Vulnerabilities

6K

Solutions

66

Articles & Videos

8K

Contributors

A vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness, known as the attack surface. Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities. Other vulnerabilities include security risks, security defects and constructs in programming languages that are difficult to use properly.

Share tech news, updates, or what's on your mind.

Sign up to Post

I have two particular vulnerabilities that were found by our Qualys scan.

Vulnerability 1:  SSL/TLS Server supports TLSv1.0

Solution disable TLS 1.0

What I did. Set the registry entries below.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client]
"DisabledByDefault"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server]
"Enabled"=dword:00000000

The vulnerability is still showing up.

Vulnerability 2:  Birthday attacks against TLS ciphers with 64bit block size vulnerability (Sweet32)

Solution: Disable DES and 3DES.

What I did.

Set the following Reg entries:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\DES 168/168]
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\DES 56/56]
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\Triple DES 168]
"Enabled"=dword:00000000


For some reason the vulnerabilities are still showing up on the server.  I have followed what I have read on microsoft. I am beginning to think that it is a false positive.
0
What Is Transaction Monitoring and who needs it?
LVL 1
What Is Transaction Monitoring and who needs it?

Synthetic Transaction Monitoring that you need for the day to day, which ensures your business website keeps running optimally, and that there is no downtime to impact your customer experience.

My organization did a vulnerability scan one of our websites (SharePoint 2013) which is behind AD authentication... the report gives warnings about about "cross-site scripting" and "clickjacking" vulnerabilities.

My question is, if the site is behind AD authentication these are not actually vulnerabilities, are they?
0
Hi, does anyone know any weakness of Cisco devices (router, switch, Firewall)? Is there any way/tool to assess their vulnerabilities?
0
I have 2 servers (Windows Server 2012 R2 and Windows Server 2008) being scanned by Qualys that have surfaced this finding:

HTTP Security Header Not Detected HTTP Security Header Not Detected port 80/tcp

THREAT:
This QID reports the absence of the following HTTP headers:
X-Frame-Options: This HTTP response header improves the protection of web applications against clickjacking attacks. Clickjacking, also known as
a "UI redress attack", allows an attacker to use multiple transparent or opaque layers to trick a targeted user into clicking on a button or link on
another page when they were intending to click on the the top level page.
X-XSS-Protection: This HTTP header enables the browser built-in Cross-Site Scripting (XSS) filter to prevent cross-site scripting attacks. X-XSSProtection:
0; disables this functionality.
X-Content-Type-Options: This HTTP header prevents attacks based on MIME-type mismatch. The only possible value is nosniff. If your server
returns X-Content-Type-Options: nosniff in the response, the browser will refuse to load the styles and scripts in case they have an incorrect MIMEtype.
QID Detection Logic:
This unauthenticated QID looks for the presence of valid X-Frame-Options, X-XSS-Protection HTTP and X-Content-Type-Options headers in a
HTTP request.
IMPACT:
Depending on the vulnerability being exploited, an unauthenticated remote attacker could conduct cross-site scripting, clickjacking or MIME-type
sniffing attacks.
SOLUTION:
N/A
0
We have quite a number of special Win 7 workstation PCs that have local
administrator accounts : the password never expire as each time changing
the password will involve quite some efforts of application changes.

What's the best practices to manage such accounts & any special mitigations?

a) make the passwords of such accounts dual control : ie different teams
     hold the passwords?
b) I'm not sure if we can make it "cant logon interactively" : I'll do it if it wont
     break the app.  Besides this what else can we harden?  No Local Logon?
c) noLMhash needs to be enabled so that the password cant be cracked
    easily;  what other hardenings?
d) any other mitigations such as enabling Windows Firewall?
e) pls add on any other best practices ...
0
Previously Bluecoat proxy allows access to SendThisFile service but sometime in
May, Bluecoat proxy has blocked it as "potential data loss/leakage".

I can see that SendThisFile has options for files transfer via PCs/laptops/emails
though previously when I could access, they have good encryptions etc.  Don't
recall SendThisFile is HIPAA & PCI certified.

What about IPSwitch (refers to link below):
https://www.ipswitch.com/resources/data-sheets/ipswitch-gateway
It's PCI & HIPAA certified but what else sets it apart from SendThisFile that it's
not a potential data loss/leakage source?  Some major insurance companies
want to exchange files with us using IPSwitch.

What I can think off are whether IPSwitch can restrict such that:
a) use only sftp that IPSwitch offers, not ftps (correct me, but I believe ftps is
   less secure than sftp)
b) don't allow transfer via PCs at both sender/recipients ends but this is
    something controlled at recipient/sender's ends right?  Not by IPSwitch
    or unless IPSwitch has an option that restricts connections from servers
    IP addresses of senders & recipients - does it have this option?
c) how is IPSwitch PCI certified?  They mask their customers data or have
    segregation of different customers (ie no co-mingling)?
d) how else can we restrict such that sender/recipient do connect from
     public places & homes of their staff but only from their organizations'
     servers?
e) I suppose we should not allow …
0
Qualys, Retina, Rapid7, NetworkDetective etc are all so expensive. Found HackerTraget.com which is affordable but limited as you can only scan externally and tools are limited. Anyone has recommendations for a comprehensive scanner that is not too expensive?

Thank you
0
hi,

anyone use Manage Engine Desktop Central to deploy MS security patchs ? can it rollback patch which is failed and how can it knows the patches is failed ?
0
Hi, just looking for a better way of managing WSUS v 6.3.9600.18228
We automatically approve Critical, Definition and Security updates
We sync Critical, Definition, Feature Packs, Security Updates, Service Packs, Updates roll ups, and Updates.

We get an email notification once a week of the synchronised updates, we have 3 different sites each running its own WSUS server, and its a constant struggle trying to wade through the print outs, as the print outs (synchronised report) contain all the updates that are automatically approved as well as ones which need checking to see if we want them or not.

This wastes time as we are checking updates unnecessarily. Is there a report that could be run instead that prints out just the items that aren't automatically approved and require attention?
We also find updates on the printout that are only a few days old, have already been superseded, again wasting time.

There must be a better way of doing this?
regards
Rick
0
I don't want to load enhancements or improvements.  Just security patches to avoid any malware, etc.
I was told that https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
is the one that's most currently important.
How can I selectively install these and not the other stuff?
0
Put Machine Learning to Work--Protect Your Clients
Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

Is there such a list of IP or smtp domains (doesn't have to be up to the hour up-to-date) list so
that we can block at our smtp?

Blocking by firewalls is not good as the emails will still come in
0
Hi,

Does anyone know if OpenVAS can be deployed with remote Pollers. So you can deploy the main OpenVAS server and then drop remote pollers/scanner into DMZs or other remote networks so the Remote Poller/scanner does the scanning then reports back to the OpenVAS Main Server for central reporting / vunerability definitions.

Thank you for any time..

Kind regards
Mark
0
Hello ,

Please clarify few doubt about Microsoft Security patch model as monthly rollup for  windows server .
As this update is released that contains all Security, non-security fixes and bug fixes, including all updates from previous monthly rollups.

Here are few queries based on the above definition.

1. What are updates comes under non-security fixes ?
2. Lets say my server last patched on Nov 2016 now I need to update with least patches for May 2017 month , If i will apply only one Monthy rollup patches for May month , will this cover all the all Security, non-security fixes and bug fixes since Dec to May month ?

Thanks
0
hi,

Right now as there are more and more zero day attack and security patch sometime is too slow to apply.

what is the way you guy used to deploy patch asap ? WSUS ? any robust way to do it ?

link/resource on how to setup the method is welcome .
0
Hi, I got this error when installing patches for MS17-010 and MS14-066. Window Update service is running, the patches is x64, same with Window. I checked CMD -> systeminfo but could not find the patches, so surely these patches have not been installed before.  Can you help, Ninjas? Thanks so much!

I tried in CMD but got this error:
C:\Windows\System32>Dism.exe /online /Add-Package /PackagePath:E:\MS14-066\Windo
ws6.1-KB3018238-x64.cab

Deployment Image Servicing and Management tool
Version: 6.1.7600.16385

Image Version: 6.1.7600.16385

Processing 1 of 1 - Adding package Package_for_KB3018238~31bf3856ad364e35~amd64~
~6.1.1.2


Error: 0x800f081e

The specified package is not applicable to this image.


The DISM log file can be found at C:\Windows\Logs\DISM\dism.log


Attached file is the log.
dism.log
0
Does anyone know where i can find the MS Patch for SBS2011 to patch against WananCry Ransomware?

I know SBS2011 is based on Server 2008R2, tried those but it tells me its not for this system

Many Thanks
1
Dear Adam,

 My client asked me another question after submitting the report to him.

 I am directly quoting his sentence.

 "As for the firmware version upgrade due to critical vulnerabilities as per snapshot, please advise the version 5.4.4 to be upgrade does it have other critical vulnerabilities which will impact our current setting?"

 I really don't know how to answer him.
0
Hi guys

Could you help me with few settings please? how to setup it etc

-      Only computers with the latest updates can login into our network ? via remote access and vpn  ?
-      Should we disable SMB v1? on all computers?  
-      How to block 139, 445 port on the sonicwall
-      how can I block  HTA extension file from downloading ?

thank you
0
We are considering proposals from our current network services provider and a new vendor for future support of our small, 22 user Windows based network. I am concerned that the current provider seems slow to apply the windows OS  updates to the server (2012 R2) with 4 VMs. Sometimes when I mention it they simply apologize and apply them that night. Now the story is that they prefer to wait till the updates have been out for a while. As of last week, they last updated the server on 2/1/17. I would like to assume that a crucial update would be applied immediately, but . . .
The new vendor uses Solarwinds, which sounds like a more automatic process.
Any thoughts, pro or con?
0
On Demand Webinar: Networking for the Cloud Era
LVL 8
On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

I had this question after viewing Is Byte Fence a Virus?.

I just read the above chatter and malwarebytes has flagged this program as a threat, including the uninstaller. So be careful when advising add/remove if I were you guys :)

If I see a really badly infected machine I don't bother trying to fix it insitu. I just whip the hard drive out and stick it in a caddy attached to another machine which isn't connected to the outside world (but virus defs etc are up to date) and scan remove anything malicious.

Then I put the drive back in the the host machine and see if it boots up or is repairable. If I can't do a repair or a factory reset, then I'll format the hard drive and rebuild the o/s etc manually.

I then scan the machine with the caddy to make sure nothing has leap frogged onto the local machine.

I don't really believe in convoluted removals, messing about in the reg or 3rd party removal tools etc. Keep it simple. My method usually takes less than a few minutes of my time. The machines can be scanning, rebuilding or whaever whilst I get on with my life.

Sometimes I think that maybe viruses are viewed with relish by some people, the "jobs for the boys" attitude. Plus the dark rumor and misconception that viruses are written to support the IT industry - to keep us busy. Not me - doesn't really affect my day at all and my cavalier approach has a positive affect on the …
0
In my experience connecting to a corporate VPN makes my computer a part of another network.  This means that my computer and possibly other computers on my network are now visible to the corporate vpn.  Would this also hold true of retail vpn suppliers now being able to probe my local network for vulnerabilities?
0
Could you guys tell me what are the Impacts of a Security Breach on an Organization in Europe ?
0
Hi Experts
my file server file infected with virus and all files extensions changed to .id_4109703493_gebdp3k7bolalnd4.onion._

Please help
0
Dear Experts,

My colleague did the router vulnerabilities and came out with this list?

Is there really a need to upgrade the router firmware?

No.      Bug ID      Description
1      CSCuv07111
IOS and IOS-XE devices changing the next-hop on BGP route with own IP
2      CSCup33405
Prefixes are not removed from BGP table with BDI interface shut
3      CSCut79286
ASR1K QoS feature doesn't work fine with RP2/Rls3.x
4      CSCuw09483
Unexpected reload w/"privilege exec level '0-15' show macdb" configured
5      CSCuu12283
CUBE failed to create DP session on STBY for Webex flow
6      CSCuu26224
CUBE with SRTP fallback will crash when call hit on incoming dial-peer 0
7      CSCuv61208
ASR1k EasyVPN server looses RRI for clients behind PAT
8      CSCuw02157
DMVPN Hub: IOS crash at crypto_ipsec_show_map_info
10      CSCuq24354
GETVPN KS rekeys without pol changes may cause IOS XE GMs to re-register
11      CSCuw09323
GETVPN: ASR GM stops decrypting until old SA expires after KS ACL change
12      CSCuw08567
Ident SM exists without Dynamic Crypto Map leading to rekey failures
14      CSCuj55363
lispgetVpn traffic is dropped when getvpn profile is applied in wan intf
15      CSCuj53943
Multicast packets are dropped after "clear crypto gdoi ks members"
16      CSCus85701
AQoS peer mismatch with NAT
17      CSCuv66070
Crash on executing "show nhrp group-map" command
18      CSCuv86821
Router crashed due to Crypto IKMP
19      CSCuv21051
XE310:Traceback@crypto_isakmp_profile_free after unconfiguration
20      CSCuv94186
SNMPWALK crash at …
0
Dear Sir,

I have read through the release notes for my client's Fortigate 100D HA and was suppose to recommend whether do we upgrade the firmware or not.

Can anyone guide me on what factors do I need to consider before telling my client that upgrading of firmware needs to be done?


No.      Application      Bug ID      Description      Affected versions
1      Firewall      387367      Firewall is rebooting automatically      5.4.1 and earlier
2      GUI      371106      Removed trusted host is not re-indexed but replaced with 0.0.0.0/0.      
3      GUI      374339      SSLVPN setting page may not check the required fields.      
4      GUI      386862      Large lists of address objects can take a considerable amount of time to load      
5      HA      387212      HA gets out of sync frequently and hasync becomes zombie.      
6      HA      301101      hasync process is running 100% of CPU.      
7      System      292237      FG-200D hangs with transmit timeouts.      
8      System      378761      Allow local-in traffic When system memory reaches 94%.      
10      System      387496      FSSO agent did not display all user group information      5.4.2 and earlier
11      FW      389832      TCP/UDP ports 464 are missing in Service Group "Windows AD".      
12      Common Vulnerabilities and Exposures      388594      FortiOS local admin password hashes could be obtained.      
14      SSLVPN      366291      High CPU usage by SSL VPN.      
15      Users      400065      The FSSO users were not able to pickup by firewall policy.      5.4.3 and earlier
16      System      396472      Checksum control is not working when upgrading firmware.      
17      Router      397628      Internet-service based routing not working.
0

Vulnerabilities

6K

Solutions

66

Articles & Videos

8K

Contributors

A vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness, known as the attack surface. Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities. Other vulnerabilities include security risks, security defects and constructs in programming languages that are difficult to use properly.