Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x

Vulnerabilities

A vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness, known as the attack surface. Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities. Other vulnerabilities include security risks, security defects and constructs in programming languages that are difficult to use properly.

Share tech news, updates, or what's on your mind.

Sign up to Post

How do we verify the patches effectively mitigate?
0
Free Tool: Path Explorer
LVL 11
Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

For some strange reason the patch will not install on any w10 v1607 in my entire domain. If I take that same machine and bring it up to v1709 and applied the appropriate Meltdown patch... It installs.
There is a know issue with Bloomberg and v1709 which why I must remain on 1607.

See screenshot below.
Meltdownw10v1607
0
Does anyone know if IBM has come out with a statement of impact or remediation for the IBM i platform - in regards to the Spectre/Meltdown vulnerabilities?
0
Appreciate if can point me to links / URLs on patches to download & availability for
a) MS Windows 2008 R2, 2012 R2, 2016,  7, 10
b) Dell & IBM hardware
c) ESXi Ver 6.1
d) Various Cisco switches & routers (we have 2xxx, 3xxx, 4xxx models)
e) EMC VNC & VMAX
f) Solaris x86 on AMD
g) McAfee AV
h) Bluecoat Proxy
i)  F5 LTM, GTM Ver 11.7.x
0
How can Intel, AMD and ARM escape this meltdown and spectre without replacing the chips? Is patching the only solution? Or even it has some loopholes?
0
My Favorites for IE and Bookmarks for Chrome keep replicating/duplicating themselves to the tune of 24,000+. We are on Office 365. i've deleted them both in IE (on my laptop and on the site directly) and Chrome. but they keep coming back. I've even deleted the chrome bookmark file and started with a clean slate.
0
Hi Experts,

With regards to the recent vulnerabilities with Intel, and I heard that AMDs are affected as well, I am wondering if any action need to be taken for Windows 7, 8, 10, and MAC ?

Thank you
0
https://bitnami.com/stack/mediawiki/installer

I refer to above tool that our developer wanted to use.  Can provide comments on
a) is there a site or source that regularly produce/track for new vulnerabilities for that software
b) are patches being produced regularly : is this considered an Opensource and release of patches is not contractually required?

If there's no regular patchings, what are the precautions we ought to take?  Eg: use it on an air-gap PC without Internet access?
0
Desktop:Windows 8
VPN connection: Forticlient 5.6 or Sonicwall Netextender 8.0 used to connect to office network
Telus internet connection
Browser: Chrome, Firefox
Situation:
1. Telus internet connection works fine.
2. Without VPN connection, Chrome and Firefox access internet is normal, .
3. With VPN connection, Chrome works fine, only Firefox is very, very slow.
4. I turned off Firefox proxy server setting, Firefox works fine about two days then slowly again
5. Computer found unnormal login script error message, seems has malware in it.

Question:
How to block firefox access internet through VPN connection before I find a way kill the malware.
0
Given that SSL is no longer considered safe due to the POODLE vulnerability, what email options exist?

https://www.pcicomplianceguide.org/pci-dss-v3-1-and-ssl-what-you-should-do-now/

And does this POODLE vulnerability actually expose someone who sends an email with a secure PDF as an attachment?

Is there a way to securely send an email with a merchant's credit card monthly statement as an attachment? If so, what types of email are considered PCI compliant?

If not, other options are there for sending a PDF? DropBox?

What are the alternatives?

Thanks.
0
Receive 1:1 tech help
LVL 11
Receive 1:1 tech help

Solve your biggest tech problems alongside global tech experts with 1:1 help.

Using Nessus to scan for vulnerabilities.  It is reporting that Visual Studio C++ is not patched, although the KB has been applied.
The following Visual C++ Redistributable Package has not
been patched :

  Product           : Visual C++ 2010 SP1 Redistributable Package
  Installed version : 10.0.40219.1
  Fixed version     : 10.0.40219.325

After further investigation, the machine in question only has the x86 version installed (and the DLL's in SysWo64 are the correct version) but there is also a set of DLL's in the System32 folder that are the older version.  If x86 is installed, does anyone know why there are files in the System32 folder?
0
Hi Experts,

We have deployed a new windows 2012 r2 DC. We have done a complete patch cycle using windows update and now have done a complete scan and remediation using GFI Langurard and all is clean. Just to confirm our results we then run a full Nessus scan against the new DC and Nessus comes back with vulnerabilities, most notable is a critical finding missing KB4025336.

When i try to download the KB and install using Windows catalog service I receive this update is not applicable to your computer and GFI, Microsoft Security Baseliner and windows update does not record it missing. Looking at the windows updates it is not listed as installed, so I am not sure if it is  superseded, but if so thought Nessus would not see the patch as missing?

We have security audits in the industry we are in and the auditor uses Nessus, so we can't ignore the findings from the Nessus scan.

Thanks
0
I have tried on 3 machines (Win 7) and 3 mobiles (Android) but only one combination shows up as COM3 in Hyperterminal.
My purpose is to send SMS via Serial port. I can send successfully from this one combination.
I want the others to work too. All mobiles connect to the machine and I can access the Internal and External drives.

By COM3 I mean COM1,2,3,4....
0
How do I know if this is the actual McAffe web page?
0
Hi All,

My company Scenario:

I have connected the branch office to main office using VPN.

Main office is running under domain environment and using a Watch guard as a firewall.
Branch office is running in a work group environment and using a Billion VPN Wi Fi router.

VPN has been set up between Watchguard Firewall (XTM26) and Billion Wifi Router (Bi Pac 8920nz)

VPN is working fine. I am able to take remote of all the computers located in to the branch office using "Microsoft Remote Desktop" from the main office.  

Problem:

I am not able to ping any of the branch office computers. I can ping branch office wifi router and network printer only. What could be the reason?
0
The user has a MacBook Pro (Retina, 13-inch, Late 2013)

They accepted a bogus phone call from "Apple Tech Support" and allowed them to run all sorts of 'diagnostics and repairs'   However, they didn't pay any money.

In their defense, they had been recently informed by their bank that some sort of Trojan horse was affecting their computer, and they mistakenly assumed that this was a follow up call.

Apple support had them install the latest version of MalwareBytes Mac, and nothing has been found after the initial scan and cleanup.

For peace of mind, are there other applications that can check for hidden threats?

Thanks.
0
What are the risks associated with installing the above on a PC/laptop for doing data analysis?

Are the following mitigating measures valid?

a) apply regular patches for R & Python to fix vulnerabilities: as they're opensource, are the patches
               released quite timely/regularly.  I tend to think opensource is lacking in this area
b) if patches are not applied regularly, can we isolate the PCs such that they have no Internet
    access & no email clients to mitigate?  I tend to think most breaches result from Internet,
    emails activities & infected USB devices
c) is it common that emails contain malicious python attachments?
d) Where can we subscribe to  vulnerabilities news/updates for these 2 softwares?
e) Python and Ruby are dynamic platforms (free ware) , have to tighten the web application security if it’s being used for web applications, Python has flexible features that make it particularly useful for hacking?  
    Can we harden these & where to obtain such a hardening guide?
0
Server is Windows 2012 R2. Clients are Windows 10.

VPN is a Watchguard SSL VPN. Users are connected on fast VDSL connections.

When Offline Files is enabled, users connecting via the VPN can no longer see any folders other than those already synchronised. File explorer shows the computer working in offline mode.

I have checked the network location, and this shows 'domain' as expected.

It appears that when connected to the VPN, Windows is perfectly happy to authenticate against the network, browse network shares it's never seen before, there are no speed issues, etc, but the minute offline files is enabled, Windows (file explorer only) thinks the computer is offline.

There is no GPO set to describe the slow speed threshold, so the default of 500kbps should be true. The connection is operating nearer 80Mbps.

I've set a GPO "Computer Configuration > Policies > Administrative Templates > Network > Offline Files > Configure slow-link mode" to disabled, which seems to have resolved the issue.

However, I'm more concerned that Windows believes the computer to be offline when it isn't, and I wonder if there's a firewall issue I should be aware of?

Any pointers?
0
I want to disable PowerShell access on users' PCs batch by batch rather than across 3000 PCs corporate-wide in one go.

What's the safest / easiest way?  There's a direction in our corporate to mitigate against fileless attacks:

Fileless attacks have gone mainstream. They were one of the fastest growing threats in 2017 and are predicted to grow even more next year. And they're the most dangerous - Ponemon's 2017 State of Endpoint Security Risk study found that more than 75% of successful breaches involve fileless techniques.
What's behind this troubling growth? A new Morphisec report looks at the evolution of this attack trend and examines how malware incorporates fileless techniques to avoid antivirus and NextGen detection tools.
0
Concerto Cloud for Software Providers & ISVs
LVL 5
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Our company are using Palo Alto Firewall ,we received the critical alert "Top 5 attackers" and the source is from one of the application server. What does it mean and what should I do .Please advice.Thanks
0
reference:
http://www.itsecdb.com/oval/definition/oval/org.mitre.oval/def/22538/A-router-or-firewall-allows-source-routed-packets-from-arbit.html

I see this come up in some vulnerability scans on just a few Windows 10 Pro computers and am wondering how it came to be?
The computers are no different than others on the network.
Any insights?

I see *fixes* but no *causes*....
0
I am trying to create a policy to enable/block specific traffic that my T30-W is handling. I haven't been able to find a good answer as to what each column in the Traffic Monitor means.
0
Hey

All external mails shows as "X-MS-Exchange-Organization-AuthAs: internal"

How to change to anonymous?

(We have a WatchGuard XCS as spam)

Mike
0
https://www.csa.gov.sg/singcert/news/advisories-alerts/alert-on-microsoft-office-memory-corruption-vulnerability
Above is protected by McAfee NIDS/NIPS.

Q1:
Does McAfee AV & HIPS detect/protect against above CVE?

Q2:
Can I say in general NIDS/NIPS protect against CVEs (esp MS & Adobe vulnerabilities) but AV don't as AV deals with
malware & not CVEs.

Q3:
Can I safely say that if a vendor's NIDS detect/protect against the CVE, likely its HIPS will also provide the same?
In particular, referring to McAfee & TrendMicro's
0
In WatchGuard XTM SMTP Proxy definitions, it implies you can set up a rule for "masquerading".  However, how do you set up the replacement string?   For instance, if I want person@contoso.com to be redirected to person@contoso.org, it is easy enough to match the string and replace it.  But, if I want everyone @contoso.com to be redirected to their same name @contoso.org, how do you set up the replacement string?  You can use a wildcard on the string match but what syntax do they use for the replacement string to attach the portion before @contoso.com.   Seems that this should be a simple process for creating masquerading.
0

Vulnerabilities

A vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness, known as the attack surface. Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities. Other vulnerabilities include security risks, security defects and constructs in programming languages that are difficult to use properly.