Vulnerabilities

A vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness, known as the attack surface. Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities. Other vulnerabilities include security risks, security defects and constructs in programming languages that are difficult to use properly.

Share tech news, updates, or what's on your mind.

Sign up to Post

Are there any tutorials on removing the IP disclosure vulnerability from Server 2012?
0
Optimize your web performance
LVL 1
Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Hi.

I'm having a SQL file, i want to evaluate this .sql file if there are errors or some kinds of vulnerability like can be SQL Injection...
Which software should i use to do this, could you recommend me some with or without license?

Thanks for reading this.
0
Are BIOS attacks worth defending against?
0
Hi, we have been advised by Mcafee about some XSS problems about our websites.
However I'm not able to replicate the reported issue, they says about WAS Payload and WAS Result echoing some malicious code
Reported Was payload is

metal=%22'%3E%3Cqss%20%60%3b!--%3D%26%7b()%7d%3E 

Open in new window


Reported Was result is

<div onclick='removeViewingProduct(""'><qss `;!--=&{()}>", "simple", [], "https://www.domain.com/viewings/basket/remove/");' class="viewings-product-overlay">

Open in new window


Reported URI is
https://www.domaind.com/product.html?metal=%22'%3E%3Cqss%20%60%3b!--%3D%26%7b()%7d%3E

Open in new window


I tried to use the indicated URI and I'm able to find where the indicated tag is, but I can't see the same injected code Mcafee reported.

Can you advise if there is a better way to test this kind of issues?

thanks
0
Introduction Ensuring the confidentiality and integrity of data in modern technology environment is a tasking job which requires several mechanisms to accomplish. The security of any network system depends on the physical infrastructure, security resources and nature of data being protected.
0
CVE-2014-6277

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277

I want to apply above CVE to centos.
0
Hello All,

I need your help to fix CVE-2016-2183 vulnerability in my CentOS release 6.9 (Final) instance.
I have checked for the various solution to fix this like to make the changes in apache/ngnix configuration. But, i dont have apache/ngnix install in my instance.

The openssl version installed in my instance is OpenSSL 1.0.1e-fips 11 Feb 2013.
When I'm trying to update the openssl package using yum, it did not identify any new version of the package available for installation.

Regards
Rukender
0
I have a customer with a SBS 2003 and the server became infected with the .amnesia infection.  Unfortunately it also attacked many of the servers executable file such as Seagate Backup Exec.  I ran a thorough scan on all workstations.  I installed Microsoft Essentials and Spyhunter on a workstation.  I copied the data folder from the server to a new folder called server on the workstation.  I was told that Spyhunter 4 would detect and remove/repair the infection.  I ran a full scan and it does not seem to see the infected files that are obviously infected because they all have the extension .amnesia.  Does anyone have a recommendation for the repair and removal of this infection in the data files?
0
The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.
2
I just started checking out MimiKatz and all that it can do. My question is simple (and complex to answer), what are some methods that can prevent/secure any cleartext passwords stored in memory and prevent an attacker from being able to retrieve those?
0
Technology Partners: We Want Your Opinion!
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

refer to attached zipped slides:
any reviews / views on accuracy & thoroughness of this service is appreciated.

I think it relies on a list of questionnairres that customers feedback/input to
them, so I guess it will not be as accurate as doing actual penetration test scans
or vulnerability scans in our actual environment
cybint.zip
0
Our apps team somehow has a way of detecting that 61.239.162.190 is an
IP of a credit card fraud : I'm not quite close to the team so anyone know
if there are IP list out there that blacklist it?

I've checked www.ipvoid.com & threatstop.com but this IP is not in their
extensive blacklists.

How can I find out the mode of fraud of this IP?  Does this source IP send
emails or via sort of application (credit card processing)?

I've heard of several Online Fraud Tools (by IBM & F5) but haven't managed
to play with them yet
0
I had this question after viewing Meterpreter Hashdump function.

I have the exact same problem, but receive a "Meterpreter session 1 closed. Reason: Died" error when I try the proposed solution.

After gaining a remote shell, I attempt "run post/windows/gather/hashdump". It starts obtaining a boot key and then dies.

Any thoughts or suggestions?
0
The recent Petya-like ransomware attack served a big blow to hundreds of banks, corporations and government offices The Acronis blog takes a closer look at this damaging worm to see what’s behind it – and offers up tips on how you can safeguard yourself from future ransomware attacks.
2
Our current McAfee NIDS is going to be EOSL soon so we're considering
whether to upgrade to Intel McAfee's   Threat Defense Lifecycle or
dedicated NIDS or integrate NIDS function into our existing Checkpoint
NGFW firewall?  

It's a perimeter NIDS (not internal network NIDS)

Kindly assess in terms of
a) performance : with dedicated NIDS, it won't affect firewall's performance?
b) however, dedicated NIDS, need an extra console?  Lack's integration with
     firewall (to block bad/malicious source IP ??) ?
c)  any other ...  ??

I see a trend by vendors coming out with unified products from Cisco,
Sophos, so does this mean this is the way to go ?
0
Hello,
     We use RealVNC to to monitor a couple of PCs that are at a remote location. We have never had a problem using it but since upgrading the firmware on our  Sonicwall NSA 220 the firewall now stops the connection with the following alert: IPS Prevention Alert: MISC RealVNC Authentication Bypass, SID: 5828, Priority: Medium. How can I stop the firewall from blocking these events?

Thank you
0
The formerly known as Sentinel & now named as EPT is a forensics &
anti-malicious activities (process & memory scans) product.

Anyone (esp those who have used / assessed it) care to share reviews on it:
a) how easy to use & accurate/thorough is its forensics
b) does it have predictive capabilities of malicious behaviors
c) how does it compare with competing products?
d) does it deal with apps vulnerabilties like injections & XSS ?
e) it was supposed to deal with APT (Advanced Persistent Threats):
    does it deal with 0-day (signatureless?) malwares ?
0
0
 

Expert Comment

by:Pierre Ammoun
Where can I find basic guidelines to "educate the users" on being careful about malware ransomware ?
1
 

Author Comment

by:Alix Postan
Hi Pierre! That's a great question! Here are some links to some articles that I think would help educate users about being careful about malware:

1) 7 Things About Information Security Your Boss Wants to Know: http://www.uzado.com/blog/7-things-about-information-security-your-boss-wants-to-know

2) 7 Tips for Dealing with Internet Security Threats: http://www.uzado.com/blog/7-tips-for-dealing-with-internet-security-threats

3) 5 Best Security Blogs You Should be Reading: http://www.uzado.com/blog/five-best-security-blogs-you-should-be-reading

Hope that helps! Let me know if you need more articles!
0
Petrwrap, specifically, targets the Master File Table (MFT), which is essential for your computer to find files on the computer. By targeting the MFT, the ransomware is able to attack individual files faster than if each file were to be encrypted one-by-one. The good news is… that Petrwrap is detectable by anti-virus tools. Unfortunately, if the anti-virus scanner is delayed in catching it, Petrwrap can easily get a foothold into the computer system and spreads very quickly. Moreover, the encryption is so strong, that it is unlikely to be able to break through the software and recover files.
Check out our blog post on “Why Vulnerability Assessments Are Insufficient” for more information on securing your servers.


http://www.uzado.com/blog/why-vulnerability-assessments-are-insufficient
3
Industry Leaders: We Want Your Opinion!
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Can you please suggest best IT security vulnerability reporting software like hackerone which will be also cost effective.
0
I have two particular vulnerabilities that were found by our Qualys scan.

Vulnerability 1:  SSL/TLS Server supports TLSv1.0

Solution disable TLS 1.0

What I did. Set the registry entries below.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client]
"DisabledByDefault"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server]
"Enabled"=dword:00000000

The vulnerability is still showing up.

Vulnerability 2:  Birthday attacks against TLS ciphers with 64bit block size vulnerability (Sweet32)

Solution: Disable DES and 3DES.

What I did.

Set the following Reg entries:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\DES 168/168]
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\DES 56/56]
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\Triple DES 168]
"Enabled"=dword:00000000


For some reason the vulnerabilities are still showing up on the server.  I have followed what I have read on microsoft. I am beginning to think that it is a false positive.
0
My organization did a vulnerability scan one of our websites (SharePoint 2013) which is behind AD authentication... the report gives warnings about about "cross-site scripting" and "clickjacking" vulnerabilities.

My question is, if the site is behind AD authentication these are not actually vulnerabilities, are they?
0
Hi, does anyone know any weakness of Cisco devices (router, switch, Firewall)? Is there any way/tool to assess their vulnerabilities?
0
I have 2 servers (Windows Server 2012 R2 and Windows Server 2008) being scanned by Qualys that have surfaced this finding:

HTTP Security Header Not Detected HTTP Security Header Not Detected port 80/tcp

THREAT:
This QID reports the absence of the following HTTP headers:
X-Frame-Options: This HTTP response header improves the protection of web applications against clickjacking attacks. Clickjacking, also known as
a "UI redress attack", allows an attacker to use multiple transparent or opaque layers to trick a targeted user into clicking on a button or link on
another page when they were intending to click on the the top level page.
X-XSS-Protection: This HTTP header enables the browser built-in Cross-Site Scripting (XSS) filter to prevent cross-site scripting attacks. X-XSSProtection:
0; disables this functionality.
X-Content-Type-Options: This HTTP header prevents attacks based on MIME-type mismatch. The only possible value is nosniff. If your server
returns X-Content-Type-Options: nosniff in the response, the browser will refuse to load the styles and scripts in case they have an incorrect MIMEtype.
QID Detection Logic:
This unauthenticated QID looks for the presence of valid X-Frame-Options, X-XSS-Protection HTTP and X-Content-Type-Options headers in a
HTTP request.
IMPACT:
Depending on the vulnerability being exploited, an unauthenticated remote attacker could conduct cross-site scripting, clickjacking or MIME-type
sniffing attacks.
SOLUTION:
N/A
0
We developed some apps for our customers.  Besides scanning our mobile/IOS
website, auditors have required that we scan the IOS/Android apps that we have
developed for our customers IOS devices.

Q1:
is this a feasible or common practice to scan the apps running on clients IOS?

Q2:
What are some of these scanning tools that anyone can suggest?

Q3:
My view is to scan the mobile portal that we offers, not client's mobiles/iPad
0

Vulnerabilities

A vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness, known as the attack surface. Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities. Other vulnerabilities include security risks, security defects and constructs in programming languages that are difficult to use properly.