[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x

Cyber Security

557

Solutions

885

Contributors

The cyber security specialization covers the fundamental concepts underlying the construction of secure systems, from the hardware to the software to the human-computer interface, with the use of cryptography to secure interactions. cyber security focuses on protecting computers, networks, programs and data from unintended or unauthorized access, change, theft or destruction. This includes controlling physical access to the hardware, as well as protecting against the harm that may come via network access, data and code injection, and due to malpractice by operators, whether intentional, accidental, or due to them being tricked into deviating from secure procedures.

Share tech news, updates, or what's on your mind.

Sign up to Post

Dear Experts, I got this issue with Dell Sonicwall:

----------------------------------------------------------------
~~ SonicWALL Email Security Alert (9.0.5.2079) ~~
----------------------------------------------------------------

[Summary: A flood has been noticed in outbound traffic from
        user ID (mallikarjun.k@xxxxxx)]

Details: 
    Host Name: gw.xxxxxx.com
    Description: Number of messages sent from email ID
        (mallikarjun.k@xxxxxxx) in the scheduled
        interval  has exceeded the flood protection
        threshold.

Time Stamp: 
    Local Time: Mon Oct 22 13:00:01 2018
    GMT:        Mon Oct 22 06:00:01 2018

Additional Information: 
    Recommended Action: User's machine may have been affected.
        Please check for zombies.
    Alert Configuration Page: https://gw.xxxxxx.com:443/virus_config.html?bound=1&hopto=virus_config.html%3Fbound%3D1
    General Alert Settings: https://gw.xxxxxx.com:443/settings_monitoring.html?hopto=settings_monitoring.html

Open in new window


The mail server is Exchange 2016 on Win 2012R2, AV is Kaspersky.

We tried:
- Disable this email account
- Reinstall app, format all devices of users which installed email
- Create a rule in Transport settings in ECP to block email from this account

BUT we still receive this notification each 15 mins from the Sonicwall. Can you please suggest?
0
The Firewall Audit Checklist
The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

15_years_.jpg Acronis Celebrates 15 Years of Cyber Protection!
Explore Acronis' History https://15.acronis.com 
0
Artificial Intelligence
We’d all like to think our company’s data is well protected, but when you ask IT professionals they admit the data probably is not as safe as it could be.
1
LVL 21

Expert Comment

by:Andrew Leniart
Comment Utility
Great article that explains the importance of not just relying on definitions based security solutions. Thanks for writing this. Interesting read!

Endorsed.
1
Hi Experts,

We recently had one of our employees click on a link in a e-mail that took him to a fake site where he entered his credentials and his e-mail account was compromised.
Management hired a cyber security company who did scans on the systems, his e-mails and also other things on the web.
We have managed symantec Endpoint protection, intrustion, malware which is up to date and active.  
We also didn't have anything on the back end set up (per management) to protect our e-mail against spam, malware, all e-mails were to come through.
The cyber people are telling management that Symantec only gets 20% of intrusions, viruses and malware.  (I don't believe that, I have a e-mail box flooded with all the intrustions Symantec is getting and not one virus in 4 years which it caught).
Management from their advice is most likely going to force me to uninstall Symantec from all of our workstations and servers and deploy Carbon Black?

Can anyone tell me if this sounds as insane as it I think it is?  Anyone familiar with Carbon Black?  

Please help, I don't trust this at all and would love to be proven right or wrong.  I think this cyber company might be banking on management fears from my co-workers mistake.

Thank you
0
In one presentation by an IT regulator & Cyber Security Agency,
one slide mentioned about reviewing "Netflow" & a couple of
slides later, it require us is to perform periodic "review of
information flow" :

though I raised if these are related ie by reviewing "Cisco Netflow",
we are deemed to have addressed the requirement to "review
information flow" : the presenter doesn't quite seem to know,
thus I'm clarifying here:
does Cisco Netflow offers a form of documenting information
flow?
0
Zero Downtime How to prioritize workloads during total downtime? Consider:
- The order in which workloads should be brought up
- Which workloads should have redundancy and failover
- Which workloads can wait or should be stopped to free resource capacity
https://bit.ly/2yb7Wqh
0
Keep your business safe from Ransomware Two ransomware attacks to international ports happened recently, at San Diego and Barcelona. Our experts recommend four simple steps to ensure your files, apps, and systems stay safe https://bit.ly/2Nl5UZn
0
Ransomware is the next big security threat. Don’t be a victim. Prepare your business for fast and easy backup now https://bit.ly/2O0FO34 
1
Hi Experts
I am planing to study the information security, I am working in the IT field long time ago
But I do not know any courses i can start by.  some of them told me that CEH is perfect and other told me  to CEH it is useless
please advice me
0
Let's say you reserved a domain at one of the reputable registrars.  You don't link it with the hosting account yet, just own it.  The registrar automatically creates nice landing page for it.  This means that they created a valid DNS zone file for your domain name, which includes an A record pointing at the web server hosting the landing page, bunch of CNAME records pointing at their www., pop., imap., etc. servers.  However, this is only a zone file for a landing page, so MX record may or may not be there and SPF record typically is not there.  Now, a company like Security Scorecard scans registrar's records and finds that this specific domain name belonging to your company.  The domain name doesn't have SPF record - negative points, has associated IMAP service - negative points, the landing page doesn't enforce HTTPS protocol - negative points.  All you did was reserved yourself a domain name, but that scored negatively against your company cyber security or, as they call it,  digital footprint reputation.

This leads me to the question directed to people familiar with Security Scorecard, or such like, services  - what is the best way to avoid owned parked domain having adverse effect on the Security Scorecard report?  Is the private registration the way to go?  Or, perhaps, setting invalid address for the DNS server authoritative to that domain, e.g 1.2.3.4?  That way the scanner will not get any response at all.  Or, maybe it is better to set the authoritative DNS …
0
OWASP Proactive Controls
LVL 12
OWASP Proactive Controls

Learn the most important control and control categories that every architect and developer should include in their projects.

I've set our web.config file on a WP site we've built to have secure cookies but all tests we've run online suggest cookies are still not secure. The httpOnly setting also hasn't taken effect.

The code snippet from the web.config is below and always the PHPSESSID cookie doesn't have these settings

<system.web>
    <httpCookies httpOnlyCookies="true" requireSSL="true"  />
</system.web>

Open in new window


What else do we need to look at to ensure this setting takes effect?

Thanks
Iain
0
Bankrupt Company's Data Resold on Craigslist

Heads up for any members who have ever purchased through NCIX. Looks like their server equipment was sold off without being scrubbed.
This is a good reminder about letting a third party store your credit card data.
https://nakedsecurity.sophos.com/2018/09/24/bankrupt-ncix-customer-data-resold-on-craigslist/
2
LVL 45

Expert Comment

by:noci
They can sell the data to any company that continues the business (as a whole)  in one part.  (restart of business with new owners)...
(that is data that will still be used for what it was provided for.... ) Data is NOT provided for anything else then conducting business with THIS company.   (If EU customers are part of the data GDPR is important here, or even if non-EU citizens did business from the EU).
So there is no license on the data for a lot of different things.
0
LVL 45

Expert Comment

by:noci
The new  owner of the data ALSO inherrits this license/restriction on the data is not that  the data is free for all after it has been flogged off... (In legal theory...,  i am afraid it will be a free for all in practice).
0
https://www.garrison.com/browsing.php

I'm looking for similar competing products (preferably with local Singapore support presence) to provide
secure browsing of Internet and emails (these are the top 2 vectors of malwares): looking to adopt this
'logical segregation' instead of 'physical segregation':
I suppose this is more useable/implementable than doing physical segregation.

We have corporate Wifi too, so need to take this into consideration if it's relevant.

Q1:
Can suggest a few products & local resellers (if available)?

Q2:
if there's comparison of features (how each product fare against competitors), do provide as well.
It helps to justify the purchase.
0
Hello,

I need your advice please  to validate a solution for up to date  a file exchange between MarketPlace MIRAKL and SAP.
Mirakl does not give us the possibility to connect via sftp (user, mdp, port or other ).

However, If we use the CURL (client URL request library) technology to send requests and retrieve orders that are entered into our stores and repatriate them to SAP.
The connection is via https and in the script it will be used an API key that is unique and generate from our MIRAKL account. In this API key we have a user and a password, which makes the connection secure.

About security, the solution is secure (safe) or not and we advise me to implement this solution?

Best regards,
0
what would be some useful checks to include in an audit/health check of SharePoint (and document management in general). The obvious one we can think of is around permissions of documents stored in SharePoint, to ensure sensitive documents are only accessible by the approved users/groups - but I wanted to spread the review a but further, and was hoping for some inspiration on what above and beyond security permissions would be useful when looking at such a system (it doesn't have to all be about security). Any common SharePoint mistakes/risks above and beyond permissions also most useful,
0
In April 2018, the "SamSam" ransomware attack crippled the city of Atlanta. The recovery that followed provides a stark reminder of the real costs associated with ransomware – both technologically and financially.
0
On Sunday 16th September 2018 at 9.30am, Premium Credit - a number one insurance premium finance company in the UK and Ireland came under cyber attack.
0
LVL 5

Author Comment

by:Adrian McGarry
Comment Utility
Thanks Andrew
0
LVL 5

Author Comment

by:Adrian McGarry
Comment Utility
Thank you Andrew
0
ITSec vs CSec
I am sure that most of you will have chanced upon either of the terms like "Information (IT) Security" and "Cybersecurity" but do you know the differences and the implications as those threats evolve? Find out more in this article on the different security approaches that should be adopted.
1
I am getting the following error message in the event log each time it's restarted.
This is a Windows 2016 Hyper-V Host.  There's no virtual machines on it yet, this is a brand new install:

Log Name:      System
Source:        Microsoft-Windows-Kernel-Boot
Date:          9/7/2018 7:48:33 AM
Event ID:      124
Task Category: None
Level:         Error
Keywords:      (70368744177664)
User:          SYSTEM
Computer:      HostName.Domain.com
Description:
The Virtualization Based Security enablement policy check at phase 0 failed with status: The object was not found.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Kernel-Boot" Guid="{15CA44FF-4D7A-4BAA-BBA5-0998955E531E}" />
    <EventID>124</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8000400000000000</Keywords>
    <TimeCreated SystemTime="2018-09-07T12:48:33.163793600Z" />
    <EventRecordID>6108</EventRecordID>
    <Correlation />
    <Execution ProcessID="4" ThreadID="8" />
    <Channel>System</Channel>
    <Computer>hostname.domain.com</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <EventData>
    <Data Name="Phase">0</Data>
    <Data Name="Status">3221226021</Data>
  </EventData>
</Event>
0
Discover the Answer to Productive IT
Discover the Answer to Productive IT

Discover app within WatchGuard's Wi-Fi Cloud helps you optimize W-Fi user experience with the most complete set of visibility, troubleshooting, and network health features. Quickly pinpointing network problems will lead to more happy users and most importantly, productive IT.

hello
i have a network the ahve a multi subnet and multi router and main gateway
on of client in a subnet are doing a arp spoofing of one of router in subnet on a switch getway ip
how i can catch him ?
in all subnets i have hawawi switches l3
thanks
0
What realistically is the risk if somebody found out an internal server name from the outside, e.g. what may it allow them to do in terms of a security attack. I am talking about from the outside. I noticed in some documents available on our website there is some mention of internal servernames and need to quantify the risk, they are not accessible to anyone outside the organisation, only those internal to the company, but it still doesn't sit easy.
2
Tough spam problem can't seem to isolate. Out of 20 users only one affected. Spam is not going through the spam filter incoming or outgoing. Has to be something on a local device infusing the spam into the users inbox. Nothing in sent either. Have removed the computer they work from in the office, disabled the NIC. Ran a malware scan on they're laptop and the ccleaner bug was found, see below for details regarding the CCleaner incident.

CCleaner v5.33 and CCleaner Cloud v1.07 Security Notification. Not sure if this is related.

Haven't run a scan on the users phone doing so now.

The bug is the same one identified here.
0
Trade off - web cache poisoning
Web cache has been one of the performance options but though it serves well in enhancing the user experience, it can also inadvertently act as a point for attacks if it is not secured to reduce the exposure. Read on to find out the hidden threats in web cache.
2
LVL 21

Expert Comment

by:Andrew Leniart
Comment Utility
Bernard, this is excellent information written in a way that even a layman to the topic has a chance to understand. Please keep them coming.

Endorsed!
1
Hi I am looking to do Pester test around my powershell code...but not sure about it ...can some help.

Bascially I need to pull Azurekeyvaultkey information using powershell and then do a pester test to do it, I managed to do poweshell bit but not sure how to do pester part....please I need help urgently.
0
We use Office 365 for Exchange. One employee's email account was compromised. HR received a request for changing direct deposit bank, from this employee's email address, and HR replied the email. But the request wasn't from the employee. The employee could receive all the normal emails, but not the ones related to this request.

How can we trace the original request email? How can we fix this issue?
0

Cyber Security

557

Solutions

885

Contributors

The cyber security specialization covers the fundamental concepts underlying the construction of secure systems, from the hardware to the software to the human-computer interface, with the use of cryptography to secure interactions. cyber security focuses on protecting computers, networks, programs and data from unintended or unauthorized access, change, theft or destruction. This includes controlling physical access to the hardware, as well as protecting against the harm that may come via network access, data and code injection, and due to malpractice by operators, whether intentional, accidental, or due to them being tricked into deviating from secure procedures.