Security 2/55
top of page
Search
    • Nov 12, 2021

Cyber security warning: BazarBackdoor

Beware of the recent BazarBackdoor exploit. The malware works by sending an email which contains a link to a PDF file. The email may reference a customer complaint.


According to Sophos the link may appear like this and be to a URL referencing Adobe:


The link actually leads to the Win 10 application installer (used by the Microsoft store) and the recipient will be prompted to install an ‘Adobe PDF Component’.



The app installer file comes with its own doctored digital certificate.



Amongst other things BazarBackdoor runs PowerShell to get the IP address of your network.

21 views0 comments
    • Nov 8, 2021

Windows EFS Encryption

The Pro edition of Windows 10, the EFS (Encrypting File System) system is designed to support file encryption. You can encrypt any file by right clicking on it, selecting 'Properties', on the 'General' tab, clicking on 'Advanced' and then checking off 'Encrypt contents to secure data'.


If this checkbox is grayed out, open the Registry Editor, and at: Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem set the value of 'NtfsDisableEncryption' to 1. Then reboot your PC.



If this does not work, in admin mode of command prompt run this command:

fsutil behavior set disableencryption 1




Also run 'sevices.msc', and find Encrypting File System in the menu. Right click on it and select Properties. Then select the startup type to 'Automatic'.



Reboot your PC after making these changes.


68 views0 comments
    • Oct 26, 2021

Catching Landspeed Violations in Relativity

The Tip of the Night for May 28, 2021 discussed tracking 'landspeed' violations, when the same user logins from two different locations which are far apart. Relativity's Security Center can help an admin monitor such suspicious logins. The Security Center generates a map showing all of the logins that have taken place for the past 7 days.



You can drill down to more geographically specific information, by clicking on any circle. The circles will be color coded in order to show the security method used for the login. So password only logins will be in red circles, and logins using 2FA will be in green.


At the lowest level, the map will show the user login and IP address.








38 views0 comments
bottom of page