Vulnerabilities

6K

Solutions

8K

Contributors

A vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness, known as the attack surface. Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities. Other vulnerabilities include security risks, security defects and constructs in programming languages that are difficult to use properly.

Share tech news, updates, or what's on your mind.

Sign up to Post

Warning - A respectable looking scam attempt

I get scam attempt emails all the time, however, this one caught my eye due to how cleverly it's been put together. An almost perfect reproduction of a genuine Energy Australia electricity bill. Two screw-ups from this particular scammer though - An invalid "From:" email address and the Copyright statement at the bottom of the bill is dated 2017.

Other than those two mistakes, it is an almost perfect reproduction that I fear would fool the majority of technically challenged users. Even the Sign in to My Account etc. links are genuine. Take a look at this:

EnergyAustralia Scam
















The "view your bill" link is bogus and hyperlinks to the following address, which I've purposely mangled to make it unclickable.

h t t p: // org155 DOT outdoorjacketstore DOT com / route / b65ffaead5b87a47

Give a heads up to your folks if you still have them, as well anyone else you think might benefit from this information.

Hope that's helpful.

Regards, Andrew
0
Become a Certified Penetration Testing Engineer
LVL 12
Become a Certified Penetration Testing Engineer

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

We have found Apache Struts Ver 1.x (yes, these are obsolete versions) bundled
with our Oracle Weblogic & Tomcat (& possibly in Oracle Financials which we're
reviewing).

Our apps colleagues said the applications don't make use of the Struts (though
we can't say with 100% certainty if any of the apps modules developed by past
app developers who had left did call the struts.jar).

Q1:
Does the presence of struts.* mean we are vulnerable or WL or Tomcat have to
call them (or in the codes, there are references to struts) for it to be vulnerable?

Q2:
What's the best practice?  To deinstall struts (since our apps colleagues said it's
not being used) or to upgrade to current version that offers patches (& keep
patching them)?

Q3:
To deinstall struts for WL, Tomcat & Oracle Financials, do we just remove the
struts.* files or is there a recommended way to deinstall?  We're on Solaris
10 and RHEL6
0
Local server security.

I just got a ransomware attack. Hence I am asking for help to be able to achieve a great level of security for my server especially. and devices.

WHich devices should I get and why?
0
I'm looking for someone to help setup a new watchguard T15 and a BOVPN to an existing XTM25.  I know enough to be dangerous (maybe even that much).

I'd envision to have the person on the phone / remoted into my PC which would be on the LAN side of the T15 and I'd have team viewer connection to a PC on the LAN side of the XTM25 to set up the vpn (you are probably saying there's better ways to do the setup, but that's an indication of what I do and don't know).
0
does anyone know how viruses such as Hermes 2.1 infect machines on a local network ? if a user executes it on their machine does the virus then try and copy its self to other machines on the network or does it try and encrypt the drives remotely ?
0
SecPIVOT
Take a step back to reflect where are we now and where we should be heading to in the next (and many more) tranches of getting to implement the RIGHT security. We need to build security PIVOT to stay in the cyber chase with the adversaries.
2
Q1:
There are numerous Wordpress & PHP vulnerabilities:
Besides patching, which is more appropriate to provide a mitigation
(looking at virtual patching) between an IPS or a WAF ?

I tend to think WAF is more for XSS, injection, brute force, "file inclusion", CSRF
kind of vulnerabilities (that are related to Secure Coding) while IPS in general
will match the vulnerability patches from product principals.

Q2:
Correct me if I'm mistaken or is there a WAF (looking at Barracuda) that could
perform both WAF plus IPS functions?
0
Looking for Online /authorized Compliance Checker for my  vSphere Environment  5.x and 6.x - vCenter and Esxi Host
vSphere Hardening Guidelines for 5.x and 6.x - for my vCenter and Esxi Host
Any Tool from VMware we can use to scan and fix the vulnerabilities ?
1
I am looking into general anti-virus management / monitoring best practices (regardless of vendor). I basically want a check list  for comparison to actual of:

-what our administrators should be alerted on from the AV agent / software installed any client device,
-what they should be able to produce in terms of compliance reporting for all their managed devices specific to AV.
-What kinds of issues they should be looking for when reviewing logs/alerts specific to AV on a daily basis

I will then use these to compare what they can produce from their central AV monitoring console(s) for a sample of devices or even all devices listed in other information sources such as AD, system centre or our asset management DB. I presume the 3 basics would be status (on or not), definitions last updated, last scheduled scan date. Are there any others?

There seems to be an assumption AV setup/config/management is pretty hard to get wrong but from some recent health checks for PCI DSS I noted on the findings many issues such as out of date signatures, AV not even running in some cases on devices etc.
0
Dear Experts, based on your experience, what are the important parameters that you will focus in defending DDoS attack when choosing Firewall model?
Many thanks!
0
Exploring SQL Server 2016: Fundamentals
LVL 12
Exploring SQL Server 2016: Fundamentals

Learn the fundamentals of Microsoft SQL Server, a relational database management system that stores and retrieves data when requested by other software applications.

hi guys

We have a load of Watchguard Access Points and they are connected to a Draytek 1100 PoE switch. This switch is then connected to our backbone switch which is a Cisco 3750.

We have set DHCP on the WiFi network that the access points are on in a way to be from 10.0.5.20 on wards and the management IP of this Draytek PoE being 10.0.5.6. Every single day, people complain about not being able to access the internet properly and then it fixes itself again. Then it happens again.

When they do complain, I end up not being able to access the management IP page of the Draytek on 10.0.5.6. This makes me believe that it is in fact this particular PoE causing the issues we are having.

Could that be the underlying problem?

Thanks for helping
Yash
0
A customer of mine has failed a PCI scan, mainly due to files stored on two bookkeeping computers, which contain sensitive data, like SSNs for employees, tax returns, and a small number of credit card numbers... Some of it is easy, old mailboxes, old emails, duplicate files, that can just be deleted.

Some of that data will need to be kept, though, possibly for long-term storage, but in a way that is PCI Compliant.

The credit card numbers are most likely internal, not customers - the business mainly transacts with their customers via checks, which are electronically deposited and then shredded when the accounts are reconciled.

What is the best/correct method to recommend to them for storing and accessing this data going forward that is both compliant and usable by not-very-technical bookkeeping staff?

They are a network of 10 total active users all running Windows 10 Pro, and joined to Active Directory via Windows Small Business Server 2011, and do have shared file access on the servers. For compliance, I'm thinking it would be best to have this data on the server, where it is assuredly backed up, and permissions are stricter, but does that create a more centralized potential point of failure?

Your advice and recommendations are appreciated!
1
getting alerts on mac for Symantec every minute for days, nothing is getting attacked on my network or scanned, Symantec mentioned i need to upgrade and i did but still annoying alerts


Screen-Shot-2018-11-19-at-2.39.49-PM.pngScreen-Shot-2018-11-19-at-2.39.49-PM.pngScreen-Shot-2018-11-19-at-2.39.12-PM.pngScreen-Shot-2018-11-19-at-2.38.38-PM.png
0
Hi,
We have setup an internal VLAN on our WatchGuard for Guest wifi access. The vlan works as expected and anyone who joins gets the expected IP address/ can browse the internet no problems. What we cant it to do is to work correctly with outlook web access. For some reason whenever I try the owa address I get redirected to the watchgiard ssl login page. If I try on any other external connection it works fine. I have tried an nslookup on the new guest wifi and our other external connections and they all point to the correct external address. ie if I am connected to one external wifi and try to access the url xxxxxx/exchange it work fine and an ns lookup is pointed to the correct external address. If I try and accesss xxxx I get presented with the iis page. If I try the same when connecting via the guest wifi, the nslookup shows the same external ipaddress, however if I try to goto to xxxx/exchange I get a 404 page not found error and if I browse to xxxx I get the watchguard ssl login page.

What am I missing?

Cheers,
Paul
0
Question from a Quallys report QID is 119518
0
https://www.ru.nl/publish/pages/909282/advisory.pdf
Solid State Disks (SSDs) often implement hardware full-disk encryption in a way known as Self-Encrypting Drives
(SEDs). Several implementations of SEDs have been analysed by reverse engineering their firmware. Many have security vulnerabilities that allow for full recovery of the data without knowledge of any secret when you have physical access to the drive.
BitLocker, bundled with Microsoft Windows, relies exclusively on hardware full-disk encryption if the drive indicates support for it. Thus, for these drives, data protected by BitLocker is also compromised.

Sweet, isn't it? Now go check your drives... all of them.
manage-bde -status c: | findstr /i hardware && msg * You are possibly affected!

Open in new window

1
LVL 63

Author Comment

by:McKnife
Andrew, it's batch code, not powershell code. Run it on an elevated command prompt. If you get a popup, verify your drive model. If the output is empty, you are safe to go.

[batch code can usually be run on the powershell, too, but not all batch code and the operator "&&" ("continue if last result is success") is unknown to powershell - that's why you see an error]
1
LVL 25

Expert Comment

by:Andrew Leniart
Andrew, it's batch code, not powershell code.
Doh! <blush>

Run it on an elevated command prompt. If you get a popup, verify your drive model. If the output is empty, you are safe to go.
Cool! I ran it on both my SSD drives and no output, so I guess I'm safe :-)

Many thanks for your help McKnife. Very much appreciated.

Andrew
0
In general, does Non Disclosure Agreement covers
a)  information should not be disclosed even verbally?
b) accidental divulging of sensitive information?
c) that a vendor is working for this specific customer on a specific project?
d) the size of the data or database of the customer?
e) the value of the project?
0
We have 3 apps that a user runs on his computer every other day: 'SUPERAntiSpyware', 'Spy-Bot Search and Destroy' and 'Comodo Antivirus'.  The user runs the 3 apps at that same time whenever cleaning up is desired.  The user would leave theses tools running overnight.

The app 'Comodo Antivirus' never finds a virus.  The apps 'SUPERAntiSpyware' and 'Spy-Bot Search and Destroy' always finds spyware.  In  the morning the user would first click 'SUPERAntiSpyware' to delete or isolate the threats reported and then do the same to 'Spy-Bot Search and Destroy'.  Finally restart the computer.   Note, prior running the apps, the user would run cCleaner to cleanup any junk in his drive.

To-Date, there is no problem we have identified and all seems to be ok.  Our question is more directed to know EE opinion on:

  • Why 'SUPERAntiSpyware' and 'Spy-Bot Search and Destroy' display different results?
(Spy-bot would show registry entries and superantispyware would show files)
  • Any negative effect by running these 3 apps simultaneously?
  • Finally, is it necessary to run cCleaner prior running the apps?
0
We have a new 2nd building on property we own.  someone got verizon fios at the 2nd building (it was already in the 1st building).  They are about 1,200 feet apart with line of sight.

We need the 2nd building to be able to access the network in the first building (and minimize costs).   the 2nd building will have 1 -2  users and MAYBE some file transfers between the 2 buildings, but mostly email, web surfing

I'm trying to see the costs for connecting the 2nd building to our existing network / do we need fios at that 2nd building

Some options I thought of?

1) Setup a VPN - we have a watchguard at building 1 already and that has a VPN to another office in another state.  So add a Watchguard unit for $500? at building 2 and some config time / costs.  and still have the fios ongoing costs.  Anyone know the throughput of a vpn using Verizon fios at both ends?  it's lower than the speed you are paying for from verizon, right?

2) wireless? Maybe Unifi Nanobeam 5AC gen 2  

https://www.amazon.com/Ubiquiti-NanoBeam-High-Performance-airMAX-NBE-5AC-Gen2-US/dp/B0713XMHH9 

$113 each and we need 2 of them, plus time / moneh for hardware, mounting poles, etc. That  Would get 400Mbit which is fine (mostly email / web surfing etc at the far end).  But What if we want gigabit on wireless?  Is that doable at a reasonable cost? And can cancel the FIOS

3)  Fiber? I called Lanshack.com and they are saying the fiber cable would need to be outdoor rated (regardless of being …
0
Starting with Angular 5
LVL 12
Starting with Angular 5

Learn the essential features and functions of the popular JavaScript framework for building mobile, desktop and web applications.

Hi,

We use Mitel 5212 IP Phones. we are trying to get them to work on a custom VLAN setup on a watchguard m500 firewall. We have created the custom vlan and the ip scope which works fine. I have mimicked the DHCP options from our windows based dhcp server, however this didn't work. On the DHCP windows based DHCP server the options are:

128 Mitel TFTP xxxx.xxxx.xxxx.xxxx
129 Mitel RTC xxxx.xxxx.xxxx.xxxx
130 Mitel IP Phone Identifier MITEL IP PHONE
132 VLAN for Mitel IP Phone 0x3
133 priority for Mitel IP Phone 0x6

On the firewall dhcp scop options 9All custom)
Code       Name                                 Type            Value
128         Mitel TFTP                           IP                  xxxxxx
129         Mitel RTC                            IP                    xxxxxx
130        Mitel IP Phone Identifier  Text              MITEL IP PHONE
132        VLAN for Mitel IP Phone   Hex              3
133        Priority for Mitel IP phone Hex             6

When the phone eventually boots it gets a crazy VLAN id. Any clues as to what I am issing, or a how to guide on getting the IP phones to work?

Cheers,
Paul
0
Hi.  I am trying to map ports to an internal IP from any outside IP on a Watchguard firewall.  Version 11.9 Firewire XTM Web UI.  No matter what I do, these ports will not open.  Unfortunately, not as familiar with Watchguard as I should be.
Any idea why they will not go through from the attached file?
Watchguard-pdf.pdf
0
libSSH Authentication Bypass Vulnerability Analysis(CVE-2018-10933)
0
a) https://en.wikipedia.org/wiki/Ceedo  ==> has local distributor/partner, on-prem
b) https://www.garrison.com/                 ==> on-prem, cloud-based coming up
c) https://info.authentic8.com/               ==> cloud only

Trying to narrow down which of the above 3 solutions to adopt for safe Internet
browsing.

a) uses CDR (Content Disarm & Reconstruct) : how good is this in making the
    Pdf, MS Office files safe? O365's  SpamHaus is not sufficient (still getting
    spams) & lacks defense against malicious attachments & users clicking
    on phish links in emails, can Ceedo's solution do CDR for email/email
    attachments?  Can't seem to find anything in the wiki link above.
    It's not clear if they have proxy solution/feature in their product

b) this solution lacks in terms of proxy (for us to link to SpamHaus or add our
    Threat Intel's bad reputation IP & blocking certain categories like YTube &
    FB) & downloading of files: had to email the attachments & purchase
    proxy/CDR (eg: Deep Secure) solutions to integrate:  personally I prefer to
    cut down on integrations because when there's issues, vendors would
    point to each other.   By making users do downloads by sending email,
    it discourages users from downloading to their PC unless necessary:
    however, I foresee users will be unhappy with such requirement that
    they had to take extra steps to email files they wanted to be downloaded

c) offers cloud solution only …
0
I have a T70 device I'd like connect up via BOVPN with a XTM2 device (with wireless) at a home office location.  In front of the XTM2 I will have an AT&T uverse router in bridged mode.

I'd like all of the data from one port on the xtm2 to go back and forth over the BOVPN.  I'd like all of the wireless traffic to travel out to the internet.  

Can someone please tell me if this is possible and point me in the right direction for accomplishing this?   I've setup BOVPN's between two devices before but it was moving all traffic between both devices and I need to keep the wireless (home users) traffic off the VPN.
0
When clicking "Disable these  Cookies" we get a message of 3rd cookies to select (see below).   We noticed that all are SQL.  Can some EE explain why these cookies?  Why SQL have 3rd party cookies? - please shed some light on the topic

Spybot issue
0

Vulnerabilities

6K

Solutions

8K

Contributors

A vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness, known as the attack surface. Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities. Other vulnerabilities include security risks, security defects and constructs in programming languages that are difficult to use properly.