecting your property and personal information in today's digital world.

Malware

Malware is an umbrella term used to describe software that is intended to damage or disable computers and computer systems. If you'd like, you can take a moment and watch this video on malware from Norton Security. But the best way to begin protecting yourself against this stuff is to learn about all the different types of malware that can affect your computer. There are tons, so we'll just go over the broader categories for now.

Viruses: Malicious bits of code that replicate by copying themselves to another program, computer boot sector, or document and change how a computer works. Viruses are typically attached to an executable file or program and spread once a user opens that file and executes it.

Worms: They're like viruses, but are different in terms of the way they're spread. Worms typically exploit a vulnerability or a weakness that allows an attacker to reduce a system's information assurance. Missed that last Windows update? You might be more vulnerable to worms.

Trojans: These look like legitimate pieces of software and are activated after a user executes them. Unlike a virus or a worm, a trojan does not replicate a copy of itself. Instead, it lurks silently in the background, compromising users' sensitive personal data.

Ransomware: This refers to a type of malware that prevents or limits users from accessing their system, either by locking the system's screen or by locking or threatening to erase the users' files unless a ransom is paid. You may recall the WannaCry attack that affected users across the globe this summer, only to be thwarted by the accidental discovery of a "kill switch" that saved people from the malicious software.

Spyware: This malware collects your personal information (such as credit card numbers) and often passes this information along to third parties online without you knowing.

You can check out more descriptions and examples of the types of malware that exist today at MalwareFox, a malware detection and removal software program.

Tips for Protecting Yourself Against Malware

Staying malware-free doesn't require an engineering degree. You can greatly reduce, if not completely eliminate, your chances of falling victim to malware by following these easy tips.

• Keep your operating system current.
• Keep your software up to date, particularly the software you use to browse the Internet.
• Install antivirus and security software and schedule weekly scans. At TechSoup, we're protected by Symantec Endpoint Protection. At home, there are dozens of solutions you can use to protect yourself (PCMag lists many here).
• Mind where you click. Think twice before you download torrent videos or free Microsoft Office templates from some random website.
• Avoid public, nonpassword, nonencrypted Wi-Fi connections when you can. Use a VPN when you cannot.

Spread the Word

Let people know that TechSoup is helping you become more #CyberAware by sharing a message on your social media channels. If you tag @TechSoup on Twitter, we'll retweet the first two tweets. Remember, we're all in this together.

Password Security

Now that we've covered the nasty stuff that can make your life miserable if it ends up on your computer, let's go over some password security tips to help prevent malware from getting there in the first place. Using best practices when it comes to protecting your passwords is a proven way to protect your personal and financial information. Curious how knowledgeable you already are? Watch this video and take this quiz to enter a drawing for a $25 Amazon gift card!

First, let's go over some facts.

• Passwords are the first line of defense to protect your personal and financial information.
• A weak password can allow viruses to gain access to your computer and spread through TechSoup's or your family's network.
• It's estimated that 73 percent of users have the same password for multiple sites and 33 percent use the same password every time. (Source: Digicert, May 2014)
• Despite a small sample size of 1,110 U.S. adults, a recent YouGov survey still found that 28 percent of adults use the same passwords for most of their online accounts. (Source: Business Insider, October 2017).

Best Practices for Effective Password Protection

One great way to better protect yourself is by opting for a passphrase, which is much more difficult to crack than a single-word password. Here are some guidelines to creating one.

• Pick a famous quote or saying and use the first letter of each word.
• Add a number that you can remember.
• Capitalize one letter.
• Make it unique by adding the first letter of your company's name to the beginning or end of the passphrase.
• Make it between 16 and 24 characters.

You should never write your password down, but if you must, never store user IDs and passwords together. Finally — even though it might seem unwieldy — you should always use a different password for each site that requires one. In today's world, everything is connected. A savvy hacker can easily breach your bank account, email, and medical records in one fell swoop if you're using the same password for all three.

Additional Cybersecurity Resources

In case you missed it, take a look at last week's post on recognizing suspicious emails.

Need a little inspiration? Find out how TechSoup and Symantec are making a difference in the lives of at-risk teens.

Get more security tips from the National Cyber Security Alliance. National Cyber Security Alliance Month — observed every October — was created as a collaborative effort between government and industry to ensure that all Americans have the resources they need to stay safer and more secure online. Find out how you can get involved.

spanhidden

Poor infrastructure and political instability deter tourism, but small and manageable steps to avoid chaos and promote hospitality can work wonders.

The UN Sustainable Development Goals aim to end global poverty, but poorer countries are struggling to hit them. More help from richer countries is crucial, writes Mazdak Rafaty.

Wavteq's Henry Loewendahl discusses which sectors retain potential for foreign investment amid the current global crisis 

Long-dominant global supply chains look less tenable in the light of pressures ranging from pandemics to disasters, trade tensions and protectionism.

The UAE followed Singapore’s swift reaction to combat Covid-19, to preserve the health of its citizens. Now moves are in place to tackle the country’s economic wellbeing.

The coronavirus pandemic could change human behaviour more permanently in future.

Marcus Weldon, chief technology officer of Nokia and president of its research arm Nokia Bell Labs, talks about what guided the decision to set up a new global R&D centre and the company’s strategy for driving innovation.

Asia outstrips the world for tourist arrivals and is still experiencing growth. Constant maintenance and upgrade are essential to maintain this lead.

China's coronavirus outbreak is having a seismic effect in Asia and beyond, writes Lawrence Yeo.

We are currently in a state of heightened business and economic disruption and sociopolitical activism, which only looks set to intensify. 

Giant investment firm BlackRock throwing its weight behind sustainability issues is sending a signal to the corporate world to respond urgently to global calls for action, writes Gregg Wassmansdorf.

Pedro Calado, vice-president of Madeira’s regional government, tells Sebastian Shehadi about the island's capacity for more upmarket tourism and its ongoing struggle to gain financial independence from Portugal. 

Antwerp has long been an attractive retail location in Belgium, while also offering investors an efficient and transparent planning process. 

Investment into the Middle East region by US-based companies showed a notable increase between the beginning fo 2016 and the end of 2018. 

In an announcement that was celebrated by the solar industry, yesterday U.S. trade officials said that bi-facial solar modules, which are solar modules that produce energy on both sides of the panel, would be exempt from import tariffs.

Global demand for air-conditioning is projected to triple over the next 30 years, as the planet warms and urban populations grow, particularly in emerging markets. Meeting that demand will call for significant investments in new cooling infrastructure and the electrical generating capacity necessary to power it. Although traditional cooling technologies are expected to become more efficient in coming years, countries will need to plan for these additional loads, which will be expensive. Emerging markets can also make use of district cooling, an approach that the Gulf Cooperation Council (GCC), which consists of six Middle Eastern countries — Saudi Arabia, Kuwait, the United Arab Emirates, Qatar, Bahrain, and Oman — have successfully adopted.

Last week, Corvias announced that it had entered the final phase of its geothermal installation and energy upgrades effort at the U.S. Army’s Fort Polk in West-Central Louisiana, a milestone that once complete will not only modernize the aging infrastructure but save the Army significant money and benefit military families.

The electric utility industry has been buffeted by two recent trends that threaten to upend the profitability, and in some cases the future viability of, those companies that are slow to adapt to a new, rapidly changing landscape. Specifically, in the past decade, the industry has had to grapple with both waning demand and the growth of distributed energy generation.