Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x

Vulnerabilities

A vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness, known as the attack surface. Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities. Other vulnerabilities include security risks, security defects and constructs in programming languages that are difficult to use properly.

Share tech news, updates, or what's on your mind.

Sign up to Post

The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.
2
Concerto Cloud for Software Providers & ISVs
LVL 4
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

The recent Petya-like ransomware attack served a big blow to hundreds of banks, corporations and government offices The Acronis blog takes a closer look at this damaging worm to see what’s behind it – and offers up tips on how you can safeguard yourself from future ransomware attacks.
2
This article investigates the question of whether a computer can really be cleaned once it has been infected, and what the best ways of cleaning a computer might be (in this author's opinion).
2
 
LVL 12

Expert Comment

by:Andrew Leniart
Comment Utility
An interesting and well thought out article Thomas. Thanks for writing it.  

Whilst I continue to stand by the opinions I've shared before on this topic, you've presented some interesting points to ponder here, the VM options in particular. With regards to this though;
the malware cannot spread outside of that VM
I'd add that while not a common occurrence, it's not beyond the realms of possibilities for an infection to escape a VM and also infect the host operating system. Correct network and sharing configurations of a virtual machine [and its host] are of particular importance here.

 Thanks for sharing.
0
 
LVL 30

Author Comment

by:Thomas Zucker-Scharff
Comment Utility
Andrew,

Thanks for the comment.  I realize that there is a possibility of malware spread outside a vm. The thing is I have never personally  seen this happen. I have generally seen quite the opposite..
0

Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the many intricate ways privileged accounts can compromise Active Directory environments.


On the subject of “Tracking and Securing Privileged Users in Active Directory”, Derek Melber, technical evangelist for the ADSolutions team at ManageEngine, outlined that number as Microsoft's own observation.


That’s why companies like ManageEngine are working to educate users and provide simple-to-use tools for protecting the popular Active Directory infrastructure.


Melber explained that when companies are breached, they usually aren’t aware of the breach for up to 146 days. That means a hacker can be in your organization with domain administrator credentials, undetected, for 5 months—something Melber appropriately described as a “terrifying level of access.” According to Microsoft’s research timeline, when the first host is compromised (typically a desktop) the admin domain credentials are compromised in two days or less.


So how do companies combat these risks and stay ahead of hackers?


Melber said a great place to start is to follow these 5 steps for tracking and securing privileged credentials:


  1. Run reports on privileged access accounts
  2. Analyze data from these reports
  3. Configure settings
  4. Monitor settings and access
  5. Set up alerts for when access changes


These steps help companies follow the practice of creating a least privileged environment, something ManageEngine believes in. Following this for all endpoints, Melber explained companies can reduce vulnerabilities within Internet Explorer by 100%.


Individual privileged accounts, however, aren’t the only thing to monitor. Melber discussed the importance of following the same protocol with privileged groups. In privileged groups, users have uninhibited access to important files. He gave the example of a privileged group member accessing financial servers and backing up files or folders, regardless of the permissions set on those documents.


In order to audit this activity, tools are needed to run reports and control access. With the right tool, Melber says it’s possible to track access, monitor settings and behaviors, configure password resets, receive real-time alerts, and launch automatic reports.


“It all goes back, unfortunately, to breaches. Attackers are one step ahead of us. Attackers are using configurations against us. We need to flip that around. We need to know who has privileges. We can then help reduce the breaches that are in our environment,” says Melber.


For more details on tips provided in this webinar—or to watch the presentation—click here.


*Please email Derek Melber with any Active Directory questions at derek@manageengine.com


3
Doxware
If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
2
One of the biggest threats facing all high-value targets are APT's.  These threats include sophisticated tactics that "often starts with mapping human organization and collecting intelligence on employees, who are nowadays a weaker link than network components" (Curry et al., 2011).
0
I've been an avid user and supporter of Malwarebytes Premium Version 2.x for years. It's an excellent product that runs alongside just about any Anti-Virus application without issues. It seems to have an uncanny ability to pick up many things that Anti-Virus applications occasionally miss.
1
 
LVL 1

Expert Comment

by:agieryic
Comment Utility
I am an IT consultant and I also support the Malwarebytes premium 3.05 version. I've been testing a few chosen clients Windows 7 installations by upgrading version 2.22 version 3.05. Below are some of my notes that I emailed to Malwarebytes customer support. There are many similarities to the experiences as mentioned above in this post

I performed a full uninstall per directions provided below. Afterward, I used the mentioned Uninstaller tool and rebooted the PC
the PC is running Windows 7 professional

I then reinstalled the Malwarebytes version 3.05
-      updated the database
-      however, the malware protection module will not start. It just shows “starting”. So basically a malware protection is off.
- rebooted the PC again. The malware protection module started this time.
- On this PC and other PCs where I installed the Malwarebytes premium 3.05, it shows successfully installed and up-to-date  (whether it's a clean install or in in-place upgrade from version 2.2) - however,

 when I go to's perform a scan, I get a summary that says the scan was complete but it says zero item scanned in the timestamp is 00
- basically,  it says that it successfully ran a scan and completed - and it all happened in 100th of a second maybe I'm exaggerating)
but my point is, there are zero files scanned and zero for that timeframe

it is New Year's Eve holiday, I hope to get an answer after January 1, 2017
0
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
3
If you're not part of the solution, you're part of the problem.  

Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual traffic patterns.
0
Sacm-Alert
This story has been written with permission from the scammed victim, a valued client of mine – identity protected by request.
3
Automating Your MSP Business
Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Ransomware
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
4
 
LVL 37

Expert Comment

by:Mahesh
Comment Utility
Hi
If you could please post / incorporate some examples as well how Ransomware encrypt our data and further ask for payments to decrypt data..it will be really helpful.
Unless we come to know what exactly it can target, we would not realize its impact and importance
Article looks well and can give good start

Mahesh.
0
SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY.
How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
0
Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you should read this article.
3
threat model
Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
1
 
LVL 66

Expert Comment

by:Jim Horn
Comment Utility
Hi Shakshi

Thanks for your submission.  889 words, completely original content, and reads fairly well.  The technical aspects of this article seem pretty solid, but I'm going to send this back to Draft / Author Review for some general readability editing.  When you're done go ahead and resubmit and I'll review from there.

Please separate paragraphs with a blank line, as without that an article can resemble a 'word wall' where everything jumbles together and can be difficult to read.

>fruitful dispatch, inculcate, buttonhole, the prerequisite in a venture, Addedly, ingressed, environ
These words are rarely used and may confuse people.  Keep in mind that if these are local slang than it might not translate well to a global audience.  I can appreciate that you're trying to tell a story and be somewhat entertaining in the process, but just make sure you don't lose people in the translation.

>as it were, Addedly,
There are some phrases here that do not add value and can be deleted.

>Now let's take a brief about what Threat modeling is: Threat modeling does not include
Please define something by what it is, not what it is not.  The 'is not' stuff can always be added later.

>STRIDE & DREAD.
If terms are going to be introduced but not defined please at minimum provide a link to a definition.

Please provide a conclusion.

Feel free to self-promote in the 'About the Author' section, especially if you have other publications that readers of this one may be interested in reading.

For a lot more recommendations on how to score maximum points on articles check out Top 10 Ways To Write Rock Star Technical Articles

Thanks in advance.  I look forward to seeing this as a finished product.
Jimbo
0
cybersecuritty
Read about achieving the basic levels of HRIS security in the workplace.
1
 
LVL 6

Author Comment

by:Oscar Waterworth
Comment Utility
It was a mistake, thanks for having such a keen eye.
0
Cyber or not!
Transferring data across the virtual world became simpler but protecting it is becoming a real security challenge.  How to approach cyber security  in today's business world!
3
cloud
Cybersecurity has become the buzzword of recent years and years to come. The inventions of cloud infrastructure and the Internet of Things has made us question our online safety. Let us explore how cloud- enabled cybersecurity can help us with our businesses and ultimately lives.
0
This is a short article about OS X KeRanger, and what people can do to get rid of it.
0
 
LVL 14

Author Comment

by:Justin Pierce
Comment Utility
Hi Ericpete,

Sorry for the reference to Intego and my site. I've removed the lines that you've asked to be taken out. Again, I'm sorry for the mishap.

Thank you for your time and take care.

vr,

Justin
0
Crypto Ransomware
You cannot be 100% sure that you can protect your organization against crypto ransomware but you can lower down the risk and impact of the infection.
5
Looking for the Wi-Fi vendor that's right for you?
Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

A brand new malware strain was recently discovered by security researchers at Palo Alto Networks dubbed “AceDeceiver.” This new strain of iOS malware can successfully infect non-jailbroken devices and jailbroken devices alike.
3
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
7
 
LVL 17

Expert Comment

by:Kyle Santos
Comment Utility
Good job.
0
 
LVL 6

Author Comment

by:Teksquisite
Comment Utility
Thank you Kyle :)
0
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help family and loved ones from being the next victim.
5
 
LVL 27

Expert Comment

by:MAS
Comment Utility
Thanks Btan. Really helpful. Appreciated your effort.
0
 
LVL 64

Author Comment

by:btan
Comment Utility
No worries. There are many other good article and you can check out the FAQ too.
0
This article summarizes using a simple matrix to map the different type of phishing attempts and its targeted victims. It also run through many scam scheme scenario with "real" phished emails. There are safeguards highlighted to stay vigilance and heighten one's vigilance.
7
 
LVL 17

Expert Comment

by:Kyle Santos
Comment Utility
Great article!
0
 
LVL 64

Author Comment

by:btan
Comment Utility
thanks Kyle!
0
In every aspect, security is essential for your business, and for that matter you need to always keep an eye on it. The same can be said about your computer network system too. Your computer network is prone to various malware and security threats that revolve around your software and other applications. These threats can greatly affect your work and bring downfall to your business. This is the reason why you should seek the service of a reputed web application external penetration testing services company. It will help you ensure the security of your firm's network.

Unlike other manual security systems, external penetration testing services provided by a professional help you analyze your network vulnerabilities in a comprehensive manner. You can get rid of all the vulnerabilities with the combination of scanning tools and various other methods of manual penetration. These tools are designed specifically for preventing your system from any sort of data theft or identity theft.

Using penetrating testing tools will help you determine the extent to which your data or information can be compromised or in a position of vulnerability. There are end number of web application penetration testing companies that bring forth different types of tools and techniques for identifying and analyzing the common threats that can occur while using any online platform.

The penetrating testing process involves assessment of the network security and computer by imitating an attack on your…
4
The term "Bad USB" is a buzz word that is usually used when talking about attacks on computer systems that involve USB devices. In this article, I will show what possibilities modern windows systems (win8.x and win10) offer to fight these attacks without using non-microsoft tools or even security software that we would have to pay for.

Let me show the attack types that can be easily defeated:

1 your computer is found unattended and someone connects his USB drive (stick or hard drive or smartphone) to collect some of your data
2 your computer is found unattended and someone tries to run a script to infect your computer. Knowing, that we are prepared for item-1-attacks, he comes with a USB rubber ducky style device, that is a special USB memory stick that camouflages as keyboard to circumvent countermeasures against USB sticks. That way, it can act as a keyboard and type in thousands of code lines per minute…malicious code.The rubber ducky attack  is very dangerous since your computer can be infected in seconds even with current anti-virus software.


The concept:
The usb device, as any other device, needs to be installed in order to work. This takes a few seconds and is long enough to launch a counter-attack and uninstall that devices again before the attacker can use them. Starting with windows 8, the event log will record usb device installations so that we can use these events to trigger the …
15
 
LVL 56

Author Comment

by:McKnife
Comment Utility
Hi James.

When an .exe is run, it's already too late. So until the removal action would have started (triggered by some mechanism, doesn't matter), the exe code is already inside the RAM of your computer and it will not help to uninstall the device, then.
What we could do, is trigger certain actions when the device is plugged in, like for example search the whole device for *.exe or *.com and if found, uninstall the device. But that might take a few seconds and it could be that this process is too slow, so that the exe is already started manually while the search is still on it.
0
 
LVL 56

Author Comment

by:McKnife
Comment Utility
Oh James, somthing that will interest you!
I just "strolled" through our GPOs and came across a setting that I almost forgot: starting with win7, we can deny not only read/write but also execute access (separately) on removable devices by GPO! See https://technet.microsoft.com/de-de/library/hh125922%28v=ws.10%29.aspx?
0

Vulnerabilities

A vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness, known as the attack surface. Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities. Other vulnerabilities include security risks, security defects and constructs in programming languages that are difficult to use properly.