Go Premium for a chance to win a PS4. Enter to Win

x

Vulnerabilities

A vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness, known as the attack surface. Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities. Other vulnerabilities include security risks, security defects and constructs in programming languages that are difficult to use properly.

Share tech news, updates, or what's on your mind.

Sign up to Post

Hello Experts,

We are working on remediating some security vulnerabilities.  One of the low hanging fruit that I thought I would remediate is the requirement to allow RDP connections from computers running Remote Desktop with Network Level Authentication.  Below is a screenshot from one of our workstations showing the current setting:

Current settings on workstations
As you can see, we currently allow connections from any version of Remote Desktop.

The setting to require Network Level Authentication had been configured in our default domain policy.  It was set to “disabled”.  I have changed the setting to “enabled” and applied the change.  

NLA required set to enabled
I have saved the GPO and let domain replication take place.  When I do a gpupate /force /sync and restart the RDP settings are the same as they were in the first screenshot.  What am I missing here?

Thanks in advanced.
Nick
0
Lessons on Wi-Fi & Recommendations on KRACK
Lessons on Wi-Fi & Recommendations on KRACK

Simplicity and security can be a difficult  balance for any business to tackle. Join us on December 6th for a look at your company's biggest security gap. We will also address the most recent attack, "KRACK" and provide recommendations on how to secure your Wi-Fi network today!

I'm dealing with some 50 workstations of Windows 10 Pro in a peer-to-peer network.  The practice has been for the machines to be inspected manually on a weekly basis for update status.  It doesn't take too long really but it would be better no doubt to automate the process.

I've not found anything that really does the job.
Nessus doesn't seem to offer a template that does this particular scan.
PRTG may do it but I'm going to have to get the target machines to respond using the right security protocol.
MBSA seems to "work" but not very well for scanning Windows 10 machines - lots of loose ends.

Other than changing our ways, which isn't even part of this question, what might you suggest?
Our ambitions are quite limited - so you might keep that in mind.
0
I've installed GFI languard client on about 20 computers successfully, now it just says "pending install" on all new clients and doesn't do anything. What might be stopping it? What kind of reporting/analysis is there to trouble shoot this?
0
Dear all,

We would like to ask your experts advice on how to remediate one of the findings in our application penetration testing: "OS command injection". Here is the details of the findings:

OS command injection

Operating system command injection vulnerabilities arise when an application incorporates user-controllable data into a command that is processed by a shell command interpreter. If the user data is not strictly validated, an attacker can use shell metacharacters to modify the command that is executed, and inject arbitrary further commands that will be executed by the server.

OS command injection vulnerabilities are usually very serious and may lead to compromise of the server hosting the application, or of the application's own data and functionality. It may also be possible to use the server as a platform for attacks against other systems. The exact potential for exploitation depends upon the security context in which the command is executed, and the privileges that this context has regarding sensitive resources on the server.

Hope you can help us resolve the issues.

Thanks and best regards,
Edna
0
I'm looking at Cylance for my malware solution. We're all set to go with Malwarebytes. I'm confident in the latter being a worthy adversary for all the risk at here. But Cylance was brought up recently and I wonder if anyone has used it and what they think of it as a viable solution.
0
I have an internal CA. It's got a Root CA (offline) and a Subordinate CA (Enterprise). I am looking to enable code signing. I was successfully able to publish the template and get the cert for the administrators. What I can seem to figure out is how to get the PC to fully trust any certificate from the CA for code signing. I have the Root CA cert in the Trusted Root Cert Authorities and The subordinate in the Intermediaries Authorities. I know that code signing looks at the "trusted publisher" store. What I don't understand is why it's not trusting the certificate since it's issued by a CA that is in the trusted Cert Authorities. Anyways, I tried adding the Root and sub CA certs into the Trusted Publisher store and that also didn't work. The only way I could get full trust was to put the public cert into the Trusted Publishers store. I would like to just make it so that any code signing cert we ever issue, is trusted by my clients. what are requirements to make this happen? I don't want to update GPOs for evreyone's individual code signing certificates. Thank you.
0
I have been trying to connect to a Watchguard XTM 330 L2TP vpn using the windows client, keep getting the message that it can't resolve the server name. Using a Windows 2012 Radius server that I can authenticate to from inside the network. DNS is configured on the policy for the watchguard etc. When we use the Watchguard SSLVPN client it works just fine. We use roaming profiles so the SSLVPN client won't work with them. Anyone have any suggestions?
0
Hi All,

I am having a vulnerability issues on my asp.net web application.

a potentially dangerous request.path value was detected from the client (:).

I already have <httpRuntime requestValidateMode="2.0" requestPathInvalidCharacters="" /> on my web config.
0
I have a wireless envorment with:

Server 2012 R2 running the NPS service for RADIUS authentication to the AD
Ubiquiti UniFi APs that are set to forward auth to the RADIUS NPS server

Now I have that setup, and it works, and authenticates the users AD login, and connects to the network just fine, the issue I have, comes after that, when the user is not authenticated through the single sign on through RADIUS for the WatchGuard firewall. I have followed what little information WatchGuard has on this, but most of their information points to MSDN pages, that get me no where.  I understand that the WatchGuard needs to receive accounting packets with information from the NPS server, but it doesn't seem to be getting them, as the firewall still tries to route users to authenticate through the web portal.

Not sure where to go from here in order tell which system to send to what and where, and how.
0
Looking for Patch Management Cloud service. I have found a few on the Internet but not sure who is good. Looking to patch OS and 3rd party Apps
0
New feature and membership benefit!
LVL 11
New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

At NY Data Center, and UK and US Offices the IP addresses accessing in and being accessed out.


Objective is to identify suspicious / unauthorized access or data transfer .
0
We have a P4515 that is showing the vulnerability below. I could not find anything related online. Any help would be great.

HP printer
Description      Integer based SQL injection vulnerability in enableAS parameter to /hp/device/this.LCDispatcher?nav=hp.AutoSend
Confirmed      Yes
Severity Level      Critical
Severity      user file read access
Tutorial      SQL injection
Service      443:TCP
Technical Details      Normal Request:
POST /hp/device/this.LCDispatcher?nav=hp.AutoSend HTTP/1.0
Host: 10.91.2.62
User-Agent: Mozilla/5.0
Content-length: 447
Content-Type: application/x-www-form-urlencoded
Connection: Keep-Alive
Cookie: MFPSESSIONID=010044D3A0E5EAC6706FBFCDE3B6884CAD189BF8917D1CD7FFA22017072703064703C1
bar=yes,location=
0
Hello All,

I need your help to fix CVE-2016-2183 vulnerability in my CentOS release 6.9 (Final) instance.
I have checked for the various solution to fix this like to make the changes in apache/ngnix configuration. But, i dont have apache/ngnix install in my instance.

The openssl version installed in my instance is OpenSSL 1.0.1e-fips 11 Feb 2013.
When I'm trying to update the openssl package using yum, it did not identify any new version of the package available for installation.

Regards
Rukender
0
Hello.
I need an advise of Kaspersky Security Center expert.

We have bought the SELECT licence so Kaspersky is unable to patch software vulnerabilities automatically. We need to do it manually. No problem. For example when I see Adobe Flash NPAPI/ActiveX vulnerabilities than I download the newest versions from official websites and deploy them to the computers containing vulnerabilities. Updates are successfully installed to the newest version BUT Kaspersky keeps saying that vulnerabilities for Adobe Flash NPAPI/ActiveX still exist there.

I do not think it is problem of Kaspersky software. Updates are often successful and solve vulnerability issues. But sometimes (it's usually problem of Adobe software) vulnerabilities persist. I would like to get rid of them but it's impossible even with the updated software.

Can someone explain me why?

I thought it could be problem of OS version (we use Win7 + 15PCs with WinXP) but after testing I found there is no difference.

So if you know the way how to update the software with removing vulnerabilities, please let me know.
0
I have a web site the consistently get DDos attacks , I've changed several of hosting provider with no success.

Only one in Canada seems to block the DDoS attacks , but I'm looking for some hosting in the US. that can deal with it, and block it.

Any suggestions?
0
Hi

guys any review, expirence with this SIEM software http://www.gfi.com/ 

thank you
0
I have been trying for a few days to create a media restore point - one that won't be used on this system but I thought I should get it.  I have been getting a couple of errors (I wrote them down but I can only find the one piece of paper: Page_Fault_in_Non_Page_Area

I tried a few different USB drives but none of them worked.  I have ran a sfc / chkdsk on everything - even ran it when it rebooted and rebooted in safe mode.

I did a HiJackThis Analyzer - seems OK - ignore the hosts file, that's mine
Reource MonitorCPU Monitor
Windows 10 64G
0
Please could you explain for me how does a method
public void doItMulti()

Open in new window

works.
May be you could draw for me  some action UML or sequence or any other behavior UML. May be you could provide for this methods some useful and detail comments for each line of code. Thx for your help in advance !

package bfpasswrd;

import java.util.ArrayList;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.Future;

public class PasswordCracker
{

String passwordToCrack;
public boolean passwordFound;
int min;
int max;
StringBuilder crackedPassword;

public void prepare(String text)
{
    passwordToCrack = text;

    passwordFound = false;
    min = 32;
    max = 126;
    crackedPassword = new StringBuilder();
    crackedPassword.append((char) (min - 1));
}

public void result()
{
    System.out.println("Cracked Password is: " + crackedPassword.toString());
}

public void incrementString(StringBuilder text, int min, int max)
{
    text.setCharAt(0, (char) ((int) text.charAt(0) + 1));
    for (int i = 0; i < text.length(); i++)
    {
        if (text.charAt(i) > (char) max)
        {
            text.setCharAt(i, (char) min);
            if (text.length() == i + 1)
            {
                text.append((char) min);
            }
            else
            {
                text.setCharAt(i + 1, (char) ((int) text.charAt(i + 1) + 1));
            }
        }
    }
}

public void runMulti(String text)
{
    

Open in new window

0
Hi, i need to do a penetration test for a web application. I was wonder who would be the best company to ask to perform such a test?
Any recommendations?
I am based in Melbourne..
0
Automating Your MSP Business
Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Hello Experts,

I was trying to find information about below rpcbind issue and how can I fix it so that, it wont happen again.
Below is the one of the vulnerability which was caught in scanning, reported by a team.


RPC
service name: portmapper
service protocal: udp
Portmapper found at: 3277x
service port: 3277x

Vulnerability ID: rpc-portmapper-0001
vulnerability title: Rpcbind Listening on a Non-Standard Port


 Vulnerability Description: 

 The rpcbind program converts RPC program numbers into universal addresses.
 When a client makes an RPC call to a given program number, it first connects to rpcbind on the target system to determine the address where the RPC request should be sent. Rpcbind has been detected listening on a non-standard port (above 32770) instead of the standard TCP / UDP port 111. 

 This configuration flaw has been confirmed on some operating systems such as Solaris 2.x. The exact high port number rpcbind listens on is dependent on the OS release and architecture. Thus, packet filtering devices that are configured to block access to rpcbind / portmapper, may be subverted by sending UDP requests to rpcbind listening above port 32770. This vulnerability may allow an unauthorized user to obtain remote RPC information from a remote system even if port 111 is being blocked.
  
Solution:
=======
 
Fix Solaris rpcbind filter evasion
Download and apply the patch from:  http://ftp.porcupine.org/pub/security/ 


 For Solaris, the newest version of 

Open in new window

0
When trying to login to my wordpress site (http://www.elegantaffairca.com/wplogin) nothing happens and just goes back to the login page.

A brief of background, my site was hacked a few months back but I manage to take it back and installed some security plugins like ithemes security pro and Wordfence (free). Everything seems to fine until yesterday, I could not login anymore.

Any help would be appreciated. Thanks you.
0
In the past 6 months or so, my bankcard or ATM card has been compromised.  I do tend to eat out once or two a day and do use my card for these type of transactions; however, I believe that one or two places might be the culprit to my issues.  I go to a neighborhood gas station one a week because the gas prices are usually cheaper and lately, I've started purchasing merchandise online.  I did noticed that they were even able to withdraw $200 from an ATM machine as well.  

Just curious as to how they are doing this?  Is someone taping into my wifi connection at home?  How the heck are they doing this?  I lately got a new card and now have to go to the local 7-11 machine to withdraw money since I don't want to use my card.
0
I'm currently running --

-W2k8r2 service pack1
-IIS 7.0

How can I resolve this CVE-2000-0649?
0

Vulnerabilities

A vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness, known as the attack surface. Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities. Other vulnerabilities include security risks, security defects and constructs in programming languages that are difficult to use properly.