0

Misspelled JetBlue domain leads to Malware

Posted by rp on March 12, 2018 in News

 

 

 

 

 

 

 

Blog about jetlbue.com has been updated Wrong Spelling Brand Name Hijack

 

 

 … Read the article

Tags:

0

Crypto Mining Website Injection

Posted by rp on March 2, 2018 in News

 

 

 

 

 

 

 

We’ve seen a campaign that hacks Drupal, and other platforms injecting scripts that run crypto mining javascripts on the front page. In one case, it created a block that linked it to all pages. The vector and point of entry is still undetermined, but believed to be a bug in Drupal 7.

Mining code with javascripted hosted on https://cdn.nablabee.com. Encoded to obfuscate the ‘loadMiner’ code, shown in the image below:

The hijacked mining computers are being recruited to mine for the group supportxmr.com. If you use the ‘address’ in ‘payment address’, you’ll find a list of websites running this code, actively contributing to the hackers project.

We recommend a Website Firewall, and regular scanning for Malware. Sucuri’s service picked up this obfuscated code on a client website, alerting us to the infection.

*** Update: As part of this find, we notified 25 websites about the infection, and many have since removed it. One organization claimed that there was a complaint lodged against them with the BBB, after I had sent a notification about a week prior. Businesses ranged from Public Libraries, to a Portable Bathroom company.

 … Read the article

Tags: , ,

0

Next Generation Antivirus (NGAV)

Posted by rp on February 12, 2018 in News

 

We spent a great deal of time in late 2017 reviewing NGAV products on the market. All of the testing was done using demo environments, directly from the vendor. Namely: Cylance, SentinelOne, Barkly, BitDefender GravityZone, CrowdStrike, and a handful of other endpoint products. The research was conducted to keep updated on the underlying technologies powering NGAV. As you might expect, a good deal of time was spent running Malware, and tampering with the AV processes themselves. We tested the features and functionality of the cloud consoles and any notable impacts on system performance. It is highly recommended that you perform your own testing, and using other resources than what the vendor provides, in terms of malware samples.

Highlights of the testing, and outcomes

*** Update – Panda Antivirus Adaptive 360 is the new winner out of these solutions, and we’re working on updating the blog.

 

BitDefender – Best all around Endpoint platform with NGAV functionality. The GravityZone product has HyperDetect (Pre-execution protection), Sandbox Analysis based on Exploits, Ransomware, and Grayware. Full Disk Encryption (FDE) as well. Best feature set for managing endpoints. Performance on machines is not impacted by scans, or processes. Very hard to tamper with in memory, or by attacking it’s program files. Web Filtering is effective, and often they were the only vendor on Virustotal blocking phishing pages. Overall stability is great, and configurability on the console is very good for putting machine in contains, and controlling active modules. Be on the lookout for BitDefender rolling out EDR, Hyperdetect, Sandboxing, and other new competitive features.… Read the article

Tags: , ,

0

Removing McAfee Security Scan

Posted by rp on June 23, 2017 in News

 

Mcafee Security Scan 3x appears to come installed OEM on Dell Latitude laptops. There does seem to be an acceptance screen during the out of the box wizard, and if you’ve accidentally accepted, or imaged this into machines we’ve discovered the best way to remove it using a script, remotely, without any user intervention.

32-bit: "%ProgramFiles%\McAfee Security Scan\uninstall.exe" /S /inner

 

64-bit: "%ProgramFiles(x86)%\McAfee Security Scan\uninstall.exe" /S /inner

 … Read the article

Tags:

0

Office 2013 won’t activate due to network related error

Posted by rp on December 22, 2016 in News

Office 2013/2016 fails to activate on a fresh build. We notice that “No Network Connection” is present on the adapter, running Windows 7 x64bit. The client has two adapters connected, one Ethernet, and the other is Wireless. Both say there is no “Internet Connection” when one clearly exists.

(If you notice that your inside network is set to Public Network, then click it and change to Work or Home)

The specific error on opening Office is “We are unable to connect right now. Please check your network, and try again later”. There is an offering to “Enter a product key instead”, but that won’t apply to Office 365.

 

 

 

 

 

 

 

 

 

One recommended fix item was a registry key pointed out for Active Probing, but it did not work.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters\Internet\Active Probing (1)

 

We’ve also seen fixes that involved two keys which could be corrupt, or previously configured to block internet sign-in, but that wasn’t it:

HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Common\Internet\UseOnlineContent

HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Common\SignIn\SignInOptions

 

After reviewing sources pointing to various Windows fixes, we had success with general network clean up commands. Here’s the script used to clean the box, and the network connection in the system tray was working right away. It’s likely one of these commands that’s doing the fixing, but for the purpose of revealing the entire fix, I’ve included all of it:

@echo off
echo %time%: Beginning network repair process.
:: BEGIN Callout A
echo %time%: Releasing DHCP lease(s)...
ipconfig /release > NUL
:: END Callout A
echo %time%: Renewing DHCP lease(s)...
Read the article

Copyright © 2018 INFOSTRUCTION All rights reserved.
Infostruction.

8 visitors online now
4 guests, 4 bots, 0 members
Max visitors today: 21 at 11:45 am UTC
This month: 47 at 05-03-2018 11:31 am UTC
This year: 63 at 03-30-2018 09:49 am UTC
All time: 86 at 09-10-2015 09:19 pm UTC