Hi Experts,

We recently had one of our employees click on a link in a e-mail that took him to a fake site where he entered his credentials and his e-mail account was compromised.
Management hired a cyber security company who did scans on the systems, his e-mails and also other things on the web.
We have managed symantec Endpoint protection, intrustion, malware which is up to date and active.  
We also didn't have anything on the back end set up (per management) to protect our e-mail against spam, malware, all e-mails were to come through.
The cyber people are telling management that Symantec only gets 20% of intrusions, viruses and malware.  (I don't believe that, I have a e-mail box flooded with all the intrustions Symantec is getting and not one virus in 4 years which it caught).
Management from their advice is most likely going to force me to uninstall Symantec from all of our workstations and servers and deploy Carbon Black?

Can anyone tell me if this sounds as insane as it I think it is?  Anyone familiar with Carbon Black?  

Please help, I don't trust this at all and would love to be proven right or wrong.  I think this cyber company might be banking on management fears from my co-workers mistake.

Thank you

Let's say you reserved a domain at one of the reputable registrars.  You don't link it with the hosting account yet, just own it.  The registrar automatically creates nice landing page for it.  This means that they created a valid DNS zone file for your domain name, which includes an A record pointing at the web server hosting the landing page, bunch of CNAME records pointing at their www., pop., imap., etc. servers.  However, this is only a zone file for a landing page, so MX record may or may not be there and SPF record typically is not there.  Now, a company like Security Scorecard scans registrar's records and finds that this specific domain name belonging to your company.  The domain name doesn't have SPF record - negative points, has associated IMAP service - negative points, the landing page doesn't enforce HTTPS protocol - negative points.  All you did was reserved yourself a domain name, but that scored negatively against your company cyber security or, as they call it,  digital footprint reputation.

This leads me to the question directed to people familiar with Security Scorecard, or such like, services  - what is the best way to avoid owned parked domain having adverse effect on the Security Scorecard report?  Is the private registration the way to go?  Or, perhaps, setting invalid address for the DNS server authoritative to that domain, e.g 1.2.3.4?  That way the scanner will not get any response at all.  Or, maybe it is better to set the authoritative DNS …

I've set our web.config file on a WP site we've built to have secure cookies but all tests we've run online suggest cookies are still not secure. The httpOnly setting also hasn't taken effect.

The code snippet from the web.config is below and always the PHPSESSID cookie doesn't have these settings

<system.web>
    <httpCookies httpOnlyCookies="true" requireSSL="true"  />
</system.web>

Select all Open in new window

What else do we need to look at to ensure this setting takes effect?

Thanks
Iain

https://www.garrison.com/browsing.php

I'm looking for similar competing products (preferably with local Singapore support presence) to provide
secure browsing of Internet and emails (these are the top 2 vectors of malwares): looking to adopt this
'logical segregation' instead of 'physical segregation':
I suppose this is more useable/implementable than doing physical segregation.

We have corporate Wifi too, so need to take this into consideration if it's relevant.

Q1:
Can suggest a few products & local resellers (if available)?

Q2:
if there's comparison of features (how each product fare against competitors), do provide as well.
It helps to justify the purchase.

what would be some useful checks to include in an audit/health check of SharePoint (and document management in general). The obvious one we can think of is around permissions of documents stored in SharePoint, to ensure sensitive documents are only accessible by the approved users/groups - but I wanted to spread the review a but further, and was hoping for some inspiration on what above and beyond security permissions would be useful when looking at such a system (it doesn't have to all be about security). Any common SharePoint mistakes/risks above and beyond permissions also most useful,

I am getting the following error message in the event log each time it's restarted.
This is a Windows 2016 Hyper-V Host.  There's no virtual machines on it yet, this is a brand new install:

Log Name:      System
Source:        Microsoft-Windows-Kernel-Boot
Date:          9/7/2018 7:48:33 AM
Event ID:      124
Task Category: None
Level:         Error
Keywords:      (70368744177664)
User:          SYSTEM
Computer:      HostName.Domain.com
Description:
The Virtualization Based Security enablement policy check at phase 0 failed with status: The object was not found.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Kernel-Boot" Guid="{15CA44FF-4D7A-4BAA-BBA5-0998955E531E}" />
    <EventID>124</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8000400000000000</Keywords>
    <TimeCreated SystemTime="2018-09-07T12:48:33.163793600Z" />
    <EventRecordID>6108</EventRecordID>
    <Correlation />
    <Execution ProcessID="4" ThreadID="8" />
    <Channel>System</Channel>
    <Computer>hostname.domain.com</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <EventData>
    <Data Name="Phase">0</Data>
    <Data Name="Status">3221226021</Data>
  </EventData>
</Event>

hello
i have a network the ahve a multi subnet and multi router and main gateway
on of client in a subnet are doing a arp spoofing of one of router in subnet on a switch getway ip
how i can catch him ?
in all subnets i have hawawi switches l3
thanks

Tough spam problem can't seem to isolate. Out of 20 users only one affected. Spam is not going through the spam filter incoming or outgoing. Has to be something on a local device infusing the spam into the users inbox. Nothing in sent either. Have removed the computer they work from in the office, disabled the NIC. Ran a malware scan on they're laptop and the ccleaner bug was found, see below for details regarding the CCleaner incident.

CCleaner v5.33 and CCleaner Cloud v1.07 Security Notification. Not sure if this is related.

Haven't run a scan on the users phone doing so now.

The bug is the same one identified here.

Hi I am looking to do Pester test around my powershell code...but not sure about it ...can some help.

Bascially I need to pull Azurekeyvaultkey information using powershell and then do a pester test to do it, I managed to do poweshell bit but not sure how to do pester part....please I need help urgently.