Yesterday I got an interesting SPAM that looked very much like the scam you see here.

I right clicked on the shortcut and copied it to the clipboard then pasted it into chrome on my test machine.  It takes me to what appears to be a legit bankofamerica website.  I have attached a screenshot.  I did not enter my passwords, but it sure looks 100% legit to me.

Here is the url:  https:/ / billpay-ui.bankofamerica.com/ imm/ PaymentCenter/ Index/ 8404?csbi=644077671&b0=20190916192841396056
I have added a space after each / to make it safe.


I've been told that some legitimate looking URL's will automatically redirect me to a bogus website, but how does that work? If the domain controller does the redirecting wouldn't bankofamerica.com avoid a bogus address? Or does the redirecting occur on the routers that the packets hop through?

In other words how can this particular link get me in trouble?
ee-bankofamerica.png

I have On-Prem Azure MFA. How can I enable a domain account (Admin) to get MFA when accessing a server either by RDP, \\Server1\c$\, Interactive Login , etc.
We do not have MS Federation Service setup. Windows Hello for business seems a bit cumbersome for this objective.

Ideally, it will be with push notifcation and easy to implement.

I briefly came across Centrify.- https://www.centrify.com/privileged-access-management/authentication-service/mfa-system-login/

Any idea or suggestions welcomed.

I've got a Python script that traverses S3 Buckets and prints out what folders and files have public permissions. This can be handy when auditing AWS for potential security issues.

Right now, the script runs fine, but takes a long time to run, due to a CDN that has known public permissions. I would like to exclude that bucket when I run the script.

Can someone please help me create a line in the script that allows me to EXCLUDE a particular bucket? Let's call the bucket I want to exclude "cdn-twt" for the sake of this script.

Thanks in advance for your assistance.

#This Script will use Paginator to print result for each bucket, executed in multiple threads
import boto3
import threading
import os.path

ACCESS_KEY = 'A*****************A'
SECRET_ACCESS_KEY = 'P******************************2'

session = boto3.Session(aws_access_key_id = ACCESS_KEY, aws_secret_access_key = SECRET_ACCESS_KEY)

maxthreads = 5
sema = threading.Semaphore(value=maxthreads)

def list_object(bucket):
    try:
        s3 = session.client('s3')
        flag1 = objcount = 0
        paginator = s3.get_paginator('list_objects')
        page_iterator = paginator.paginate(Bucket= bucket)
        for page in page_iterator:
            if 'Contents' in page:
                for obj in page['Contents']:
                    uniobj = obj['Key'].encode('ascii', 'ignore').decode('ascii')
                    objAcl = s3.get_object_acl(Bucket=bucket, Key=obj['Key'])
                    flag2 = 0
   

Select all Open in new window

…

I accidentally locked myself out of my computer. I set Lockout Policy for Admin (0) after 5 bad attempts, which wouldn't be a problem normally, cause I'd login as Admin and clear the user account, however, I setup a configuration that allows a User to elevate permissions without an Admin password but when the session is not active it disables the Admin account. :(

It has been working great for 2 years and then while I was on a call I didn't focus that much effort into my logins and boom the hammer dropped...lockout.

How can I login again...I don't want to reformat.

-Windows 10 Pro (fully updated)
-workgroup

Thanks!

We are getting a CORS error when trying to run and API request from one of our subdomains to another. I saw an htaccess fix...

<ifmodule mod_headers.c="">
   SetEnvIf Origin "^(.*\.MyDomain\.com)$" ORIGIN_SUB_DOMAIN=$1
   Header set Access-Control-Allow-Origin "%{ORIGIN_SUB_DOMAIN}e" env=ORIGIN_SUB_DOMAIN
   Header set Access-Control-Allow-Methods: "*"
   Header set Access-Control-Allow-Headers: "Origin, X-Requested-With, Content-Type, Accept, Authorization"
</ifmodule>

I added that to the htaccess file of where the API request was going *to*, but we still get the error. Does it need to go in the htaccess of the site the request is coming *from*? Or both? In other words, does the htaccess stuff need to live where the request originates or where the request is processed? Or both?

Two separate businesses using the same domain name have now merged into one.
This is the first time I've ran into this and hope someone could shed some light. We've recently acquired a new client who at one point had two domain controllers. Server 2008 and Server 2012. They moved Server 2012 over to a new location as part of a different business, but kept the same domain name. Server 2008 AD sees the 2012 as a DC, However 2012 doesn't see 2008 as a DC. They are now on different networks, but recently was configured to tunnel back to corporate to share resources.

What I'm trying to accomplish: Join a 2016 DC to their corporate to decommission 2008.

Error I'm getting when promoting 2016 to a DC: "Active Directory preparation failed. The schema master did not complete a replication cycle after the last reboot."



What I've gathered so far.

Server 2008 - DC - samedomain.local - Corporate Office

At one point was replicating to 2012.
Server 2012 - DC - samedomain.local - Remote Office

No longer replicating from 2008.
Recently a WatchGuard VPN was put in so the two locations could talk and share resources. Different IP schemes, and they don't know about each other.

My Question: Can I safely remove 2012 DC from 2008 to stop attemping replication and at the same time continue to operate both under the same domain names, but seperate?

Remote Office will still use 2012 to authenticate locally until we can sit down and plan out a migration plan several …

We're on O365 E1 & E3.
From browsing, understand our Enterprise E1 & E3 O365 has DLP feature.

I'd like to implement Data Loss Prevention for outgoing emails and files uploaded to OneDrive/Sharepoint.


Need advice here if O365/Exchange Online can fulfill the following requirements & point me to the links that guide on the steps to configure/set:

a)      To configure for a pilot group initially before rollout corporate-wide: can we specify a few users 1st?

b)      When outgoing emails sent by staff contains NRIC (in the email content as well as its attachments such as MSOffice & PDF attachments), the emails will be quarantined/withheld till myself or alternate approver  approves to release them.   Ideally the approval for release is done via email or demonstrate how this is done.

IT administrator is not the right party to assess if the user’s function/role requires the user to send the sensitive information so ideally we can designate for each department a couple of approvers.

c)      Likewise, if the outgoing emails contain encrypted attachment, the email ought to be withheld/quarantined till the sender’s manager releases it

d)      On a lower priority, outgoing emails tagged as “Confidential, Sensitive” or emails with attachments that are tagged with these keywords are to be quarantined till the sender’s approver releases it


e)      Repeat the above tests when users upload documents containing NRIC or tagged as ‘Restricted/Confidential’ to OneDrive & SharePoint Online

…

We are in the process of deploying  new laptops, PCs and MACs   across the board to employees at all branches.
Would appreciate the advice of Experts before the handover:

1. Which is the best software to monitor in case the  laptop/PC/MAC gets lost and to get it back.
2. What the best way to physically secure these devices.

Any other advice will be appreciated.

I am trying to do a quick audit of our security landscape (such as, not limited to, which versions of SQL / OS are running, patching levels, misconfigurations. attack surface etc) and thought I would ask what other people are using.  So I am currently only looking at free tools (Using Powershell / WMI etc) that are easy to use and can quickly give us an overview of the security health of our domain (Windows / Linux / Mac) - we will look at paid products separately down the line.

I welcome suggestions of tools you have used top criteria would be:-

1. Can quickly audit a whole environment preferably without needing agents preinstalled
2. Free (or very cheap)
3. Provide up to date information

Thanks!


Jon

is PowerShell get-hotfix command a reliable way to determine that last windows security update applied to a windows server/client? I have used it on a sample of servers and it seems to sort the results into a sequential order although some seem a little but out of order so to speak, I've picked that the last value in the sequence and then gone online using the KB number, e.g. KB4499151 - to determine the date is was released/issued by Microsoft. Is this an accurate way to determine the last date an update was applied.

hi any document or link where explain which security policies apply or create documentation of security policies

Hello to everyone,

while I was installing some software,I don't know where I have clicked,but something very bad is happened. I've activated a virus that has crypted a lot of important data saved on all the attached disks. The files after that they have been crypted appears like this :

autoexec.bat.id[0E9A1736-2275].[recovermyfiles2019@thesecure.biz].ADAME
WhatsApp.lnk.id[0E9A1736-2275].[recovermyfiles2019@thesecure.biz].ADAME

This is the message that I seen after some time :

All you files have been encrypted due to a security problem with your PC. If you want to restore them, there are 2 ways of contact.

1. Jabber contact -       recovermyfiles2019@thesecure.biz

- https://www.wikihow.com/Create-a-Jabber-Account
- https://psi-im.org/download/
- Once you created a jabber account. Make sure you add the contact first and wait for our approval to begin sending message.
- Directly messaging us with out accepting your request will result to Forbidden message

2. Bitmessage contact address-       BM-2cVoXfF2BdYyfxBrady3hopZN6izutPyEr

- https://bitmessage.org/wiki/Main_Page
- After all the sync is finish. You can directly send message here.

Try both method of contact to ensure we receive your message.

Free decryption as guarantee

Before paying you can send us up to 5 files for free decryption. The total size of file must be less tthan 4mb(non achieved), and files should not contact valuable information. (databases, backups, large excel sheets, etc.)

…

Hi Experts - my inquiry boils down to three questions:  

1.). What might a Security Analyst have found in AWS instances (e.g., any hosted database or server solutions) to indicate TOR usage?

2.). How do you effectively detect and contain/eradicate TOR usage?

3.). What are sure tell-tale behaviorism's that TOR is being used on your network?

Thanks a million in advance for any insight provided!