Exciting New Capabilities in Microsoft Defender for Endpoint

The way that businesses are conducting their operations has been consistently changing over the years. As technology has evolved and the devices available to us have gotten significantly better, hybrid work environments have become more popular. More so if your business has employees working from home or hires freelancers who use various endpoint devices. Although the benefits of having a hybrid work setup are well known, it has become clear that endpoints are one of the biggest attack vectors because of the potential vulnerabilities. Hence the need for a solution such as Microsoft Defender for Endpoint that can offer your … Continue reading

Implementing Microsoft Security Zero Trust Without Slowing Things Down

Providing employees with the possibility of working remotely is fast becoming a very attractive option for many organizations. By making use of this solution, businesses can widen the talent pool available to them and thereby increase productivity. However, businesses still have to deal with a significantly increased cybersecurity risk. This is why a solution like Microsoft Security’s Zero Trust approach can be immeasurably beneficial to your organization. With this solution, all individuals as well as every device will be thoroughly verified. The issue that some may have, however, is if this technology will slow operations down. Key benefits Before deciding … Continue reading

Microsoft Defender for Endpoint Tamper Protection Extends Client Coverage

Every business needs to be on top of its game when it comes to matters of the security of its IT infrastructure. Because even the smallest of vulnerabilities can be exploited to devastating effect. And Microsoft Defender ATP is ready to mitigate those risks. Not recognizing these risks can potentially cause the shutting down of a business, at best temporarily. And research has shown that the cost of downtime to a company can quite easily run into hundreds of thousands of dollars. As we can all imagine, the losses that a business would suffer would be colossal, to say the … Continue reading

How AppLocker Improves Security and Compliance

The security of your organization is not something that you can afford to leave to chance. The wave of cybercrime over the last few years has been unrelenting. This is why you need to take advantage of platforms such as AppLocker. By leveraging its application whitelisting feature, you’ll get a very powerful way of stopping a multitude of attacks. And if you configure it correctly, you can massively increase the amount of time it would require for a cyber-attacker to get around the system. This is the kind of innovative technology that can enhance the security of your organization. Hence … Continue reading

Controlling User App Access With AppLocker

Most organizations could probably gain some benefits from deploying application control policies. This is something that your IT guys could use to make their work easier and improve the overall management of employee devices. AppLocker is a platform that will give admins control over which apps and files users can run including packaged app installers, scripts, executable files, Windows Installer files, DLLs, and packaged apps. Because of its features, AppLocker will help organizations to reduce their admin overhead and the cost of managing computer resources. With that said, let’s go over how AppLocker helps you to control user app access. … Continue reading

Smart Card device integration into Windows 10

All the joys of Windows 10….. now on 1709 Last week after upgrading Windows 10, I came a cross this nice new integration for Smart Cards. (tokens)               Windows 10 new has support for eTokens (SafeNet Tokens) I was very pleased with this update, it will save me yet another application to install. I’ve been using the SafeNet Application from Gemalto and it has served me well for several years. So time for a changes, the integrated Smart Card application in Windows 10 works perfect for me. I am using the following it with: … Continue reading

Bad Rabbit Ransomware

A new ransomware has seen the light. Bad Rabbit ransomware is currently roaming Eastern European countries. Bad Rabbit is mainly delivered using a fake Flash Update. This means we a looking a regular drive-by-attack and fake updates/malicious software from websites to get it started. Secure you clients now! 1. Blacklist the hashes 2. Block the files 3. Lock the registry entries. 4. Remove your local administrative privileges, if you can’t? Limit them and monitor using: Access Director Enterprise Bad Rabbit IOCs: Hashes: install_flash_player.exe: 630325cac09ac3fab908f903e3b00d0dadd5fdaa0875ed8496fcbb97a558d0da infpub.dat: 579fd8a0385482fb4c789561a30b09f25671e86422f40ef5cca2036b28f99648 cscc.dat (dcrypt.sys): 0b2f863f4119dc88a22cc97c0a136c88a0127cb026751303b045f7322a8972f6 dispci.exe: 8ebc97e05c8e1073bda2efb6f4d00ad7e789260afa2c276f0c72740b838a0a93 Files: C:\Windows\infpub.dat C:\Windows\System32\Tasks\drogon C:\Windows\System32\Tasks\rhaegal C:\Windows\cscc.dat C:\Windows\dispci.exe Registry entries: HKLM\SYSTEM\CurrentControlSet\services\cscc … Continue reading

Authenticity of Petya decryption key confirmed

The author of the original Petya ransomware going by the name of Janus Cybercrime Solutions, has released the master decryption key of all past Petya versions. This key can decrypt all ransomware families part of the Petya family except NotPetya, which isn’t the work of Janus. Janus released the master key on Wednesday in a tweet that linked to an encrypted and password-protected file uploaded on Mega.nz. Malwarebytes security researcher Hasherezade cracked the file yesterday and shared its content: Congratulations! Here is our secp192k1 privkey: 38dd46801ce61883433048d6d8c6ab8be18654a2695b4723 We used ECIES (with AES-256-ECB) Scheme to encrypt the decryption password into the “Personal … Continue reading

Protect Yourself Against Petya Ransomware

The malware requires administrator rights to the local computer. Standard users should not have this in permission. Consider restricting who has local admin rights to prevent execution of exploit code within organisations. Home users should also consider using a Standard User Account for day-to-day operations. Access Director can help you by removing permanent local admins. Recommendations for Enterprises Deploy the latest Microsoft patches, including MS17-010 which patches the SMB vulnerability. Consider disabling SMBv1 to prevent spreading of malware. Educate end-users to remain vigilant when opening attachments or clicking on links from senders they do not know. Ensure you have the … Continue reading

Multiple subdomains with LetsEncrypt? YES!

Need to add multiple subdomains with LetsEncrypt? maybe Certificate for WWW and non-WWW? do a dry run, to test it ./certbot-auto certonly -d originaldomain.com -d www.originaldomain.com -d new.originaldomain.com -d new2.originaldomain.com -d new3.originaldomain.com –dry-run I tested it with apache2 works great!