Saturday, October 20, 2018

Install Latest Splunk 7.2.0 on Ubuntu 18.04 LTS at Google Cloud Platform



1. Create a new Ubuntu 18.04 LTS VM from GCP ->Computer Engine -> VM Instance




Wednesday, October 17, 2018

Canada CRA Email / Message Scam Example and Phone Call Scam Fraud Recording 2018

One of the top scams happening in Canada is CRA Scam, also called Income Tax Scams. Over $5 million was lost to income tax scams in 2017. The Canada Revenue Agency (CRA) is warning Canadians to be careful of emails, voice mails, even mail claiming to be from the CRA. These are phishing scams that could result in identity thefts. Email scams may also contain embedded malware, or malicious software, that can harm your computer and put your personal information at risk of compromise. The CRA does not email Canadians and request personal information.

Recently, I collected some of real samples happened to me from those scammers.

1. CRA Email Scam

I got an email from a email address starts with CRA-NoticeSecured-Taxinfo, with an attachment inside. But it actually from some weird domain aprobacion.x7.io. The email says Canada Revenue Agency has sent you an INTERAC e-Transfer with amount $782.57.


Thursday, October 11, 2018

Qualys Guard Tips and Tricks

The Qualys Cloud Platform and its integrated apps can simplify security operations and lower the cost of compliance by delivering critical security intelligence on demand and automating the full spectrum of auditing, compliance and protection for IT systems and web applications. Qualys Scanner Appliance is an option with the Qualys Cloud Platform. With the Qualys Scanner Appliance, you can easily assess internal network devices, systems and web applications.  This post summarize some of my experience with Qualys Guard service from Qualys Scanner Appliance.

1. Assetview Tag 

Asset Search - Dynamic Rule
Search all assets found / scanned in last 90 days:

Tuesday, October 9, 2018

How Much Google Cloud Platform Charges on F1-Mirco VM

I have been using GCP for my small blog site for a while. It was not been charged much since the traffic is small, a couple of thousand visitors per day from the world. The GCP credit is still having more than $384 30 days before the trial day ended.

To better trace the charges, I decided to spin up another VM around 10PM Sep 28 2018 to track how much it will charge daily with this minimum f1-micro (1 vCPU, 0.6 GB memory) VM.

I choosed Ubuntu 16.04 (Xenial Xerus) on f1-micro. License is free for this OS. The only service enabled on this f1-micro VM is Mysql used as backend of my blog. FrontEnd is another PHP/APACHE VM hosting in another GCP account.  I have hardened the firewall rules to allow only MySQL in from a specific ip.


Based on the GCP Always Free Usage Limits, I should be able to have following services as free:
  • 1 f1-micro VM instance per month (US regions, excluding Northern Virginia).
  • 30 GB of Standard persistent disk storage per month.
  • 5 GB of snapshot storage per month.
  • 1 GB egress from North America to other destinations per month (excluding Australia and China).

1. First Two days 
Here is first 32 hours charges and checked on Sep 30 2018:


SKUProduct

UsageCost before Credit credit
Network Inter Zone EgressCompute Engine
2.51 gibibyte$0.03-$0.03
Micro instance with burstable CPU running in AmericasCompute Engine
32 hour$0.02-$0.02
Network Internet Egress from Americas to ChinaCompute Engine
0 gibibyte$0.00-$0.00

Splunk Tips and Tricks


Splunk Installation:
On Google Cloud Windows 2016 VM


Friday, October 5, 2018

Security Breach Events in 2018, 2017, 2016, 2015, 2014

Here is a list of  top vulnerabilities found since 2015, which I am still working on to compile them together. It will come from different sources and includes those which I believe it is worth taking a note here.


2018

  1. Jan 3,  Spectre and Meltdown vulnerabilities (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754)
  2. Jan 29,  Cisco Adaptive Security Appliance Remote Code Execution and Denial of Service Vulnerability
  3. Mach 20, Facebook's privacy scandal - The Guardian revealed that the personal data of 50 million Facebook profiles was illegally harvested by Cambridge Analytica.
  4. June 27, Exactis – Data warehouse / consumer marketing data – 340 million PII records accessible via unprotected, online-accessible database
  5. Jul 29, Adidas – Shoes, clothing and sports equipment – PII for millions of customers (emails, login IDs, hashed passwords) – Technical details not released, potentially vulnerability on online-accessible server.