YouTube

Bluetooth, NFC, and Wireless Safety

Bluetooth, NFC, and Wireless Safety – Day 6 – 30 Day Security Challenge – TekThing

Turn off Bluetooth. Turn off NFC. Turn off auto connect to known wireless access points. Forget networks you don’t normally connect to.

Today’s Video and Shownotes: https://snubsie.com/day-6

The Whole Challenge: https://snubsie.com/30-day-security-c…

Install Microsoft SQL on Linux – Ubuntu Server

I recently had the pleasure of installing Microsoft SQL Server on Linux – Ubuntu Server. This was a very straight-forward installed and just works. The following steps are what were taken to install and configure this server.

My Setup:

  • Ubuntu 17.10 Server – VMware Template
  • Network Connectivity
  • SQL Server Management Studio 17 – Testing connectivity to SQL Server

Prerequisites:

  • Ubuntu Linux Server – Memory: 3.25, Disk Space: 6GB, CPU (x64): 2 Cores
  • Internet Access – Offline Installs are also possible
  • Root or SU Access
  • Time – 5-6 Minutes

Steps:

  1. Log into Ubuntu Linux server via console or SSH (Preferred), su into root
  2. We need to import the repository GPG Keys by first downloading and adding it with he following command: curl https://packages.microsoft.com/keys/microsoft.asc | sudo apt-key add –
  3. Next we register the repository by entering: add-apt-repository “$(curl https://packages.microsoft.com/config/ubuntu/16.04/mssql-server-2017.list)”
  4. Next we need to upload the repository list and install SQL with the following commands: apt update | apt install mssql-server -y
  5. After the SQL Server package has completed installing.  You will be instructed to run mssql-config setup to setup the SQL Server version you will be installing, in addition to password credentials.  This is done by issue the following command: /opt/mssql/bin/mssql-conf setup
  6. Optional – Open your firewall if enabled to allow for SQL’s TCP/1433 from remote hosts.
  7. Test connecting to your newly install SQL Server via SSMS.
  8. Done!

Screenshot:

Video:

Tech Short: Configure WDS Server

You have installed your WDS Server Role and now its time to configure.  I hope my steps below help you.

Requirements

  • Installed WDS Role
  • Administrative Rights
  • Installation Media

 

WDS Server Configuration:

  1. On the Server Manager tool, click Tools and then click Windows Deployment Services.
  2. On the Windows Deployment Services console, expand Servers.
  3. Right-click your WDS server name and select Configure Server.
  4. Navigate to the Install Options page, choosing Integrated with Active Directory or Standalone server button is selected and then click Next.
  5. On the Remote Installation Folder Location page, select a folder or click Next to accept the default value. This folder will hold the WDS images.
  6. On the PXE Server Initial Settings page exists there options: Select the Respond to all client computers (known and unknown) then click Next.
  7. On the Operation Complete page, you have the option to Add images to the server now by selecting the check box and click Finish.  This will guide you through the initial image setup.

 

Video:

Done!

 

New Phishing Scam Using Microsoft Office 365

*** Attention Required ***

It seems that the bad guys are at it once again with an attempt to collect information by phishing credentials from those of us using Office 365 for corporate emails.  The characteristics of this particular attack the hackers intention is to deceive Office 365 users into providing their login credentials”.

The user sees a fake Office 365 login page, which requests their credentials. Once the Office 365 usernames and passwords have been compromised, the hackers can:

  • Send emails to other users in the victim’s address book, asking them for anything, sending fake invoices, sending more phishing emails, etc.
  • Access the user’s OneDrive account, to download files, install more malware, infect files with malware, etc.
  • Access the users SharePoint account, to download files, install more malware, etc.
  • Steal company intellectual property or other customer information such as customer SSNs, credit card numbers, email addresses, etc.

One of the characteristic of this recent attack is an email being sent with an embedded image which resembles an Microsoft Office Word document containing a link back to a site with a fake Office 365 logon page.  In addition to this the site URL ends in php?userid= syntax.

I have provided the following YouTube video to illustrate the interaction of the fake Office 365 logon page.

Link: https://youtu.be/wHxkzxGF4JY

 

Advice:

It’s an important part of your responsibility to be cautious when accessing emails even from known senders to ensure its legitimate by reviewing the email to ensure that its legitimate.

If in doubt do not open the email and reach out to the sender to ensure they sent you the email.  If you self-determine an email to be suspicious immediately report incidents as soon as they happen.

 

Here are a few guidelines below that could be followed.  Please review:

 

Check the sender.

Sometimes, cybercriminals and hackers will fake (or “spoof”) the sender of an email. If the “from” address doesn’t match the alleged sender of the email, or if it doesn’t make sense in the context of the email, something may be suspicious.

Check for (in)sanity.

Many typical phishing emails are mass-produced by hackers using templates or generic messages. While sophisticated attacks may use more convincing fake emails, scammers looking to hit as many different inboxes as possible may send out large numbers of mismatched and badly written emails. If the email’s content is nonsensical or doesn’t match the subject, something may be suspicious.

Check the salutation.

Many business and commercial emails from legitimate organizations will be addressed to you by name. If an email claims to come from an organization you know but has a generic salutation, something may be suspicious.

Check the links.

A large number of phishing emails try to get victims to click on links to malicious websites in order to steal data or download malware. Always verify that link addresses are spelled correctly, and hover your mouse over a link to check its true destination. Beware of shortened links like http://bit.ly, http://goog.le, and http://tinyurl.com. If an email links to a suspicious website, something may be suspicious.

Don’t let them scare you.

Cyber criminals may use threats or a false sense of urgency to trick you into acting without thinking. If an email threatens you with consequences for not doing something immediately, something may be suspicious.

Don’t open suspicious attachments.

Some phishing emails try to get you to open an attached file. These attachments often contain malware that will infect your device; if you open them, you could be giving hackers access to your data or control of your device. If you get an unexpected or suspicious attachment in an email, something may be suspicious.

Don’t believe names and logos alone.

With the rise in spear phishing, cybercriminals may include real names, logos, and other information in their emails to more convincingly impersonate an individual or group that you trust. Just because an email contains a name or logo you recognize doesn’t mean that it’s trustworthy. If an email misuses logos or names, or contains made-up names, something may be suspicious.

If you still aren’t sure, verify!

If you think a message could be legitimate, but you aren’t sure, try verifying it. Contact the alleged sender separately (e.g., by phone) to ask about the message. If you received an email instructing you to check your account settings or perform some similar action, go to your account page separately to check for notices or settings.

 

 

Disabling SMB1.0/CIFS File Sharing Support

There is a lot of buzz these days about new ransomware hijacking systems worldwide. The malware, dubbed NotPetya because it masquerades as the Petya ransomware. One of the many ways to help the spread of malware is to patch your computer, effectively stopping the SMB exploits by disabling SMBv1.

Here are steps which can be used to disable (remove) SMBv1 support.

For client operating systems:

  1. Open Control Panel, click Programs, and then click Turn Windows features on or off.
  2. In the Windows Features window, clear the SMB1.0/CIFS File Sharing Support checkbox, and then click OK to close the window.
  3. Restart

For server operating systems:

  1. Open Server Manager and then click the Manage menu and select Remove Roles and Features.
  2. In the Features window, clear the SMB1.0/CIFS File Sharing Support check box, and then click OK to close the window.
  3. Restart

Ref: https://support.microsoft.com/en-us/help/2696547/how-to-enable-and-disable-smbv1-smbv2-and-smbv3-in-windows-and-windows