Some say…

Some say there are two great days in a person’s life: the day you were born and the day you discover why. I want to encourage you to seek what you were put on this earth to do. Then pursue it.  – #jermsmit #jermfit

Largest FREE Microsoft eBook Giveaway! 

FREE MICROSOFT EBOOK GIVEAWAY extravaganza!

https://blogs.msdn.microsoft.com/mssmallbiz/2017/07/11/largest-free-microsoft-ebook-giveaway-im-giving-away-millions-of-free-microsoft-ebooks-again-including-windows-10-office-365-office-2016-power-bi-azure-windows-8-1-office-2013-sharepo/

Ubuntu Linux for Windows 10 Released On Windows App Store

We can now get Ubuntu Linux for Windows 10 from the Windows App Store. Hows that for an amazing new feature. Simply open the Windows store and search for “Ubuntu”. I would be remiss if i didn’t mention that Windows Insiders Members get first go at this new application.

Also to note that this is not a full version of the Linux Operating System “Ubuntu”. This application is mainly utilizing terminal via bash with included gui-less utilities such as  ssh, git, apt, etc…

  • Navigate to Control Panel > Program and Features
  • Select Turn Windows features on or off
  • Select Windows Subsystems for Linux and Click OK
  • Reboot

 

 

 

New Phishing Scam Using Microsoft Office 365

*** Attention Required ***

It seems that the bad guys are at it once again with an attempt to collect information by phishing credentials from those of us using Office 365 for corporate emails.  The characteristics of this particular attack the hackers intention is to deceive Office 365 users into providing their login credentials”.

The user sees a fake Office 365 login page, which requests their credentials. Once the Office 365 usernames and passwords have been compromised, the hackers can:

  • Send emails to other users in the victim’s address book, asking them for anything, sending fake invoices, sending more phishing emails, etc.
  • Access the user’s OneDrive account, to download files, install more malware, infect files with malware, etc.
  • Access the users SharePoint account, to download files, install more malware, etc.
  • Steal company intellectual property or other customer information such as customer SSNs, credit card numbers, email addresses, etc.

One of the characteristic of this recent attack is an email being sent with an embedded image which resembles an Microsoft Office Word document containing a link back to a site with a fake Office 365 logon page.  In addition to this the site URL ends in php?userid= syntax.

I have provided the following YouTube video to illustrate the interaction of the fake Office 365 logon page.

Link: https://youtu.be/wHxkzxGF4JY

 

Advice:

It’s an important part of your responsibility to be cautious when accessing emails even from known senders to ensure its legitimate by reviewing the email to ensure that its legitimate.

If in doubt do not open the email and reach out to the sender to ensure they sent you the email.  If you self-determine an email to be suspicious immediately report incidents as soon as they happen.

 

Here are a few guidelines below that could be followed.  Please review:

 

Check the sender.

Sometimes, cybercriminals and hackers will fake (or “spoof”) the sender of an email. If the “from” address doesn’t match the alleged sender of the email, or if it doesn’t make sense in the context of the email, something may be suspicious.

Check for (in)sanity.

Many typical phishing emails are mass-produced by hackers using templates or generic messages. While sophisticated attacks may use more convincing fake emails, scammers looking to hit as many different inboxes as possible may send out large numbers of mismatched and badly written emails. If the email’s content is nonsensical or doesn’t match the subject, something may be suspicious.

Check the salutation.

Many business and commercial emails from legitimate organizations will be addressed to you by name. If an email claims to come from an organization you know but has a generic salutation, something may be suspicious.

Check the links.

A large number of phishing emails try to get victims to click on links to malicious websites in order to steal data or download malware. Always verify that link addresses are spelled correctly, and hover your mouse over a link to check its true destination. Beware of shortened links like http://bit.ly, http://goog.le, and http://tinyurl.com. If an email links to a suspicious website, something may be suspicious.

Don’t let them scare you.

Cyber criminals may use threats or a false sense of urgency to trick you into acting without thinking. If an email threatens you with consequences for not doing something immediately, something may be suspicious.

Don’t open suspicious attachments.

Some phishing emails try to get you to open an attached file. These attachments often contain malware that will infect your device; if you open them, you could be giving hackers access to your data or control of your device. If you get an unexpected or suspicious attachment in an email, something may be suspicious.

Don’t believe names and logos alone.

With the rise in spear phishing, cybercriminals may include real names, logos, and other information in their emails to more convincingly impersonate an individual or group that you trust. Just because an email contains a name or logo you recognize doesn’t mean that it’s trustworthy. If an email misuses logos or names, or contains made-up names, something may be suspicious.

If you still aren’t sure, verify!

If you think a message could be legitimate, but you aren’t sure, try verifying it. Contact the alleged sender separately (e.g., by phone) to ask about the message. If you received an email instructing you to check your account settings or perform some similar action, go to your account page separately to check for notices or settings.

 

 

Darrell’s Flashback Ugly 90s Fashion Show! – #DoubleFML FatDarrellPalooza!

Really cool that I got the honorable mention in this post. Brings back good memories.  

https://doublefml.com/2017/07/11/darrells-flashback-ugly-90s-fashion-show/

Disabling SMB1.0/CIFS File Sharing Support

There is a lot of buzz these days about new ransomware hijacking systems worldwide. The malware, dubbed NotPetya because it masquerades as the Petya ransomware. One of the many ways to help the spread of malware is to patch your computer, effectively stopping the SMB exploits by disabling SMBv1.

Here are steps which can be used to disable (remove) SMBv1 support.

For client operating systems:

  1. Open Control Panel, click Programs, and then click Turn Windows features on or off.
  2. In the Windows Features window, clear the SMB1.0/CIFS File Sharing Support checkbox, and then click OK to close the window.
  3. Restart

For server operating systems:

  1. Open Server Manager and then click the Manage menu and select Remove Roles and Features.
  2. In the Features window, clear the SMB1.0/CIFS File Sharing Support check box, and then click OK to close the window.
  3. Restart

Ref: https://support.microsoft.com/en-us/help/2696547/how-to-enable-and-disable-smbv1-smbv2-and-smbv3-in-windows-and-windows

Server 2008 R2, ‘Powershell’ is not recognized as an internal or external command …

While working on a task scheduling a powershell script, it was noticed that the powershell command does not execute from the command prompt on a server. When run I would encounter the following error: ‘powersehll’ is not recognized as an internal or external command, operable program or batch file.

After searching around Google / Bing I gave up and made the following attempt which worked out for myself and the system owners.

Looking at the system PATH variable seems correct with the expected path variable included under system variables: %SYSTEMROOT%\System32\WindowsPowerShell\v1.0\

I decided to check with my user only: I added ‘%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\’ to my user variable with success

In the systems path variables and removed the reference and added it to the end of the line which was successful in resolving the system wide issue.

Notes: This is a snapshot of before and after changes introduced which resolved my issue

original:
%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;C:\Program Files\Microsoft SQL Server\100\Tools\Binn\;C:\Program Files\Microsoft SQL Server\100\DTS\Binn\;C:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;C:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;C:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\

updated:
%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;C:\Program Files\Microsoft SQL Server\100\Tools\Binn\;C:\Program Files\Microsoft SQL Server\100\DTS\Binn\;C:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;C:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;C:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\

Cause of issue is still unknown.  Perhaps an ordering issues in the variables.  If you know please feel free to comment.
Thanks,

Jermal

‘WannaCry’ Malware Attack

By now many of you have read reports on various news channels, blog posts, etc… This flaw was patched in Microsoft’s March 2017 update cycle (MS17-10).

The ‘WannaCry’ (‘WannaCrypt’, ‘WCRY’) was reported worldwide on May 12th 2017 as a ransomeware worm targeting out-of-date systems.  WannaCry is leveraging vulnerabilities that were previously fixed on systems that have been updated.  Unfortunately many computers in enterprises have not been updated due to delay in deployments of new patches.  This is a common theme for many companies as they apply the IIABDEF (if it ain’t broke don’t ever fix) rule.

Microsoft issued critical security bulletin MS17-010 listing patches for the various affected operating systems.

Here is a following list of hotfixes you may wan ensure you have installed

 

# List Host by OS Version
# KB4012212 – Windows Server 2008
# KB4012217 KB4015551 KB4019216 – Windows Server 2012
# KB4012216 KB4015550 KB4019215 – Windows Server 2012 R2
# KB4013429 KB4019472 KB4015217 KB4015438 KB4016635 – Windows Server 2016

If any or all of these are missing you should apply the MS17-010 fix

What can you do to help prevent the spread of such ?

  • Keep software up-to-date, including operating systems
  • Avoid dangerous web locations
  • Educate users on how detect potential cyberattacks delivered via phishing emails, infected banners, spam emails, social engineering attempts, etc.

 

 

The Ten Immutable Laws Of Security: Version 2

You can’t patch these, but you can take steps to be more aware of these law’s.

 

Law #1: If a bad guy can persuade you to run his program on your computer, it’s not solely your computer anymore.

Law #2: If a bad guy can alter the operating system on your computer, it’s not your computer anymore.

Law #3: If a bad guy has unrestricted physical access to your computer, it’s not your computer anymore.

Law #4: If you allow a bad guy to run active content in your website, it’s not your website any more.

Law #5: Weak passwords trump strong security.

Law #6: A computer is only as secure as the administrator is trustworthy.

Law #7: Encrypted data is only as secure as its decryption key.

Law #8: An out-of-date anti-malware scanner is only marginally better than no scanner at all.

Law #9: Absolute anonymity isn’t practically achievable, online or offline.

Law #10: Technology is not a panacea.

 

Ref: https://technet.microsoft.com/en-us/library/hh278941.aspx?f=255&MSPPError=-2147217396

[SOLVED] Unable to migrate VM’s to other host

I had encountered the following issue when attempting to migrate a live VM to another host w/in my lab cluster.
The error received was: 

Currently connected network interface” ‘Network adapter 1’ cannot use network ‘VM Network’, because “the destination network on the destination host is configured for different offload or security policies than the source network on the source host”.

I was able to fix this by checking the configuration of the virtual switch (vSwitch0) on the ESXi host I was moving the virtual machine guest to.

  1. I click on each host went to the configure
  2. Under the Networking subsection located the virtual switch
  3. Selected edit on that virtual switch.
  4. Reviewed the settings in the Security tab and the Traffic Shaping tab between the hosts.

In my case the issue was with the Security tab.  The destination host did not match the source.
Just another reasons to use host profiles between systems so that settings all match.