All the joys of Windows 10….. now on 1709
Last week after upgrading Windows 10, I came a cross this nice new integration for Smart Cards. (tokens)
Windows 10 new has support for eTokens (SafeNet Tokens)
I was very pleased with this update, it will save me yet another application to install.
I’ve been using the SafeNet Application from Gemalto and it has served me well for several years. So time for a changes, the integrated Smart Card application in Windows 10 works perfect for me.
I am using the following it with:
and my tokens? I ALWAYS use digicert for codesigning certificates:)
ps. A new version of Access Director Enterprise is on its way, signed and released to web.
A new ransomware has seen the light.
Bad Rabbit ransomware is currently roaming Eastern European countries.
Bad Rabbit is mainly delivered using a fake Flash Update.
This means we a looking a regular drive-by-attack and fake updates/malicious software from websites to get it started.
Secure you clients now!
1. Blacklist the hashes
2. Block the files
3. Lock the registry entries.
4. Remove your local administrative privileges, if you can’t? Limit them and monitor using: Access Director Enterprise
Bad Rabbit IOCs:
cscc.dat (dcrypt.sys): 0b2f863f4119dc88a22cc97c0a136c88a0127cb026751303b045f7322a8972f6
HKLM\SYSTEM\CurrentControlSet\services\cscc\DisplayName Windows Client Side Caching DDriver
Local & Remote SMB Traffic on ports 137, 139, 445
Files extensions targeted for encryption:
.3ds .7z .accdb .ai .asm .asp .aspx .avhd .back .bak .bmp .brw .c .cab .cc .cer .cfg .conf .cpp .crt .cs .ctl .cxx .dbf .der .dib .disk .djvu .doc .docx .dwg .eml .fdb .gz .h .hdd .hpp .hxx .iso .java .jfif .jpe .jpeg .jpg .js .kdbx .key .mail .mdb .msg .nrg .odc .odf .odg .odi .odm .odp .ods .odt .ora .ost .ova .ovf .p12 .p7b .p7c .pdf .pem .pfx .php .pmf .png .ppt .pptx .ps1 .pst .pvi .py .pyc .pyw .qcow .qcow2 .rar .rb .rtf .scm .sln .sql .tar .tib .tif .tiff .vb .vbox .vbs .vcb .vdi .vfd .vhd .vhdx .vmc .vmdk .vmsd .vmtm .vmx .vsdx .vsv .work .xls .xlsx .xml .xvd .zip
The malware requires administrator rights to the local computer. Standard users should not have this in permission. Consider restricting who has local admin rights to prevent execution of exploit code within organisations. Home users should also consider using a Standard User Account for day-to-day operations.
Access Director can help you by removing permanent local admins.
Recommendations for Enterprises
- Deploy the latest Microsoft patches, including MS17-010 which patches the SMB vulnerability.
- Consider disabling SMBv1 to prevent spreading of malware.
- Educate end-users to remain vigilant when opening attachments or clicking on links from senders they do not know.
- Ensure you have the latest updates installed for your anti-virus software.
- Ensure you have backup copies of your files stored on local disks. Generally, user files on local drives are replicated from a network share
- Prevent users from writing data outside of designated areas on the local hard disk to prevent data loss if attack occurs.
- Operate a least privileged access model with employees. Restrict who has local administration access.
Petya does not encrypt files. it encrypts the Master File Table, which is the index of where all the files are stored on a hard disk drive.
“Petya uses the NSA Eternalblue exploit but also spreads in internal networks with WMIC and PSEXEC. That’s why patched systems can get hit.”
Mikko Hypponen confirms, Chief Research Officer at F-Secure.
PT Security, a UK-based cyber security company and Amit Serper from Cybereason, have discovered a Kill-Switch for Petya ransomware. According to a tweet, company has advised users to create a file i.e. “C:\Windows\perfc” to prevent ransomware infection.
Need to add multiple subdomains with LetsEncrypt?
maybe Certificate for WWW and non-WWW?
do a dry run, to test it
./certbot-auto certonly -d originaldomain.com -d www.originaldomain.com -d new.originaldomain.com -d new2.originaldomain.com -d new3.originaldomain.com –dry-run
I tested it with apache2 works great!