@ambarishrh Thanks. I just sent him that link to check it out.

@zubairkhanzhk you're welcome!

Maybe for the best, need to teach people not to trust their phones.

@Tim_G said in Log Into Windows with a Biometric Ring:

@Dashrender said in Log Into Windows with a Biometric Ring:

So now you start stealing rings... lol

It's harder to steal a ring than credentials through phishing emails, as one example.

Quite a bit more 🙂 And easier to know when it has been stolen.

Now if the ring could read heart or other biometric and only work when on the right person's finger(s), even better.

After monitoring this new outbreak for 24 hours, I came to the conclusion we were dealing with cyber warfare, and not ransomware. Two separate reports coming from Comae Technologies and Kaspersky Lab experts confirm this now.

NotPetya is a destructive disk wiper similar to Shamoon which has been targeting Saudi Arabia in the recent past. Note that Shamoon actually deleted files, NotPetya goes about it slightly different, it does not delete any data but simply makes it unusable by locking the files and then throwing away the key. The end result is the same.

Someone is hijacking known ransomware families and using them to attack Ukrainian computer systems. Guess who.

You never had a chance to recover your files. There are several technical indicators that NotPetya was only made to look as ransomware as a smoke screen:

It never bothers to generate a valid infection ID The Master File Table gets overwritten and is not recoverable The author of the original Petya also made it clear NotPetya was not his work

This has actually happened earlier. Foreshadowing the NotPetya attack, the author of the AES-NI ransomware said in May he did not create the XData ransomware, which was also used in targeted attacks against Ukraine. Furthermore, both XData and NotPetya used the same distribution vector, the update servers of a Ukrainian accounting software maker.

Catalin Cimpanu, the Security News Editor for Bleepingcomputer stated: "The consensus on NotPetya has shifted dramatically in the past 24 hours, and nobody would be wrong to say that NotPetya is on the same level with Stuxnet and BlackEnergy, two malware families used for political purposes and for their destructive effects. Evidence is clearly mounting that NotPetya is a cyber-weapon and not just some overly-aggressive ransomware."

Cybersecurity has moved from tech to a CEO and Board-level business issue

You did not sign up for this, but today it is abundantly clear that as an IT pro you are have just found yourself on the front line of 21-st century cyber war. Cybersecurity has moved from tech to a CEO and Board-level business issue. I strongly suggest you have another look at your defense-in-depth, and make sure to:

Have weapons-grade backups
Religiously patch
Step users through new-school security awareness training.

@dbeato said in AD User Tool: Bulk AD User:

@Dashrender Then, he needs to force it with Powershell no just a GUI....

Agreed.

New build? Create the "admin" account that will "own" the share.
Then use rsync to upload everything.
Then use the occ command to rescan the directory.

@BRRABill said in Comparing Fax and Email Security:

@scottalanmiller said in Comparing Fax and Email Security:

@BRRABill said in Comparing Fax and Email Security:

P.S. Are you getting paid by some strange company to use the word "corruption" this week?

Calling it as it is. The world is a very corrupt place and most of it happens because society conditions us to feel like it is acceptable.

And there it is ... AGAIN! 🙂

Society hasn't changed, it's just how it is.

@stus Thanks. Was just reading about it here.

Rebooted - profile created.

And easy enough to resolve once I look.

@EddieJennings you should have reminded me to look more earlier..

/etc/sudoers has it commented out.

## Allows people in group wheel to run all commands # %wheel ALL=(ALL) ALL ## Same thing without a password # %wheel ALL=(ALL) NOPASSWD: ALL

Just wanted to add @bj to this thread that I think a $100-ish Cloud Router from Mikrotik would blow most hardware away, including Ubiquiti, on pure performance. With the $50 and under models you are still getting 1 million PPS. The new cloud router series really has a crazy amount of power.

This still coming from a pure PPS (packets per second) point of view.

I think the cheapest cloud router has 12 to 16 cores That would only count for the core routers I am more familiar with (12 to 24 now) in the $500 range.

Very poor marketing in the states but very popular with western country WISPS.

I think I understand the basic process of the scammer.

They call us toll-free. During that toll-free call, they use the compromised extension to make a long-distance call.

@scottalanmiller said in non VPN Cloud based storage:

@Dashrender said in non VPN Cloud based storage:

@scottalanmiller said in non VPN Cloud based storage:

@Dashrender said in non VPN Cloud based storage:

@scottalanmiller said in non VPN Cloud based storage:

@Dashrender said in non VPN Cloud based storage:

Cost is an issue? Assuming you got hosted SharePoint only I think it's $4/u/m...

Tiny capacity, though.

1 TB per user?

That's ODfB. The Sharepoint storage proper is like 100MB.

OMG, that's near useless!

It's only for documents. Goes a long way when used as intended.

Used as intended? That's a joke, right? Storing large PDFs should be a part of the intention. DWG files can be huge.

@syko24 free... and useless:

Limitations of the free license:

The free license is limited to five locks per day which means the free edition defends your system against five unique attacks per day. [...] The free license does not contain reporting (like the PRO edition does).

Also, no official support for Windows Server 2016.

https://cyberarms.net/download-pricing/installation-configuration.aspx

@EddieJennings said in PowerPoint Hovering Attack:

@mlnews Looks like the tl;dr is don't enable content unless you're 100% sure of the source.

Or download it. Or open it....

@Mike-Davis said in MS VPN connection; Account locked:

@JaredBusch said in MS VPN connection; Account locked:

@scottalanmiller said in MS VPN connection; Account locked:

To sign into the domain, your VPN goes up first. To sign into the laptop, you sign in cached and then fire up the VPN. There is a reason that VPN-first systems like OpenVPN, Pertino, ZeroTier, etc. are so important. They let you do things like central revocation because they always get updates from AD.

Correct. this is the problem. always.

How does that work when they are on a wifi connection that doesn't connect until after they log in to their laptop?

You have cached creds for that. Log in, connect, reboot.

Thank you, the reboot did work on this one.

Will try a few lock cycles just to confirm.

Found exactly what I needed.

"A Group is a collection of Backblaze users. All Groups have billing centrally managed by an administrator and allow administrators to keep track of the Group member’s backup statuses, B2 usage, and any alerts that members may have on their Backblaze accounts. Best of all, Groups bring added functionality to Backblaze at no extra cost."