Vulnerabilities

A vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness, known as the attack surface. Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities. Other vulnerabilities include security risks, security defects and constructs in programming languages that are difficult to use properly.

Share tech news, updates, or what's on your mind.

Sign up to Post

CVE-2014-6277

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277

I want to apply above CVE to centos.
0
Optimize your web performance
LVL 1
Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

I have a customer with a SBS 2003 and the server became infected with the .amnesia infection.  Unfortunately it also attacked many of the servers executable file such as Seagate Backup Exec.  I ran a thorough scan on all workstations.  I installed Microsoft Essentials and Spyhunter on a workstation.  I copied the data folder from the server to a new folder called server on the workstation.  I was told that Spyhunter 4 would detect and remove/repair the infection.  I ran a full scan and it does not seem to see the infected files that are obviously infected because they all have the extension .amnesia.  Does anyone have a recommendation for the repair and removal of this infection in the data files?
0
I just started checking out MimiKatz and all that it can do. My question is simple (and complex to answer), what are some methods that can prevent/secure any cleartext passwords stored in memory and prevent an attacker from being able to retrieve those?
0
refer to attached zipped slides:
any reviews / views on accuracy & thoroughness of this service is appreciated.

I think it relies on a list of questionnairres that customers feedback/input to
them, so I guess it will not be as accurate as doing actual penetration test scans
or vulnerability scans in our actual environment
cybint.zip
0
Our apps team somehow has a way of detecting that 61.239.162.190 is an
IP of a credit card fraud : I'm not quite close to the team so anyone know
if there are IP list out there that blacklist it?

I've checked www.ipvoid.com & threatstop.com but this IP is not in their
extensive blacklists.

How can I find out the mode of fraud of this IP?  Does this source IP send
emails or via sort of application (credit card processing)?

I've heard of several Online Fraud Tools (by IBM & F5) but haven't managed
to play with them yet
0
I had this question after viewing Meterpreter Hashdump function.

I have the exact same problem, but receive a "Meterpreter session 1 closed. Reason: Died" error when I try the proposed solution.

After gaining a remote shell, I attempt "run post/windows/gather/hashdump". It starts obtaining a boot key and then dies.

Any thoughts or suggestions?
0
Our current McAfee NIDS is going to be EOSL soon so we're considering
whether to upgrade to Intel McAfee's   Threat Defense Lifecycle or
dedicated NIDS or integrate NIDS function into our existing Checkpoint
NGFW firewall?  

It's a perimeter NIDS (not internal network NIDS)

Kindly assess in terms of
a) performance : with dedicated NIDS, it won't affect firewall's performance?
b) however, dedicated NIDS, need an extra console?  Lack's integration with
     firewall (to block bad/malicious source IP ??) ?
c)  any other ...  ??

I see a trend by vendors coming out with unified products from Cisco,
Sophos, so does this mean this is the way to go ?
0
Hello,
     We use RealVNC to to monitor a couple of PCs that are at a remote location. We have never had a problem using it but since upgrading the firmware on our  Sonicwall NSA 220 the firewall now stops the connection with the following alert: IPS Prevention Alert: MISC RealVNC Authentication Bypass, SID: 5828, Priority: Medium. How can I stop the firewall from blocking these events?

Thank you
0
Can you please suggest best IT security vulnerability reporting software like hackerone which will be also cost effective.
0
I have two particular vulnerabilities that were found by our Qualys scan.

Vulnerability 1:  SSL/TLS Server supports TLSv1.0

Solution disable TLS 1.0

What I did. Set the registry entries below.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client]
"DisabledByDefault"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server]
"Enabled"=dword:00000000

The vulnerability is still showing up.

Vulnerability 2:  Birthday attacks against TLS ciphers with 64bit block size vulnerability (Sweet32)

Solution: Disable DES and 3DES.

What I did.

Set the following Reg entries:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\DES 168/168]
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\DES 56/56]
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\Triple DES 168]
"Enabled"=dword:00000000


For some reason the vulnerabilities are still showing up on the server.  I have followed what I have read on microsoft. I am beginning to think that it is a false positive.
0
2017 Webroot Threat Report
2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

My organization did a vulnerability scan one of our websites (SharePoint 2013) which is behind AD authentication... the report gives warnings about about "cross-site scripting" and "clickjacking" vulnerabilities.

My question is, if the site is behind AD authentication these are not actually vulnerabilities, are they?
0
Hi, does anyone know any weakness of Cisco devices (router, switch, Firewall)? Is there any way/tool to assess their vulnerabilities?
0
I have 2 servers (Windows Server 2012 R2 and Windows Server 2008) being scanned by Qualys that have surfaced this finding:

HTTP Security Header Not Detected HTTP Security Header Not Detected port 80/tcp

THREAT:
This QID reports the absence of the following HTTP headers:
X-Frame-Options: This HTTP response header improves the protection of web applications against clickjacking attacks. Clickjacking, also known as
a "UI redress attack", allows an attacker to use multiple transparent or opaque layers to trick a targeted user into clicking on a button or link on
another page when they were intending to click on the the top level page.
X-XSS-Protection: This HTTP header enables the browser built-in Cross-Site Scripting (XSS) filter to prevent cross-site scripting attacks. X-XSSProtection:
0; disables this functionality.
X-Content-Type-Options: This HTTP header prevents attacks based on MIME-type mismatch. The only possible value is nosniff. If your server
returns X-Content-Type-Options: nosniff in the response, the browser will refuse to load the styles and scripts in case they have an incorrect MIMEtype.
QID Detection Logic:
This unauthenticated QID looks for the presence of valid X-Frame-Options, X-XSS-Protection HTTP and X-Content-Type-Options headers in a
HTTP request.
IMPACT:
Depending on the vulnerability being exploited, an unauthenticated remote attacker could conduct cross-site scripting, clickjacking or MIME-type
sniffing attacks.
SOLUTION:
N/A
0
We developed some apps for our customers.  Besides scanning our mobile/IOS
website, auditors have required that we scan the IOS/Android apps that we have
developed for our customers IOS devices.

Q1:
is this a feasible or common practice to scan the apps running on clients IOS?

Q2:
What are some of these scanning tools that anyone can suggest?

Q3:
My view is to scan the mobile portal that we offers, not client's mobiles/iPad
0
Q1:
Does anyone scan Disaster recovery site, UAT, SIT & Development
sites?  

Q2:
For cold DR site that uses the same public & even the same
internal IP (as in ours) & same URL, I presume external it's not
possible as we'll hv duplicate IP.  One PCI-DSS doc suggests to
do VA & PT scans only for warm & hot sites: is this the common
practice?

Q3:
What about internal VA?  Do we do it on UAT, SIT & cold DR?

Q4:
Assuming cold site DR is powered down / isolated (ie not used
by even internal users), still worth doing external pentest &
internal VA?  When we apply fixes/patches/address vulnerabilities,
we propagate to our cold DR

Any best practice papers / authoritative links will be appreciated
1
We have quite a number of special Win 7 workstation PCs that have local
administrator accounts : the password never expire as each time changing
the password will involve quite some efforts of application changes.

What's the best practices to manage such accounts & any special mitigations?

a) make the passwords of such accounts dual control : ie different teams
     hold the passwords?
b) I'm not sure if we can make it "cant logon interactively" : I'll do it if it wont
     break the app.  Besides this what else can we harden?  No Local Logon?
c) noLMhash needs to be enabled so that the password cant be cracked
    easily;  what other hardenings?
d) any other mitigations such as enabling Windows Firewall?
e) pls add on any other best practices ...
0
Previously Bluecoat proxy allows access to SendThisFile service but sometime in
May, Bluecoat proxy has blocked it as "potential data loss/leakage".

I can see that SendThisFile has options for files transfer via PCs/laptops/emails
though previously when I could access, they have good encryptions etc.  Don't
recall SendThisFile is HIPAA & PCI certified.

What about IPSwitch (refers to link below):
https://www.ipswitch.com/resources/data-sheets/ipswitch-gateway
It's PCI & HIPAA certified but what else sets it apart from SendThisFile that it's
not a potential data loss/leakage source?  Some major insurance companies
want to exchange files with us using IPSwitch.

What I can think off are whether IPSwitch can restrict such that:
a) use only sftp that IPSwitch offers, not ftps (correct me, but I believe ftps is
   less secure than sftp)
b) don't allow transfer via PCs at both sender/recipients ends but this is
    something controlled at recipient/sender's ends right?  Not by IPSwitch
    or unless IPSwitch has an option that restricts connections from servers
    IP addresses of senders & recipients - does it have this option?
c) how is IPSwitch PCI certified?  They mask their customers data or have
    segregation of different customers (ie no co-mingling)?
d) how else can we restrict such that sender/recipient do connect from
     public places & homes of their staff but only from their organizations'
     servers?
e) I suppose we should not allow …
0
Qualys, Retina, Rapid7, NetworkDetective etc are all so expensive. Found HackerTraget.com which is affordable but limited as you can only scan externally and tools are limited. Anyone has recommendations for a comprehensive scanner that is not too expensive?

Thank you
0
hi,

anyone use Manage Engine Desktop Central to deploy MS security patchs ? can it rollback patch which is failed and how can it knows the patches is failed ?
0
Need protection from advanced malware attacks?
Need protection from advanced malware attacks?

Look no further than WatchGuard's Total Security Suite, providing defense in depth against today's most headlining attacks like Petya 2.0 and WannaCry. Keep your organization out of the news with protection from known and unknown threats.

I have a hacker who is aggressively attacking my network and need advice on which router is the most secure/encrypted?
0
Hi, just looking for a better way of managing WSUS v 6.3.9600.18228
We automatically approve Critical, Definition and Security updates
We sync Critical, Definition, Feature Packs, Security Updates, Service Packs, Updates roll ups, and Updates.

We get an email notification once a week of the synchronised updates, we have 3 different sites each running its own WSUS server, and its a constant struggle trying to wade through the print outs, as the print outs (synchronised report) contain all the updates that are automatically approved as well as ones which need checking to see if we want them or not.

This wastes time as we are checking updates unnecessarily. Is there a report that could be run instead that prints out just the items that aren't automatically approved and require attention?
We also find updates on the printout that are only a few days old, have already been superseded, again wasting time.

There must be a better way of doing this?
regards
Rick
0
I don't want to load enhancements or improvements.  Just security patches to avoid any malware, etc.
I was told that https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
is the one that's most currently important.
How can I selectively install these and not the other stuff?
0
Is there such a list of IP or smtp domains (doesn't have to be up to the hour up-to-date) list so
that we can block at our smtp?

Blocking by firewalls is not good as the emails will still come in
0
Hi,

Does anyone know if OpenVAS can be deployed with remote Pollers. So you can deploy the main OpenVAS server and then drop remote pollers/scanner into DMZs or other remote networks so the Remote Poller/scanner does the scanning then reports back to the OpenVAS Main Server for central reporting / vunerability definitions.

Thank you for any time..

Kind regards
Mark
0
Hello ,

Please clarify few doubt about Microsoft Security patch model as monthly rollup for  windows server .
As this update is released that contains all Security, non-security fixes and bug fixes, including all updates from previous monthly rollups.

Here are few queries based on the above definition.

1. What are updates comes under non-security fixes ?
2. Lets say my server last patched on Nov 2016 now I need to update with least patches for May 2017 month , If i will apply only one Monthy rollup patches for May month , will this cover all the all Security, non-security fixes and bug fixes since Dec to May month ?

Thanks
0

Vulnerabilities

A vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness, known as the attack surface. Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities. Other vulnerabilities include security risks, security defects and constructs in programming languages that are difficult to use properly.