Bad Rabbit Ransomware

Computer Culture Admin - Thursday, November 16, 2017
Organizations in Russia, Ukraine and a few hours later also the U.S. are under siege from Bad Rabbit, a new strain of ransomware with similarities to NotPetya.

The outbreak appears to have started via files on hacked Russian media websites, using the popular social engineering trick of pretending to be an Adobe Flash installer. The ransomware demands a payment of 0.05 bitcoin, or about $275, from its victim, though it isn’t clear whether paying the ransom unlocks a computer’s files. You have just 40 hours to pay.

Bad Rabbit shares some of the same code as the Petya virus that caused major disruptions to global corporations in June this year, said Liam O’Murchu, a researcher with the antivirus vendor Symantec Corp.

Based on analysis by ESET, Emsisoft, and Fox-IT, Bad Rabbit uses Mimikatz to extract credentials from the local computer's memory, and along with a list of hard-coded credentials, it tries to access servers and workstations on the same network via SMB and WebDAV.

The hardcoded creds are hidden inside the code and include predictable usernames such as root, guest and administrator, and passwords straight out of a worst passwords list. (Note to Self: all user passwords need to be strong, step all employees through a strong password training module ASAP.)

As for Bad Rabbit, the ransomware is a so-called disk coder, like Petya and NotPetya. Bad Rabbit first encrypts files on the user's computer and then replaces the MBR (Master Boot Record).

Check Your Home Network

Computer Culture Admin - Thursday, November 16, 2017
HP Bitdefender, the home version of our managed antivirus has developed a home network scanner to enable you to check for any dodgy devices on your network, it’s available as a free download.

Bitdefender Home Scanner lets you see all devices connected to your home network. You get an alert every time an unknown device connects to your wi-fi. Which means you can instantly boot out freeloaders and prevent connection slowdowns.

Home Scanner looks for weak passwords, as well as vulnerable or poorly encrypted communications. It correlates the information gathered from your connected devices with online vulnerability databases and gives you a thorough report so you can ensure maximum security for your network.

For more information go to Bitdefenders website here.

How to Remove Cookies

Computer Culture Admin - Thursday, November 16, 2017
On a PC or mobile device cookies can compromise your privacy, and fill up your storage. If you’re concerned about what websites are leaving behind, and how advertisers are accessing that data, here are some instructions on how to clear cookies from the latest version of your favourite web browser.

So what are cookies?
Cookies are small text files written by a web browser that contain information about your interaction with one specific site. They include information such as what you put into a virtual shopping cart, your username for logging into the site (not the password), products you viewed during your last visit, and any other information that could be used to tailor the visit just for your needs.

Typically, cookies pose no threat to your computer. But many cookies can compromise your privacy. That’s because advertising companies are prone to embedding cookies with web advertisements, allowing them to easily track your browsing history, and tailor ads toward your individual habits across multiple sites.

Cookies don’t take up much space on your hard drive. In fact, they’re extremely small, and should only be a concern for mobile devices with small amounts of storage. For instance, even without clearing the cookies in Chrome on PC for many, many months, we’ve only accumulated around 4MB worth of cookies. That said, the amount of volume they use isn’t troublesome; it’s the privacy risks that are difficult to ignore.

Google Chrome
Google Chrome lets you easily delete cookies, control browsing data, and specify what sort of files Google Chrome should accept or block. Here’s how:

Access content settings: Click on the “Menu” tab in the upper-right corner, and select “Settings.” Once the new tab opens, scroll to the bottom of the page and click on “Advanced.” This will expand the “Settings” page to include additional options.

The first expanded window you should see is the “Privacy and security” panel. Next, click on “Content settings,” and then select “Cookies.”

You may also simply type “chrome://settings/content/cookies” into your address bar, and Chrome will take you to your intended destination.

Cookie juggling: On the “Cookies” panel, you will see three toggles: allow sites to save and read cookie data (recommended), keep local data only until you exit Chrome, and block third-party cookies. This third option means advertisements won’t be able to read cookie data provided by a parent website, preventing them from using that information across multiple sites.

Smashing cookies: Google also provides options to block specific sites from leaving cookies, to allow specific sites to leave cookies, and to clear cookies left behind by specific websites when exiting Chrome. If you want to delete it all, click on the “Remove All” button, and you will be cookie-free. You can delete cookies individually, too.

For Android, iOS: Access Chrome’s menu, go to “Settings,” and then find the “Privacy” tab under “Advanced” settings. From there, select “Clear Browsing Data” at the bottom, and check “Clear cookies and site data.” There are also options for clearing your browser history, and removing space-eating cached images and files.

Mozilla Firefox
Access custom settings: Click on the “Menu” three-lined icon in the top-right corner. In the drop-down menu, select “Options,” which will open a new “Preferences” tab. On this page, select “Privacy” listed on the menu to the left, and then head to the “History” section. Here you will need to choose “Use custom settings for history” in the drop-down menu located next to “Firefox will…”

Cookie juggling: With the advanced history settings enabled, you should see an option to toggle on/off “Accept cookies from sites.” To the right, Mozilla provides an “Exceptions” button where you can control the cookie flow. These include blocking or allowing cookies from specific sites, and allowing a cookie from a specific site for only one browsing session. This is done by inserting the address of the website.

Next, you have the ability to accept or deny third-party cookies, or accept third-party cookies from sites you already visited.

Smashing cookies: To manually delete cookies in Firefox, you’ll need to hit the “Show Cookies” button. A window appears with a search field for locating a specific cookie, and a list of all cookies stored on your device. You can hit the “Remove Selected” button to delete a highlighted cookie, or hit the “Remove All” button to delete all the cookies.

Firefox (iOS): Tap the New Tab button (top right, with the number in it). Now tap the cog button in the top left of the screen. Scroll down to “Clear private data.” On the next screen, make sure “Cookies” is selected, then tap “Clear Private Data.”

Time Saving Android Tips

Computer Culture Admin - Thursday, November 16, 2017
Hacked 1. Snap between apps
Cut out delays in toggling between apps by putting Android's semi-secret fast-snap function to use. If your device runs Android 7.0 or higher, double-tap the Overview key — the square-shaped icon next to the Back and Home buttons — and you'll find yourself flipping between your two most recently used apps faster. It'll even work from your home screen for a zippy return to whatever process you had open last.

2. Slide into Quick Settings
Android's Quick Settings panel is a shortcut in and of itself — a single place with one-tap toggles to some of your device's most commonly used functions, from Bluetooth to the flashlight (and even more, if you know how to expand it).
To get a shortcut to this mecca: Just swipe down from the top of your screen with two fingers (any two — swiper's choice!). That'll skip past the standard notification panel and take you directly to the fully expanded Quick Settings section.

3. Open menus like a pro
Not many folks know it, but there's a faster way to open those three-dot overflow menus in a lot of apps.
Rather than tapping the icon to load the menu and then tapping the item you want, simply swipe downward on the icon and move your finger directly to your item of choice — without ever lifting your finger from the screen. The menu will appear as you swipe, and whatever item your finger is touching when you let go will be activated.

4. Stop disturbances without the fuss
Sometimes you need to silence your phone quickly and discreetly. Whenever that time comes, don't mess with on-screen menus and icons; just activate your phone's display, then press the device's volume-down key until the ringer volume goes all the way down.
That'll put your phone into vibrate-only mode, and you should feel a brief vibration to let you know you're there. If you want to take it a step further and go into Android's full do-not-disturb mode, in which nothing but an alarm will cause your phone to sound — assuming your phone is running 2015's Android 6.0 (Marshmallow) or higher — release the volume-down button and then press it one more time. (You'll see the confirmation of the mode change on your screen.)
Whenever you're ready to return to a normal state, simply activate your device's screen and press the volume-up button until the level lands wherever you like.

5. Refresh the web with ease
Say you're looking at a web page in Chrome. For one reason or another, you realize you need to refresh the page. What do you do?
Sure, you could open the Chrome menu and then select the refresh icon. Or you could skip a step and just swipe downward from anywhere on the page. You'll see a circular refresh symbol appear at the top of the screen as you swipe. Make sure you pull down until the arrow within the symbol turns blue, then let go. (Once you get used to the gesture, you'll find that a quick downward flick is all it really takes.)

6. Force a restart
No technology is foolproof. If your Android device ever isn't responding, press its power and volume-up buttons at the same time — even if the display is off — and hold them down together for 10 to 15 seconds. Unless something really disastrous is going on (or your battery's just dead), that'll force your phone to restart, regardless of what you were last doing.

7. Get to your camera in a flash
When a photogenic moment arises two seconds can be the difference between an unforgettable snapshot and an after-the-fact image. So don't futz around with unlocking your phone and looking for the on-screen camera icon; instead, just double-tap the device's power button to jump straight into shooting, whether your display is on or not.
That shortcut works on many popular Android phones, including Google's Pixel and Nexus devices, Samsung's most recent Galaxy gadgets (on pre-2017 models, use the physical Home button instead of the power button) and HTC's latest handsets. LG phones tend to shift the shortcut to the volume-down button, meanwhile, while Motorola phones use a double-twist motion to achieve the same effect.

8. Put notifications on notice
Next time you get an annoying notification, don't scream out in frustration. Press and hold the notification in question to hop over to some helpful advanced settings. They'll let you control exactly when and how that app is able to alert you.

9. Wake your screen with two taps
If you have a Pixel, a Galaxy S8 or Note 8 or a recent LG or HTC device, there's a decent chance your device supports a super-speedy way of waking the screen: Tap your finger on it twice. That's it! With the Samsung devices, you have to tap specifically on the always-on Home button at the bottom of the display; with the others, you can tap anywhere on the screen's surface.
(Note that on some of these devices, you may have to manually enable a "double-tap to wake" option before this'll work. Look in the Display section of your system settings to find it.)

10. Send a friendly rejection
When you get a phone call you can't or maybe just don't want to answer, look toward the bottom of the screen for a message icon or a "Send message" option.
Slide your finger up from that area, and you'll be presented with a list of ready-made rejection messages you can send to the caller while simultaneously declining his call.

11. End calls with ease
When you do talk on your phone, finding the on-screen button to end a call isn't always convenient. But Android actually has an easier way — if you know where to find it.
Open up the Accessibility section of your system settings, then activate the option labeled "Power button ends call." Now, when you're ready to say farewell, just tap your phone's power button and bask in your shortcut-aided efficiency.

What is a Firewall?

Computer Culture Admin - Thursday, October 19, 2017
By Brandon Butler – senior Editor Network World

Firewalls act as a perimeter defence tool that monitor traffic and either allow it or block it. Over the years functionality of firewalls has increased, and now most firewalls can not only block a set of known threats and enforce advanced access control list policies, but they can also deeply inspect individual packets of traffic and test packets to determine if they’re safe. Most firewalls are deployed as network hardware that processes traffic and software that allow end users to configure and manage the system. Increasingly, software-only versions of firewalls are being deployed in highly virtualized environments to enforce policies on segmented networks or in the LaaS public cloud.

Types of firewalls

Advancements in firewall technology have created new options firewall deployments over the past decade, so now there are a handful of options for end users looking to deploy a firewall. These include:

Stateful firewalls – When firewalls were first created they were stateless, meaning that the hardware that the traffic traverse through while being inspected monitored each packet of network traffic individually and either blocking or allowing it in isolation. Beginning in the mid to late 1990s, the first major advancements in firewalls was the introduction of state. Stateful firewalls examine traffic in a more holistic context, taking into account the operating state and characteristics of the network connection to provide a more holistic firewall. Maintaining this state allows the firewall to allow certain traffic to access certain users while blocking the same traffic to other users, for example.

Next-generation firewalls – Over the years firewalls have added a myriad of new features, including deep packet inspection, intrusion detection and prevention and inspection of encrypted traffic. Next-generation firewalls (NGFWs) refer to firewalls that have integrated many of these advanced features into the firewall.

Proxy-based firewalls – These firewalls act as a gateway between end users who request data and the source of that data. All traffic is filtered through this proxy before being passed on to the end user. This protects the client from exposure to threats by masking the identity of the original requester of the information.

Web application firewalls – These firewalls sit in front of specific applications as opposed to sitting on an entry or exit point of a broader network. Whereas proxy-based firewalls are typically thought of as protecting end-user clients, WAFs are typically thought of as protecting the application servers. 

Firewall hardware

Firewall hardware is typically a straightforward server that can act as a router for filtering traffic and running firewall software. These devices are placed at the edge of a corporate network, between a router and the Internet service provider’s connection point. A typical enterprise may deploy dozens of physical firewalls throughout a data center. Users need to determine what throughput capacity they need the firewall to support based on the size of the user base and speed of the Internet connection.

Firewall software

Typically end users deploy multiple firewall hardware endpoints and a central firewall software system to manage the deployment. This central system is where policies and features are configured, where analysis can be done and threats can be responded to.

Inside a next-generation firewall

Modern firewalls are a collection of features. These include:

-Stateful inspection: This is the basic firewall functionality in which the device blocks known unwanted traffic

-Anti-virus: The functionality that searches for known virus and vulnerabilities in network traffic is aided by the firewall receiving updates on the latest threats and being constantly updated to protect against them.

-Intrusion Prevention Systems (IPS): This class of security products can be deployed as a standalone product, but IPS functionality is increasingly being integrated into NGFWs. Whereas basic firewall technologies identify and block certain types of network traffic, IPS uses more granular security measures such as signature tracing and anomaly detection to prevent unwanted threats from entering corporate networks. IPS systems have replaced the previous version of this technology, Intrusion Detection Systems (IDS) which focused more on identifying threats rather than containing them.

-Deep Packet Inspection (DPI): DPI can be part of or used in conjunction with an IPS, but its nonetheless become an important feature of NGFWs because of the ability to provide granular analysis of traffic, most specifically the headers of traffic packets and traffic data. DPI can also be used to monitor outbound traffic to ensure sensitive information is not leaving corporate networks, a technology referred to as Data Loss Prevention (DLP).

-SSL Inspection: Secure Sockets Layer (SSL) Inspection is the idea of inspecting encrypted traffic to test for threats. As more and more traffic is encrypted, SSL Inspection is becoming an important component of DPI technology that is being implemented in NGFWs. SSL Inspection acts as a buffer that unencrypts the traffic before it’s delivered to the final destination to test it.

-Sandboxing: This is one of the newer features being rolled into NGFWs and refers to the ability of a firewall to take certain unknown traffic or code and run it in a test environment to determine if it is nefarious.

Exchange Online dropping support for Office 2007 from Oct 31 2017

Computer Culture Admin - Thursday, October 19, 2017
RPC over HTTP, also known as Outlook Anywhere, will no longer be a supported protocol for accessing mail data from Exchange Online as of Oct 31, 2017. Microsoft will no longer provide support or updates for Outlook clients that connect through RPC over HTTP, and the quality of the mail experience will decrease over time.

This is being replaced by MAPI over HTTP, a modern protocol that was launched in May 2014. This change affects you if you're running Outlook 2007 because Outlook 2007 won't work with MAPI over HTTP. To avoid being in an unsupported state, Outlook 2007 customers need to update to a newer version of Outlook or use Outlook on the web.

This change may also affect you if you're running Outlook 2016, Outlook 2013, or Outlook 2010 because you must regularly check that the latest cumulative update for the version of Office that you have is installed.

What is RPC over HTTP? What happens on October 31, 2017?

RPC over HTTP, also known as Outlook Anywhere, is a legacy method of connectivity and transport between Outlook for Windows and Exchange. In May 2014, Microsoft introduced MAPI over HTTP as a replacement for RPC over HTTP.

Starting on October 31, 2017, RPC over HTTP will no longer be a supported protocol for accessing mail data from Exchange Online. Starting on this date, the following conditions will apply:
1. Microsoft will not provide support for RPC over HTTP issues (regular or custom).
2. No code fixes or updates to resolve problems that are unrelated to security will be released.

Additionally, for Office versions that support MAPI over HTTP, Microsoft may elect to override existing registry keys that customers are using in order to force RPC over HTTP use.

Why is RPC over HTTP being replaced by MAPI over HTTP?

MAPI over HTTP offers the following benefits: 
• Improves the connection resiliency when the network drops packets in transit.
• Enables more secure sign-in scenarios, such as multi-factor authentication for Office 365.
• Provides the extensibility foundation for third-party identity providers.
• Removes the complexity of RPC over HTTP dependency on legacy RPC technology.

CCleaner Cyberattack Leaves Millions of Devices Vulnerable

Computer Culture Admin - Thursday, October 19, 2017
If you were not aware CCleaner, Avast's free and highly popular maintenance application, was compromised after a cyberattack placed a backdoor into the application itself. While Avast is in the process of tracking down the culprit of the attack, it is essential that IT Admins take steps to secure any potentially affected devices and remove compromised versions of CCleaner when possible.

On September 13, Cisco Talos found that the official download of the free versions of CCleaner 5.33 and CCleaner Cloud 1.07.3191 also contained “a malicious payload that featured a Domain Generation Algorithm as well as hardcoded Command and Control functionality.”  What that means is that a hacker infiltrated Avast Piriform’s official build somewhere in the development process build to plant malware designed to steal users’ data.

Avast’s investigation and hunt for the perpetrators continues.  In the meantime they advise users who downloaded the affected version to upgrade to the latest version of CCleaner and perform a scan of their computer with a good security software, to ensure no other threats are lurking on their PC.

"Fake-tortion" Phishing Attacks

Computer Culture Admin - Thursday, October 19, 2017
HP This is a heads-up about a new aggressive form of email attack that you need to warn your employees, friends and family about. The bad guys have beta-tested and refined it in Australia, and now the first incidents have been spotted in the US.

The sophisticated attackers are targeting potential victims in an email sequence that starts with pornography and adult dating links, which are then followed up with extortion attempts.

IT security company Forcepoint says it picked up more than 33,500 such emails in August, when the testing was happening Down Under.

The scam threatens to steal users’ privacy, sequencing emails that say, “look at this”, then “we know what you just looked at”, and demand US 320 dollars payment in Bitcoin.

The email claims that a virus was installed on a porn website which recorded the victim through their webcam. “Then my software collected all your contacts from messengers, e-mails and social networks,” it says. “If I don’t receive my Bitcoins I’ll send video with you to all your contacts.”

Carl Leonard, principal security analyst at Forcepoint, said cyber-extortion was a prevalent tactic today. While it largely takes the form of ransomware, he said data exposure threats were growing in popularity.

“Cyber-blackmailing continues to prove as an effective tactic for cybercriminals to cash out on their malicious operations,” he said. “In this case, it appears that a threat actor group originally involved in adult dating scams have expanded their operations to cyber-extortion campaigns as a result of this trend.”

Microsoft SharePoint Explained

Computer Culture Admin - Thursday, October 19, 2017
Microsoft SharePoint is a private intranet site, a data repository, a smart website, a built-in content management system, a development platform, an extranet site, a collection of websites, best-in-class portal software, a document management system, a project management system, a workflow designer, and more. You can collaborate, communicate, gather decision-making reports and data from multiple resources and publish those online, make visually presentable reports, create and view intuitive and real-time dashboards, do customizations, import theme templates, and do more with your SharePoint site.

Organisations use SharePoint to create websites. You can use it as a secure place to store, organize, share, and access information from any device.

SharePoint Online      
A cloud-based service, hosted by Microsoft, for businesses of all sizes. Instead of installing and deploying SharePoint Server on-premises, any business can subscribe to an Office 365 plan or to the standalone SharePoint Online service. Your employees can create sites to share documents and information with colleagues, partners, and customers.


Computer Culture Admin - Thursday, September 28, 2017
Hacked The man who wrote the book on password management has a confession to make: He blew it.

14 years ago Bill Burr advised creating complex and different passwords, now he says N3v$r M1^d!

Back in 2003, as a midlevel manager at the National Institute of Standards and Technology, Bill Burr was the author of “NIST Special Publication 800-63. Appendix A.” The 8-page primer advised people to protect their accounts by inventing awkward new words rife with obscure characters, capital letters and numbers—and to change them regularly.

Now he says the vast majority of the trusted tips and tricks we employ when crafting a custom password actually make us more vulnerable to hackers. In an interview with The Wall Street Bill Burr admitted that the document he authored on crafting strong passwords was misguided. “Much of what I did I now regret,” says Burr, who is 72 years old and now retired.

The problem wasn’t that Burr was advising people to make passwords that are inherently easy to crack, but that his advice steered everyday computer users toward lazy mistakes and easy-to-predict practices. Burr’s eight-page password document, titled “NIST Special Publication 800-63. Appendix A,” advised people to use irregular capitalization, special characters, and at least one numeral. That might result in a password like “P@ssW0rd123!” While that may make it seem secure on the surface (neglecting, of course, that “password” is a bad password), the issue is that most people tend to use the same exact techniques when crafting these digital combo locks. That results in strings of characters and numbers that hackers could easily predict and algorithms that specifically target those weaknesses.

Even worse, Burr suggested people should change passwords regularly, at least every 90 days. This advice, which was then adopted by academic institutions, government bodies, and large corporations, pushed users to make easy-to-crack passwords. Most people can probably point to a password they’ve created that was deemed strong simply because it had a special character like the “!” or “?” symbol and a numeric string like “123.” And when prompted to change a password, who hasn’t altered it only slightly to avoid the hassle of coming up with an all-new code?

A popular xkcd comic from cartoonist Randall Munroe, published back in August 2011, poked a hole in this common logic by pointing out how the password “Tr0ub4dor&3” could be cracked in about three days with standard techniques, due to its predictable capitalization, numeric substitutions, and special character use. The password “correct horse battery staple,” written as a single phrase, would take 550 years. (Security experts have confirmed Munroe’s math, according to the WSJ.) “Through 20 years of effort, we have correctly trained everyone to use passwords that are hard for humans to remember, but easy for computers to guess,” Munroe wrote at the bottom.

In other words, the passwords you should be using are obscure, almost unexplainable phrases full of human randomness that make them easy to commit to memory and yet almost impossible for an automated system to make sense of. Of course, for those who use password managers like LastPass, you can generate cryptographically secure passwords on the fly. But it’s still important to have a hard-to-crack master password.

“In the end, it was probably too complicated for a lot of folks to understand very well, and the truth is, it was barking up the wrong tree,” Burr admits of his advice. The new NIST standards that were published in June, authored by technical advisor Paul Grassi, did away with much of Burr’s advice."

We ended up starting from scratch,” Grassi tells the WSJ. But Burr might be exaggerating the negative effects of his password advice, Grassi adds: “He wrote a security document that held up for 10 to 15 years. I only hope to be able to have a document hold up that long.” For the complete article click here

Back to Top