Cybersecurity

452

Solutions

793

Contributors

The Cybersecurity specialization covers the fundamental concepts underlying the construction of secure systems, from the hardware to the software to the human-computer interface, with the use of cryptography to secure interactions. Cybersecurity focuses on protecting computers, networks, programs and data from unintended or unauthorized access, change, theft or destruction. This includes controlling physical access to the hardware, as well as protecting against harm that may come via network access, data and code injection, and due to malpractice by operators, whether intentional, accidental, or due to them being tricked into deviating from secure procedures.

Share tech news, updates, or what's on your mind.

Sign up to Post

When I enable HTTPS Content Filtering in our SonicWall CFS, connectivity to Office 365 breaks very slowly. It might be fine for awhile, but randomly some users start to have Outlook issues where it says "trying to connect" at bottom of Outlook but eventually it says "disconnected", and then no mail comes down.

I have added all domain names listed here and here to the Allowed Domains list, in every permutation like https://, *., and just as shown on those links, but Outlook still slowly fails. To get everybody back up running, I have to go back into the CFS and disable HTTPS Content Filtering.

Ideas?
0
Evaluating UTMs? Here's what you need to know!
LVL 1
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

How Vulnerable are query string parameters and their values?

I am curious how vulnerable a website is to hacking that has little validation on the query string params.

Some argue that:
1) an unrecognized query string parameter can do no harm
2) it's too much work, since the program is always in flux, so the "poor stepchild" would not keep up
3) the code to block this (locally at least) is fragile and will always delay a solid release
4) there will be many more failed log-ins than blocked hackers

What are your thoughts on this topic?

And how does using a Web Application Firewall change the discussion?

It seems that if the benefits to security were small or non-existent, the Security Industry would not waste its time closing this vulnerability.
0
Hi guys

We've had a major possible breach over at our side.

One of our accountants ended up sending an email to a client with our bank details etc. Few days passed and our accountant asked where the money was and was told the client had wired it to them.

Anyway after checking, the client showed a screenshot of the account details that they were sent by our accountant. When we looked, the account details had been manipulated!! They were totally different.
 
I am trying to investigate whether it was our emails that were intercepted or the client.

I have some tools which I can install, but we are within a guarded firewall environment. The firewalls are Watchguard's and we have got all of the APT and IP intrusion selected. We are in a domain environment. We use Messagelabs to protect our perimeter from spam emails etc.

In terms of intercepting the email, is it possible that our account has had some sort of keylogger or malware installed that feeds information back to the criminals?

Thanks for helping
Yashy
0
Need help with Fail2Ban not catching the "SASL LOGIN authentication failed" in this maillog.  I am running Centos 6.4

Feb 13 09:35:42 ip-172-31-22-236 postfix/smtpd[21234]: warning: unknown[185.222.209.14]: SASL LOGIN authentication failed: authentication failure
Feb 13 09:35:42 ip-172-31-22-236 postfix/smtpd[21234]: disconnect from unknown[185.222.209.14]
Feb 13 09:35:42 ip-172-31-22-236 postfix/smtpd[21237]: warning: unknown[80.211.189.134]: SASL LOGIN authentication failed: authentication failure
Feb 13 09:35:42 ip-172-31-22-236 postfix/smtpd[21237]: disconnect from unknown[80.211.189.134]

Open in new window


Here is the filter for postfix
#          host must be matched by a group named "host". The tag "<HOST>" can
#          be used for standard IP/hostname matching and is only an alias for
#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values:  TEXT
#
failregex = reject: RCPT from (.*)\[<HOST>\]: 554
            reject: RCPT from (.*)\[<HOST>\]: 450 4\.7\.1 : Helo command reject$
failregex = warning: (.*)\[<HOST>\]: SASL LOGIN authentication failed:

# Option:  ignoreregex
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
# Values:  TEXT
#
ignoreregex =

Open in new window


I know this doesn't work because i ran this test.
[root@ip-172-31-22-236 filter.d]# fail2ban-regex /var/log/mail.log /etc/fail2ban/filter.d/postfix.conf

Running tests
=============

Use regex file : /etc/fail2ban/filter.d/postfix.conf
Use single line: /var/log/mail.log


Results
=======

Failregex: 0 total

Ignoreregex: 0 total

Summary
=======

Sorry, no match

Look at the above section 'Running tests' which could contain important
information.

Open in new window


Thanks,
0
I was reading some material on netcat usage.  There are a few references to using netcat for a relay using FIFO  (mknod backpipe p).  Also mentioned was using the next_hop argument.  I have never used that syntax and can't really find much information on it.  So the command is:
nc -l -p 12345 0<pipe | nc next_hop 54321 1>pipe

Open in new window

I don't know what the next_hop is referring to.  

I've always done it like this where I specify where the client will connect (10.1.1.1 port 54321):
nc -l -p 12345 0<pipe | nc 10.1.1.1 54321 1>pipe

Open in new window

Any explanation on how the next_hop works would be appreciated.
0
skype friend (who uses skype on computer. Maybe uses skype on android) is sending
click-here-on-this-link.com/my-skype-username

What do I tell my skype friend?
change your password?
what if password is already changed and skype friend can not get inside account.

This type of attack is common with microsoft acquisitions skype/hotmail
Where attacker sends a message to all contact list.
0
My OS is win10 pro 64 bit.  Due to recent security hacking on my pc, I am thinking if NordVPN would provide the security preventing everyone from entry.  I have Avast Premier protection.  Or can I use ZoneAlarm or some other software.  Thank u and regards.
0
What to do about possible apple based hack - An iPhone 6, an iPhone 7, an iPhone X, an iPad AirLight, and a Macbook Air

These were under the same iCloud password, which has been changed since.

Symptoms:

1. When it started, the owner was using his MacBook Air and all of a sudden he lost control and files started moving around and then deleting themselves as if he was being remotely accessed. When it was done, he went into his contacts and there was only one contact left. He restored his devices, and watched for other symptoms.

2. Messages keep going across the screen on the iPhone X, like foreign languages along with the words "delete a" and ",". When he tries to find these messages they are nowhere to be found.

3. Other messages being sent to the devices and then automatically deleting themselves. Some of these messages involved the people he thinks were involved.

... along with some general strange behavior that we're doing updates and cleanup with to make sure they're not related.

He has an idea who might have done it, they have been contacting him and they are a shady character. They haven't admitted anything. The owner's concerned he's still hacked, and he wants to find out who did it and clean up the situation. He is under a secure, hidden network in a remote location and isn't sure if his network has been compromised. We've updated all the devices to the most current iOS, and took off any shady programs. We ran malwarebytes on everything and …
0
Any tools to recommend?  Especially those that run on Windows.

Especially looking at tools that:
a) check which files have been compromised & when it took place &  if it has spread further
b) can trace how ransomwares come in (via Flash player, Adobe pdf reader, MS Office or ???)
c) inspect malicious payloads (that passed thru our NIDS & firewalls)
d) anything low-cost & free from Fireeye?  Think I saw something from Fireeye before.
     We ever contemplate engaging them for Compromise Assessment

If Linux is required, will need to dual-boot that laptop but problem is that laptop has
Hard Disk encryption on it so this is going to be an issue
0
I am running a test in SpIDER WEB and it returns the following error message , How can I fixe the error to avoid volnuarability

Attack Type  - double Quote (double ASCII)
Original value - page
Attack Value - page%25%22
Error : Select folio ,pgname,name
from tbl
where upper(pgname) = '1B'</font><td></tr></
0
Become a Leader in Data Analytics
Become a Leader in Data Analytics

Gain the power to turn raw data into better business decisions and outcomes in your industry. Transform your career future by earning your MS in Data Analytics. WGU’s MSDA program curriculum features IT certifications from Oracle and SAS.  

A Windows Server 2008 R2 installation has been infected with a Trojan horse that has encrypted files with the *.rapid extension.  The server had Avast for Business installed.  An AVG rescue CD was made and ran multiple times to eliminate instances of the Trojan horse.  After four times, the server is labeled clean from the AVG rescue CD.  I then uploaded two *.rapid files to nomoreransom.org and it came back saying that there was no fix for this.  Does anybody know of a trusted decryption software that can correct this problem?  I can attach a file if requested.
0
In language only a little more technical than you would use to explain it to a layperson, what is cybersecurity governance? Is it simply ruling over cybersecurity, having rules in place for how you must do it?
0
Hi guys

can you help clarifying if Intel has already released any fixes for this problem ? If yes, what's the download link ?

Thanks so much.
0
Is there a patch to enable TLS 1.1 and 1.2 support for Server 2008 x86?  KB3080079 works fine on Windows 7 x86 and x64 and Server 2008 x64, but not x86.

I want to disable TLS 1.0 on my x86 servers, but it breaks RDP unless you install KB3080079.
0
Hello,

After reading through McNkife's article https://www.experts-exchange.com/articles/24599/Free-yourself-of-your-administrative-account.html I have some questions on how it relates to YubiKey.

I'm using Windows 10 Pro in a workgroup setting where I have only two accounts in Windows: a user account and an admin account (the default administrator account renamed per Microsoft recommended Best Practices). The user account has YubiKey assigned to it and I was about to do so for the admin account but I'm not sure about a couple of items I have included below:
  • Can the YubiKey work in a no password scenario?
  • If I assign the YubiKey to the admin account will that require the YubiKey for every elevation prompt?
  • Is having the YubiKey assigned to the admin account even bettering my security if I apply the article above to my machine - Are there any viable benefits?
  • If the settings annotated in the article above go wrong (get corrupted) is there a potential to be locked out of the admin account forever - what are the downsides (if any) to this idea expressed in the article
0
I have a MacBook Pro. All my software was updated last week, but I want to make sure my new device is protected. What other security software would you recommend or would you recommend any?
0
My Favorites for IE and Bookmarks for Chrome keep replicating/duplicating themselves to the tune of 24,000+. We are on Office 365. i've deleted them both in IE (on my laptop and on the site directly) and Chrome. but they keep coming back. I've even deleted the chrome bookmark file and started with a clean slate.
0
https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-emergency-updates-to-fix-meltdown-and-spectre-cpu-flaws/

Google spreadheat doesnt have Clam or Immunet listed.. Hate to have machines Bluescreen.  Anyone know yet?
0
My server load averages are going way high and too many processes are being consumed. Is it a DDoS attack or something wrong with the server?
Screen-Shot-2018-01-02-at-14.54.13.png
0
Choose an Exciting Career in Cybersecurity
Choose an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program was designed in collaboration with national intelligence organizations and IT industry leaders.

Desktop:Windows 8
VPN connection: Forticlient 5.6 or Sonicwall Netextender 8.0 used to connect to office network
Telus internet connection
Browser: Chrome, Firefox
Situation:
1. Telus internet connection works fine.
2. Without VPN connection, Chrome and Firefox access internet is normal, .
3. With VPN connection, Chrome works fine, only Firefox is very, very slow.
4. I turned off Firefox proxy server setting, Firefox works fine about two days then slowly again
5. Computer found unnormal login script error message, seems has malware in it.

Question:
How to block firefox access internet through VPN connection before I find a way kill the malware.
0
I ran a virus scan during the night, and received this result in the morning:

Trojan: BAT/Stravdri.A
Serious
2017-10-30
This program is dangerous and runs commands from an attacker.

I deleted it and restarted the computer whereupon the computer worked much faster. But now I am not sure if there is an issue again, begin to get slow sometimes.

I have a large project I am working with that has a tight deadline and have no time to run more thorough virus searches. So I wonder if there is any quick measure I can take? My normal AV software (MSE) takes more than 24 hours to run a thorough scan with. Malwarebytes Pro did not find anything when I run it two days ago.

I had someone use my credit card a few weeks ago, and had it blocked by the bank. Lost around 300 USD. It is possible it could be related to this.

I use Windows 7 Home 64-bit.
0
I have been informed by Spamhaus that the IP address we use for corporate email has communicated with a known spam site and is either infected by, or NATing for, a computer that is infected by the S_Gozi trojan / downloader.

It states that the infection is extremely difficult to detect and is not seen by most commercial AV or EndPoint protection suites.

I have been told to program the Sonic-wall TZ215 to stop all traffic to sites outside the US.  We have never done this before.  Not sure how to setup the sonic-wall for that purpose.  I know this virus does not use the standard port 25 for smtp traffic it uses port 80 which i cannot block.  It is extremely difficult to find so i am trying to stop its connections at the firewall level to stop it communicating.  Any help would be greatly appreciated.
0
Hi,

I have a Synology with a webserver (port 80)and other applications like mailserver at other ports which I would like to make public.I have a firewall router on which ports 80 and others are forwarded to my Synology (192.168.0.9) and all works fine.
However, I worry about security though. There was some ransomware targeting Synology a while ago and hackers are everywhere.
(How )can I safely put my Synology out in the open?

J.
0
Hello,

Has anyone used the Azure Information Protection scanner for scanning files on internal networks?  We are looking to use this for identifying all Personally Identifiable Information (PII) to meet the General Data Protection Regulation that goes into effect May 25, 2018.  

I am looking for feedback on anyone's experience with this.

Thanks,
Roger
0
Brute force attack is a trial and error method used by application programs to decode encrypted data (passwords or Data Encryption Standard (DES) keys, through exhaustive effort (using brute force) rather than employing intellectual strategies.

A brute force cracking application proceeds through all possible combinations of legal characters in sequence. Brute force is considered to be an infallible, although time-consuming, approach.
0

Cybersecurity

452

Solutions

793

Contributors

The Cybersecurity specialization covers the fundamental concepts underlying the construction of secure systems, from the hardware to the software to the human-computer interface, with the use of cryptography to secure interactions. Cybersecurity focuses on protecting computers, networks, programs and data from unintended or unauthorized access, change, theft or destruction. This includes controlling physical access to the hardware, as well as protecting against harm that may come via network access, data and code injection, and due to malpractice by operators, whether intentional, accidental, or due to them being tricked into deviating from secure procedures.

Vendor Experts

Gil FeldmanMonday Learn more about Monday