tag:blogger.com,1999:blog-23775520819912828802024-03-13T10:04:20.222+00:00Artfulbodger ITProRandom ramblings and findings whilst maintaining and supporting MS Active Directory and interfacingRich Carpenterhttp://www.blogger.com/profile/07183277726083202538noreply@blogger.comBlogger66125tag:blogger.com,1999:blog-2377552081991282880.post-26534659948140619292017-09-15T09:20:00.000+01:002017-09-15T09:20:44.082+01:00McAfee monthly SNS Digest is being replaced
McAfee is replacing the monthly SNS Digest with the SNS Weekly Roundup. To update your subscription preferences head over to the SNS Subscription Center.
Rich Carpenterhttp://www.blogger.com/profile/07183277726083202538noreply@blogger.com1Brixham TQ5, UK50.3873341 -3.542586600000049750.3063401 -3.7039481000000496 50.468328099999994 -3.3812251000000497tag:blogger.com,1999:blog-2377552081991282880.post-51299620060064052002017-06-29T14:06:00.003+01:002017-06-29T14:07:00.761+01:00AlienVault v5.4 Addresses 72 vulnerabilities
Several vulnerabilities were discovered in the underlying OS packages in AlienVault USM Appliance and OSSIM v5.3.7 and earlier. All of the vulnerabilities below have been confirmed and fixed in the AlienVault v5.4. AlienVault encourages customers to upgrade all AlienVault appliances to eliminate the vulnerabilities.
See the v5.4 release notice for details on the release.
Rich Carpenterhttp://www.blogger.com/profile/07183277726083202538noreply@blogger.com1Brixham TQ5, UK50.3873341 -3.542586600000049750.3063401 -3.7039481000000496 50.468328099999994 -3.3812251000000497tag:blogger.com,1999:blog-2377552081991282880.post-16531647127890784982017-06-29T14:00:00.000+01:002017-06-29T14:03:08.545+01:00Microsoft announce another CVE - Win32k Information Disclosure VulnerabilityAn information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.
Microsoft has reserved CVE candidate CVE-2017-8554 ready for announcement, but an early indication for MSRC shows the following OS Versions affected:
Windows 10
Rich Carpenterhttp://www.blogger.com/profile/07183277726083202538noreply@blogger.com0Brixham TQ5, UK50.3873341 -3.542586600000049750.3063401 -3.7039481000000496 50.468328099999994 -3.3812251000000497tag:blogger.com,1999:blog-2377552081991282880.post-65140887262621162782017-06-08T09:30:00.000+01:002017-06-08T09:30:00.181+01:00InfoSecurity Professional Magazine - May June 2017 Issue
(ISC)² Digital Publication design for the professional development of its members have released the May/June 2017 issue.
This issue covers Choosing a Cloud Access Security Broker, the third in a series of InfoSecurity Professional insights to GDPR and the Hong Kong Chapters work at promoting Safe and Secure Online.
All members can earn 2 group A CPEs for reading list issue and completing the Rich Carpenterhttp://www.blogger.com/profile/07183277726083202538noreply@blogger.com0Brixham, UK50.3873341 -3.542586600000049750.3063401 -3.7039481000000496 50.468328099999994 -3.3812251000000497tag:blogger.com,1999:blog-2377552081991282880.post-43323914488557737502017-02-16T15:43:00.001+00:002017-02-16T15:44:10.913+00:00McAfee Labs Threat Advisory for W32/DistTrack
W32/DistTrack is detection for a worm malware that has extremely destructive behaviour. Machines infected by it are rendered useless because most of the files, the Master Boot Record (MBR), and the partition tables are overwritten with random data. The overwritten data is lost and is not recoverable. The system is rendered unbootable.
Detailed information about the threat, its propagation, Rich Carpenterhttp://www.blogger.com/profile/07183277726083202538noreply@blogger.com0Brixham TQ5, UK50.39514 -3.513923999999974550.39514 -3.5139239999999745 50.39514 -3.5139239999999745tag:blogger.com,1999:blog-2377552081991282880.post-26536591254876930952017-02-16T15:34:00.000+00:002017-02-16T15:39:53.104+00:00McAfee Labs Threat Advisory for Ransomware-SAMAS
Ransomware-SAMAS is a detection for a family of ransomware that on execution encrypts certain file types present in the user’s system. The compromised user has to pay the attacker with a ransom to get the files decrypted.
Ransomware-SAMAS has been known to be used in targeted ransomware attacks on Organisations.
McAfee products detect this threat under the following detection name. It also Rich Carpenterhttp://www.blogger.com/profile/07183277726083202538noreply@blogger.com0Brixham TQ5, UK50.39514 -3.513923999999974550.3546465 -3.5946049999999747 50.435633499999994 -3.4332429999999743tag:blogger.com,1999:blog-2377552081991282880.post-55088165775666468782017-02-10T09:00:00.000+00:002017-02-10T09:00:09.249+00:00PowerCLI 6.5 reference poster
If, like me you are using PowerShell to build and automate everything, the millions of PowerShell commands swimming around in your head can make you go stir crazy.
While listening to the VMware vExpert Community Podcast from 8/2/2017 I heard Kyle Ruddy announce that the PowerCLI 6.5 R1 Poster had been released.
Head over to the PowerCLI blog to grab yourself a copy.Rich Carpenterhttp://www.blogger.com/profile/07183277726083202538noreply@blogger.com1Brixham TQ5, UK50.39514 -3.513923999999974550.3546465 -3.5946049999999747 50.435633499999994 -3.4332429999999743tag:blogger.com,1999:blog-2377552081991282880.post-87722637738365834742016-10-05T11:00:00.001+01:002016-10-06T17:17:28.173+01:00LDAP Authentication issues in USM and OSSIM v5.3.2
If you are using LDAP authentication for your OSSIM or USM installation you may want to hold off the v5.3.2 upgrade.
In a recent message from AlienVault, an issue has been detected during the password reset process post upgrade. The Password reset process was initiated to improve the security of password storage within OSSIM and USM, however this process is not working correctly for Rich Carpenterhttp://www.blogger.com/profile/07183277726083202538noreply@blogger.com0Saint Neots PE19, UK52.2546738 -0.2657259999999723752.0991323 -0.58844949999997231 52.4102153 0.056997500000027623tag:blogger.com,1999:blog-2377552081991282880.post-19940274471764200862016-10-05T11:00:00.000+01:002016-10-05T11:02:00.258+01:00LDAP Authentication issues in USM and OSSIM v5.3.2
If you are using LDAP authentication for your OSSIM or USM installation you may want to hold off the v5.3.2 upgrade.
In a recent message from AlienVault, an issue has been detected during the password reset process post upgrade. The Password reset process was initiated to improve the security of password storage within OSSIM and USM, however this process is not working correctly for Rich Carpenterhttp://www.blogger.com/profile/07183277726083202538noreply@blogger.com0Saint Neots PE19, UK52.2546738 -0.2657259999999723752.0991323 -0.58844949999997231 52.4102153 0.056997500000027623tag:blogger.com,1999:blog-2377552081991282880.post-76235211815835950452016-09-30T17:00:00.000+01:002016-09-30T17:00:22.059+01:00Collecting McAfee ePO threat data using AlienVault OSSIM
If you are using AlienVault OSSIM you can collect ePO Threat Data and add it to your SIEM Security Events.
AlienVault have already development a database plugin to connect to the ePO Database, collect and parse the data into the OSSIM Database, but I have struggled to get this to work with our MS-SQL Database cluster, resulting in 'ParserDatabase [INFO]: Can't connect to MS-SQL database' Rich Carpenterhttp://www.blogger.com/profile/07183277726083202538noreply@blogger.com16St Neots, UK52.2300836 -0.2651029999999536852.2106341 -0.30544349999995368 52.2495331 -0.22476249999995368tag:blogger.com,1999:blog-2377552081991282880.post-41345306937549629202016-08-30T09:30:00.000+01:002016-08-30T09:30:28.595+01:00VirusScan 8.8 P8 release - Windows 10 Anniversary Edition
After some issues with VSE 8.8 not being compatible with Windows 10 Anniversary edition, Intel Security have now release Patch 8 which adds compatibility for the current build of Windows 10.
Patch 8 (build 8.8.0.1588) has been released to the update site, and if you are running ePO 5.1.1 or later the Software Manager will be able to pull this update into your Master Repository.
Full details Rich Carpenterhttp://www.blogger.com/profile/07183277726083202538noreply@blogger.com0St Neots, UK52.2300836 -0.2651029999999536852.2106341 -0.30544349999995368 52.2495331 -0.22476249999995368tag:blogger.com,1999:blog-2377552081991282880.post-18796898225063759202016-08-26T14:00:00.000+01:002016-08-26T14:00:27.320+01:00ePolicy Orchestrator update fixes multiple Oracle Java vulnerabilities - July 2016
ePO is vulnerable to the following CVEs reported in Oracle's July 2016 Java SE update.
Collectively, these vulnerabilities affect integrity and availability of the server.
AFFECTED SOFTWARE
ePO 5.1.3 and earlier
ePO 5.3.2 and earlier
REMEDIATED/PATCHED VERSIONS
Oracle Java 7.0 officially reached End of Life (EOL) status in April of 2015. The Java version currently supported in ePO 5.1.x andRich Carpenterhttp://www.blogger.com/profile/07183277726083202538noreply@blogger.com0St Neots, Saint Neots PE19, UK52.2300836 -0.2651029999999536852.2106341 -0.30544349999995368 52.2495331 -0.22476249999995368tag:blogger.com,1999:blog-2377552081991282880.post-74643209176942753572016-06-16T10:00:00.000+01:002016-06-17T20:12:10.096+01:00ePolicy Orchestrator update fixes multiple Oracle Java vulnerabilities - May 2016
ePO is vulnerable to multiple CVEs reported in Oracle's April 2016 Java SE update. Collectively, these vulnerabilities affect confidentiality, integrity, and availability of the server.
AFFECTED SOFTWARE
ePO 5.1.3 and earlier
ePO 5.3.2 and earlier (NOTE: ePO 5.3.2 is expected in late Q2 2016)
REMEDIATED/PATCHED VERSIONS
The vulnerability is remediated in these versions:
ePO 5.1.3 + Hotfix Rich Carpenterhttp://www.blogger.com/profile/07183277726083202538noreply@blogger.com0Saint Neots, Cambridgeshire, UK52.2300836 -0.2651029999999536852.2106341 -0.30544349999995368 52.2495331 -0.22476249999995368tag:blogger.com,1999:blog-2377552081991282880.post-88704457477655970232016-06-13T09:00:00.000+01:002016-06-13T09:00:16.990+01:00(ISC)2 SecureLondon 2016
This conference explores the impact of the rise of the virtual organisation on security practice; the solutions that are emerging to tackle this environment; and the lessons being learned within professional practice. Acknowledging the need to step away from the technology–driven approach that often dominates traditional systems security management, delegates will explore the foundational Rich Carpenterhttp://www.blogger.com/profile/07183277726083202538noreply@blogger.com0Saint Neots, Cambridgeshire, UK52.2300836 -0.2651029999999536852.2106341 -0.30544349999995368 52.2495331 -0.22476249999995368tag:blogger.com,1999:blog-2377552081991282880.post-14922096821171638652016-06-10T09:00:00.000+01:002016-06-10T09:00:31.574+01:00PSRemoting Domain Controllers - Least Privilege accessRemoting Domain Controllers can speed up SysAdmin operations and enable SysAdmins to schedule automation tasks, lets be honest thats why we like Powershell so much. Being able to remote a domain controller requires elevated permissions and based on the Principle of least privilege we don't want to configure scheduled tasks using Domain Admin credentials.
We have two option here, install Rich Carpenterhttp://www.blogger.com/profile/07183277726083202538noreply@blogger.com0Saint Neots, Cambridgeshire UK52.2300836 -0.2651029999999536852.2106341 -0.30544349999995368 52.2495331 -0.22476249999995368tag:blogger.com,1999:blog-2377552081991282880.post-87757006658032233412016-06-09T21:00:00.000+01:002016-06-09T21:23:21.757+01:00Becoming an Associate of (ISC)2
With the shortfall in the cybersecurity workforce projected to be 1.5 million globally in five years*, businesses are pressed to find qualified candidates to protect their organisation against cyber threats. The need for candidates to prove their capability is more important than ever.
The Associate of (ISC)² allows those just starting out in the information security workforce to Rich Carpenterhttp://www.blogger.com/profile/07183277726083202538noreply@blogger.com0Saint Neots, Cambridgeshire UK52.2300836 -0.2651029999999536852.2300836 -0.26510299999995368 52.2300836 -0.26510299999995368tag:blogger.com,1999:blog-2377552081991282880.post-11232098680077911482016-05-24T17:30:00.000+01:002016-05-24T17:30:04.906+01:00Inside the Verizon Data Breach Investigations Reports Webcast
Verizon’s 2016 Data Breach Investigations Report (DBIR) provides a comprehensive analysis of data breach patterns seen in 2015. As a contributor, Intel Security provided anonymized breach data and co-authored a section focusing on post-breach fraud and what happens to data once it has been stolen from the breached entity.
Earn one CPE credit for attending the live webcast.
Wednesday, June 8Rich Carpenterhttp://www.blogger.com/profile/07183277726083202538noreply@blogger.com0Saint Neots, Cambridgeshire PE19, UK52.2300836 -0.2651029999999536852.2106341 -0.30544349999995368 52.2495331 -0.22476249999995368tag:blogger.com,1999:blog-2377552081991282880.post-70070155149434736172016-05-12T18:00:00.000+01:002016-05-12T18:00:15.501+01:00McAfee to Intel Security Migration
On May 12, 2016, the SNS Internet domain migrated from snssecure.mcafee.com to sns.secure.intelsecurity.com.
</--more-->
Intel purchased McAfee in 2011, the integration was completed in 2015, and they are now completing the transition of externally facing systems.
To ensure uninterrupted delivery of your SNS product advisories, please whitelist sns.secure.intelsecurity.com and add sns@Rich Carpenterhttp://www.blogger.com/profile/07183277726083202538noreply@blogger.com0St Neots, UK52.2300836 -0.2651029999999536852.2106341 -0.30544349999995368 52.2495331 -0.22476249999995368tag:blogger.com,1999:blog-2377552081991282880.post-26944296722860474422016-04-07T09:00:00.000+01:002016-06-14T10:18:47.006+01:00Update Lync LineURI with Active Directory Phone Number
In this series of Blog posts I will explain how we can use the Lync Powershell Modules to help automate some Bulk Lync user tasks. While most of these task can be completed using PowerShell Remoting using the OCSPowershell provider endpoint provided by the Lync server, some of the error forwarding through the proxy doesn't work as expected. In this case we can utilise the Lync Management Shell Rich Carpenterhttp://www.blogger.com/profile/07183277726083202538noreply@blogger.com0St Neots, UK52.2300836 -0.2651029999999536852.2106341 -0.30544349999995368 52.2495331 -0.22476249999995368tag:blogger.com,1999:blog-2377552081991282880.post-7221978359191573682016-04-06T16:25:00.000+01:002016-04-06T16:50:23.715+01:00Installing Lync Modules on Administrative Consoles
In this series of Blog posts I will explain how we can use the Lync Powershell Modules to help automate some Bulk Lync user tasks. While most of these task can be completed using PowerShell Remoting using the OCSPowershell provider endpoint provided by the Lync server, some of the error forwarding through the proxy doesn't work as expected. In this case we can utilise the Lync Management Rich Carpenterhttp://www.blogger.com/profile/07183277726083202538noreply@blogger.com0St Neots, UK52.2300836 -0.2651029999999536852.2106341 -0.30544349999995368 52.2495331 -0.22476249999995368tag:blogger.com,1999:blog-2377552081991282880.post-43203459905231607052016-04-04T11:00:00.000+01:002016-04-06T16:55:45.037+01:00Installing Parallels Desktop 10 Tools for Windows 10
I came across an issue when running a Windows 10 Enterprise guest in Parallels Desktop 10 where the "Install Parallels Tools" option was missing on the Actions menu, it should have looked something like this, but it wasn't there.
You can get around this by Mounting the Parallels Desktop Tools ISO within your VM and running the installer interactively.
The ISO's for Parallels Desktop 10 Rich Carpenterhttp://www.blogger.com/profile/07183277726083202538noreply@blogger.com2Saint Neots, UK52.2215517 -0.2960620000000062652.2203357 -0.29858350000000627 52.2227677 -0.29354050000000625tag:blogger.com,1999:blog-2377552081991282880.post-39271381641504772982016-03-17T19:00:00.000+00:002016-04-06T16:57:14.668+01:00Migrating existing MBSA Security Scan Results between Servers
Microsoft Baseline Security Analyzer (MBSA) checks for available updates to the operating system, Microsoft Data Access Components (MDAC), MSXML (Microsoft XML Parser), .NET Framework, and SQL Server. MBSA also scans a computer for insecure configuration settings. When MBSA checks for Windows service packs and patches, it includes in its scan Windows components, such as Internet Information Rich Carpenterhttp://www.blogger.com/profile/07183277726083202538noreply@blogger.com1St Neots, UK52.2300836 -0.2651029999999536852.2106341 -0.30544349999995368 52.2495331 -0.22476249999995368tag:blogger.com,1999:blog-2377552081991282880.post-47133908545817261052016-03-08T07:00:00.000+00:002016-04-06T16:59:04.514+01:00KeRanger - OSX Ransomeware
March 4th Palo Alto Networks Research Center detected the first known fully functional Ransomware on OSX.
Ransomware is a type of Malware that restricts access to the affected computer system in some way, typically by encrypting the User files on a computer using an Asymmetric Encryption algorithm where the Private Key required to decrypt the files is not stored on the infected machine, and toRich Carpenterhttp://www.blogger.com/profile/07183277726083202538noreply@blogger.com0St Neots, UK52.2300836 -0.2651029999999536852.2106341 -0.30544349999995368 52.2495331 -0.22476249999995368tag:blogger.com,1999:blog-2377552081991282880.post-4046586655510120562016-03-03T18:00:00.000+00:002016-04-06T16:58:24.760+01:00Rogue System Detection 5.0.3 Now Available
McAfee Rogue System Detection sensors use passive and active network discovery techniques to detect systems connected to the network. When a sensor detects a system on the network, it sends a message to McAfee ePO software, which checks to see whether the detected system has an active McAfee agent installed. If the detected system is unknown to the server, McAfee Rogue System Detection providesRich Carpenterhttp://www.blogger.com/profile/07183277726083202538noreply@blogger.com5St Neots, UK52.2300836 -0.2651029999999536852.2106341 -0.30544349999995368 52.2495331 -0.22476249999995368tag:blogger.com,1999:blog-2377552081991282880.post-21787722350456969802016-02-29T07:00:00.000+00:002016-04-06T16:59:32.989+01:00Troubleshooting On-Demand Scan Performance with VSE 8.8 Patch 5 and 6
After upgrading an endpoint to VSE 8.8 (patch 5 or 6), the system becomes slow or unresponsive during On-Demand Scans. System performance can be improved by making some changes to the System Utilisation settings to reduce resource use.
You can remove options for Scanning memory for Rootkits and running process, and carry out these scans as part of a separate task.
Stop scanning inside Rich Carpenterhttp://www.blogger.com/profile/07183277726083202538noreply@blogger.com0St Neots, UK52.2300836 -0.2651029999999536852.2106341 -0.30544349999995368 52.2495331 -0.22476249999995368