Are you the publisher? Claim or contact us about this channel


Embed this content in your HTML

Search

Report adult content:

click to rate:

Account: (login)

More Channels


Showcase


Channel Catalog


older | 1 | .... | 168 | 169 | (Page 170) | 171 | 172 | .... | 254 | newer

    0 0

    A new remote code execution vulnerability affecting the compression utility is less dangerous than first believed.

    続きを読む

    0 0

    セキュリティ研究者 Patrick Wardle 氏の詳しい説明によると、Apple の Mac OS X で使われている「Gatekeeper」には、攻撃者が未検証・未署名のコードを実行できる脆弱性が存在します。

    続きを読む

    0 0
  • 10/01/15--04:17: Script to patch Install.wim
  • In order to leave a sustainable OS image I like to fully automate the image creation process, starting with a known untouched OS DVD image and ending with a fully formed sysprepped image at the end. That way it's easy to tell exactly what's gone into the image and to update any element.

    However, to install all the patches and updates each time can be a time consuming process so I prefer to slipstream these into the install.wim, hoever, I still want to be able to trace back to a known untouched install.wim.

    So I start by manually copying the DVD image to a custom folder ('aaa') in the eXpress share, make it Read Only and then create a Scripted OS install job from that source. I then create a Job with a "Run Script" task run locally on the DS that will copy the untouched install.wim from the source to the WINOSnnn directory, mount it, patch it and unmount it. The scripted OS install will then be using a patched Install.wim. I copied the DISM folder from the relevant Windows ADK and created an empty d:\mount directory. Download any patches as extracted CAB files to an OfflineCAB directory under your OS directory in your folder.

    REM Run on DS
    
    set myco=aaa
    set os=win10x64
    set dvd=SW_DVD5_WIN_ENT_10_64BIT_Eng_Intl_MLF_X20-26306
    set dism=%os%\DISM
    set Winos=WinOS008
    set wim=.\deploy\%winos%\sources\sources\install.wim 
    set mount=d:\mount
    
    copy /Y .\%myco%\%os%\%dvd%\sources\install.wim  %wim%
    
    ".\%myco%\%dism%\dism.exe" /mount-wim /wimfile:%wim% /mountdir:%mount% /index:1
    
    FOR /F "delims=" %%A IN ('dir ".\%myco%\%os%\OfflineCab\*.cab" /s /b') DO (".\%myco%\%dism%\dism.exe" /image:%mount% /Add-Package /PackagePath:"%%A" /NoRestart /quiet)
    
    ".\%myco%\%dism%\dism.exe" /unmount-wim /mountdir:%mount% /commit

    0 0

    As part of our standard scripted install I have a number of simple scripts to help with tasks such as patching and hardening the image.

    Quite a few of you will have your images subject to Security scans - I now run these scripts to close minor security holes:

    REM Set local passwords to expire after 30 days
    REM This may not survive sysprep
    
    net accounts /MAXPWAGE:30
    
    REM Rename Local Administrator and Guest accounts
    REM This may not survive sysprep
    set admin=mooney
    set guest=hunt
    
    wmic UserAccount where name="Administrator" call Rename Name="%admin%"
    wmic UserAccount where name="Guest" call Rename Name="%guest%"
    
    REM Turn off CDROM Autorun
    
    reg add HKLM\SYSTEM\CurrentControlSet\services\cdrom /v AutoRun /t REG_DWORD /d 0 /f
    
    REM Disable saving Dial up passwords
    
    reg add HKLM\System\CurrentControlSet\Services\Rasman\Parameters /v DisableSavePassword /t REG_DWORD /d 1 /f

    Then there's odd other settings you may want:

    REM powercfg.exe High power no hibernate
    
    powercfg -setactive 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c
    powercfg.exe /hibernate off
    
    REM Disable Windows Media Player Update
    
    Reg add HKLM\SOFTWARE\Policies\Microsoft\WindowsMediaPlayer /v DisableAutoUpdate /t REG_DWORD /d 00000001

    You might have a variety of OS and core app updates to install, CAB, EXE and MSU files:

    REM To install exe updates
    REM Copy executable patches locally to c:\support\Patches\exe first
    
    FOR /F "delims=" %%A IN ('dir c:\support\patches\exe\*.exe /s /b') DO (%%A /quiet /norestart)
    
    REM To DISM Windows updates from CAB
    REM Copy cab files locally to c:\support\Patches\cab first
    
    FOR /F "delims=" %%A IN ('dir c:\support\patches\cab1\*.cab /s /b') DO (dism.exe /online /Add-Package /PackagePath:%%A /NoRestart /quiet)
    
    REM To WUSA Windows updates from MSU
    REM Copy msu files locally to c:\support\Patches\msu first
    
    FOR /F "delims=" %%A IN ('dir c:\support\patches\msu\*.msu /s /b') DO (wusa.exe %%A /NoRestart /quiet)

    And for Windows 7 I like to get rid of the Event ID 10 errors:

    'KB2545227 Event ID 10 error fix
    'vbscript
    
    strComputer = "."
    
    Set objWMIService = GetObject("winmgmts:" _
    & "{impersonationLevel=impersonate}!\\" _
    & strComputer & "\root\subscription")
    
    Set obj1 = objWMIService.ExecQuery("select * from __eventfilter where name='BVTFilter' and query='SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA ""Win32_Processor"" AND TargetInstance.LoadPercentage > 99'")
    For Each obj1elem in obj1
    set obj2set = obj1elem.Associators_("__FilterToConsumerBinding")
    set obj3set = obj1elem.References_("__FilterToConsumerBinding")
    
    For each obj2 in obj2set
    WScript.echo "Deleting the object"
    WScript.echo obj2.GetObjectText_
    obj2.Delete_
    
    next
    
    For each obj3 in obj3set
    WScript.echo "Deleting the object"
    WScript.echo obj3.GetObjectText_
    obj3.Delete_
    
    next
    WScript.echo "Deleting the object"
    WScript.echo obj1elem.GetObjectText_
    obj1elem.Delete_
    
    Next

    0 0

    Spear-phishing e watering hole usam estratégia de engenharia social para invadir sistemas corporativos específicos. Veja como se proteger
    Twitter カードのスタイル: 
    summary

    por Vladimir Amarante

    Ataques direcionados baseados em engenharia social - técnica que busca conhecer os hábitos dos colaboradores da empresa para facilitar a entrada de malwares - são uma estratégia crescente em todo o mundo. Eles são formulados com foco em companhias específicas, centrando esforços em grupos de usuários determinados e utilizam como base o comportamento de navegação na internet e de comunicação para facilitar a invasão. Dois muito comuns são o spear-phishing e o watering hole.

    Evitar esse tipo de ação é  trabalho complexo, porque o invasor investe tempo e foco na elaboração de uma estratégia certeira e discreta, baseada em muita pesquisa. Mas isso não significa que seja uma tarefa impossível.  É importante, então, conhecer bem o inimigo, para poder combatê-lo.

    O que é o spear-phishing?

    O spear-phising funciona como um spam: o usuário recebe um e-mail que o convida a clicar em um link malicioso. A diferença para as ações de massa é que pelo spaer-phishing tanto a mensagem quanto a oferta são direcionadas para seu perfil de atuação na empresa. Um departamento de Recursos Humanos, por exemplo, dificilmente vai se negar a abrir um currículo enviado anexo a um e-mail, assim como um vendedor não achará estranho baixar uma apresentação institucional de um cliente em potencial. Em 2014, o mundo lidou com uma média diária de 73 spear-phishing, segundo o Relatório de Ameaças de Segurança na Internet, produzido pela Symantec com dados referentes a 2014.

    O que é watering hole?

    Em ataques do tipo watering hole, os cibercriminosos conhecem o comportamento de navegação na internet de um grupo de usuários e infectam os sites mais visitados com links maliciosos. A chance de sucesso aumenta, já que os malwares ficam "escondidos" em um ambiente aparentemente seguro.

    O que motiva as invasões?

    Há duas grandes motivações por trás de um ataque direcionado: ou se trata de ganho financeiro -  obtido com o roubo de informações bancárias, campanhas de marketing, base de clientes, propriedade intelectual em geral - ou o foco é o ciberativismo, seja porque o invasor quer causar um prejuízo para a empresa, seja para ganhar visibilidade.

    Quem são os alvos?

    O estudo da Symantec mostra que colaboradores individuais (27%),  estagiários (26%), diretores (19%) e gerentes (6%) foram alvo de ao menos um ataque do tipo spaer-phishing no ano passado. Por ramo de atividade, manufatura (20%); serviços não-tradicionais (20%); finanças, seguros e imóveis (18%); serviços profissionais (11%); e atacado (10%) são as indústrias mais visadas pelos invasores.

    Quais as portas de entrada mais comuns?

    Eles podem entrar na infraestrutura corporativa por meio de falhas de segurança convencionais, não corrigidas por falta de atualização de ferramentas como antivírus, por exemplo, mas tendem a ser produzidas para se esgueirarem por meio de brechas do tipo dia zero, ou zero-day - aquelas totalmente desconhecidas pelo mercado, ainda não catalogadas pelos criadores do software ou empresas de segurança.  A Symantec identificou 24 vulnerabilidades do tipo em 2014, sendo que as cinco principais levaram, em média, 59 dias para serem resolvidas.

    Como evitar?

    Obviamente, há softwares de segurança desenvolvidos para proteger as empresas e dar os alertas em casos de comportamento suspeito, mas fica a pergunta: a equipe de segurança da informação está treinada e em número suficiente de colaboradores para atender a todas essas demandas? Levando em consideração que o alvo do ataque são os colaboradores, eles estão conscientes sobre os riscos e preparados para evitar os riscos desses dois tipos de ataque direcionado? 


    0 0

    Spear-phishing y watering hole usan el concepto de ingeniería social para invadir blancos corporativos. Vea como protegerse
    Twitter カードのスタイル: 
    summary

    por Vladimir Amarante

    Ataques direccionados basados en ingeniería social - técnica que busca conocer los hábitos de los colaboradores para facilitar la entrada de malwares o ganar acceso privilegiado - son una práctica creciente en todo el mundo. Ellos son formulados con foco en compañías específicas, centrando esfuerzos en grupos de usuarios determinados y utilizan como base el comportamiento de navegación en Internet y de comunicación para facilitar la invasión. Dos muy comunes son el spear-phishing y el watering hole.

    Evitar ese tipo de acción es un trabajo complejo, porque el invasor invierte tiempo y foco en la elaboración de una estrategia certera y discreta, basada en mucha investigación y persistencia. Sin embargo, eso no significa que sea una tarea imposible. Es importante, entonces, conocer bien al enemigo, para poder combatirlo.

    ¿Qué es spear-phishing?

    Por el spear-phising, el usuario recibe un correo electrónico que lo invita a pinchar un enlace malicioso. La diferencia en relación a las acciones masivas es que por el spear-phishing tanto el mensaje como la oferta son direccionadas para su perfil de actuación en la empresa. Un departamento de Recursos Humanos, por ejemplo, difícilmente va a negarse a abrir un currículo enviado en adjunto a un correo electrónico, de la misma forma que a un vendedor no le parecerá raro bajar una presentación institucional de un potencial cliente. En 2014, el mundo lidió con un promedio diario de 73 spear-phishing, según el Reporte de Amenazas de Seguridad en Internet, producido por Symantec con datos referentes a 2014.

    ¿Qué es watering hole?

    En ataques del tipo watering hole, los cibercriminales conocen el comportamiento de navegación en Internet de un grupo de usuarios e infectan los sitios web más visitados con enlaces o contenido maliciosos. La posibilidad de éxito aumenta, ya que las amenazas quedan "escondidas" en un ambiente aparentemente seguro.

    ¿Qué motiva las invasiones?

    Hay dos grandes motivaciones por tras de un ataque direccionado: o se trata de ganancia financiera - obtenida con el robo de informaciones contables, campañas de marketing, base de clientes, propiedad intelectual en general - o el foco es el ciberactivismo, sea porque el invasor quiere causar un perjuicio para la empresa o para ganar visibilidad.

    ¿Quiénes son los blancos?

    El estudio de Symantec muestra que colaboradores individuales (27%), pasantes (26%), directores (19%) y gerentes (6%) fueron blanco de al menos un ataque del tipo spear-phishing el año pasado. Por sector de actividad, manufactura (20%); servicios no tradicionales (20%); finanzas, seguros e inmuebles (18%); servicios profesionales (11%); y mayorista (10%) son las industrias más visadas por los invasores.

    ¿Cuáles son las puertas de entrada más comunes?

    Se puede entrar en la infraestructura corporativa mediante fallas de seguridad convencionales, no corregidas por falta de actualizaciones o configuraciones adecuadas, por ejemplo, pero vemos crecimiento del uso de la vulnerabilidad del tipo día cero, o zero-day - aquellas totalmente desconocidas por el mercado, todavía no catalogadas por los creadores del software o empresas de seguridad. Symantec identificó 24 vulnerabilidades de ese tipo en 2014, mientras las cinco principales llevaron, en promedio, 59 días en ser resueltas por los fabricantes y, quizás, más tiempo aún, por las empresas vulnerables.

    ¿Cómo evitar?

    Obviamente, hay softwares de seguridad desarrollados para proteger las empresas y dar las alertas en casos de comportamiento sospechoso o vulnerabilidades, pero queda la pregunta: ¿el equipo de seguridad de la información está entrenado y en número suficiente de colaboradores para atender todas esas demandas? Considerando que el blanco del ataque son los colaboradores, ¿ellos están conscientes acerca de los riesgos y preparados para evitar los riesgos de esos dos tipos de ataque direccionado?


    0 0

    Attackers can use .mp3 and .mp4 files to gain access to affected Android devices and install malware or steal information.

    続きを読む

    0 0

    NetBackup is Ready When You Are

    Congratulations to Microsoft for releasing Exchange 2016 today. We are very pleased to announce that NetBackup supports Microsoft Exchange 2016 today as well, on its first day of general availability. This announcement is a further demonstration of our commitment to protect the data, applications, and platforms you depend on to run your businesses, without delay.

    What does it mean to be agile in today’s business environment? One of the most important enablers of business agility is the IT organization. Rapidly taking advantage of new technologies can open up new opportunities and sharpen business processes to a fine point. Those who can most effectively leverage the latest market innovations will be one step ahead of the competition.

    Any seasoned IT professional knows how difficult it can be to roll out new technology. Many elements need to be planned for and tested together. One of the most important requirements is to ensure data will not be lost during the roll out. It is for this reason that a sound backup and recovery strategy is firmly in place before new technology can be rolled into production. Until the backup strategy is there, new technologies remain idle and business opportunities are squandered.

    For this reason, Veritas has placed a heavy emphasis on rapid support for new application platforms that are fundamental to IT. As Senior VP Ana Pinczuk said when we announced Day One support for VMware vSphere 6, “our team is committed to helping you move faster and take bigger risks knowing your information will be safe.”

    Click here for more information on support for Microsoft Exchange 2016 with NetBackup 7.7.1.


    0 0

    Symantec have released Symantec Endpoint Protection 12.1.6 MP2 on 1 October 2015.

    Product is available for download on FileConnect.

    Mac 10.11 OS Zero Day Support has been included.

    Release Notes and Fix Notes are available https://support.symantec.com/en_US/article.DOC9101.html


    0 0

    Android モバイル OS は、これまでに何度もその動作を大きく変えてきました。それは、ルート権限を取得していないデバイスに対するマルウェアの攻撃方法に影響を与えてきた歴史でもあります。

    続きを読む

    0 0

    圧縮ユーティリティに影響するリモートコード実行の脆弱性が新たに見つかりましたが、危険性は当初考えられていたより高くないようです。

    続きを読む

    0 0

    攻撃者が MP3 ファイルと MP4 ファイルを使うと、影響を受ける Android デバイスにアクセスして、マルウェアをインストールしたり情報を盗み出したりする恐れがあります。

    続きを読む

    0 0

    Linux.Wifatch は、ルーターや他の IoT デバイスに感染しますが、不思議なことに、侵入先のデバイスのセキュリティ強化に努めているようです。

    続きを読む

    0 0

    Hello Everyone,

    SEP 12.1 RU6 MP2 (12.1.6465.6200) is now available on Flexnet to download.

    RU6 MP2.jpg

    This version of Symantec Endpoint Protection includes new features in the following.

    System Requirements:

    • The Symantec Endpoint Protection client adds support for Mac OS X 10.11
    • Symantec Endpoint Protection Manager adds browser support for Google Chrome through 45.0.2454.99, and for  Firefox
      through 40.0.3

    Release Notes: http://www.symantec.com/docs/DOC9101

    Fix notes: http://www.symantec.com/docs/INFO2883

    System requirements: http://www.symantec.com/docs/TECH231877


    0 0

    Twitter カードのスタイル: 
    summary

    We have talked a lot about ECC (Elliptic Curve Cryptography) for the past year. Although the use of elliptic curves is not exactly new, their use in our industry is fairly recent: ECC is a new cryptographic algorithm used for key exchange and authentication purposes in the SSL/TLS protocols (see this previous blog article for more details). 

    It is expected that RSA – the current standard - will be replaced by ECC as its scalability is becoming an issue with the arrival of IoT (Internet of Things):  explosion in number of devices, machine to machine (M2M) communications, ever-growing amount of data transfers, etc.

    We expected this change to happen. This is why Symantec’s ECC roots have been added to all major root stores back in 2007. Most CAs followed years later.

    ECC, RSA and compatibility

    The reliability and performances of ECC no longer need to be demonstrated. However, a significant obstacle to the adoption of ECC lies on the lack of support for this relatively new algorithm in legacy products.  While all modern servers and browser fully support ECC, some legacy system will not trust ECC roots, or will not be able to support ECC at all.

    Browser compatibility (root ubiquity) as of today

    Client ECC Support Pure ECC ECC & RSA Hybrid
    PC

    Windows HP or older

    Not supported Not supported
      Windows Vista or newer Supported Supported
      Mac OSX V10.9 or newer V10.6 or newer
    Mobile Android Android 3.x or newer Android 4.0 or newer
      iOS iOS 7.x or newer iOS 3.x or newer
    Ecosystem Server to Server Depends on the customer environment Depends on the customer environment

    Current Server compatibility as of today

    Vendor Product ECC CSR ECC cert install
    Mircrosoft Win Server 2008 (IIS 7.0) or newer Supported Supported
    Apache, nginx OpenSSL 1.0.1e Supported Supported
    Oracle Sun Java System Web Server 7.0 Supported Supported
    F5 11.5 or newer Supported Supported
    IBM HTTP Server 8.0 + PM80235 Supported Supported
    Citrix Netscaler Not Supported Not Supported

    There are devices and systems that are unable to proceed with ECC due to a trust deficit due to the missing trusted ECC root certificate and it is not always possible to upgrade, change servers or switch to another application easily. To overcome this issue, Symantec has created a solution for devices and systems that can support ECC but don’t have ECC roots in their trust stores: hybrid ECC/RSA hybrid SSL certificates.

    Hybrid certificates use ECC for encryption and authentication but are chained to a well-trusted RSA root. Hybrid ECC/RSA certificates enable you to benefit from the best protection for your current infrastructure and mitigate potential compatibility issues at the same time.

    How does it work?

    It’s fairly simple: when you enroll, we give you the choice between a full ECC certification chain (fig.1) and a hybrid ECC/RSA certification chain (fig.2). The full ECC chain comprises of your ECC SSL certificate, signed by an ECC intermediate, signed by an ECC root.

    ECC - RSA chains-01.jpeg

    Fig. 1:full ECC chain

    In order to offer hybrid RSA/ECC certificates, we have created a new ECC intermediate signed by an RSA root. This intermediate can be installed as direct intermediate, or as a cross certificate to a full ECC chain.

    The direct intermediate is the solution we recommend. You benefit from ECC encryption for your infrastructure, while using a globally trusted RSA root.

    ECC - RSA chains-02.jpeg

    Fig.2: hybrid ECC/RSA chain

    If you are unsure which certification path is made for you, or if you have questions or concerns, please contact us! We are happy to help and to advise.


    0 0

    Twitter カードのスタイル: 
    summary

    Yesterday, on October 8, 2015, a team of international cryptography researchers announced a significant improvement in practical attacks against the SHA-1 hash function, which is used in many contexts including the TLS protocol and TLS certificate signatures. SHA-1 became the most commonly used hash algorithm in certificates of all kinds when the industry moved away from the MD5 hash algorithm several years ago.

    The risk is that with enough computing power, an attacker can exploit practical attacks against the SHA-1 hash function to craft a fake certificate that in all key respects appears to be signed by a public Certification Authority (it cryptographically chains up to a Certification Authority’s root certificate). These researchers estimate that it would cost between $75K USD and $120K USD to acquire the necessary computing power to launch such an attack – a dollar figure considered very low for many of today’s advanced cyber-criminals. This doesn’t mean that your website is suddenly insecure, but it certainly is a wake-up call.

    For the past several years, Symantec has been migrating customers to certificates using the SHA-2 algorithm (which the researchers pointed out is not vulnerable to this type of attack). The vast majority of our customers have already migrated to SHA-2 certificates and are not at risk from this type of attack announced by the researchers.

    However, some of Symantec’s largest enterprise customers recently told us that due to the sheer number of certificates to upgrade, they would not be able to complete the transition to SHA-2 before the CA/Browser Forum SHA-1 issuance deadline of January 1, 2016. To assist these customers, Symantec recently proposed a ballot to relax the issuance requirement, moving the issuance deadline back to January 1, 2017. However, in light of this new research detailing that the risk is much higher than previously believed, we plan to withdraw the ballot. We will continue to work with these customers to find alternatives that might work for them.

    The researchers urged everyone to migrate to SHA-2 certificates as soon as possible. The current policy of most browsers stipulates that they will completely reject SHA-1 TLS certificates on January 1, 2017. However, in light of these new findings, it’s highly possible that deadline may be accelerated. If you’re still using SHA-1 certificates, you should accelerate your plans to replace them with SHA-2 certificates. All modern browsers, mobile devices and desktop operating systems support SHA-2, so the transition should be straightforward for nearly everyone.

    We recommend the following:

    1. Check to see if your certificate uses SHA-1 with the free Symantec CryptoReport: https://cryptoreport.websecurity.symantec.com
    2. Login into your account, identify any SHA-1 certificates and replace them with SHA-256. Symantec customers can always replace their certificates for free.
    3. Install your new certificate on your server and check your installation with CryptoReport.

    If you need help, Symantec certificates and Complete Website Security products come with 24/7 technical support included. 


    0 0

    The Problem

    When Using Servicedesk, I wanted to add some primary contact information on the Advanced Tech Feeder form, in some open space on the form.  The form does not by default render info like "Domain/Username".  When I attempted to place and retrieve the correct data, the form displayed the selected AD contact info as "NOT FOUND".  

    The Why

    I was attempting to retrieve the data contained from the FullContactInfo variable, but in that variable, the ADLoginname variable was found to be blank.  That is because it was not mapped to the correct variable.  Instead of being mapped to the "SelectedUser.ActiveDirectoryLoginname" variable, it was mapped to "GetUserDetailsComponentResults.Adloginname"

    The How - to make it all better:

    To resolve this issue, the data mapping must be changed:

    1. Open the advanced Tech feeder form
    2. Open the Create Incident Form
    3. Next to the Select User field, choose the magnifying glass option
    4. Open the USer Interaction Tab, and click the ellipsis to open the model
    5. Find the Single Value Mapping component named Full Contact Info. Double 
    Click on it
    6. Click the Ellipsis to open the data Mapping
    7. The right-side User.ActiveDirectoryLoginname variable is currently mapped 
    to GetUserDetailsComponentResults.Adloginname.  
    8. Change that mapping from GetUserDetailsComponentResults.Adloginname to 
    SelectedUser.ActiveDirectoryLoginname. 

    This captures the AD information for the Primary User contact correctly.


    0 0

    Android.Lockdroid.E uses Google’s design principles and a popular open-source project to trick users into paying its ransom.

    続きを読む

    0 0

    日本国内のプリンタなどの機器販売業者から送信された注文確認に偽装した偽メールが、Infostealer.Shiz を拡散しています。心当たりのないメールには十分に警戒してください。

    続きを読む

    0 0

    Android.Lockdroid.E は、Google のデザイン言語とオープンソースプロジェクトを利用して、身代金を支払うようユーザーを欺こうとしています。

    続きを読む

older | 1 | .... | 168 | 169 | (Page 170) | 171 | 172 | .... | 254 | newer