@dashrender said in Webroot status:

I have one client (well, x-client now) that just moved away from it because the new owners used something else, but up to the beginning of June, they were on it with no issues.

Unless "paying for something that has a negative impact on them" is an issue. To a business, that is always an issue. It's a "loss event" just like any other, similar to a small outage or dataloss. It's a business mistake that causes measurable lost revenue and puts other revenue at risk. So while a hobby could classify it as "not having any issue", no actual business can.

At first, I was thinking this was a PXE boot. Those damned hackers are evil beyond compare.

@Obsolesce said in Microsoft Search in Bing and Office 365 ProPlus:

@scottalanmiller said in Microsoft Search in Bing and Office 365 ProPlus:

Since I switched to DDG, I've noticed Google has gone down hill significantly.

That's why, it's because YOU switched.

No reason to keep it good, I guess, lol.

@scottalanmiller

Whole article is great but the last 2 lines are :+1: :+1:

Shame that NextCloud + OnlyOffice is not really there, I tried it when I was working with MSFF... definitely interesting but needs some time.

@Danp said in Windows 10 Defender Won't Start After Malware or Ransomware:

@RojoLoco Click the link and read for yourself. Also this -- https://www.cybereason.com/hubfs/ransomfree-EOL-message.pdf

Well damn...

@stacksofplates said in Researchers use Intel SGX to put malware beyond the reach of antivirus software:

Did you see what Intel said regarding this:

Intel is aware of this research which is based upon assumptions that are outside the threat model for Intel SGX. The value of Intel SGX is to execute code in a protected enclave; however, Intel SGX does not guarantee that the code executed in the enclave is from a trusted source. In all cases, we recommend utilizing programs, files, apps, and plugins from trusted sources. Protecting customers continues to be a critical priority for us and we would like to thank Michael Schwarz, Samuel Weiser, and Daniel Grus for their ongoing research and for working with Intel on coordinated vulnerability disclosure.

Outside of the threat model?.........

Haha, whatever that means.

@travisdh1 said in Decrypting Rapid Ransomware:

Might be an opportunity to get started with that if you don't.

Not sure what FoolishIT.com is.. Ill have to look that up in a little

@dbeato said in Dell Machines Unable to VPN Due to SmartByte Bloatware:

@scottalanmiller said in Dell Machines Unable to VPN Due to SmartByte Bloatware:

SmartByte, a bit of bloatware or possibly malware - certainly closer to malware than not, is shipping by default on some Dell laptops and desktops. If you are doing a clean OS install as is best practice, this bloatware will be unknown to you. But if you keep the random stuff that ships with your machine, you may run into networking problems. SmartByte has been found by Cisco (and us, now that we know about it with clients) to break network connections and specifically has been found to cause VPNs to fail to connect.

You'll need to disable, or better remove, or best do a proper, clean OS install, to get your machine able to network reliably.

None of my Dell Devices has ever come with this. Not even laptops bought through Amazon. In the past Dell and HP have had the Cisco AnnyConnect client but that is found more on home and retailers like Best Buy, Staples or such.

Then again I don’t buy Dell Inspiron (Which are the ones with SmartByte for sure)

I never run into it because I would never run a machine without doing a proper OS install, you never know what is on there. But we ran into this (and I've been ranting about how people got into the process of not doing a clean install - dealing with that separately) just now because someone had a machine that didn't get installed and, of course, terrible bloatware problems.

@dashrender said in HP Possible pulling a Lenovo with Stealthy spyware?:

@scottalanmiller said in HP Possible pulling a Lenovo with Stealthy spyware?:

@momurda said in HP Possible pulling a Lenovo with Stealthy spyware?:

I don't trust hardware manufacturers to write good software. I trust them to make good hardware.

That, too.

This really doesn't compute to me. If you have bad drivers, how can you expect your hardware to perform well?

How often do you have vendors making their own drivers? Sometimes, but not all that often.

@stuartjordan said in NextCloud Introduces a Ransomware Protection App:

That is Great to hear, they are constantly developing on the project.

They really are. It's very busy.

Pretty sure that ShadowCopy is still time only.

After monitoring this new outbreak for 24 hours, I came to the conclusion we were dealing with cyber warfare, and not ransomware. Two separate reports coming from Comae Technologies and Kaspersky Lab experts confirm this now.

NotPetya is a destructive disk wiper similar to Shamoon which has been targeting Saudi Arabia in the recent past. Note that Shamoon actually deleted files, NotPetya goes about it slightly different, it does not delete any data but simply makes it unusable by locking the files and then throwing away the key. The end result is the same.

Someone is hijacking known ransomware families and using them to attack Ukrainian computer systems. Guess who.

You never had a chance to recover your files. There are several technical indicators that NotPetya was only made to look as ransomware as a smoke screen:

It never bothers to generate a valid infection ID The Master File Table gets overwritten and is not recoverable The author of the original Petya also made it clear NotPetya was not his work

This has actually happened earlier. Foreshadowing the NotPetya attack, the author of the AES-NI ransomware said in May he did not create the XData ransomware, which was also used in targeted attacks against Ukraine. Furthermore, both XData and NotPetya used the same distribution vector, the update servers of a Ukrainian accounting software maker.

Catalin Cimpanu, the Security News Editor for Bleepingcomputer stated: "The consensus on NotPetya has shifted dramatically in the past 24 hours, and nobody would be wrong to say that NotPetya is on the same level with Stuxnet and BlackEnergy, two malware families used for political purposes and for their destructive effects. Evidence is clearly mounting that NotPetya is a cyber-weapon and not just some overly-aggressive ransomware."

Cybersecurity has moved from tech to a CEO and Board-level business issue

You did not sign up for this, but today it is abundantly clear that as an IT pro you are have just found yourself on the front line of 21-st century cyber war. Cybersecurity has moved from tech to a CEO and Board-level business issue. I strongly suggest you have another look at your defense-in-depth, and make sure to:

Have weapons-grade backups
Religiously patch
Step users through new-school security awareness training.