Vulnerabilities

7K

Solutions

8K

Contributors

A vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness, known as the attack surface. Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities. Other vulnerabilities include security risks, security defects and constructs in programming languages that are difficult to use properly.

Share tech news, updates, or what's on your mind.

Sign up to Post

Hi All,

We have a Branch Office VPN established to one of our third party suppliers for support purposes (We use a WatchGuard at our End). They would like a secondary tunnel establishing with different settings,  that will run side by side of the existing one. Am I ok to use the existing external IP (Ours) as the external IP of the new tunnel. Will this work if both tunnels are required to be active at the same time or does each tunnel have to have its own external IP assigned?

Cheers,
Paul
0
If someone manages to compromise your user credentials/account via a phishing email (office365 email account in this case) what is there typical objective(s) in doing so, and how would they typically follow that through to the next stage. I would have assumed if there target would be to steal emails they would not just casually start forwarding them on to an external address?  Trying to determine what they may or may not do if they do get a victims credentials would be interesting. there must be something in it for them but to determine what that is and how they execute 'phase 2' once access is achieved would be most useful,
0
Some questions were raised on our practice of penetration testing:

a) what are the various basis the ratings of Critical, High, Med, Low
    are being assigned?  External-facing servers' XSS will get High
    while internal servers (not exposed to public/Internet) XSS will
    get Med?   There's also various types of XSS that warrants
    different types of ratings?
    Curious how the various tools assign these ratings or in some
    cases, it's the human pentester who assigns it?

b) Is there any framework, eg: NIST, CREST or ...  that specifies
     the duration to resolve?
0
Hello Experts,

I am using a watchgaurd T70 and would like to set up two subnets on it. I would like to have the two subnets to have the ability to talk to each other as well. If anyone has information on how to do so, I would appreciate it.

Thank you
0
Recent article on Critical Vulnerabilities in Microsoft Windows Operating Systems, https://www.us-cert.gov/ncas/alerts/aa20-014a.. there seems to be quite a far bit to read up..
To reconfirm if just to check the the below kb is installed for the below operating systems under windows update to address for the 4 vulnerabilities?

Windows 10:
https://support.microsoft.com/en-us/help/4528760/windows-10-update-kb4528760

Windows Server 2012:
https://support.microsoft.com/en-us/help/4534283/windows-server-2012-update-kb4534283
https://support.microsoft.com/en-us/help/4534288/windows-server-2012-update-kb4534288

Windows Server 2008:
https://support.microsoft.com/en-us/help/4534310/windows-7-update-kb4534310
https://support.microsoft.com/en-us/help/4534314/windows-7-update-kb4534314
0
This is a question for the web penetration testers.

During an active scan, how exactly does Burp determine that a site is vulnerable to XSS whether it be reflective, stored, or dom?   Does it try an input date on a field or try to insert a script at the URL and if it gets a certain value back, it says that the site is vulnerable?  What proof does it display for this?
0
I've worked in the IT security sector for the past few years and I wanted to take a stab at servicing small to medium size business within this realm.   I was told that Fortinet has their own SIEM that I can take advantage of and wanted to hear the pros/cons with this product as well as costs.  I wanted to also create a SOC as some point and wanted to know my options as far as to starting this adventure.  I have a friend who is already helping small business with the day-to-day IT for the business and wanted to add value by doing the cyber security side of IT.  I know I have many considerations, but wanted to get some insight as to what softwares/ideas I should be considering.  This would also include any budget softwares I can try or start working with while on a low budget.  Might be over my head here, but I always wanted such a business and would welcome all I can learn from the experts.
0
I'm presently unemployed and do some IT security and networking.  I'm looking to offer my services through an app or online such as TAKL, but is there another avenue I'm missing to promote and advertise my type of work?
0
Hello,

I wanted to know how I can block my home connection from reaching YouTube.  I have AT&T internet and they provided their own router/modem BGW210-700; however, I don't know how to block the site I need to...  I can get into the settings of the device, but can't locate where to block.  Also, is there another option to do this?  I called their customer service, but I feel like I'm talking martian talk with them.
0
Hi could someone validate this SQL query for correctness against the Rapid7 database schema?  I'm trying to pull a customized report of assets in my environment that have Adobe Acrobat and Reader installed on them.  I'd like to pull the following fields down in my report:  asset_count, vendor, name of software, family, version, host_name, osType and IP_address.  Any help is GREATLY appreciated!

SELECT count(da.asset_id) as asset_count, ds.vendor, ds.name as software_name,  ds.family, ds.version, host_name, osType, ip_address
FROM dim_asset_software das
  JOIN dim_software ds using (software_id)
  JOIN dim_asset da on da.asset_id = das.asset_id
GROUP BY ds.vendor, ds.name, ds.family, ds.version, ds.cpe
ORDER BY asset_count DESC

Open in new window

0
Are older iPhones such as 4s, 5s, 6.... which cannot be upgraded to current iOS (13.2.3) exposed to higher vulnerabilities than the current models?
0
Hello,

I am working on a server security report and looking at this link: https://support.microsoft.com/en-us/help/4072698/windows-server-speculative-execution-side-channel-vulnerabilities-prot

I follow the instruction to enable mitigations for CVE-2017-5715 and applied these registry changes:

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 0 /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f

I run the Get-SpeculationControlSettings and see the line "Windows OS Support for branch target injection mitigation is disabled by system policy is still showing FALSE - Please see the attached.  

Anyone who knows please advise.  

Thanks.
CVE-2017-5715.png
0
Hello All,

I just found out over 8,000 servers were not patched by service provider. We are working on patching but that left me with a few questions for patch management experts:
- I need help with defining a framework to govern patches in the future and ensure there is some audit trail. End to End process
- Suggest tooling
- Quality Management of patches applied
- Assurance that all required patched have been applied
- How do you apply patched to large number of servers in a very shirt period of time?

Your help is much appreciated.

Regards,
J
0
Sonicwall/Port 53 Vulnerabilities.

Following a vulnerability scan, our external WAN interfaces are showing up as having the following issues:

DNS Server Recursive Query Cache Poisoning Weakness
DNS Server Cache Snooping Remote Information Disclosure
DNS Server Spoofed Request Amplification DDoS

These seem present on both WAN interfaces on UDP port 53.

The sonicwall is on latest firmware, and seems to not have any DNS server services running. I'm wondering how we could tie this up?
0
I need to send a company-wide notification that we'll be doing some vulnerability testing in our environment and have never done one before or have a template on which to create one...I need assistance with a template for this type of notification.  Is there a location on where I can retrieve this information?
0
I have a WatchGuard M370 Firebox with L2TP and IPSec.  My users login to the firebox and then to a terminal server or in some cases their desktops. It's basically a 2 factor system, they login to the firebox and then to the server - I want to keep that.   I have a bunch of users who take home laptops and work at home and I'm wondering if there's a way to have my Group Policy enforced while they are on VPN.  My VPN is a dmz so it's not actually part of the network,  however, if you type and IP address chances are you'll get where you need to go.  SO for example my home users connect to a terminal server in the DMZ.  They are using Laptops we created here, but if they are not acknowledged on the domain after 60 days I'm having to put them back on the domain because the trust relationship fails.  I want to try to avoid this.  Is there a way to do it?
0
I'm receiving spam/phishing emails.  Is there a way to analyze the data and documents being sent?  Such as a free analyzer of some sort?
0
I was asked on an interview, where do you get IT security info regarding IT security.  I drew a blank since the only know a couple of CVE websites.  What would be a proper answer and where should I be looking?
0
We have Splunk Enterprise and we seem to only have 50 gigs alloted to us on a monthly basis and we keep going over double the amount on a monthly basis.  Is there a best practice on what to keep and what not to monitor?  I'm new to splunk so please be patient.  Since we're in the financial sector and run through PCI compliance.
0
We run Cisco AMP in our environment and was wondering when I run Malwarebytes on some workstations, there are many Items that I need to quarantine that I think Cisco AMP should have captured or rejected?  I'm running the free version of Malwarebytes.  I also wanted to know if there's a solution I should consider as well.  I believe we are stuck with Cisco AMP until license runs out, but have seen some questionable items with the malwarebytes.
0
We have a VDI environment and receiving the following error:

Cisco AMP alert:  lsass.exe (high alert)

Reason: Process module is not clean and not signed
File full path: C:\Windows\System32\lsass.exe

Up until a couple of weeks ago, we were not receiving this alert or maybe the Cisco AMP got introduced into this environment.  I see multiple alerts for only our VDI machines and not seeing the alert for our other machines.  How can I determine this is valid or not?
0
I have the following network and wanted to get your opinion, from a security/network point of view as to what is wrong and what to do about it.security issue
1
hi guys,
i got a watchguard and azure cloud server.
got a branch office vpn gateway/tunnel confiugred between watchguard and azure server. and all works good for local users within watchugard network.


now am trying to create a mobile ssl vpn in watchguard for remote users, so they can connect to local network of watchguard and connect to cloud server. - but mobile vpn works:can connect to all local devices but could not reach cloud server... i know am missing some config or routes to connect mobile vpn and brachoffice tunnel vpn and also config in server to reach mobile ssl vpn back ?  ?? is this anyone done before or any ideas ?
0
We might be going into an acquisition and since I'm assuming this will occur, I wanted to know what questions to ask the new company's IT team with regards to their security posture.  This will be my first experience with such an acquisition and wanted to get your insights.
0
I ran Malwarebytes on a particular machine and have a question regarding one of the alerts.  Seems like a PUM is attempting to change the internet home page.  I see this across our network, but wanted to confirm if its something we need to look into further.  Also, since Malwarebytes seems to slow down the machine, I wanted to uninstall the software, but what happens to the quarantines I perform?  I'm I still considered protected after the reboot and then uninstall of the software?
Malwarebytes-quarantine.PNG
0

Vulnerabilities

7K

Solutions

8K

Contributors

A vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness, known as the attack surface. Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities. Other vulnerabilities include security risks, security defects and constructs in programming languages that are difficult to use properly.