YouTube

New Phishing Scam Using Microsoft Office 365

*** Attention Required ***

It seems that the bad guys are at it once again with an attempt to collect information by phishing credentials from those of us using Office 365 for corporate emails.  The characteristics of this particular attack the hackers intention is to deceive Office 365 users into providing their login credentials”.

The user sees a fake Office 365 login page, which requests their credentials. Once the Office 365 usernames and passwords have been compromised, the hackers can:

  • Send emails to other users in the victim’s address book, asking them for anything, sending fake invoices, sending more phishing emails, etc.
  • Access the user’s OneDrive account, to download files, install more malware, infect files with malware, etc.
  • Access the users SharePoint account, to download files, install more malware, etc.
  • Steal company intellectual property or other customer information such as customer SSNs, credit card numbers, email addresses, etc.

One of the characteristic of this recent attack is an email being sent with an embedded image which resembles an Microsoft Office Word document containing a link back to a site with a fake Office 365 logon page.  In addition to this the site URL ends in php?userid= syntax.

I have provided the following YouTube video to illustrate the interaction of the fake Office 365 logon page.

Link: https://youtu.be/wHxkzxGF4JY

 

Advice:

It’s an important part of your responsibility to be cautious when accessing emails even from known senders to ensure its legitimate by reviewing the email to ensure that its legitimate.

If in doubt do not open the email and reach out to the sender to ensure they sent you the email.  If you self-determine an email to be suspicious immediately report incidents as soon as they happen.

 

Here are a few guidelines below that could be followed.  Please review:

 

Check the sender.

Sometimes, cybercriminals and hackers will fake (or “spoof”) the sender of an email. If the “from” address doesn’t match the alleged sender of the email, or if it doesn’t make sense in the context of the email, something may be suspicious.

Check for (in)sanity.

Many typical phishing emails are mass-produced by hackers using templates or generic messages. While sophisticated attacks may use more convincing fake emails, scammers looking to hit as many different inboxes as possible may send out large numbers of mismatched and badly written emails. If the email’s content is nonsensical or doesn’t match the subject, something may be suspicious.

Check the salutation.

Many business and commercial emails from legitimate organizations will be addressed to you by name. If an email claims to come from an organization you know but has a generic salutation, something may be suspicious.

Check the links.

A large number of phishing emails try to get victims to click on links to malicious websites in order to steal data or download malware. Always verify that link addresses are spelled correctly, and hover your mouse over a link to check its true destination. Beware of shortened links like http://bit.ly, http://goog.le, and http://tinyurl.com. If an email links to a suspicious website, something may be suspicious.

Don’t let them scare you.

Cyber criminals may use threats or a false sense of urgency to trick you into acting without thinking. If an email threatens you with consequences for not doing something immediately, something may be suspicious.

Don’t open suspicious attachments.

Some phishing emails try to get you to open an attached file. These attachments often contain malware that will infect your device; if you open them, you could be giving hackers access to your data or control of your device. If you get an unexpected or suspicious attachment in an email, something may be suspicious.

Don’t believe names and logos alone.

With the rise in spear phishing, cybercriminals may include real names, logos, and other information in their emails to more convincingly impersonate an individual or group that you trust. Just because an email contains a name or logo you recognize doesn’t mean that it’s trustworthy. If an email misuses logos or names, or contains made-up names, something may be suspicious.

If you still aren’t sure, verify!

If you think a message could be legitimate, but you aren’t sure, try verifying it. Contact the alleged sender separately (e.g., by phone) to ask about the message. If you received an email instructing you to check your account settings or perform some similar action, go to your account page separately to check for notices or settings.

 

 

Disabling SMB1.0/CIFS File Sharing Support

There is a lot of buzz these days about new ransomware hijacking systems worldwide. The malware, dubbed NotPetya because it masquerades as the Petya ransomware. One of the many ways to help the spread of malware is to patch your computer, effectively stopping the SMB exploits by disabling SMBv1.

Here are steps which can be used to disable (remove) SMBv1 support.

For client operating systems:

  1. Open Control Panel, click Programs, and then click Turn Windows features on or off.
  2. In the Windows Features window, clear the SMB1.0/CIFS File Sharing Support checkbox, and then click OK to close the window.
  3. Restart

For server operating systems:

  1. Open Server Manager and then click the Manage menu and select Remove Roles and Features.
  2. In the Features window, clear the SMB1.0/CIFS File Sharing Support check box, and then click OK to close the window.
  3. Restart

Ref: https://support.microsoft.com/en-us/help/2696547/how-to-enable-and-disable-smbv1-smbv2-and-smbv3-in-windows-and-windows

VMware vCenter 6/6.5: Creating Host Profiles

This post describes how to perform the basic task of creating a host profile.
Description of Hos Profiles:

VMware Host Profiles are available through VMware vCenter Server and enable you to establish standard configurations for VMware ESXi hosts and to automate compliance to these configurations, simplifying operational management of large-scale environments and reducing errors caused by mis-configurations.

Prerequisites:

  1. You need to have a vSphere installation
  2. You need to have admin rights
  3. You need a configured ESXi host that acts as the reference model

Steps:

  1. In vCenter Navigate to the Host profiles view
  2. Click the Extract profile from a host icon
  3. Select the host that will act as the reference model host and click Next
  4. Enter the name and  a description for the new profile and click Next
  5. Review the summary information for the new profile and click Finish
  6. The new profile will appear in the profile list

Video:

Done!

VMware vSphere 6.5 Nested Virtualization – Create and Install ESXi 6.5

With vSphere 6.5 and nested ESXi 6.5 hosts I enable myself to get hands on with vSphere advanced features with vCenter without having the physical hardware in my home lab. The advantages to this setup allows me to test out new VMware features or simulate issue that could happen in production.

The term “nested virtualization” is used to describe a hypervisor running under another hypervisor. In this case, I will be installing ESXi 6.5 inside a virtual machine hosted on a physical ESXi 6.5 host.

Requirements:

  • Physical ESXi Host (ESXi 6 – 6.5 – )
  • Physical hardware supporting either Intel EPT or AMD RVI

Steps to setup ESXi 6.5 virtual machine guest:

Log into vCenter or ESXi host with a user with admin credentials. In my case I am using the vSphere web client. *spoiler alert* no more C# (Thick) client for vCenter. However it still works with the ESXi 6.5 hosts.

Switch to the “VMs and Templates” view. Right click a folder and select New Virtual Machine > New Virtual Machine…

Choosing “Custom” configuration select type Other for OS family, doing the same for Guest OS version. *note* Ensure you are choosing 64-bit (Other 64-bit)

Once at the configuration hardware screen; Make a few modifications to the default values.

VM Guest Configuration Settings:

  • Define the CPU to a minimum of 2 or more. This includes cores.
  • Define memory to a minimum of 6GB RAM
  • Define Disk to 2 GB (Thin Disk)
  • Change network adapter type to VMXNET 3
  • Add an addition network adapter (also VMXNET 3)

Additional Configuration Step: Enabling support for 64-bit nested vms

Locate the and expand the CPU properties page and tick the check box next to “Expose hardware assisted virtualization to the guest OS”. This setting will allow you to 64-bit vms inside nested ESXi hosts. Read more about this feature here: https://en.wikipedia.org/wiki/Hardware-assisted_virtualization

Click next and exit configuration

At this point you are ready to install ESXi 6 – 6.5 as a Guest VM.

I leave you with this video of the full process. Thanks for visiting and I hope this helps any of you looking to do the same.

 

Originally posted on my LinkedIn Page:

https://www.linkedin.com/pulse/vmware-vsphere-65-nested-virtualization-create-install-jermal-smith

Extra Gum: The Story of Sarah & Juan

Wow, I am impressed with this marketing. Such a story, unwrapped round s stick of gum.
Watch this story of A girl. A guy. And a stick of gum. So impressive, and touching that I wanted to share it here.

http://www.extragum.com/

Adventures in Dieting: Prologue

My friend is back… back to embark on a new journey.

As always with all my fiends, I am here to support them from start to finish.

To help me gain some followers and show support. I have shard his YouTube page and this video here on my blog, because health and fitness is something which I have become very passionate about over the last 12 months of my life.

Here is wishing Jason the best and a successful journey into a wonderful lifestyle

 

For more on Adventures in Dieting

Subscribe on YouTube

Life and follow on Facebook

IMDB Bio – Jason Allentoff

News Radio/Media – News Anchor

What is Sway

What is Sway?

That was the question I had asked this morning when I logged into my Office 365 account.

Sway is a free app from Microsoft Office. It lets you create and share interactive reports, presentations, personal stories, newsletters, vacation memories, school and work projects, and more. In this video, you’ll see an example of getting started creating your first Sway!

 

 

 

Cool, lets give it a try

Family Time: I Am A Promise

My little guy sings one of his favorite songs and has asked me to put it on YouTube.

Lyrics:

I Am A Promise
.
By William and Gloria Gaither

Verse 1
I am a promise, I am a possibility
I am a promise with a capital “P,”
I am a great big bundle of potentiality
And I am learning to hear God’s voice,
And I am trying to make the right choice
I’m a promise to be anything God wants me to be.

Choir
I am a promise, I am a possibility
I am a promise with a capital “P,”
I am a great big bundle of potentiality
And I am learning to hear God’s voice,
And I am trying to make the right choice
I’m a promise to be anything God wants me to be.

Verse 2
I can go anywhere that He wants me to go
I can be anything that He wants me to be
I can climb the high mountains
I can cross the wide sea
I’m a great big promise you see!

Choir
I am a promise, I am a possibility
I am a promise with a capital “P,”
I am a great big bundle of potentiality
And I am learning to hear God’s voice,
And I am trying to make the right choice
I’m a promise to be anything God wants me to be.

And then his sister joins for a second go at it

124-Year-Old Patent Reveals The Right Way To Use Toilet Paper

“My invention… consists in a toll of wrapping paper with perforations on the line of the division between on sheet and the next, so as to be easily torn apart, such roll of wrapping paper forming a new article of manufacture.”

For once I can prove to my wife that I am right.

The patent by New York businessman Seth Wheeler illustrates the proper position of the toilet paper roll.

 

A big thanks to Owen Williams shared the discovery Monday on Twitter and assisting me in winning my first debate with my wife.

TRANSFORMOGRAPHAGIZERS

For “Oreo Bot” – The spine song will forever be sung. Remember the spine song.