[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x

Vulnerabilities

6K

Solutions

8K

Contributors

A vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness, known as the attack surface. Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities. Other vulnerabilities include security risks, security defects and constructs in programming languages that are difficult to use properly.

Share tech news, updates, or what's on your mind.

Sign up to Post

Q1:
Without saving an email's attachment & then manually (ie on-demand) scan the
saved file, is there any AV that could auto-scan (ie in almost real-time or on-access)
an email attachment (even before the user double-click/open the attachment)?

Q2:
Can BitDefender or Trend's Officescan do the above?
0
Starting with Angular 5
LVL 12
Starting with Angular 5

Learn the essential features and functions of the popular JavaScript framework for building mobile, desktop and web applications.

Hi All,

I am using XTM 26 series watch guard firewall in the company. We have some remote location offices are running independently and they all have CCTV camera is installed. Now when I am trying to access all remote offices camera (P2P Connection) using company network, it is not connecting at all. While, I am switch to mobile network, I can see all the cameras of all offices and vice-versa.

I understand that, firewall is blocking something. To check it, I did some real time monitoring and I have found the following log message

2018-10-04 14:54:07 Deny 192.168.1.28 255.255.255.255 32761/udp 50222 32761 1-Trusted Firebox Denied 80 64 (Unhandled Internal Packet-00) proc_id="firewall" rc="101" msg_id="3000-0148"

I already have created SNAT rule from any-external to internal DVR IP address and allowed the ports 80,32761,9000

Can anyone tell me that, What i am missing here.
0
We are assessing a few pentesters (including VA scan) before engaging one.

What are the criteria that we can use to assess them?  Is there any specific
requirement from Singapore's CSA for CIIO?

Will be doing application pentest as well.

Essential to find out what tools (eg: Nessus or Rapid or ??) & does it matter
if we host our portal in a cloud (but I guess we'll need to whitelist during
pentesting / scans)?

We have a portal that needs to be scanned.

One thing is our portal is on A10 load-balancer if this has any bearing on
our selection criteria of the tool to be used
0
https://www.cloudflare.com/plans/

By "per domain" charging, does it mean that regardless of how many sub-URLs, the cost doesn't increase further eg:
  https://abc.com/subURL1
  https://abc.com/...
  https://abc.com/subURL999
all the above are charged at the $200/month per domain?

Under each of our subURL, we may have different applications, so doesn't CloudFlare mitigate by different application
& scale their costs/charges up accordingly as understand their cloud WAF protect by application besides the volume?

Or the DDoS defense component is by per domain while the WAF component is costed by per application/subURL?
0
CVE-2017-1283  - How to fix this?
0
I'm trying to ascertain if our Acrobat Reader DC is auto-updating
(patches/updates).  From googling, various links suggest look under
Preferences, Updater but I can't locate this "Updater" in our
organization's PCs/laptops' Acrobat.  How else can I check if it's
auto-updating?

As a number of Adobe products vulnerabilities are of high severity,
felt that this auto-updating is crucial.  Have seen a number of
malicious pdf files that could not be detected by AV
0
If we lack the manpower/expertise to man our own WAF,
someone suggested that we subscribe to CloudFlare  or
Cloudfare  CDN.  Will refer to it as CF.

Q1:
Heard that CF's will not only offer CDN (DDoS & content
filtering) but WAF services as well ie they could protect
against XSS, injections, Cross-Site-Forgery, etc : is this so?

Q2:
Does Akamai CDN also offer such WAF service?
I heard certain local ISP's DDoS protection can go up to
40Gbps only (ie our services that goes thru the ISP had
to be shutdown if the DDoS bandwidth goes above 40Gbps;
What's the max DDoS bandwidth tt CF & Akamai could take?

Q3:
Seen apps disruptions in past sites where F5 WAF was
implemented: how does going through CF/Akamai less
likely to result in apps disruptions?

Q4:
Lastly does the 2 CDN providers give protection against
apps DDoS besides volumetric DDoS?
0
We are segregating users PCs that could access Internet from
Production/servers network.

With this segregation in place, is it still essential to have a proxy
for the users PCs that access Internet?  The PCs have AV installed.

The argument is if the users PCs are infected, we can just wipe
them out & reclone & there's no sensitive data stored in them.

Next is if the PCs are used for email access, then should it be
segregated from the servers' network or it should be part of
the users network that could access Internet (other than the
MS Exchange which we use O365 in Cloud)?  I've seen emails
is possibly the top vector of malwares, sometimes accounting
for more than 80% of malwares (including malicious PDF &
phishing links/attachments in them), so my view is emails has
higher risk than Internet access.
0
We would like to do virtual patching for various CVEs that
were published early ie we can't wait for 1-3 months to
patch : ideally it's auto-deployed from the principal to
the device via Internet.

Is NIDS, HIPS (eg: Trendmicro's Deep Security) or WAF or
which product is most suited for virtual patching in terms of

a) lead time the vendor releases the signature/rules (the
    earlier the vendor releases it, the earlier we can deploy
    the mitigation)

b) the thoroughness the vendor/developer/principal tests
     the rules/signatures so as to minimize service disruption:
     had seen cases where the rules/signatures cause
     disruptions (eg: 'Repeated IIS Parameter'   and
     'Clickjacking' vulnerabilities)

c) we may not plan to do layered security ie not multiple
    devices of NIDS, HIPS plus WAF, but just  select one.
    So ideally the selected device could also do
    "Brute Force" (say 10 login attempts within 10 secs
     from same IP) & "Bad public source IP" blocking
0
We've just installed a new next-gen firewall and I need some assistance getting some communication between two of the interfaces.
It's a Watchguard T35 and we have our WAN on Eth0, LAN1 on Eth1, and LAN2 on Eth2.
Our WAN has a static IP, but we have /27 block of public IP's routed (at the ISP level) to our WAN for use by public facing servers.

I have that part of it working OK.  Servers connected to the LAN2 all have their static IP assignment and IP checks on the internet show the correct IPs.  This interface in the Watchguard is set as "Optional".

LAN1, is our private LAN and is set as "Trust".  Internet traffic and NAT/port forwarding is all working OK, but I cannot seem to get access to LAN2 from LAN1 devices.

I've created a firewall policy with "ANY" for the packet filtering and have set both 192.168.1.0/24 and 203.xx.xx.0/27 in both the To and From boxes.  The rule is set to allow and enabled.
But I cannot browse (using the IP or UNC name) or access any of the LAN2 resources from LAN1.  Nor can LAN2 access any of the LAN1 resources.

I'm new to Watchguard and thought I might ask here for any things I may have overlooked before lodging a support ticket with Watchguard support.
1
JavaScript Best Practices
LVL 12
JavaScript Best Practices

Save hours in development time and avoid common mistakes by learning the best practices to use for JavaScript.

I have a watchguard M270, the customer has a hosted server they connect to via ipsec. What policy could I enable to allow the ipsec vpn outbound.
0
Our security team  ran an external VM scan on DMZ and had some vulnerabilities.

i have 1 question:

SSL/TLS server supports TLSv1.0  vulnerability ( 38628) does not provide much info for windows server 2008 (R2) servers.
we looked at this article .  https://blog.qualys.com/ssllabs/2014/12/08/poodle-bites-tls

we are not sure if this is a legitimate vulnerability or false positive.

solution is to opnessl but we do not have it installed.

could you please let me know with some more information to see if this protocol (TLSv1.0) needs to be disabled or we can disregard.

there is 1 article i searched - https://blogs.msdn.microsoft.com/friis/2016/0725/disabling-tls-1-0-on-your-windows-2008-r2-server-just-because-you-still-have-one

above links list instructions to disable 1.0 and enable 1.1 and 1.2

i need to compile the list , can you provide any thoughts of the top  link above, how should i make changes ??
0
Hi Experts.

I'm setting up iptables for a system so I want to ask if there is any rule/module that can prevent SQL Injection on iptables.

Thanks for reading this.
0
I need to tool like threadfix to tracking vulnerability in complex environments
0
Dear Experts

We have hosted web based application which runs on linux, apache, mysql and php. data security is top most priority, we have installed ssl certificate and also deployed two factor authentication, when used the online ssl checker by going to https://ssltools.digicert.com/checker/views/checkInstallation.jsp  after the scan following shows up

1. Vulnerabilities checked
Heartbleed, Poodle (TLS), Poodle (SSLv3), FREAK, BEAST, CRIME, DROWN
Non-critical issues found
BEAST
Not mitigated server-side BEAST.

2. Secure Renegotiation: Enabled
Downgrade attack prevention:Enabled
Next Protocol Negotiation: Not Enabled
Session resumption (caching): Enabled
Session resumption (tickets): Enabled
Strict Transport Security (HSTS):Not Enabled
SSL/TLS compression:Not Enabled
Heartbeat (extension):Enabled
RC4:Not Enabled
OCSP stapling:Not Enabled

---------
Please help me to understand on above 1 and 2  and let me know the steps correct as per the best practice. thank you.
0
What is the easiest and most effective way to get rid of the Trojan.JS.Dropper.E?
1
Vulnerabilities, POODLE & SMB

Had a pen test done which highlighted issues with the above.

Looked at: https://www.troyhunt.com/everything-you-need-to-know-about/ & https://www.7elements.co.uk/resources/guidance/securing-server-message-block-smb-null-session-enumeration/

Unsure if realistically need sorting or not.

Thanks
0
Q1:
What's the criteria / justifications for installing a WAF?
We were asked why there's a need & justify.

Q2:
So if we have a web server that is served to the public/Internet,
that's when we need one or even if there's applications server
such as java app servers (eg: Weblogic, Glassfish, JBoss), it's
applicable as well?

Q3:
Or as long as there's "Web application servers", WAF is
applicable & what's a "Web application servers"

Q4:
It's basically to circumvent applications vulnerabilities (eg: those
listed by OWASP)?  

Q5:
If applications are already coded strictly according to Secure
Coding (XSS, injection, CSRF, inputs validation, ...), do we still
need a WAF?  I've heard WAF protects against DDoS as well
but the ISP we hosted our web services already offerred
DDoS protection
0
https://www.cscollege.gov.sg/programmes/Pages/Display%20Programme.aspx?ePID=pe8r29gaqc5voaoitct59bdi3m

Referring to the above, I've been googling for IM8 (Instruction Manual 8 for ICT)
to download but can't locate one.  Anyone knows where to download a copy
without attending the training?  A slightly outdated (say 2 yr old) copy is fine.
0
Fundamentals of JavaScript
LVL 12
Fundamentals of JavaScript

Learn the fundamentals of the popular programming language JavaScript so that you can explore the realm of web development.

I need some documentation on the SANS 20.  Preferably something that is not too long, but gets to the point.
0
Last night in a meeting we were informed that wp2 is no longer secure that a new method for   vracking WPA/WPA2 Passwords on 802.11 networks has been recently discovered.  

Any EE aware of this? How can we protect our WiFi routers against this new threat?
1
Can someone please share the process for downloading and upgrading IOS on Cisco devices.  Is there a video I can refer to or documentation?
0
Is there a checklist for CEH for our environment.  At my company, we're trying to have a base knowledge for preventing hackers and such, but we need a checklist to go through.  Lastly, I keep receiving a form of social engineering by receiving phone calls and having the user provide remote asses to machines or asking security related questions to our users.  How do we prevent this from occurring?
0
Dear EE,

Some thing very strange happens.
One of our client reported vulnerabilities of office as below.

•             Microsoft Office and Microsoft Office Services and Web Apps Security Update June 2018
•             Microsoft Office and Microsoft Office Services and Web Apps Security Update May 2018

We scan our servers (after installing same MS Office version) only match MS OFFICE, through NESSUS tool and we did not found any above vulnerability.

Can you please help us to confirm HOW can we reproduce above two vulnerabilities.

Thanks.
0
A hacker penetrated my cPanel and modified files and code on my site.
 
I have a log report from hosting service provider. It goes like this:
 
.....frontend/paper_lantern/filemanager/upload-ajax.html?file=megla.txt&fileop=&dir=%2Fhome%2Fmyaccount%2Fmydomain.com&dirop=&charset=&file_charset=&baseurl=&basedir=" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.59 Safari/537.36" "s" "-" 2083
 
(I replaced only the account name and site name with generic ones)
 
My cPanel password is very strong (100%), it's long and beside letters and numbers it contains special many characters; I've changed it a few times. It is not possible that one can hack it easily.
 
It already happened 3 times and each time the system suspends my account automatically for a number of hours, before it's restored by the support staff.
 
I suspect that the attack is done by a former developer who I know was a hacker and we didn't part on exactly friendly terms. He knows the structure of my site and I have a static IP which he also knows.
 
If possible, I would like to know some details about how to protect my site from further similar hacking, penetrations, injections, etc.
 
Thanks.
0

Vulnerabilities

6K

Solutions

8K

Contributors

A vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness, known as the attack surface. Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities. Other vulnerabilities include security risks, security defects and constructs in programming languages that are difficult to use properly.