Cybersecurity

270

Solutions

28

Articles & Videos

623

Contributors

The Cybersecurity specialization covers the fundamental concepts underlying the construction of secure systems, from the hardware to the software to the human-computer interface, with the use of cryptography to secure interactions. Cybersecurity focuses on protecting computers, networks, programs and data from unintended or unauthorized access, change, theft or destruction. This includes controlling physical access to the hardware, as well as protecting against harm that may come via network access, data and code injection, and due to malpractice by operators, whether intentional, accidental, or due to them being tricked into deviating from secure procedures.

Share tech news, updates, or what's on your mind.

Sign up to Post

In this blog we highlight approaches to managed security as a service. We also look into ConnectWise’s value in aiding MSPs’ security management and indicate why critical alerting is a necessary integration.
0
Use Case: Protecting a Hybrid Cloud Infrastructure
LVL 4
Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Only 10 days left to sign up for our ransomware prevention and preparation Course of the Month for June. With a 300% increase in ransomware attacks from 2015 to 2016, it is vital to decrease your vulnerability to the next attack and enhance your security by enrolling today.




5
 

Expert Comment

by:Josh Petraglia
Signed up. What a perfect topic to cover!!!
2
A $1 million payout in a ransomware case?! Well crap... That's worrisome. What'll the hackers do with that money? How many new attempts will this incentivize? What would you do in their place?

https://arstechnica.com/security/2017/06/web-host-agrees-to-pay-1m-after-its-hit-by-linux-targeting-ransomware/
4
 
LVL 11

Expert Comment

by:Maclean
Restore last good version, apologize to clients, and probably end up losing clients would be the proper thing to do.
I would assume that if it was done due to damage control, paying up would lose me more clients and face then dealing with the issue at hand best as one can. This is a terrible incentive to these type of ransomware developers. They might now target this webhost on purpose in the future.
2
 
LVL 6

Expert Comment

by:Nicholas
And the reality is now that this is public news they will lose all their customers anyway and probably be outta business within a month

If some hosting company can afford to pay that much money to get their data back they should have been able to employ someone for a lot less money to make sure it didn't happen in the first place
4
UpGuard's cyber risk analyst, Chris Vickery, discovers 198 million US voting records in an Amazon S3 bucket freely available online. One particular spreadsheet also calculates the voters probabilities for situations such as "how likely you are to have voted for a certain presidential candidate".  This breach is another reminder of how important personal data security is.
5
 
LVL 6

Expert Comment

by:Nicholas
Having this data in a public cloud provider is wrong to start with no?
After a quick glance through the article the data wasn't even encrypted.
1
 
LVL 17

Expert Comment

by:Lucas Bishop
Millions of dollars worth of data analysis, available for anyone to download for free. Brilliant!
1
0
Experts,

On my meterpreter session I need to execute this command:
procdump64.exe -accepteula -ma lsass.exe lsass1.dmp

this does not work:
meterpreter > execute -f procdump64.exe -accepteula -ma lsass.exe lsass1.dmp
nor
meterpreter > execute -f procdump64.exe -a -accepteula -ma lsass.exe lsass1.dmp
0
DNS-Protection-with-ConnectWise.png
It's always exciting around here! We're thrilled to expand our partnership with ConnectWise to offer customers better protection and performance. To get insight into why this matters, we sat down with George Anderson, Webroot’s product marketing director for business solutions, and Gavin Gamber, vice president of Channel Sales and Alliances at ConnectWise.
 
What is DNS Protection? Why is it important? Why do ConnectWise partners need this?  
 
Read more here.
4
Experts,

On my victim Windows 7 professional domain joined machine when I go to connect to a network share, I send my NTLMv2 HASH.
But when I take a password hashdump, they are in NTLM format.  
While in a meterpreter connection, when I run hashdump, will it always be NTLM format? I don't remember ever seeing NTLMv2 when running hashdump.
0
Can someone recommend a syntax on john the ripper using the default word list that I can use to crack an ntlmv2 hash for the password below in under 5 minutes?

DaLLasTexas!!
0
Email attacks are the most common methods for initiating ransomware and phishing scams. Attackers want you to open an infected attachment or click a malicious link, and unwittingly download malware to your machine. Here are 7 ways you can stay safe.
1
Complete VMware vSphere® ESX(i) & Hyper-V Backup
LVL 4
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Hackers.jpg

Treat 64-bit malware like any other possible threat. Invest in a credible threat intelligence platform, understand your organisation's risk tolerance level and plan accordingly. Be smart and be alert. Keep systems up-to-date, understand what devices need an internet connection, review user permissions and privileges, create and execute a backup strategy. But mostly importantly continue to educate your users about cyber dangers, and test your incident response and disaster recovery plans regularly.

Read more here.
2
 
LVL 1

Expert Comment

by:Juana Villa
Your link is not working, I think you meant "http://wbrt.io/xm9e"
Anyway, I agree as users we all need to know how to protect our data.
1
 

Author Comment

by:Drew Frey
Great catch! Thanks for keeping me a watchful eye out.
1
Hi All,

May I know where shall I manually add the below entry if I handle the Public DNS using Windows Server box in my DMZ ?

DKIM: Create a CNAME record for k1._domainkey.MyDomain.com with this value:
dkim.mcsv.net

Open in new window

SPF: Create a TXT record for MyDomain.com with:
v=spf1 include:servers.mcsv.net ?all

Open in new window


What is the risk or issue when implementing it during the business hours ?
0
NYS 20th Annual Cyber Security Conference

I will be attending this conference in Albany, N.Y. this Wednesday and Thursday.   If you are going to be there, ley me know (maybe we can meet).  

Over the years I have become more involved in security related areas of information technology. I hope to learn more/ keep up to date by attending this conference.
10
 
LVL 6

Expert Comment

by:Brian Matis
That sounds great, Thomas! I'm a huge fan of the Socratic method (to the point where I get worried some people may try to poison me one day... j/k ;-) And thinking strategically about anything can be quite a challenge, but an increasingly important one as more and more of the tactical type work is moving entirely into automation.

Not familiar with Bloom's Taxonomy; I'll have to go look that one up...

Looking forward to the summary!
0
 
LVL 28

Author Comment

by:Thomas Zucker-Scharff
My summary of the 20th Annual New York State Cyber Security Conference & 12th Annual ASIA conference

The conference as a whole was very interesting, although if one has to make a choice between this one and some others, you may want to check out the others.  This conference is aimed mainly at government agencies.  So it addresses the various compliance issues with which they have to deal.  If those do not apply to you, this conference may have limited application as well.

I did enjoy putting some faces to people I had only corresponded with.  I also wanted to hear as much as possible about ransomware (these presentations turned out to be only okay), and cryptography (not a gripping presentation – it was a presentation of thesis work and ongoing research – but nonetheless very interesting).  They did a good job of setting  you up for the days events with a decent Keynote speaker.  The lunch speakers were not as polished, but did have good things to say.

I enjoyed going around to the vendors , even if their swag was not class A stuff. (some had excellent stuff while others had none – the full gamut)  

I have to say again that the highlight of the conference, for me, was the very non-technical, and only slightly security related talk by Christie Struckman of the Gartner Group, session 4 on the first day.  I would encourage anyone in a leadership position to check it out.  I have asked for her slides and will try to make a pdf of them available if she is amenable to that.  My takeaway on that talk was: There are leaders and there are Bosses.  The leaders help their teams think about solutions and then make decisions, the bosses make decisions and tell their teams to carry them out.  I think the quote she used at the beginning was excellent:

socrates-quote.jpg
2
We need to have a standalone IPS solution put in.  We currently run two pfSense firewalls in an HA setup.  I was looking around on eBay and saw a Tipping Point 210E (two of them).  Are they still good with updates to definitions?  Any other less cost recommendations?
pfSense HA works a little odd too, so I'm not sure if this will even work.
Firewall 1 WAN IP x.x.x.1
Firewall 2 WAN IP x.x.x.2
Firewall Shared WAN IP x.x.x.3

Same setup with internal LAN IPs.  Each firewall has its own physical connection to the modem via ethernet for the WAN side and LAN side.
0
Every 10 seconds, a consumer gets hit with ransomware. Enroll in June’s featured Course of the Month to learn the basics of ransomware, how it works, how to prevent it, and what to do if you’ve been infected. Premium members, Team Accounts, and Qualified Experts will enjoy this free course written by our resident security expert, Thomas Zucker-Scharff. Learn more and enroll today!

facebook-ad-1200x628.png
6
When it comes to security, close monitoring is a must. According to WhiteHat Security annual report, a substantial number of all web applications are vulnerable always. Monitis offers a new product - fully-featured Website security monitoring and protection.
1
Hi Experts,

On our public-facing OWA server on IIS 7, we turned on IP Address and Domain Restriction. If from the log we detect any IP trying brute force to log into our Web Outlook interface, we will put the IP into "Deny Restriction Rule" in the hope that IP will be 'blocked', meaning not even able to get the login screen. Actually it seems to be a wishful thinking since we noticed one of the IP we already added in the 'Deny' list that particular ip still keeps showing up in the log and we can see it got the login form and then denied with sc-status 401-1.

My question is, it seems this feature does NOT "block" the IP from getting the login form, but instead simply "deny" their login request. Is it correct?
0
Hi All,

Is it possible to block a particular file, for eg a  malicious pdf, based on its Sha-256/Md5 hash value , from the firewall?

Regards,
T
0
I have a hacker who is aggressively attacking my network and need advice on which router is the most secure/encrypted?
0
Simplifying Server Workload Migrations
LVL 4
Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Hello All,

I stuck with very odd issue .

One server running with 2k8r2 last patched on Aug 2015 not due to wannacry client asking to patch the server.
If i am checking the old patches in WSUS ,its showing declined & expire .
This server doesn't have internet , I try to installed monthly rollup for march but it got failed.

Is there any way to patch the server ???????
Please help
0
This article explores how the implementation of threat intelligence into an Industrial Control System (ICS) and SCADA environment can help to fortify the defense in depth strategy.
0
is there any technique/command/tool that can be used to remotely report the system centre endpoint protection status from a remote PC (definitions created on, definitions last updated, virus definition version, spyware definition version).
0
Hi, just looking for a better way of managing WSUS v 6.3.9600.18228
We automatically approve Critical, Definition and Security updates
We sync Critical, Definition, Feature Packs, Security Updates, Service Packs, Updates roll ups, and Updates.

We get an email notification once a week of the synchronised updates, we have 3 different sites each running its own WSUS server, and its a constant struggle trying to wade through the print outs, as the print outs (synchronised report) contain all the updates that are automatically approved as well as ones which need checking to see if we want them or not.

This wastes time as we are checking updates unnecessarily. Is there a report that could be run instead that prints out just the items that aren't automatically approved and require attention?
We also find updates on the printout that are only a few days old, have already been superseded, again wasting time.

There must be a better way of doing this?
regards
Rick
0
When a user send email to an external address, she is getting this NDR: Your message couldn't be delivered because you weren't recognized as a valid sender.  

The public IP of her connection is blackedlisted.  We clean her computer, and put the computer to another network to connect.  She use OWA to email to her external senders again.  Same NDR.

Please advise.

Thanks.
0
The recent malware attack brings to light the need for more security and privacy online. The Experts Exchange community has prepared for this shift with the release of anonymous questions--a feature for Premium Members, Team Accounts, and Qualified Experts.
Benefits include:
Masked user identities. These questions are inaccessible to all search engines and questions will not visibly link back to profiles. Logged out users cannot see these questions at all.
Sensitive information removed from questions, by severing ties that could connect you back to your employer or a project.
Freedom to explore different tech topics you may be interested in but have before been afraid to look into.
To learn how to ask anonymous questions check out this video! https://www.youtube.com/watch?v=uFJF70wsd4c
8

Cybersecurity

270

Solutions

28

Articles & Videos

623

Contributors

The Cybersecurity specialization covers the fundamental concepts underlying the construction of secure systems, from the hardware to the software to the human-computer interface, with the use of cryptography to secure interactions. Cybersecurity focuses on protecting computers, networks, programs and data from unintended or unauthorized access, change, theft or destruction. This includes controlling physical access to the hardware, as well as protecting against harm that may come via network access, data and code injection, and due to malpractice by operators, whether intentional, accidental, or due to them being tricked into deviating from secure procedures.