Security Help & Support | Experts Exchange

Question by

furuno

2d agoSolvedPrivate

Windows 10 - Phishing pop-up on PC which is NOT used for Internet browsing?

Windows 10 Pro system here acting as a server in a small office. System is connected to internet and is "on" all the time.

All of a sudden a "Microsoft Edge" pop-up appears requesting username and password for "server".

Above this, its claiming "Virus Alert from Microsoft this computer is blocked"

AFAIK, no staff would have been using this server for anything dodgy AND this computer is just not used for internet surfing at all.

Where did this appear from? How did it get installed and how did it know the PC is the actual server?

4 Comments

Is there a way to have a single excel workbook shared with multiple users where each user can only SEE a single sheet after supplying login credentials? I know you can prevent editing in this manner but I want to prevent viewing as well.

I am trying to create a simple password keeper for a small organization so that the users can stop using sticky notes stuck to their monitor for this purpose. I am open to other suggestions but they have to be free and easy to use.

Thanks so much!

4 Comments

We have Windows 2016 server. It has several security updates for this month as shown below

Is there any way I can unselect the one which I do not want to apply?

6 Comments

I researched Csrf and CORS. what I understood was

say User A is authorized to access a site, but it is possible to exploit and execute say javascript from user A's browser to perform unintended actions from his/her browser.

To avoid this, browsers has same origin policy , where If I have a website say in one domain,

www.mywebsite.com and I have some javascript in my web page that makes an AJAX calls to say a api in a different domain, say www.yourdomain.com/api/users or something like this.

browser will see my domain is mywebsite and the call is being made to yourdomain.com and it will block it.

to be able to make a successful call from mywebsite to the api hosted at www.yourdomain.com. the yourdomain server has to send Access-Control-Allow-Origin in response .

I am not clear on one thing,

so say,

1. if i make an ajax call to the api ( a get call)
2. does the api send the Access-Control-Allow-Origin header in the response header, along with the data for the get call?

Question:

1. is this done in 1 call or is it done in two steps, first browser calls to see if the server sends back
Access-Control-Allow-Origin in the header and then it issues a Get call?

2. if the call is not from the browser , and my backend code calls this api, does the CORS policy apply then?

I apologize for the long questions, I wanted to see if i can explain what i understood before I asked the question.

4 Comments

Hi All,

We have a Branch Office VPN established to one of our third party suppliers for support purposes (We use a WatchGuard at our End). They would like a secondary tunnel establishing with different settings, that will run side by side of the existing one. Am I ok to use the existing external IP (Ours) as the external IP of the new tunnel. Will this work if both tunnels are required to be active at the same time or does each tunnel have to have its own external IP assigned?

Cheers,
Paul

4 Comments

I lost the admin password for my Netgear NAS. How can I recover it?

Security

9 Comments

I am getting a error must declare the scalar variable "@qualityControl "

I think it's because in c# i have it as a checkmark box and in sql it is a bit. how do I arrange the Parameter? see code.

using (SqlConnection SqlConn = new SqlConnection
("Data Source = gcm10; Initial Catalog = Vendor; Integrated Security = True"))
{
string query = "Insert into vendor_approval(name, add1, add2, city, state, zipcode, phone_number, fax_number, contact_name, product_vendor, cert_quality, quality_assurance, product_sample, quality_control, specified_inspection, certificate_conformance, inspection_testing, supplier_testing, quality_system)" +
"values (@name, @add1, @add2, @city, @state, @zipcode, @phone_number, @fax_number, @contact_name, @product_vendor, @cert_quality, @Quality_Assurance, @Product_Sample, @qualityControl, @specified_inspection, @certificate_conformance, @inspection_testing, @supplier_testing, @quality_Testing)";
SqlCommand cmd = new SqlCommand(query, SqlConn);
cmd.Connection.Open();
cmd.Parameters.AddWithValue("@name", Ven_Name.Text);
cmd.Parameters.AddWithValue("@add1", Add_1.Text);
cmd.Parameters.AddWithValue("@add2", Add_2.Text);
cmd.Parameters.AddWithValue("@city", City.Text);
cmd.Parameters.AddWithValue("@state", State_list.Text);
…

1 Comment

Hi All,

I have mail enabled security groups in my environment. The mail enabled security group functions as a distribution group. Currently, the users are direct member to this security group. So:

Member of "Mail-enabled-security-group" = User1, User2, User3

I would like to nest the mail enabled security group to the role based group so i dont have to add new colleagues one by one every time. Yet looks like nesting mail enabled security groups does not work. When i nest the group and try to mail to the distribution group i get "cannot perform the requested operation. the command selected is not valid for this recipient"

Any advice how to use nested distribution groups?

Thanks in advance.

Security

3 Comments

Hi All,

I have around 100 servers in my test environment. I would like to create 2 Active Directory domain local security groups for each server. 1 for local admin rights and 1 for remote desktop users. Groups can look like:

DLG-LocalAdministrator-SERVERNAME
DLG-RemoteDesktopUsers-SERVERNAME

I have an active directory export of these servers in a CSV file. How can i automate to create those groups with each servername in them?

Thanks in advance.

3 Comments

How big does AD have to be (and how slow does the link need to be) to justify installing a new domain controller in a regional office using the IFM (Install From Media) method?

I think we'll have a 50 mbps symmetrical site-to-site VPN.

Our NTDS folder is 375 megs in size.

Should I use IFM or just do it the regular way?

I'm no pro so picking the easy method is very much preferable.

Reading about IFM here:
https://social.technet.microsoft.com/wiki/contents/articles/8630.step-by-step-guide-to-install-an-additional-domain-controller-by-using-ifm.aspx

I became concerned reading this passage:

"Important :
The next steps are required to change the SYSVOL folder security settings. These steps change the file hash, which will become the same file hash as in the IFM. If you use DFS Replication, SYSVOL will keep the presided data only if the file hash on the source domain controller and the destination server are the same
On the destination server, right-click the SYSVOL folder, and then click Properties.
Click the Security tab, and then click Advanced.
Click the Auditing tab, and then click Edit.
Clear the Include inheritable auditing entries from this object’s parent check box, and then select it again.
Click Apply, and then click OK.
"

The existing domain controllers are Server 2012 and the new one will be Server 2016. The functional level will remain at Server 2008 R2

3 Comments

Hi,

I need to:
-connect to a server via powershell (execute invoke commands and enter pssessions)
-execute sql queries to another server

Both work on one w10 pc, not on another.
Which ports on the firewall I need to open
-for Powershell
-for sql queries?

Please advise
J

6 Comments

Is there a script that I can run that will query all my AD Users and Computers and spit out a csv with the created date and the user that created the account?

Say User A created a User B, then User B created a Ucer C and Computer C.

(preferably not using a third party tool that needs to be purchased)

Thank you Team

2 Comments

Hi team,

[Server00]: PS C:\Users\dperezb\Documents> Install-WindowsUpdate

Confirm
Are you sure you want to perform this action?
Performing the operation "(13/02/2020 8:59:39) Definition Update for Windows Defender Antivirus - KB2267602 (Definition 1.281.594.0)[197MB]" on target
"MDMVFS01".
[Y] Yes [A] Yes to All [N] No [L] No to All [?] Help (default is "Y"): A

X ComputerName Result KB Size Title
- ------------ ------ -- ---- -----
1 Server00 Accepted KB2267602 197MB Definition Update for Windows Defender Antivirus - KB2267602 (Definition 1.281.594.0)
1 Server00 Accepted KB4524244 67KB Security Update for Windows Server 2016 for x64-based Systems (KB4524244)
1 Server00 Accepted KB4537764 1GB 2020-02 Cumulative Update for Windows Server 2016 for x64-based Systems (KB4537764)
Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
+ CategoryInfo : NotSpecified: (:) [Get-WindowsUpdate], UnauthorizedAccessException
+ FullyQualifiedErrorId : System.UnauthorizedAccessException,PSWindowsUpdate.GetWindowsUpdate

I connect with a administrator user.

Regards.

9 Comments

LVL 1

Question by

ltpitt

2020-02-12Solved

Npm dependency's vulnerability

Hi all,

I have a vulnerability that is preventing my frontend's automated build.

I did a npm update and bower update, this caused new versions of dependencies to be included in my package.json and bower.json, all fine.

If I try the build the dependency error is still showing in two different locations:
node_modules/polymer-cli/node_modules/handlebars/dist/handlebars.js - v4.1.2

and

node_modules/bower/lib/node_modules/handlebars/dist/handlebars.js - v4.0.10

I don't understand why those versions were not updated even if I specifically requested the latest version for polymer-cli and bower.
I've searched everywhere in the codebase but I couldn't find any reference to those versions to update them.

Can you please help?

3 Comments

hi Techs. We just switched from Verizon to Comcast Mobile. a very strange thing happened on my wife's phone right when we switch. she received a text from an unknown contact regarding my phone number. I'd like to ask if it's possible if Verizon was somehow hacked into my phone.

On another note.... our phones are running so much better than Comcast! no glitches and weight faster.....

17 Comments

I am trying to delete a file off a network. I have admin rights and even switch over to use the admin account to try and delete it.

I keep getting the Folder Access denied.

If I go under the folder properties and under the security tab and click advance. I try to change the Owner. It will allow the change until you hit apply. This error message states "unable to set new owner ....access is denied.

3 Comments

Hi,
There are File Servers:
FS#1 is bad.
FS#2 is the replacement.

Here is the hierarchy of the folder:
FS#2> Marketing > Proposal > many folders here
The permitted users to Read, write or modify every folders under the “proposal” folder are
User#1
User#2

I want to give permission to User#1 to be able to modify any folders under the “proposal” folder.
The things that I do:
I go to the Proposal folder > right-click, select properties > go to the Security tab > click Edit > then, I add the “user#1” and give him “Full Control” permission > then, click OK or Apply

My question: Is there anything else that I have to do?

tjie

9 Comments

I have Office365 locally installed on a PC with the email account setup as IMAP. All was working ok but now have a few issues:
1) When opening Outlook frequently (not always) getting a send/receive error - usually a reboot will correct
2) Yesterday - started getting the following message: "Internet Security Warning" - The server you are connected to is using a security certificate that cannot be verified..... do you want to continue using this server.

I have two different email accounts setup in Outlook (one goes through Yahoo servers and the other through Total Server Solutions (previously Hands On Webhosting) - both accounts are setup as IMAP.

Any help is appreciated! Thank you.

3 Comments

In view of the pandemic, 300-500 staff are to work from home
using VPN.

I'll need an assessment if GPO update (push down to those
remote PCs that are company-owned PCs) should be disabled
or enforced so need assessments from experts here.

a) if we don't push down the latest policies, NAC requirements
like AV signatures & patches may not be up-to-date & this
work-from-home arrangement can last 1-2 months (subject
to how long the health authority retain the alert level)

b) however, if we enforce & critical PCs are blocked from
accessing due to outdated signatures/patches, it will be a
service disruption to those critical users. Or if it's blocked,
feasible for the support guys to exempt those PCs to
enable them to temporarily connect (to get AV updates
from our internal AV server) & WSUS?

c) is the GPO update going to consume a lot of bandwidth?
we have 50Mbps dedicated for VPN users

d) for some reason (I don't know why), we permit split
tunnelling on our VPN though the PCs' browsers are
locked (greyed out & users can't change) to go thru
our company proxy so they can't browse public Internet
using IE/Chrome/FFox but an ultra-secure browser (that
disallows upload/downloads): only for trusted sites like
our Intranet, zoom.us (for remote conferencing) & O365
URLs, we whitelist in the GPO (ie the 'exclusion' URLs/
IP section in IE/Chrome) & proxy to enable IE/Chrome to
…

6 Comments

Hi,

Please see https://www.experts-exchange.com/questions/29170630/Powershell-get-cve-score-specific-soft-version-via-cve-api.html

I could also use Docker to run on my Windows 2016 labserver and install the CVE stuff on it: https://github.com/cve-search/cve-search

Just wonder: howto do this? When it is there, how can I scan for a CVE score, f.e. Firefox 60.1, what is its CVE score (preferrably Powershell based (run a ssh session or other options?)?

J

15 Comments

Hi there,

I have a connection string in my Console Application which has the special char in it. It is the single quota at the end of the password. Here is the entire connection string.

<add key="ConnStr"
value="Data Source=servernName;Persist Security Info=True;
User ID=sqlLogin;Password=5XAc*@Z+d'X0bs"TyE"U]>[.';
Pooling=False;
MultipleActiveResultSets=False;Connect Timeout=60;Encrypt=False;TrustServerCertificate=False" />

There are lots of special characters in the password but the very last one creates a problem.

I received the following error:

System.ArgumentException: 'Format of the initialization string does not conform to specification starting at index 117.'

When I get ride of the last special single quota char (') then it works but then complain about the password being wrong :)

thank you and I hope I explained my problem correctly.

C#
Security

10 Comments

Some questions were raised on our practice of penetration testing:

a) what are the various basis the ratings of Critical, High, Med, Low
are being assigned? External-facing servers' XSS will get High
while internal servers (not exposed to public/Internet) XSS will
get Med? There's also various types of XSS that warrants
different types of ratings?
Curious how the various tools assign these ratings or in some
cases, it's the human pentester who assigns it?

b) Is there any framework, eg: NIST, CREST or ... that specifies
the duration to resolve?

5 Comments

Our corporate have a batch of Samsung tablets designated
for specific use only.

It's going to take a while to identify a free MDM to control
these tablets so for time being, I'll need a checklist in terms
of cybersecurity & usage control (ie restrict to that app only).

The checklist will be used by our IT support when the
tablets are brought to them for installation/support &
the IT Support maydo quarterly checks manually by
referencing this checklist:

Offhand I can only think of the following, pls add on :

1. updates/patches are up-to-date
2. PlayStore app is not present (ie disabled/deinstalled)
so that users can't install unnecessary apps
3. Only designated browser ie Chrome & one other
& the app that we required for that designated use
is present
4. ... ?

Also help recommend any free MDM that could
enforce the above checklist of items.

5 Comments

I've been asked to source the below for a small / medium business. Any help with this would be great... Templates and or explanation on what is required.

A written information security program to protect the confidentiality, integrity and availability of our information. Professional certification such as ISO27001, PCI-DSS AOC, SOC Type II

Not sure what they are asking for here...... Do you have established controls for assessing and ongoing oversight of the adequacy of your own partners / suppliers IT Security postures?

Corporate incident response policy and a formalized breach notification process

Thanks!

11 Comments

LVL 62

Question by

Ryan Chong

2020-02-04Solved

Newly Encountered Program Detection

My IT team installed the Trend Micro antivirus software couple of months ago. Since then, our in-house built .NET program that deployed via ClickOnce technology got this message prompting out every time we launch the program.

We know that this is relating to Trend Micro's feature of Newly Encountered Program Detection

Understanding Behavior Monitoring detections in OfficeScan
https://success.trendmicro.com/solution/1121152-behavior-monitoring-detections-officescan#collapse4

But how can we bypass this configuration so that the prompt of Newly Encountered Program Detection can be disabled for our in-house built .NET program?

We tried to include the installation path of .NET program (such as C:\Users\xxxxxx\AppData\Local\Apps\2.0) into the Trend Micro's Exclude List in local machine, but it doesn't help and the message is still keep prompting.

Any help is greatly appreciated, thanks.

6 Comments

Security

Related Topics

Security

Related Topics