KB4462928 – Critical Update for WS2016 Storage Spaces Direct Deployments

The 10C update for Windows Server 2016 has just been published,
it includes critical updates for Storage Spaces Direct deployments and we
recommend all customers aggressively adopt.  This update addresses all top
known supportability issues.

 

October 18, 2018—KB4462928 (OS
Build 14393.2580)

 

 

Important Updates

Specifically, this update includes fixes for the following
issues:

 

“Event 5120” with
STATUS_IO_TIMEOUT c00000b5 after an S2D node restart on Windows Server 2016 May
2018 update or later

 

Virtual Disks resources are in No
Redundancy or Detached status in a Storage Spaces Direct cluster

2018 NY Metro Joint Cyber Security WEBINAR

The 2018 NY Metro Joint Cyber Security WEBINAR will take place on Thursday October 18th.
NYMJCSC is now in its fifth year; featuring keynotes, panels and
sessions aimed at various aspects of information security and
technology.

This year will feature a webinar format allowing NYMJCSC to reach and educate a broader audience.

To register please go here

Conference
Agenda

Time
Slot
Topic Speaker
2:00
– 2:40
Behavior-based Internal Controls that Prevent Ransomware, Employee Theft, and Denial of Service attacks Jeffrey Wagar
Past President,
ISACA New Orleans Chapter
2:45
– 3:25
Cyber Risk: It’s All About People Alan Brill
CISSP, CFE, CIPP/US, FAAFS
Senior Managing Director,
Cyber Risk, North America,
Kroll (a division of Duff & Phelps)
3:30
– 4:10
Cyber Dogfighting: Hacker Decision-Making and the Korean Air War Mathew J. Heath Van Horn
Assistant Professor,
SUNY Delhi School of Business
4:15
– 4:55
Assessing Legal and Contractual Risk and Uncertainty with Bug Bounty Programs, Vulnerability Disclosures and Information Sharing Mark H. Francis
Partner – Tech & Data,
Holland & Knight
4:50
– 5:30
“Not If but When?” – Leveraging AI to Jettison Mantras of the Past: How AI will Liberate Security of the Future John McClurg
VP & Ambassador-At-Large,
Cylance
 

Free NYC Secure app

This new app from NYC

  • Alerts you to unsecure Wi-Fi networks, unsafe apps in Android, system tampering & mor
  • Helps you protect your phone and your privacy
  • $0 to download, $0 to use, no in-app purchases, no ads

How does the app help protect me?

The app detects potential threats in real time to your device, to Wi-Fi networks you may connect to, and for Android users, it detects whether any app you’ve downloaded might 
be unsafe. When the app detects a threat, it will send you an alert in real time and offer a recommendation on how to address the threat, such as suggesting you disconnect from a particular Wi-Fi network. These alerts include:
  • Device alerts—These alerts warn you about settings or activity that could potentially put your device at risk.
  • Network alerts—These alerts warn you about potentially compromised networks you are connected to
  • .App alerts (Android only)—These alerts warn you when issues arise on apps you have installed that could compromise your device’s security.
Go here to learn more https://secure.nyc/

Free Credit Protection Information


f you haven’t frozen your credit reports yet, this could be your moment.

Under the Economic Growth, Regulatory Relief, and Consumer Protection Act, freezing your credit at all three major credit bureaus — Equifax(1-800-525-6285),

Experian (1-800-397-3742)  and TransUnion (
1-800-680-7289). Now is for free, previously, states set prices for credit freezes, which typically cost
about $10.
Other links of importance

       
Federal Trade Commission
www.ftc.gov

       
Identity Theft Hotline 1-877-438-4338

       
Social Security 1-800-269-0271

       
In the United States, you can report tech
support scams with the
Internet Crime
Complaint Center (IC3)
or use the FTC Complaint Assistant form.

Another tool you might want to look at is  Lock & Alert 

Equifax offers a Lock & Alert service allows you to lock and
unlock your Equifax credit report for free, online or with the Equifax Lock
& Alert app.
By locking your credit report, you can restrict access to it by third
parties, with certain exceptions. These exceptions, for instance, may include
lenders and creditors where you have existing accounts. Federal, state and
local government agencies are also exceptions.

Locking your Equifax credit file will prevent access to it by certain
third parties. Locking your Equifax credit file will not prevent access to your
credit file at any other credit reporting agency. Entities that may still have
access to your Equifax credit file include: companies like Equifax Global
Consumer Solutions which provide you with access to your credit report or
credit score, or monitor your credit file; federal, state, and local government
agencies; companies reviewing your application for employment; companies that
have a current account or relationship with you, and collection agencies acting
on behalf of those whom you owe; for fraud detection purposes; and companies
that wish to make pre-approved offers of credit or insurance to you. To opt out
of such pre-approved offers, visit www.optoutprescreen.com.

Draft of NIST’s Transport Layer Security (TLS) Guidance Now Available for Comment:(SP) 800-52 Rev. 2

NIST has released a second draft of
NIST Special Publication (SP) 800-52 Revision 2,
Guidelines for the Selection, Configuration, and Use of
Transport Layer Security (TLS) Implementations
. It provides
guidance for selecting and configuring TLS protocol implementations that
utilize NIST-recommended cryptographic algorithms and Federal Information
Processing Standards (FIPS). The document requires that government TLS servers
and clients support TLS 1.2 configured with FIPS-based cipher suites, and
recommends that agencies develop migration plans to support TLS 1.3 by January
1, 2024.

 

A public comment period for this document is
open until November 16, 2018.

 

CSRC Update:

Publication Details:

 

Disaster Relief: Don’t be a victim of fraud

As a public Service announcement I am copy and posting this on my blog. The original content comes form CENTER FOR CYBER SAFETY AND EDUCATION,

We have all seen the devastation and trail of destruction that
events such as hurricanes, tornadoes, and earthquakes can cause. But
before you take out your credit card, make sure your donations are
really going to the victims and those that are helping provide them with
the materials to survive and start their lives over again. While our
hearts ache with helplessness, others’ fill with greed and see this as
the perfect opportunity to exploit your sympathies and deceive you into
sending money.

If you want to help by donating, make sure you know who you
are really donating to before you give out your credit card number or
write a check.

Any time you give to a charity, you want to do your homework, but in a
crisis like this, we are often inspired by social media or by what we
see on television and rush to make a donation. It is in times like these
that we recommend you stick with the bigger, established organizations
with proven track records. These organizations have the resources and
structures to maximize your donation with minimal overhead, meaning more
of your money will go to help victims.  You can find a great list of
them at https://www.nvoad.org/voad-members/national-members/.
Some unknown “charities”, GoFundMe-style requests, and social media
outreaches you come across may be legitimate, but many are not. Even if
they are really trying to help, it is not uncommon for organizations
like these to have high overhead and administrative cost that will
result in only a small amount of your donation actually making its way
to help the victims.


TIPS WHEN GIVING DURING A CRISIS:

  • Don’t give over the phone or click on links found in emails or
    social media. Go directly to the official website for a charity that you
    are familiar with and donate on their page. Don’t give to any third
    party solicitations.
  • Be skeptical of cash requests in front of your local grocery store
    or other establishments. Who are these people? Don’t be fooled by what
    they say or how they are dressed. Ask questions, or better yet, go back
    home, research them and then donate online.
  • Don’t be fooled by celebrity names being attached to a campaign. The
    organization could be using someone’s name without their permission, or
    that celebrity could also have been duped and is unwittingly lending
    their name to what they think is a good cause.
  • Don’t fall for all the sad stories you are going to see and read
    about where they ask you to give to help a specific victim. There will
    be hundreds of thousands of such stories. You can best help by
    supporting legitimate charities, not by sending them money directly.
  • Give directly to your charity of choice and designate that you want
    the money to go to their Hurricane Michael Relief efforts. This will
    restrict them from using the money to fund their other ongoing programs.

Now is not the time to take a chance or fall for a phone or email
scam. People really do need help, and it is best to support the experts
who are trained and prepared to help those in need.

Your help and support of others is greatly appreciated. Just make sure you don’t get scammed and become a victim yourself.

GhostDNS: 100,00 Infected Routers

Several research labs have been releasing their finding on a new take of DNSChanger.  A new router-based exploit known as GhostDNS seems to be made up of three variations of DNSChanger.  By using Shell DNSChanger, Js DNSChanger, and PyPhp DNSChanger, GhostDNS can infect over 70 different router models. However, GhostDNS is more than the sum of its DNSChanger components. Analysts have also identified that it also is made up of a web admin module, a RougeDNS module, and a phishing module. 

GhostDNS scans the internet looking for routers that it can exploit due to vulnerability or weak security by using its scripts to attack poorly secured Web Administration consoles via Shell, Java, Python, PHP to deploy its payload. The primary purpose is to change the devices’ DNS setting to forward traffic to RougeDNS servers. Once this is done the unsuspecting user is redirected to the phishing landing pages of online services when they attempt to go to various web services. Banking portals, Telecom’s, ISP’s and Netflix seem to be among the most common phishing targets of this malware.   

While there has been some disagreement about the time frame this campaign has been running, it is widely agreed the campaign has infected over 100,000 routers with 86% located in Brazil. The other 24% have been reported across other South American countries. The DNS redirection service know as Rouge has been detected on many notable cloud services like Amazon, OVH, Google, Telefonica, and Oracle but researchers have been in contact with larger networks and ISP’s to shut down the network. 

The GhostDNS payload can deliver over 100 scripts via remote access or utilizing exploits, and can attack hardware from older HP (3Com), A-Link, Alcatel / Techicolor, Antena, C3-Tech, Cisco, D-Link, Elsys, Fibrehome, Fiberlink, Geneko, Greatek, Huawei, Intelbras, Kaiomy, LinkOne, MikroTik, MPI Networks, Multilaser, OIWTECH, Perfect, Qtech, Ralink, Roteador, Sapido, Secutech, Siemens, Technic, Tenda, Thomson, TP-Link, Ubiquiti, Viking, ZTE, and Zyxel routers. 
Analysts have some advice to not become a victim this kind of attack. It is recommended that you update your firmware to the latest version available for your router and use complex and strong passwords. Consider disabling any web administration on your device. Finally, hardcode your DNS setting to use only trusted DNS servers in both your Router and OS. 

Sources
https://thehackernews.com/2018/10/ghostdns-botnet-routerhacking.html https://www.theregister.co.uk/2018/10/02/ghostdns_router_hacking/ 
http://blog.netlab.360.com/70-different-types-of-home-routers-alltogether-100000-are-being-hijacked-by-ghostdns-en/ h

Supply Chain Issue

The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies

 
here a great article on Supply chain  on the Bloomberg site. The article is here

Facebook Breach

10/03/2018 01:30 PM EDT

 

Original
release date: October 03, 2018

The Federal Trade Commission (FTC) has released an alert to provide Facebook
users with recommended precautions against identity theft after the recent
breach of the Facebook social media platform.

NCCIC encourages users and administrators to review the FTC
Alert
and the NCCIC Tip on Preventing and Responding to
Identity Theft
. If you believe you are a victim of identity theft, visit
the
FTC’s identity theft website
to make a report.

2018 NY Metro Joint Cyber Security WEBINAR

October 18th
WEBINAR

The 2018 NY Metro Joint Cyber Security WEBINAR will take place on Thursday October 18th.
NYMJCSC is now in its fifth year; featuring keynotes, panels and
sessions aimed at various aspects of information security and
technology.

This year will feature a webinar format allowing NYMJCSC to reach and educate a broader audience.

Time Slot Topic Speaker
2:00 – 2:40 Behavior-based Internal Controls that Prevent Ransomware, Employee Theft, and Denial of Service attacks Jeffrey Wagar
2:45 – 3:25 Cyber Risk: It’s All About People Alan Brill
3:30 – 4:10 Cyber Dogfighting: Hacker Decision-Making and the Korean Air War Mathew J. Heath Van Horn
4:15 – 4:55 Assessing Legal and Contractual Risk and Uncertainty with Bug Bounty Programs, Vulnerability Disclosures and Information Sharing Mark H. Francis
4:50 – 5:30 “Not If but When?” – Leveraging AI to Jettison Mantras of the Past: How AI will Liberate Security of the Future John McClurg


Register Here for the Webinar on Thursday, October 18th