Security

25K

Solutions

24K

Contributors

Security is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide. Computer systems now include a very wide variety of "smart" devices, including smartphones, televisions and tiny devices as part of the Internet of Things -– and networks include not only the Internet and private data networks, but also Bluetooth, Wi-Fi and other wireless networks.

Share tech news, updates, or what's on your mind.

Sign up to Post

Warning - A respectable looking scam attempt

I get scam attempt emails all the time, however, this one caught my eye due to how cleverly it's been put together. An almost perfect reproduction of a genuine Energy Australia electricity bill. Two screw-ups from this particular scammer though - An invalid "From:" email address and the Copyright statement at the bottom of the bill is dated 2017.

Other than those two mistakes, it is an almost perfect reproduction that I fear would fool the majority of technically challenged users. Even the Sign in to My Account etc. links are genuine. Take a look at this:

EnergyAustralia Scam
















The "view your bill" link is bogus and hyperlinks to the following address, which I've purposely mangled to make it unclickable.

h t t p: // org155 DOT outdoorjacketstore DOT com / route / b65ffaead5b87a47

Give a heads up to your folks if you still have them, as well anyone else you think might benefit from this information.

Hope that's helpful.

Regards, Andrew
0
Powerful Yet Easy-to-Use Network Monitoring
Powerful Yet Easy-to-Use Network Monitoring

Identify excessive bandwidth utilization or unexpected application traffic with SolarWinds Bandwidth Analyzer Pack.

https://www.computerworld.com/article/3005184/encryption/bitlocker-encryption-can-be-defeated-with-trivial-windows-authentication-bypass.html
Wow. Just came across this by chance. I can't believe I missed that one back in 2015. The article describes, that due to bad design, windows (all versions) allowed attackers at the logon screen to break in without knowing the password of your domain user account.

I consider myself very well-informed when it comes to computer security and I did not know this. How did Microsoft manage that this did not start a giant outcry, back then? Must be, because the security advisory simply does not even rate this "critical"!
0
Saw this a while ago and just came across it again. I think it's too good not to share. Enjoy...  :)

IT Emergency
5
LVL 20

Expert Comment

by:Lucas Bishop
I follow the same procedure when I mis-send an email.
2
LVL 12

Expert Comment

by:Prabhin MP
even me follow the same.

this note can save your entire organization during cyber attack
0
Changing the default password on your router will only be the first step for securing your network soon

https://www.zdnet.com/article/hacking-attacks-on-your-router-why-the-worst-is-yet-to-come/
1
LVL 20

Expert Comment

by:Lucas Bishop
Yeah, I can't recommend it enough. I'm hoping in my spare time I can write up a review of it here.

Some highlights:
802.11AC + 802.11bgn
3000Mbps throughput
3 Radios (1, 2.4 and 2, 5.0)
4x4 MU-MIMO
Beamforming
Mesh
Six Antennas
DFS Bands

One of the main reasons I picked it up though was the parental control features that are built in. Almost every other router I researched, required you to subscribe to a third party parental control service (ex. Circle by Disney or OpenDNS Parental Controls). So I'd go and review those services and see nothing but problems. I even tried using OpenDNS on my router (Netgear at the time) and then when I found it to be substandard, it wouldn't uninstall -- forcing me to factory reset.

Meanwhile the Gryphon comes with parental controls integrated by default at no extra cost. Then on top of that it has ESET's malware detection built in (costs $9.99 after the first year) and a variety of other features that should be (imo) part of all routers -- like the ability for the router to detect if an IoT device is suddenly acting like it's been infected by malware and isolating it from the network.

I'm at the point where I expect my router to be the strongest piece of hardware when it comes to home security and this Gryphon is the first one I've found where I actually believe it's holding up its end of the bargain, without me having to manage iptables.
0
LVL 25

Author Comment

by:Andrew Leniart
Yeah, I can't recommend it enough. I'm hoping in my spare time I can write up a review of it here.

Along with some of your personal experiences with using it, that would be a very welcome addition to our articles database Lucas.
0
This was originally shared by Thomas Zucker-Scharff on LinkedIn, but I thought it worthy of sharing here as well.

https://www.linkedin.com/feed/update/activity:6484900450318503936/

https://s3.amazonaws.com/ftt-uploads/wp-content/uploads/2017/11/15012417/user_replay_fullstory_demo.mp4



Quite a scary revelation. The question now is how to detect any website using such scripts?
0
Australian SMS Scam Alert

https://auspost.com.au/about-us/about-our-site/online-security-scams-fraud/scam-alerts

Australia Post is aware that fraudulent SMSs are circulating advising customers that their address has been drawn, that results are in, that you are 1 of 5 lucky winners and then prompting you to click on a link.



The SMS asks you to click on a link that isn't related to Australia Post. The below examples lead to various scam websites and should not be trusted.



After completing the questions they will direct you to a ‘reward’ which asks for your banking information. Please do not provide your banking information – it’s how scammers can take money from your accounts.
1
LVL 24

Expert Comment

by:Alan
Makes sense - thanks.

Alan.
0
LVL 20

Expert Comment

by:Lucas Bishop
If I had to guess, this scenario:

direct you to a ‘reward’ which asks for your banking information

Is some kind of phishing attempt where they tell you that you just won something, but you need to login to your bank's website to complete the process of receiving your earnings. You're probably shown a screen that looks like your banks website and if you input any information into it, they've just figured out your bank information. Similar to what you see here:
http://www.phishing.org/phishing-examples
2
US Postal Service exposed data of 60 million users

https://techcrunch.com/2018/11/26/the-us-postal-service-exposed-data-of-60-million-users/

A broken U.S. Postal Service API exposed more than 60 million users by allowing a researcher to pull millions of rows of data by sending wildcard requests to the server. The resulting security hole has been patched after repeated requests to the USPS.
2
BIOS Flash Updates

Over the years, I've had BIOS updates totally ruin a couple of mainboards on me that I had to replace at my own expense for client machines I was working on, so I tend to shy away from flash updating any BIOS unless I see a specific need to do so to address a specific problem a machine is having.

I do the same with my own computers, so it was with a little trepidation that I decided to update the BIOS on my self-built Windows 10 machine today - necessary because of the recent security flaw that was discovered and I found it addressed.

So for those of you using this now relatively out dated mainboard that I have: Intel Corporation DH67CL - I can say that you can go ahead and use the 2018 Flash update available for it with confidence. No ill effects from my own experience.

This has been a community service announcement! :-)
0
Ransomware is the next big security threat. Don’t be a victim. Prepare your business for fast and easy backup now https://bit.ly/2O0FO34 
1
0
Protecting & Securing Your Critical Data
LVL 1
Protecting & Securing Your Critical Data

Considering 93 percent of companies file for bankruptcy within 12 months of a disaster that blocked access to their data for 10 days or more, planning for the worst is just smart business. Learn how Acronis Backup integrates security at every stage

Bankrupt Company's Data Resold on Craigslist

Heads up for any members who have ever purchased through NCIX. Looks like their server equipment was sold off without being scrubbed.
This is a good reminder about letting a third party store your credit card data.
https://nakedsecurity.sophos.com/2018/09/24/bankrupt-ncix-customer-data-resold-on-craigslist/
2
LVL 47

Expert Comment

by:noci
They can sell the data to any company that continues the business (as a whole)  in one part.  (restart of business with new owners)...
(that is data that will still be used for what it was provided for.... ) Data is NOT provided for anything else then conducting business with THIS company.   (If EU customers are part of the data GDPR is important here, or even if non-EU citizens did business from the EU).
So there is no license on the data for a lot of different things.
0
LVL 47

Expert Comment

by:noci
The new  owner of the data ALSO inherrits this license/restriction on the data is not that  the data is free for all after it has been flogged off... (In legal theory...,  i am afraid it will be a free for all in practice).
0
TIP  SECURITY  ENCRYPTION & CERTIFICATES

In-place upgrade of encrypted Windows systems using reflectdrivers

Apparently since Win10 v1607 there exists a parameter "/reflectdrivers" in the Windows setup (setup.exe on the DVD / USB stick) see https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/windows-setup-command-line-options

This can be used to tell Setup the location of the encryption drivers (eg Veracrypt) and finally be able to perform upgrades without decrypting!

The Veracrypt developer shares this in a forum post and gives a syntax example for his product:

setup.exe /ReflectDrivers "C:\Program Files\VeraCrypt" /PostOOBE C:\ProgramData\VeraCrypt\SetupComplete.cmd

Open in new window

1
Andy's VMware vSphere tip#8: Spectre and Meltdown....Have you patched your server yet? It's almost 5 months since this Security Flaw was found in Intel CPUs, and we are still finding many VMs, and Hosts in the wild which are still not patched!

Remember this actually requires a little bit of work... To successfully patch against Spectre and Meltdown, you must:-

1. Update the BIOS and Firmware, and maybe CPU microcode in the Host ESXi Server. Some BIOS updates update the microcode for you. Check with your Server Vendor, some server vendor have been very slow to release new BIOS/Firmware/Microcode updates, and some servers may be now end of life, as server vendor may not release new code.

2. Update vCenter Server to 6.5 U1g, 6.0 U3e or 5.5 U3h.

3. Update the ESXi Build to the latest versions

ESXi 6.5: ESXi650-201803401-BG* and ESXi650-201803402-BG**
ESXi 6.0: ESXi600-201803401-BG* and ESXi600-201803402-BG**
ESXi 5.5: ESXi550-201803401-BG* and ESXi550-201803402-BG**

4. Update VMware Tools and all virtual machine hardware versions to 11.

5. Update Guest VM with latest updates.

6. You can then sit back, you are patched!

https://kb.vmware.com/s/article/52085

https://blogs.vmware.com/services-education-insights/feed-items/meltdown-and-spectre-vmware-patches#

https://blogs.vmware.com/feed-items/vmware-releases-patches-for-meltdown-and-spectre-bug/

If you need to discuss this further please, post a question to the VMware topic area.
1
Andy's VMware vSphere tip#5: Best Practice and Security Hardening ? HOW... easy as 1...2...3...

How about using some Automated VMware expertise, like having a VMware Consultant on hand, every minute of the day to ensure your VMware vSphere environment, is following best practices and security hardening guidelines to protect your environment, also has the ability to monitor VMware vSphere Hypervisor logs in real time for VMware KBs. We've been using and following this small startup for a few years now. Let me introduce you to Runecast Analyzer.

2018-05-24-10_41_44-Runecast-_-Web-c.png
https://www.runecast.biz/

Download a 14 Day Trial and take it for a spin.

We would not recommend it, if we didn't use it!

So there is no no excuse to quickly scan your environment for FREE, and see what you need to change!

PS Tell them Andy sent you.....you may get a discount!!!
0

Expert Comment

by:Alba Richi
Very interesting, thank you!
0
LVL 130

Author Comment

by:Andrew Hancock (VMware vExpert / EE MVE^2)
No problems follow me for more tips!
1
0

Expert Comment

by:Alba Richi
Thank you, I will definitely try your checklist!
1
LVL 5

Author Comment

by:Adrian McGarry
If you like the checklist, try our GDPR product
0
2

Expert Comment

by:Alba Richi
Thanks for the link.
0
https://blogs.technet.microsoft.com/mniehaus/2018/05/02/new-upgrade-to-windows-10-1803-without-suspending-bitlocker/

Microsoft is re-tightening security after tearing open a huge security hole themselves, long ago. They are offering to disable a problematic behavior that they have introduced years ago, which was heavily criticized, but somehow manage to make it sound like "going forward". Thing is, the ability to auto-suspend when upgrading was there before - IT WAS THE PROBLEM.

Interesting read for WSUS/SCCM admins who want to deploy feature upgrades.
1
LVL 108

Expert Comment

by:John
Thank you for posting this. On my machine, I have Opal 2 and my understanding from Microsoft (Redmond Global MVP Summit) is that BitLocker is not needed here so I have not implemented it.

Interesting read and thanks again.
0
0
Put Your Flow Data to Work
Put Your Flow Data to Work

SolarWinds® Flow Tool Bundle combines three easy-to-download, easy-to-use flow analysis tools that can help you quickly distribute, test, and configure your flow traffic.

1
CloudFlare and APNIC have launched a free DNS service @ 1.1.1.1 that claims to prevent your ISP from selling your data:
https://blog.cloudflare.com/dns-resolver-1-1-1-1/

The claim to be the "fastest" comes with the caveat of "privacy-first" -- I wonder how it stacks up against DNS services that don't provide any inherent perceived privacy?

On a related note, the service is being hammered by multiple gbps of trash data:
https://www.zdnet.com/article/1-1-1-1-cloudflares-new-dns-attracting-gigabits-per-second-of-rubbish/

Personally, I've used Google's public DNS for years now, since it's always seemed to be more stable than my ISPs, but this CloudFlare option is really tempting. Handing over literally all of my browsing data to Google is probably not the best idea.
1
LVL 47

Expert Comment

by:noci
IPv6 patterns:
Google:
google-public-dns-a.google.com. 21599 IN AAAA   2001:4860:4860::8888

Cloudflare:
1dot1dot1dot1.cloudflare-dns.com. 299 IN AAAA   2606:4700:4700::1001
1dot1dot1dot1.cloudflare-dns.com. 299 IN AAAA   2606:4700:4700::1111

Quad9:
dns.quad9.net.          119     IN      AAAA    2620:fe::fe

level3 has no  ipv6...???
0
LVL 19

Expert Comment

by:Kyle Santos
I need an ELI5 version of what this does.  What am I doing by doing what they said here?
See https://1.1.1.1/ because it's that simple!
0

Security

25K

Solutions

24K

Contributors

Security is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide. Computer systems now include a very wide variety of "smart" devices, including smartphones, televisions and tiny devices as part of the Internet of Things -– and networks include not only the Internet and private data networks, but also Bluetooth, Wi-Fi and other wireless networks.