Vulnerabilities

6K

Solutions

8K

Contributors

A vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness, known as the attack surface. Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities. Other vulnerabilities include security risks, security defects and constructs in programming languages that are difficult to use properly.

Share tech news, updates, or what's on your mind.

Sign up to Post

Can someone share the exact steps (step by step) on how to set
X-frame-options in Weblogic (10.3.6, 12.1.3, 12.2.1.3)  & Tomcat
to SAMEORIGIN to fix XFS/clickjacking?


I'm running Solaris 10 & RHEL 6  OS
0
Exploring ASP.NET Core: Fundamentals
LVL 13
Exploring ASP.NET Core: Fundamentals

Learn to build web apps and services, IoT apps, and mobile backends by covering the fundamentals of ASP.NET Core and  exploring the core foundations for app libraries.

I have a WatchGuard M370 Firebox with L2TP and IPSec.  My users login to the firebox and then to a terminal server or in some cases their desktops. It's basically a 2 factor system, they login to the firebox and then to the server - I want to keep that.   I have a bunch of users who take home laptops and work at home and I'm wondering if there's a way to have my Group Policy enforced while they are on VPN.  My VPN is a dmz so it's not actually part of the network,  however, if you type and IP address chances are you'll get where you need to go.  SO for example my home users connect to a terminal server in the DMZ.  They are using Laptops we created here, but if they are not acknowledged on the domain after 60 days I'm having to put them back on the domain because the trust relationship fails.  I want to try to avoid this.  Is there a way to do it?
0
https://jonlabelle.com/snippets/view/javascript/jquery-1124-xss-patch
https://www.cadence-labs.com/2018/07/magento-outdated-jquery-version-how-to-patch-without-upgrading-cve-2015-9251/

Referring to 2nd link above, we're using jquery (though may not be magento).

As instructed above, to run in Chrome console (Alt-Shift-I  or  F12 to invoke console) & enter:
  jQuery.get('https://sakurity.com/jqueryxss');

Q1:
So to verify my URL, I replace sakurity.com  with my URL or I load in the Chrome'
browser my URL & in the console, I enter the above jQuery.get ...  ?  
How do I use it to verify my URL?

Q2:
Tried several URLs & got various returns below, are they pop-ups or what's the
expected value (in the pop-ups) that will indicate my URL is vulnerable or what
other values mean?   The values returned that I got so far:

a)
jQuery.get('https://www.myURL.com/jqueryxss');
{readyState: 1, getResponseHeader: ƒ, getAllResponseHeaders: ƒ, setRequestHeader: ƒ, overrideMimeType: ƒ, …}

b)
jQuery.get('https://sakurity.com/jqueryxss');
{readyState: 1, getResponseHeader: ƒ, getAllResponseHeaders: ƒ, setRequestHeader: ƒ, overrideMimeType: ƒ, …}

c)
jQuery.get('https://www.google.com');
{readyState: 1, getResponseHeader: ƒ, getAllResponseHeaders: ƒ, setRequestHeader: ƒ, overrideMimeType: ƒ, …}
(index):1 Access to XMLHttpRequest at 'https://www.google.com/' from origin 'https://www.jp.com.sg' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is …
0
I'm receiving spam/phishing emails.  Is there a way to analyze the data and documents being sent?  Such as a free analyzer of some sort?
0
I was asked on an interview, where do you get IT security info regarding IT security.  I drew a blank since the only know a couple of CVE websites.  What would be a proper answer and where should I be looking?
0
We have Splunk Enterprise and we seem to only have 50 gigs alloted to us on a monthly basis and we keep going over double the amount on a monthly basis.  Is there a best practice on what to keep and what not to monitor?  I'm new to splunk so please be patient.  Since we're in the financial sector and run through PCI compliance.
0
We run Cisco AMP in our environment and was wondering when I run Malwarebytes on some workstations, there are many Items that I need to quarantine that I think Cisco AMP should have captured or rejected?  I'm running the free version of Malwarebytes.  I also wanted to know if there's a solution I should consider as well.  I believe we are stuck with Cisco AMP until license runs out, but have seen some questionable items with the malwarebytes.
0
We have a VDI environment and receiving the following error:

Cisco AMP alert:  lsass.exe (high alert)

Reason: Process module is not clean and not signed
File full path: C:\Windows\System32\lsass.exe

Up until a couple of weeks ago, we were not receiving this alert or maybe the Cisco AMP got introduced into this environment.  I see multiple alerts for only our VDI machines and not seeing the alert for our other machines.  How can I determine this is valid or not?
0
I have the following network and wanted to get your opinion, from a security/network point of view as to what is wrong and what to do about it.security issue
1
hi guys,
i got a watchguard and azure cloud server.
got a branch office vpn gateway/tunnel confiugred between watchguard and azure server. and all works good for local users within watchugard network.


now am trying to create a mobile ssl vpn in watchguard for remote users, so they can connect to local network of watchguard and connect to cloud server. - but mobile vpn works:can connect to all local devices but could not reach cloud server... i know am missing some config or routes to connect mobile vpn and brachoffice tunnel vpn and also config in server to reach mobile ssl vpn back ?  ?? is this anyone done before or any ideas ?
0
Exploring SharePoint 2016
LVL 13
Exploring SharePoint 2016

Explore SharePoint 2016, the web-based, collaborative platform that integrates with Microsoft Office to provide intranets, secure document management, and collaboration so you can develop your online and offline capabilities.

We might be going into an acquisition and since I'm assuming this will occur, I wanted to know what questions to ask the new company's IT team with regards to their security posture.  This will be my first experience with such an acquisition and wanted to get your insights.
0
I ran Malwarebytes on a particular machine and have a question regarding one of the alerts.  Seems like a PUM is attempting to change the internet home page.  I see this across our network, but wanted to confirm if its something we need to look into further.  Also, since Malwarebytes seems to slow down the machine, I wanted to uninstall the software, but what happens to the quarantines I perform?  I'm I still considered protected after the reboot and then uninstall of the software?
Malwarebytes-quarantine.PNG
0
Hi I need to open inside to outside tcp ports 4105,4117 and 4118 for my watchguard to go out through my Cisco2911 -K9 router.

How do I do this in CLI?

I have tried
Extended IP access list 120
    10 permit tcp any eq 4105 any eq 4105
    20 permit tcp any host "external IP" eq 4105
Extended IP access list 121
    10 permit tcp any eq 4117 any eq 4117
    20 permit tcp any host "external IP" eq 4117
Extended IP access list 122
    10 permit tcp any eq 4118 any eq 4118
    20 permit tcp any host "external IP" eq 4118


Thanks in advance
0
We've started doing some PenTesting in our environment with KaliLinux and utilizing Metasploit as well.  Since this is an internal test, we are going with a segmentation approach, but I wanted to know what would also be recommended for our small company.  We have less than 1k users and smaller sites.  We're also planning on visiting the sites and doing site surveys in the near future.

Thanks for your thoughts and suggestions.
0
My current setup is this- I use a Watchguard firewall.
Interface 0 is external.
Interface 1 is trusted-192.168.1.1/24
Interface 2 is trusted-192.168.3.1/24
There is a VPN to another office that is 192.168.2.1/24

Our phone system is 192.168.1.5
If I plug a phone into the .2 network the phone will connect up without an issue.
If I plug a phone into the .3 network the phone will NOT connect up.

I assume there needs to be a policy in place to get the two to talk. I am unsure of what the policy needs to be.
0
So I keep getting a security log event with a brute force login. It is an excessive failed login attempt for Win-Security-4625. The issues are we don't know if it is a service that is continuously logging in, or if we have a breach on our hands. We have it set up to after five login attempts it should stop. However, this has not been the case. I was wondering if anybody has run into this before and if you have how do I prevent it from happening. Thank you!
0
All workstations getting [SID: 30470] Attack: Ransom.Gen Activity 20 attack blocked. Traffic has been blocked for this application: SYSTEM. Running SEP console 14.2 I have blocked SMB1, I have blocked in and outbound port 445 and 139 (though may have to do it from the server SEP console, did this on the local firewall) I have sent multiple log files to Symantec False Positive no one seems to be able to answer this. Every couple hours it tries to run and the SEP stops it but can't figure out where it's coming from.
0
Hello, I would like to know the most feasible (cost effective) vulnerability scanning tool for networks with 50 -  150 windows  endpoints.

Best regards,
Chanaka
0
Hi experts.   I have a customer that got an encryption virus and we are dealing with it.   I am looking for any kind of way to setup the network so we don't get those, even if the client did click on the bad email.   We have taught most of our users to forward it to us if  it looks suspicious.  Always check the from address and that will tell you more.   But they still clicked on it and invited it in.,     We have 2 servers and about 25 workstations.  Have a Watchguard firewall and Bitdefender on all the machines.  
Any guidelines would be appreciated.
0
JavaScript Best Practices
LVL 13
JavaScript Best Practices

Save hours in development time and avoid common mistakes by learning the best practices to use for JavaScript.

I keep receiving these type of alerts within our Cisco AMP for endpoint protection software and need to know if these alert need to be whitelisted or not.  

Please see below:

Alert #1
Detection:  PUA.Win.Trojan.Generic::95.sbx.tg
Filename:  Microstub.exe

Alert #2
Detection:  Gen:Variant.Ulise.25092
Filename:  Dell Printer Hub.exe

Most of the time, the AMP quarantine takes over, but at times, quarantine fails or is not seen.  


Also, is there somewhere I can go and get some CBT's for Cisco AMP for endpoint protection?  Or how to search/resolve for these types of alerts?
0
We have implemented the spectre/meltdown registry fixes to our virtual machines and liv emigration stopped working.

We subsequently as the registry keys to the hosts as well and its still not working.


Warning: live migration will fail between hosts with the updated firmware and hosts without the updated firmware. For more details, see the FAQ at the bottom of this document.

Does anyone know what errors are generated when the live migrant fails so we can compare to our event id's and errors
0
I was asked to write a business (IT security) policy which basically states that whenever there is a vulnerability on a business owned device, the IT department has the authority to ask and collect the hardware for IT security purposes.  I've never written such a policy and wanted to know the format and possibly an example of such a policy.  I just don't know where to start since my company is fairly new.
0
I'm looking for someone to help setup a new watchguard T15 and a BOVPN to an existing XTM25.  I know enough to be dangerous (maybe even that much).

I'd envision to have the person on the phone / remoted into my PC which would be on the LAN side of the T15 and I'd have team viewer connection to a PC on the LAN side of the XTM25 to set up the vpn (you are probably saying there's better ways to do the setup, but that's an indication of what I do and don't know).
0
does anyone know how viruses such as Hermes 2.1 infect machines on a local network ? if a user executes it on their machine does the virus then try and copy its self to other machines on the network or does it try and encrypt the drives remotely ?
0
Question from a Quallys report QID is 119518
0

Vulnerabilities

6K

Solutions

8K

Contributors

A vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness, known as the attack surface. Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities. Other vulnerabilities include security risks, security defects and constructs in programming languages that are difficult to use properly.