How-To

iTunes Gift Card Scam

 

This is the song that never ends, yes it goes on and on my friend. Some people started singing it, not knowing what it was, and they’ll continue singing it forever just because…This is the song that never ends, yes it goes on and on my friend. Some people started singing it, not knowing what it was, and they’ll continue singing it forever just because…

I think you get the drift here.  These scams will continue as long as people keep falling for them. So don’t be a sheep and follow the those who have falling victim to this scam.

Many individuals throughout the country have received scam emails meant to defraud them out of hundreds of dollars. In recent incidents, victims received emails designed to appear as though they were sent from a trusted contact, such as a CEO, CFO or management of an organization.

Emails related to this campaign display the name of a familiar contact and originate from various Gmail accounts.

Communication typically begins with a brief message asking the recipient if they are available, followed by a request to purchase several iTunes gift cards and provide the redemption code on the back of the cards to the sender via email.

These requests are commonly sent under the ruse of a fundraiser or charity, or state that the sender is unable to purchase the gift cards themselves due to time constraints. It recommended that users who receive unexpected or unsolicited emails from known senders requesting them to make a purchase of any kind to always verify the sender via another means of communication before taking any action.

Its also highly recommend informing staff, friends, and family about these types of scams as education and awareness will help to prevent further victimization.

Work and Play Smart my Friends and Colleagues

 

Windows Server 2016, AppLocker Rules

AppLocker rules can be set up by using group policy in a Windows domain and have been very useful in limiting the execution of arbitrary executable files. AppLocker takes the approach of denying all executables from running unless they have specifically been whitelisted and allowed.

AppLocker is available in Windows Desktop and Servers.  Desktop Windows require Enterprise Editions.
The AppLocker requirements can be found here.

Note:  before implementing AppLocker rules in a production environment it is important to perform thorough testing. AppLocker will not allow anything to run unless it has been explicitly whitelisted. So keep in mind those non-standard installs to the system root or other drives (C:\ or E:\).

 

AppLocker Rule Types:

  • Executable Rules: These rules apply to executables, such as .exe and .com files.
  • Windows Installer Rules: These rules apply to files used for installing programs such as .msi, .mst and .msp files.
  • Script Rules: These rules apply to scripts such as .bat, .js, .vbs, .cmd, and .ps1 files.
  • Packaged App Rules: These rules apply to the Windows applications that may be downloaded through the Windows store with the .appx extension.

With each of these rules, we can also whitelist based on the publisher, path, or file hash.

  • Publisher: This method of whitelisting items is used when creating default rules as we’ll soon see, it works based on checking the publisher of the executable and allowing this. If the publisher, file name or version etc change then the executable will no longer be allowed to run.
  • Path: Executables can be whitelisted by providing a folder path, for example, we can say that anything within C:\tools is allowed to be run by a specific active directory user group.
  • File Hash: While this may be the most secure option, it is inconvenient to work with and manage. If a file changes at all, for instance, if an executable is updated, it will not be allowed to run as the allowed hash will have changed too.

 

AppLocker Configuration:

  • Open Server Manager, selecting Tools, followed by Group Policy Management.
  • From the Group Policy Management window that opens, we’ll select the group policy objects folder within the domain, right click and select new to create a new group policy object (GPO). In this case, we’ll create one called AppLocker Rules.
  • From within the Group Policy Management Editor (GPME). Select Computer Configuration > Policies > Windows Settings > Security Settings > Applications Control Policies > AppLocker
  • In the main AppLocker interface where we can create executable, windows installer, script, and packaged app rules. We can get started with the default settings by clicking the “Configure rule enforcement”  By default each of these four items is unticked and not enabled, we can tick the box next to “Configured” to enable to set the rules to be “Enforced”.

 

 


This post is part of our Microsoft 70-744 Securing Windows Server 2016 exam study guide series. For more info: https://www.microsoft.com/en-us/learning/exam-70-744.aspx

Removing a Orphaned Virtual Machine from vRealize Automation

**** ATTENTION !!! ****
**** Please be sure to BACKUP any related databases

 

The following steps provide information on removing virtual machines from VMWare vRealize Automation (vRA).

These steps are to be used when the following conditions exist:

  • A virtual machine that is being managed without being deleted from the endpoint.
  • You want to manually remove the machine from the endpoint.

 

vRA Application Steps:

Log into vRA – https://vcac.yourdomain.tld using your-domain\*your-user-id*

  1. Click the Infrastructure Tab
  2. Click Machines > Reserved Machines
  3. Search for Service Name (e.g. VRA-FAQ360)
  4. Delete the associated service

SQL Database Steps:

  1. Connect to SQL Database Server: VRA-SQL
  2. In “Object Explorer” window, Locate database vCAC
  3. Backup the vCAC database
  4. Expand the vCAC database
  5. Under Programmability > Stored Procedures, locate ‘dbo.usp_RemoveVMFromVCAC’
  6. Execute Procedure and apply ID of the Multi-Machine Service (e.g. VRA-FAQ360)
  7. Repeat this step for each instance

Notes:

The store procedure may look like the following:

USE [vCAC]
GO

DECLARE @return_value int

EXEC @return_value = [dbo].[usp_RemoveVMFromVCAC]
@MachineName = N’VRA-FAQ360′

SELECT ‘Return Value’ = @return_value

GO

Privacy & Google Search Alternatives

When it comes to privacy, using Google search is not the best of ideas. When you use their search engine, Google is recording your IP address, search terms, user agent, and often a unique identifier, which is stored in cookies.

Here are a few Google search alternatives

 

DuckDuckGo is a US-based search engine that was started by Gabriel Weinberg in 2008. It generates search results from over 400 sources including Wikipedia, Bing, Yandex, and Yahoo. DuckDuckGo has a close partnership with Yahoo, which helps it to better filter search results. This is a great privacy-friendly Google alternative that doesn’t utilize tracking or targeted ads.

Searx is a very privacy-friendly and versatile open source metasearch engine that gathers results from other search engines while also respecting user privacy. One unique aspect with Searx is that you can run your own instance

Qwant – is a private search engine that is based in France and was started in 2013. Being based in Europe, the data privacy protections are much stricter, as compared to the United States.

Metager – is a private search engine based in Germany, implementation of free access to knowledge and digital democracy. Ref: https://metager.de/en/about

StartPage – StartPage gives you Google search results, but without the tracking.
Ref: https://classic.startpage.com/eng/protect-privacy.html#hmb

 

Set up the Default Domain for vCenter Single Sign-On | Tech-Short

vCenter Single Sign by default requires the user to specify the domain during authentication with vCenter.
Example: JERMSMIT\admin or admin@JERMSMIT.LAB.

You can eliminate the need to insert the domain in the username by following the following steps.

 

  1. Log in to the vSphere Web Client as administrator@vsphere.local or as another user with vCenter Single Sign-On administrator privileges.

  2. Browse to Administration > Single Sign-On > Configuration.
  3. Under the Administration, configuration locate the Identity Sources tab
  4. On the Identity Sources tab, select an identity source and click the Set as Default Domain icon.
  5. In the domain display, the default domain shows (default) in the Domain column. Set the domain of choice as your new default.

The next time when you attempt to login into vCenter, you can omit the DOMAIN from your username.

Full ref located here
Full Link: https://docs.vmware.com/en/VMware-vSphere/6.5/com.vmware.psc.doc/GUID-11E651EF-4503-43BC-91F1-15502D586DE2.html