Vulnerabilities

6K

Solutions

8K

Contributors

A vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness, known as the attack surface. Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities. Other vulnerabilities include security risks, security defects and constructs in programming languages that are difficult to use properly.

Share tech news, updates, or what's on your mind.

Sign up to Post

Hi,

I need assistance how I can disable / close network discovery on LAN for Servers and all Clients please.


Regards
Asif
0
Cloud Class® Course: MCSA MCSE Windows Server 2012
LVL 12
Cloud Class® Course: MCSA MCSE Windows Server 2012

This course teaches how to install and configure Windows Server 2012 R2.  It is the first step on your path to becoming a Microsoft Certified Solutions Expert (MCSE).

I currently have a Watchguard Firebox in place and have recently purchased a Cisco Catalyst 2960 to server as our primary switch. Our Watchguard currently manages our WAP's (also Watchguard) which have a private and public wifi network which is segmented through the use of VLAN's.

I'm extremely new to Cisco and I'm trying to determine how I would go about configuring the ports on the switch to pass along all VLAN traffic which should allow the WAP's to continue functioning.
0
https://www.bleepingcomputer.com/news/security/backswap-banking-trojan-uses-never-before-seen-techniques/

Referring to above  BackSwap Banking Trojan ,  does McAfee AV & IPS detect/block it?
Think I saw a link (but misplaced it) that McAfee AV can't detect it yet.

Is there alternative ways of detecting/blocking it if AV can't?

What is the hash or IOC for this malware?
0
I am trying to confirm whether Sentinel One EndPoint Protection is a viable replacement for existing Webroot EndPoint Protection and MalwareBytes EndPoint protection.  We have been using Webroot/Malwarebytes endpoint clients on our workstations and servers for about four or five years now.  We have not encountered any compromises/issues using these products.   I also need to mention we also use Cisco's Umbrella Roaming Client as well.

We also have a SonicWall TZ500W with the Comprehensive  Gateway protection.  We never enabled the DPI module because it caused many connection issues accessing creditable Court websites, etc.  

So now SonicWall is promoting/offering their Capture Client solution that I am interested in.  I wanted to purchase the Sentinel One client software a couple of years back, but they said I could not make a purchase since the minimum count they could sell is 100.  We only need 25 licenses.  So now that Sonicwall offers Capture Client, I want to know if its feasible to say it would actually replace both Webroot and MalwareBytes EndPoint products and not just work along side and complement them.  So, I contacted Sentinel One Sales and they indicate their product serves as direct replacement.  They also mentioned their clients actually use Capture Client exclusively.

I have concern about a complete replacement solution.  I just want to ensure if we decide to deploy Sentinel One Capture Client as the sole Anti-Virus and Anti-Malware solution it …
0
I was given a list of potential malicious sites by some intel but when I ping them, they don't resolve to any IP.

How to know if they were there before or had been taken down??

Will post them in the post below
0
Anyone know if the Spectre vulnerability really be fixed with a software patch being that it is a hardware problem?
0
Hi,

I'm doing a pen test remediation and they have flagged up default IIS files present on our Exchange and other servers (see wording below). I've scoured the web but can't find any conclusive guides for a safe way to do this. If i go into IIS on these servers, click on the root and then Default document i can see a list of files. If I remove these will this solve the vulnerability and more importantly will it not break anything?

Any advice would be greatly appreciated. :)

Description
Default files have been found on the server. These may often contain dangerous script examples,
administrative interfaces, or configuration information.
The presence of default Web Server files also indicates that the Web Server hardening procedure needs
improvement, and this could indicate to an attacker that further vulnerabilities may exist due to a
weakness in server management practices.
CVSS v2 Vector (AV:N/AC:L/Au:N/C:P/I:N/A:N)

Solution
Remove the default files from the server and review server hardening procedures to ensure default files
are removed during the server build.

Information
Default IIS7 files found on 4 externally facing IP addresses
0
We are looking to set up a point to point vpn with sonicwall on our end and watchguard on the clients end. We'll be using that to set up crashplan backup on virtual machines. Two questions.
1. Is it pretty straightforward to set up the point-to-point between sonicwall and watchguard?
2. Once that is established, would we need a backup device for each VM (say we have 3) or would backing them up to one device with designated partitions work ok?
0
We would like to run a scan of our external network (covering a subnet range) to determine:

1. What ports are open (scanning all 65,535 UDP, TCP ports

2. Check to see if there are any obvious vulnerabilities for any of the discovered endpoints such as the firewall itself


Ideally a Windows-based utility with a GUI is preferred and free/free trial.


Thanks
0
We have a Watchguard XTM 2 firewall device.

We have set it up successfully with a static IP address through our modem.  The modem works and plugged it directly into the computer with IPv4 manually set.

We have the WAN in X0 and the LAN is X2.

When we setup the device with the Trusted Interface of 192.168.0.1/24 with DHCP range of 192.168.0.2-192.168.0.199 it works but does not get Internet.   The DNS server is set and the computer has no problem getting a DHCP address.

The only thing that looks wrong is this picture with the gateway is showing up as 0.0.0.0 but don't see a place to change it nor do I see any settings wrong.  Help!
20180503_110739.jpg
0
Get expert help—faster!
LVL 12
Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

Hello all,

What is the ideal way for patch management. How to remediate windows servers. Where should we start?

REgards
0
Our ISP has given us a block IP addresses, and a gateway on a different subnet. We must use PPPoE to connect. We want to use these addresses on a Watchguard XTM box using Fireware 12.1.1

We have set the PPPoE connection to use the gateway IP address, and added the 5 main IP addresses as secondary ones on the external interface. These can be thought of as follows (not the actual IP addresses):

Gateway : 80.80.79.79
Assigned IP Range 80.80.80.1/29

When trying to configure a BOVPN, we would like our IP address to show as 80.80.80.1 but it always appears as 80.80.79.79.

We've modified the other firewall policies such as HTTPS client to use one of the IP addresses in the block and this works fine, just not the BOVPN one. Can someone direct me to where I should specify the IP address for the BOVPN?

Thanks.
0
Hi, I have a really odd problem with a Watchguard XTM25-W Firewall.  It has the latest Fireware on it and I've reset it and run the setup wizard from scratch on it. I have a Draytek VDSL model plugged into Port0 and have set up PPPOE authentication on the watchguard and the watchguard connects to the internet.  I have successfully downloaded the Live Security feature key and it's valid for 2 more months.  

The problem I have is that if I plug a laptop directly into Port 1 on the Watchguard and set up a static IP the laptop can see the internet. However if I plug Port 1 into an established 48 port switch nobody on the switch can see the Watchguard, and in fact the Port1 light on the Watchguard doesn't even light up (it lights up if you plug the Laptop into it)

As far as I am aware when you reset a Watchguard and run the setup Wozard it sets up enough default settings to get you a basic internet connection but I'm wondering if there is now some additional configuration needed to allow the internet connection to be shared.

Bit of further background, the Watchguard is replacing an existing Draytek VDSL Router which was the original Default Gateway so I have set up the Watchguard with the same IP address as the Draytek Router (and of course unplugged the Draytek)

Would really appreciate some suggestions on this.

Many thanks
0
Good day-
I'm attemtping to forward port inbound requests on port 80 to internal port 16000 for viewing of a DVR camera system.  Can someone guide me over policy manager? I'm not understanding the kb from watchguard.

Best,
Craig
0
Hello,
I need to bypass a XSS check which is using stripos to prevent using script tags by detecting the work "script"
<?php
if (stripos($a, 'script') !== false) return false; return true;
?>

Open in new window

The web server also has a CSP policy (default-src none; script-src: nonce-key) and requires a nonce parameter within the script tag.
Thank you for your help.
0
https://blog.trendmicro.com/trendlabs-security-intelligence/autoit-used-to-spread-malware-and-toolsets/

Users are requesting for AutoIT to automate their tasks (mouse clicks, repetitive keystrokes etc)
but I have concerns like what's listed in link above.

What are the mitigations we can put in place to balance between work productivity & IT security risks?

Are the following valid mitigations?

1. air-gap those PC running AutoIT, namely remove Internet access & email access as these two are
    top vectors of malwares.  Users told me they don't need these 2 functions on the PCs running
    AutoIT but the AutoIT programmer wants it on his PC as he doesn't want to switch around
    between PCs when developing AutoIT scripts & using email/Internet

2. I heard we can compile the scripts & then uninstall AutoIT : so if a hacker got into the PC, he
    can't develop keyloggers/malicious scripts (that capture credentials).  The programmer felt
    this is restrictive but to work around, I heard we can create config file for scripts to read in
    parameters/variables to give more flexibilities or options for the scripts to operate: is this
    so?  Is this a good mitigation?

Pls add on any further mitigations.

I've heard of VB & Java scripts being risks : are they of similar nature as the risks of AutoIT?
0
Our network guys as well as the vendor who support our Cisco insisted that there's no patch available for
the 2960, 37xx models  for CVE-2018-0171

I showed them the extract from the link below but they still insisted it's only 'no vstack' that is needed &
there's no patch:
  https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi2
"Cisco has released free software updates that address the vulnerability described in this advisory. Customers may only install and expect support for software versions and feature sets for which they have purchased a license. “


Anyone can verify this & if there is patch, help download to a dropbox or somewhere for me to get from there as we don't have TAC.
0
I have discovered by using vulnerability test software that 2 windows 2008 servers seemed to be vulnerable to ROBOT Attacks (Return of Bleinchenbacher's Oracle Threat),  I've been reading several articles with no answers.  Is there a Microsoft patch that fixes this (Windows update)  or is there a proper way to disable the RSA ciphers.   There seems to be a lot of info out there but nothing related to fixing the issues on a windows 2008 R2 server.

Can anyone point me int the right directions ?
0
I have a system AIX with 6.1.00 tl9 is necessary install fix for sendmail-cve-2014-3956 ?

The problem exists only if I go to the internet world?
0
Cloud Class® Course: Amazon Web Services - Basic
LVL 12
Cloud Class® Course: Amazon Web Services - Basic

Are you thinking about creating an Amazon Web Services account for your business? Not sure where to start? In this course you’ll get an overview of the history of AWS and take a tour of their user interface.

I have a client with a SonicWall TZ 205, and we are running into an issue with PCI compliance scans.
Right now we are struggling to resolve a failure with "SSL Certificate - Signature Verification Failed Vulnerability".

Sonic support is clueless - does anyone here have a thought? Thanks in advance!
0
Audit wanted me to simulate a High severity event which we have only a few such as
successful Brute Force, true DDoS (not sure what's the bandwidth) & compromised
network/firewall devices that lead to operations outage.

This is to see if the SoC responds within SLA (from Splunk alert which currently
covers Prod servers/devices) & how fast we mitigate it.

I think the easiest is to
a) install a brute force password cracker
b) create a local account not subject to GPO (eg: password doesnt get locked
    despite number of failed attempts with a simple password) on a non-
    critical Prod server

Any freeware tool on Windows that do brute force for Windows that anyone
can recommend?  SIP Vicious or is there a free l0phtcrack ?
0
Dear EE,

I have two vulnerabilities.


1:- Microsoft Office Dynamic Data Exchange (DDE) Vulnerability (KB 4053440) (ADV170021)

2:- Microsoft Office and Microsoft Office Services and Web Apps Security Update January 2018


My client has reported DDE vulnerability in there production environment having Microsoft Office Professional Plus 2010 64 Bit.

Can you please help me how can i make / configure DDE vulnerability in my local environment with same Microsoft Office Professional Plus 2010 64 Bit.

So that i can then FIX it and share the steps to my client.

After fixing first one we will move to 2nd one.

Thanks
03-Apr-18-12-41-00-PM.jpg
0
Hi Experts!

Hope everyone is well?

All of a sudden when we make changes to a Custom Profile on AlienVault OSSIM and trying and update it fails for all sensors.

Database Updates Correctly and shows a green tick.
On sensor fails with a red cross
All the rest just pulse (3 black lines) but never do anything else

Pic
Checked the Sensors and all have network connectivity. I can Telnet to each box on port 9330.

All certificates seem to be ok.

Would anybody be able to point me in the right direction to try and help me diagnose and resolve this?

Cheers
SJG
0
How to get rid of the adware: Drivers Agent?  I have tried all of the basic solutions on the internet.
0
I believe my email or device was hacked: how can I verify and how can I resolve it?

Here is what happened:  

My wife sent  an email to my accountant which contained a few minor bits of information and I got a response that read (with bad grammar):

"please email me your Drivers license and 1040 from last year. I did a system update and lost many informations. thank you"

and below that was included a copy of the email text I sent to my accountant.

First, it is obvious that this is a spoof due to the bad grammar

But, my questions are

(1) How could a hacker manage to send me a faux reply that contained my exact original message?
(2) This email was sent from an IPAD, does that suggest my wife's email is compromised. the IPAD is compromised or both?

Thanks,
0

Vulnerabilities

6K

Solutions

8K

Contributors

A vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness, known as the attack surface. Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities. Other vulnerabilities include security risks, security defects and constructs in programming languages that are difficult to use properly.