Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x

Vulnerabilities

A vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness, known as the attack surface. Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities. Other vulnerabilities include security risks, security defects and constructs in programming languages that are difficult to use properly.

Share tech news, updates, or what's on your mind.

Sign up to Post

Learn how to mitigate the new intel bugs Meltdown & Spectre,

Join this free #webinar titled "How to mitigate #Meltdown and #Spectre bugs" on Jan 10, 11:00 am EDT to get hands on experience, clarify your doubts , fix the exploit and get back to your routines.

https://www.manageengine.com/products/desktop-central/meltdown-and-spectre-webinar.html?ee

melt-webinar-social-banner.jpg
0
Free Tool: Port Scanner
LVL 11
Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Meltdown and Spectre: Battling the bugs in Intel, AMD, and ARM processors


Intel bugs exploiting your sensitive data, AMD and ARM also becomes victims to this exploit.

Read more: https://blogs.manageengine.com/desktop-mobile/2018/01/05/meltdown-and-spectre-battling-the-bugs-in-intel-amd-and-arm-processors.html

You can mitigate this threats to certain extent by patching your windows systems now, after checking the compatible AV's, if updated with incompatible AV's the system may crash, causing blue screen error. Update now and secure your sensitive data.

Attend this webinar to mitigate the bugs right away.
0
 
LVL 100

Expert Comment

by:John Hurst
Just keep patches up to date and use due care when surfing the web and downloading email.
1
Awesome xkcd re: Meltdown and Spectre: https://xkcd.com/1938/ 
5
 
LVL 1

Expert Comment

by:Giridhara Raam
Mitigate @intel bugs,

Join this free #webinar titled "How to mitigate #Meltdown and #Spectre bugs" on Jan 10, 11:00 am EDT to get hands on experience.

https://www.manageengine.com/products/desktop-central/meltdown-and-spectre-webinar.html?EE

melt-webinar-social-banner.jpg
0
 
LVL 50

Expert Comment

by:dbrunton
0

TeamViewer hacked: Here’s how to protect your systems


Hi there,

TeamViewer can be exploited using a vulnerability allowing users to switch between viewer and presenter side, or remotely control the server. If you are using TeamViewer in your enterprise, do act now.

Read more: https://goo.gl/2E65yX
1
5 tips for seamless endpoint security

Hey there,

Are you worried about your endpoints being hacked or breached?

Here is a simple tips to build the best endpoint security in your enterprise.

Building an effective endpoint security has become all time priority for enterprises. With the amount of cyber attacks evolving day by day, enterprises have to practice certain simple best practices tosimple tips to build the best endpoint security keep them vigilant against any unforeseen vulnerability breaches.

Read more: https://goo.gl/taAmSB
0
1
 
LVL 100

Expert Comment

by:John Hurst
It was the initial Creator Update on my ThinkPad X1 Carbon. As I noted, the issues seem to be fixed in the last 60 days, so here is hoping for good / better with V1709
0
 
LVL 58

Author Comment

by:McKnife
John, this is about MacOS.
0
Subject of the week | Considering the recent Equifax breach, what are your top personal security tips?

Use different passwords for different sites! If someone gets a hold of your email/password combination, they'll just try it on every site. So a single breach can turn into a bunch of compromised accounts.
2
CyberNewsRundown.jpg
Cyber News Rundown: Edition 9/15/17

German Voting Software Raises Concerns

With German elections only a couple weeks away, researchers have been working to determine how secure the voting systems really are. Per a recent study, the software being used contains multiple vulnerabilities that could lead to devastating results if the election is compromised. Meanwhile, the software creator maintains there is nothing wrong with the system and any tampering would only lead to confusion, rather than truly affecting the vote’s outcome.

Upgraded Android OS Slows Tide of Overlay Attacks

While overlay attacks are nothing new to Android™ users, the Toast window is a surprisingly fresh take on this technique. Google has already patched the issue being exploited, but many users unintentionally fell victim and gave permissions to a malicious app using the Toast window overlay on a legitimate page to spoof the users input. This type of attack can range from simply installing an annoying piece of malware on the device, all the way up to locking the device down and demanding a ransom.
2
Gain valuable virtualization processes skills that allow you the ability to store data, prevent vulnerabilities, and replicate environments for fast deployment. Enroll in September’s Course of the Month today!
0
Capture.JPG
Cyber News Rundown: Edition 8/25/17

The Cyber News Rundown brings you the latest happenings in cyber news weekly.
If you have any other questions, just ask!





UK NHS Database Exposes Over 1 Million Patient Records
During the past week, a breach was discovered in patient booking system SwiftQueue, which is widely used by several National Health Service (NHS) facilities. The database may have contained patient information for up to 1.2 million UK citizens, though the actual data has yet to be fully examined. Even worse, attackers now claim they have found additional SwiftQueue vulnerabilities and are in possession of all 11 million records stored by the company.

Booking Provider’s Data Found in Public Data Dump
Researchers recently discovered a large customer data dump in a publicly-facing Amazon S3 bucket. The data in question belongs to Groupize, a groups and meetings solution, and contains everything from customer interactions to full credit card information used to book hotels and other meeting spaces. Fortunately for anyone who has used the service, the data was properly secured within a week of the discovery.

Phishing Site Hosted on .fish Domain
1
2017 Webroot Threat Report
2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Look out for this patch and be diligent in implementing it to the machine. Here is one vulnerability (CVE-2017-8620) that has high potential to be of parallel to the WannaCry and NotPetya vulnerabilities -- it is described as 'The Next WannaCry Vulnerability'. Finally, if patching is planned but delayed, Microsoft's recommended temporary mitigation against CVE-2017-8620 should be deployed: disable the WSearch facility within Windows.

http://www.securityweek.com/patching-against-next-wannacry-vulnerability-cve-2017-8620
2
 
LVL 8

Expert Comment

by:Senior IT System Engineer
So is this already distributed in the Windows update this month or not yet ?
0
 
LVL 65

Author Comment

by:btan
Yes I was released already.
0
0
 

Expert Comment

by:Pierre Ammoun
Where can I find basic guidelines to "educate the users" on being careful about malware ransomware ?
1
 

Author Comment

by:Alix Postan
Hi Pierre! That's a great question! Here are some links to some articles that I think would help educate users about being careful about malware:

1) 7 Things About Information Security Your Boss Wants to Know: http://www.uzado.com/blog/7-things-about-information-security-your-boss-wants-to-know

2) 7 Tips for Dealing with Internet Security Threats: http://www.uzado.com/blog/7-tips-for-dealing-with-internet-security-threats

3) 5 Best Security Blogs You Should be Reading: http://www.uzado.com/blog/five-best-security-blogs-you-should-be-reading

Hope that helps! Let me know if you need more articles!
0
Petrwrap, specifically, targets the Master File Table (MFT), which is essential for your computer to find files on the computer. By targeting the MFT, the ransomware is able to attack individual files faster than if each file were to be encrypted one-by-one. The good news is… that Petrwrap is detectable by anti-virus tools. Unfortunately, if the anti-virus scanner is delayed in catching it, Petrwrap can easily get a foothold into the computer system and spreads very quickly. Moreover, the encryption is so strong, that it is unlikely to be able to break through the software and recover files.
Check out our blog post on “Why Vulnerability Assessments Are Insufficient” for more information on securing your servers.


http://www.uzado.com/blog/why-vulnerability-assessments-are-insufficient
3
After the WannaCry ransomware attack, we sat down with Thomas Zucker-Scharff to get the inside information on the technology behind the attack and what steps you can take to prevent this in the future. Read more of his advice. Take a step toward your security by enrolling in our free Course of the Month covering ransomware security and prevention written by Thomas.

4
1
The world has now had time to recover and mitigate damage from the widespread WannaCry ransomware attack. We evaluated what it has left in its wake. Tallied damage includes:
 
More than 150 countries.
Currently $111,996.86 has been paid in bitcoin so far to decrypt files.
Around 16 of England’s National Health System organizations affected, with doctors resorting to pen and paper to complete patient records.
Renault, a European auto manufacturer, kept a French plant—that employs 3500 people—closed Monday, May 28th as a “preventative” measure.
 
Learn how to secure your data and prepare against future threats by taking our June Course of the Month covering ransomware prevention and preparation.

 
3
 
LVL 33

Expert Comment

by:masnrock
The sad part is a common failure in projects is failing to ask users for requirements.
1
 
LVL 125

Expert Comment

by:Andrew Hancock (VMware vExpert / EE MVE^2)
The NHS does not consider the opinion of NURSES and DOCTORS worthy!

Very Wrong, and they wonder why, they are all leaving and retiring, now leaving a brain drain in the NHS!
0
5
4
 
LVL 52

Expert Comment

by:Jackie Man
You need to install software like sophos intercept x in computers inside your network to block it.
3
 
LVL 7

Author Comment

by:Brian Matis
Personally, I'm just avoiding opening any Word docs from anyone I don't know... And to some extent, even from people I do know... Most of my document usage these days is with Google Docs, so it's pretty rare that I need a Word doc!
1

Vulnerabilities

A vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness, known as the attack surface. Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities. Other vulnerabilities include security risks, security defects and constructs in programming languages that are difficult to use properly.