Vulnerabilities

A vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness, known as the attack surface. Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities. Other vulnerabilities include security risks, security defects and constructs in programming languages that are difficult to use properly.

Share tech news, updates, or what's on your mind.

Sign up to Post

Hello,
     We use RealVNC to to monitor a couple of PCs that are at a remote location. We have never had a problem using it but since upgrading the firmware on our  Sonicwall NSA 220 the firewall now stops the connection with the following alert: IPS Prevention Alert: MISC RealVNC Authentication Bypass, SID: 5828, Priority: Medium. How can I stop the firewall from blocking these events?

Thank you
0
Automating Your MSP Business
Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

I have two particular vulnerabilities that were found by our Qualys scan.

Vulnerability 1:  SSL/TLS Server supports TLSv1.0

Solution disable TLS 1.0

What I did. Set the registry entries below.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client]
"DisabledByDefault"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server]
"Enabled"=dword:00000000

The vulnerability is still showing up.

Vulnerability 2:  Birthday attacks against TLS ciphers with 64bit block size vulnerability (Sweet32)

Solution: Disable DES and 3DES.

What I did.

Set the following Reg entries:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\DES 168/168]
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\DES 56/56]
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\Triple DES 168]
"Enabled"=dword:00000000


For some reason the vulnerabilities are still showing up on the server.  I have followed what I have read on microsoft. I am beginning to think that it is a false positive.
0
My organization did a vulnerability scan one of our websites (SharePoint 2013) which is behind AD authentication... the report gives warnings about about "cross-site scripting" and "clickjacking" vulnerabilities.

My question is, if the site is behind AD authentication these are not actually vulnerabilities, are they?
0
Hi, does anyone know any weakness of Cisco devices (router, switch, Firewall)? Is there any way/tool to assess their vulnerabilities?
0
I have 2 servers (Windows Server 2012 R2 and Windows Server 2008) being scanned by Qualys that have surfaced this finding:

HTTP Security Header Not Detected HTTP Security Header Not Detected port 80/tcp

THREAT:
This QID reports the absence of the following HTTP headers:
X-Frame-Options: This HTTP response header improves the protection of web applications against clickjacking attacks. Clickjacking, also known as
a "UI redress attack", allows an attacker to use multiple transparent or opaque layers to trick a targeted user into clicking on a button or link on
another page when they were intending to click on the the top level page.
X-XSS-Protection: This HTTP header enables the browser built-in Cross-Site Scripting (XSS) filter to prevent cross-site scripting attacks. X-XSSProtection:
0; disables this functionality.
X-Content-Type-Options: This HTTP header prevents attacks based on MIME-type mismatch. The only possible value is nosniff. If your server
returns X-Content-Type-Options: nosniff in the response, the browser will refuse to load the styles and scripts in case they have an incorrect MIMEtype.
QID Detection Logic:
This unauthenticated QID looks for the presence of valid X-Frame-Options, X-XSS-Protection HTTP and X-Content-Type-Options headers in a
HTTP request.
IMPACT:
Depending on the vulnerability being exploited, an unauthenticated remote attacker could conduct cross-site scripting, clickjacking or MIME-type
sniffing attacks.
SOLUTION:
N/A
0
We developed some apps for our customers.  Besides scanning our mobile/IOS
website, auditors have required that we scan the IOS/Android apps that we have
developed for our customers IOS devices.

Q1:
is this a feasible or common practice to scan the apps running on clients IOS?

Q2:
What are some of these scanning tools that anyone can suggest?

Q3:
My view is to scan the mobile portal that we offers, not client's mobiles/iPad
0
Q1:
Does anyone scan Disaster recovery site, UAT, SIT & Development
sites?  

Q2:
For cold DR site that uses the same public & even the same
internal IP (as in ours) & same URL, I presume external it's not
possible as we'll hv duplicate IP.  One PCI-DSS doc suggests to
do VA & PT scans only for warm & hot sites: is this the common
practice?

Q3:
What about internal VA?  Do we do it on UAT, SIT & cold DR?

Q4:
Assuming cold site DR is powered down / isolated (ie not used
by even internal users), still worth doing external pentest &
internal VA?  When we apply fixes/patches/address vulnerabilities,
we propagate to our cold DR

Any best practice papers / authoritative links will be appreciated
1
We have quite a number of special Win 7 workstation PCs that have local
administrator accounts : the password never expire as each time changing
the password will involve quite some efforts of application changes.

What's the best practices to manage such accounts & any special mitigations?

a) make the passwords of such accounts dual control : ie different teams
     hold the passwords?
b) I'm not sure if we can make it "cant logon interactively" : I'll do it if it wont
     break the app.  Besides this what else can we harden?  No Local Logon?
c) noLMhash needs to be enabled so that the password cant be cracked
    easily;  what other hardenings?
d) any other mitigations such as enabling Windows Firewall?
e) pls add on any other best practices ...
0
Previously Bluecoat proxy allows access to SendThisFile service but sometime in
May, Bluecoat proxy has blocked it as "potential data loss/leakage".

I can see that SendThisFile has options for files transfer via PCs/laptops/emails
though previously when I could access, they have good encryptions etc.  Don't
recall SendThisFile is HIPAA & PCI certified.

What about IPSwitch (refers to link below):
https://www.ipswitch.com/resources/data-sheets/ipswitch-gateway
It's PCI & HIPAA certified but what else sets it apart from SendThisFile that it's
not a potential data loss/leakage source?  Some major insurance companies
want to exchange files with us using IPSwitch.

What I can think off are whether IPSwitch can restrict such that:
a) use only sftp that IPSwitch offers, not ftps (correct me, but I believe ftps is
   less secure than sftp)
b) don't allow transfer via PCs at both sender/recipients ends but this is
    something controlled at recipient/sender's ends right?  Not by IPSwitch
    or unless IPSwitch has an option that restricts connections from servers
    IP addresses of senders & recipients - does it have this option?
c) how is IPSwitch PCI certified?  They mask their customers data or have
    segregation of different customers (ie no co-mingling)?
d) how else can we restrict such that sender/recipient do connect from
     public places & homes of their staff but only from their organizations'
     servers?
e) I suppose we should not allow …
0
Qualys, Retina, Rapid7, NetworkDetective etc are all so expensive. Found HackerTraget.com which is affordable but limited as you can only scan externally and tools are limited. Anyone has recommendations for a comprehensive scanner that is not too expensive?

Thank you
0
Optimize your web performance
LVL 1
Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

hi,

anyone use Manage Engine Desktop Central to deploy MS security patchs ? can it rollback patch which is failed and how can it knows the patches is failed ?
0
I have a hacker who is aggressively attacking my network and need advice on which router is the most secure/encrypted?
0
Hi, just looking for a better way of managing WSUS v 6.3.9600.18228
We automatically approve Critical, Definition and Security updates
We sync Critical, Definition, Feature Packs, Security Updates, Service Packs, Updates roll ups, and Updates.

We get an email notification once a week of the synchronised updates, we have 3 different sites each running its own WSUS server, and its a constant struggle trying to wade through the print outs, as the print outs (synchronised report) contain all the updates that are automatically approved as well as ones which need checking to see if we want them or not.

This wastes time as we are checking updates unnecessarily. Is there a report that could be run instead that prints out just the items that aren't automatically approved and require attention?
We also find updates on the printout that are only a few days old, have already been superseded, again wasting time.

There must be a better way of doing this?
regards
Rick
0
I don't want to load enhancements or improvements.  Just security patches to avoid any malware, etc.
I was told that https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
is the one that's most currently important.
How can I selectively install these and not the other stuff?
0
Is there such a list of IP or smtp domains (doesn't have to be up to the hour up-to-date) list so
that we can block at our smtp?

Blocking by firewalls is not good as the emails will still come in
0
Hi,

Does anyone know if OpenVAS can be deployed with remote Pollers. So you can deploy the main OpenVAS server and then drop remote pollers/scanner into DMZs or other remote networks so the Remote Poller/scanner does the scanning then reports back to the OpenVAS Main Server for central reporting / vunerability definitions.

Thank you for any time..

Kind regards
Mark
0
Hello ,

Please clarify few doubt about Microsoft Security patch model as monthly rollup for  windows server .
As this update is released that contains all Security, non-security fixes and bug fixes, including all updates from previous monthly rollups.

Here are few queries based on the above definition.

1. What are updates comes under non-security fixes ?
2. Lets say my server last patched on Nov 2016 now I need to update with least patches for May 2017 month , If i will apply only one Monthy rollup patches for May month , will this cover all the all Security, non-security fixes and bug fixes since Dec to May month ?

Thanks
0
hi,

Right now as there are more and more zero day attack and security patch sometime is too slow to apply.

what is the way you guy used to deploy patch asap ? WSUS ? any robust way to do it ?

link/resource on how to setup the method is welcome .
0
Hi, I got this error when installing patches for MS17-010 and MS14-066. Window Update service is running, the patches is x64, same with Window. I checked CMD -> systeminfo but could not find the patches, so surely these patches have not been installed before.  Can you help, Ninjas? Thanks so much!

I tried in CMD but got this error:
C:\Windows\System32>Dism.exe /online /Add-Package /PackagePath:E:\MS14-066\Windo
ws6.1-KB3018238-x64.cab

Deployment Image Servicing and Management tool
Version: 6.1.7600.16385

Image Version: 6.1.7600.16385

Processing 1 of 1 - Adding package Package_for_KB3018238~31bf3856ad364e35~amd64~
~6.1.1.2


Error: 0x800f081e

The specified package is not applicable to this image.


The DISM log file can be found at C:\Windows\Logs\DISM\dism.log


Attached file is the log.
dism.log
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE
LVL 4
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Does anyone know where i can find the MS Patch for SBS2011 to patch against WananCry Ransomware?

I know SBS2011 is based on Server 2008R2, tried those but it tells me its not for this system

Many Thanks
1
Dear Adam,

 My client asked me another question after submitting the report to him.

 I am directly quoting his sentence.

 "As for the firmware version upgrade due to critical vulnerabilities as per snapshot, please advise the version 5.4.4 to be upgrade does it have other critical vulnerabilities which will impact our current setting?"

 I really don't know how to answer him.
0
Hi guys

Could you help me with few settings please? how to setup it etc

-      Only computers with the latest updates can login into our network ? via remote access and vpn  ?
-      Should we disable SMB v1? on all computers?  
-      How to block 139, 445 port on the sonicwall
-      how can I block  HTA extension file from downloading ?

thank you
0
We are considering proposals from our current network services provider and a new vendor for future support of our small, 22 user Windows based network. I am concerned that the current provider seems slow to apply the windows OS  updates to the server (2012 R2) with 4 VMs. Sometimes when I mention it they simply apologize and apply them that night. Now the story is that they prefer to wait till the updates have been out for a while. As of last week, they last updated the server on 2/1/17. I would like to assume that a crucial update would be applied immediately, but . . .
The new vendor uses Solarwinds, which sounds like a more automatic process.
Any thoughts, pro or con?
0
I had this question after viewing Is Byte Fence a Virus?.

I just read the above chatter and malwarebytes has flagged this program as a threat, including the uninstaller. So be careful when advising add/remove if I were you guys :)

If I see a really badly infected machine I don't bother trying to fix it insitu. I just whip the hard drive out and stick it in a caddy attached to another machine which isn't connected to the outside world (but virus defs etc are up to date) and scan remove anything malicious.

Then I put the drive back in the the host machine and see if it boots up or is repairable. If I can't do a repair or a factory reset, then I'll format the hard drive and rebuild the o/s etc manually.

I then scan the machine with the caddy to make sure nothing has leap frogged onto the local machine.

I don't really believe in convoluted removals, messing about in the reg or 3rd party removal tools etc. Keep it simple. My method usually takes less than a few minutes of my time. The machines can be scanning, rebuilding or whaever whilst I get on with my life.

Sometimes I think that maybe viruses are viewed with relish by some people, the "jobs for the boys" attitude. Plus the dark rumor and misconception that viruses are written to support the IT industry - to keep us busy. Not me - doesn't really affect my day at all and my cavalier approach has a positive affect on the …
0
In my experience connecting to a corporate VPN makes my computer a part of another network.  This means that my computer and possibly other computers on my network are now visible to the corporate vpn.  Would this also hold true of retail vpn suppliers now being able to probe my local network for vulnerabilities?
0

Vulnerabilities

A vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness, known as the attack surface. Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities. Other vulnerabilities include security risks, security defects and constructs in programming languages that are difficult to use properly.