Home Tags Transmission Control Protocol (TCP)

Tag: Transmission Control Protocol (TCP)

Schroedinger’s Pet(ya)

Earlier today (June 27th), we received reports about a new wave of ransomware attacks spreading around the world, primarily targeting businesses in Ukraine, Russia and Western Europe. Our investigation is ongoing and our findings are far from final at this time.

Despite rampant public speculation, the following is what we can confirm from our independent analysis.

Cisco FirePOWER System Software SSL Logging Denial of Service Vulnerability

A vulnerability in the logging configuration of Secure Sockets Layernbsp;(SSL) policies for Cisconbsp;FirePOWER System Software could allow an unauthenticated, remote attacker to cause a denial of servicenbsp;(DoS) condition due...

The Fundamental Flaw in TCP/IP: Connecting Everything

Almost 30 years after its inception, it's time to fix the engine that both fuels the modern day Internet and is the root cause of its most vexing security challenges.

WannaCry FAQ: What you need to know today

Friday May 12th marked the start of the dizzying madness that has been ‘WannaCryrsquo;, the largest ransomware infection in history.

Defenders have been running around trying to understand the malwarersquo;s capabilities.
In the process, a lot of wires have gotten crossed and we figured itrsquo;s time to sit down and set the record straight on what we know, what we wish we knew, and what the near future might hold for us going forward.

Linkerd 1.0 helps cloud services communicate

Linkerd, providing an enterprise-level open source service mesh for cloud-native applications, has moved to a 1.0 release.Offered by cloud software provider Buoyant, the mesh adds service discovery, load balancing, failure handling, instrumentation, and routing to all interservice communication.[ InfoWorld's quick guide: Digital Transformation and the Agile Enterprise. | Download InfoWorld’s essential guide to microservices and learn how to create modern web and mobile applications that scale. ] Bouyant describes a service mesh as a dedicated infrastructure layer for safe, fast, and reliable service-to-service communication, sitting as a layer of abstraction above TCP/IP.
It's responsible for delivering requests through a complex topology of services in a cloud-native application, said William Morgan of Buoyant.To read this article in full or to leave a comment, please click here

TCP/IP headers leak info about what you’re watching on Netflix

Not even HTTPS can hide your secret Gilmore Girls fetish An infosec educator from the United States Military Academy at West Point have taken a look at Netflix's HTTPS implementation, and reckons all he needs to know what programs you like is a bit of passive traffic capture.…

VU#214283: Commvault Edge contains a buffer overflow vulnerability

Commvault Edge,version 11 SP6(11.80.50.0),is vulnerable to a stack-based buffer overflow vulnerability.

Nginx JavaScript is ready for prime time

Nginx has upgraded its web server and load balancer to take advantage of its JavaScript implementation. The company on Tuesday debuts Nginx Plus R12, the commercially supported version of its technology.

This release moves NginScript, a JavaScript-...

Cisco ASA Clientless SSL VPN CIFS Heap Overflow Vulnerability

A vulnerability in Common Internet Filesystem (CIFS) code in the Clientless SSL VPN functionality of Cisco ASA Software could allow an authenticated, remote attacker to cause a heap overflow. The vulnerability is due to insufficie...

Fileless attacks against enterprise networks

This threat was originally discovered by a bank’s security team, after detecting Meterpreter code inside the physical memory of a domain controller (DC). Kaspersky Lab participated in the forensic analysis, discovering the use of PowerShell scripts within the Windows registry.

Additionally it was discovered that the NETSH utility as used for tunnelling traffic from the victim’s host to the attacker´s C2.

VU#867968: Microsoft Windows SMB Tree Connect Response denial of service vulnerability

Microsoft Windows contains a memory corruption bug in the handling of SMB traffic,which may allow a remote,unauthenticated attacker to cause a denial of service on a vulnerable system.

Kill it with fire: US-CERT urges admins to firewall off Windows...

Shadow Brokers may have loosed a zero-day so you're better safe than sorry The US computer emergency readiness team is recommending organisations ditch old versions of the Windows SMB protocol and firewall off access to file servers – after a potential zero-day exploit was released by the Shadow Brokers hacking group. The call from the US security clearing house does not name the Shadow Brokers as the cause of its warning, only that its advice follows public reporting of a potential Server Message Block (SMB) vulnerability. Last year, the Shadow Brokers dumped online a cache of hacking tools from the NSA's Equation Group that attack vulnerabilities in products from major technology vendors.

The exploits were touted in a staggeringly expensive online auction. That auction, as expected, flopped. Last week, the Shadow Brokers dropped online a further cache of offensive tools for free as a parting gift: the crew is slipping off into retirement.

The group's collection of Windows exploits remains for sale, however: that download includes what's claimed to be an exploit targeting a Windows SMB zero-day vulnerability.

That SMB flaw remains unconfirmed thanks to the exploit's US$200,000-plus asking price. [250 BTC. 1 BTC = US$915 at the time of writing – ed.] US-CERT says administrators should disable SMB version one and block all SMB traffic at network boundaries as a precaution. "In response to public reporting of a potential Server Message Block vulnerability, US-CERT is providing known best practices related to SMB," it says in an advisory. "This service is universally available for Windows systems, and legacy versions of SMB protocols could allow a remote attacker to obtain sensitive information from affected systems." The team recommends administrators: Disable SMB v1. US-CERT cautions users and administrators of potential issues that could be created by disabling SMB v1. Microsoft has been urging people to get off SMB v1 for ages. Block all versions of SMB at the network boundary by blocking TCP port 445 with related protocols on UDP ports 137-138 and TCP port 139, for all boundary devices. For more information on securing SMB, you should check out Microsoft's advisories 2696547 and 204279. ® Sponsored: Flash enters the mainstream.
Visit The Register's storage hub