OSI Security - Penetration Testing & Web Application Security Consultants
  • Home
  • Try
  • Pricing
  • Services
    • Managed Monthly Penetration Testing Service
    • Managed Quarterly Penetration Testing Service
    • Email Security Review
    • Request a quote for Penetration Testing
    • Bug Bounty Penetration Test
    • Remote Support
  • Solutions
  • Company
    • Advisories
    • Customers
    • News and Press Releases
    • Blog
    • Contact
    • Careers
  • Home
  • Try
  • Pricing
  • Services
    • Managed Monthly Penetration Testing Service
    • Managed Quarterly Penetration Testing Service
    • Email Security Review
    • Request a quote for Penetration Testing
    • Bug Bounty Penetration Test
    • Remote Support
  • Solutions
  • Company
    • Advisories
    • Customers
    • News and Press Releases
    • Blog
    • Contact
    • Careers

Samba SMB remote code execution vulnerability

26/5/2017

 
Please be aware there is a Samba remote code execution vulnerability that has been published today in Metasploit and mass exploitation is likely to follow or be used to self-propagate in the form of a worm.

The vulnerability affects all versions of Samba over the past 7 years, the open source Unix/Linux implementation of the Microsoft File and Print Sharing service, and a patch was released yesterday.

The vulnerability is triggered by connecting to a writeable file share (it can be abused as an anonymous user or with credentials) then uploading a Unix .so shared object file which is then executed on the server.

Many Linux and Unix based operating systems are vulnerable, as are products like NAS (Network Attached Storage) file servers such as Synology, mediacentres and modems etc.

CVE-2017-7494 has been assigned to this issue and reports indicate over 100,000 internet accessible systems are currently vulnerable.
​
If you are unable to patch immediately, the vulnerable feature can be disabled by setting the 'nt pipe support = no' directive within the /etc/samba/smb.conf file and restarting the service.

Cyber Security on the Cheap

18/5/2017

 
The words ‘Security’ and ‘Cheap’ often instantly arouse suspicion. It will quickly make people question if the product/service being advertised really will secure their assets, as needed. This article however, is not trying to necessarily sell any product, but more just to give advice on what companies can do to mitigate threats to their organisation no matter their financial state.

User Level Security:
For years good practices have been talked about and encouraged in organisations; however, in reality people still don’t follow these recommendations. The best example of this is passwords. Passwords are difficult enough to remember when they’re just a passphrase with a 1 on the end, so when it comes to a random series of different numbers, letters, upper and lower-case characters, it becomes almost impossible to remember. So what is the next logical solution? To write the password down on a sticky note on your computer. All this has done is changed the threat from IT Security to Physical Security. The recommendation for this would be a password vault stored on the user’s computer such as LastPass or KeePass, so that you can store passwords without having to write them down. Be careful to keep an eye out for the latest threats to these programs, and keep them regularly updated, to minimise threats.

Hire a Professional:
This immediately sounds expensive, as industry rates can range from $2000 - $4000 per day. But keep an eye out as there are other companies around that offer competitive rates to this, and still offer a quality service. Using existing IT Staff to look for issues is not as ideal as hiring a Security Expert, but it is definitely not a bad idea. Asking IT Staff to keep systems updated, to shutdown unused ports, and to monitor traffic are all good methods of this.

Software:
Not all good software is expensive. In fact a lot of good open-source security tools can be found online, and installed on a variety of operating systems. If Linux is not an issue to use Kali Linux by Offensive Security, and the Security Onion are great Linux distributions, containing collections of useful open-source security software. Kali Linux comes with lots of software geared at testing security by attempting to break it, while the Security Onion comes with software geared at monitoring and detecting such behaviour.

These are just some of the ways you can mitigate threats to your organisation, no matter the size or the budget. Security is not for the rich, it’s for whoever desires it, and is willing to take steps to improve the security for themselves, or for their organisation.

Hiding Oracle WebLogic HTTP Server version numbers

16/5/2017

 
Oracle / BEA WebLogic HTTP web servers will respond to client requests with a Server HTTP header which reveals the version running which may aid an attacker in using targeted exploits.

To hide the version number, modify the configuration XML file such as config.xml and set the directive ‘ServerSignature’ to ‘Off’.

Hiding the Play! Framework HTTP Server header and version number

16/5/2017

 
By default the Play! Framework web service will disclose the version number used which can aid an attacker in conducting targeted attacks using known vulnerabilities.

To hide the version number, modify the conf/application.conf file and set the directive http.exposePlayServer to equal ‘false’.

Adding HTTP Strict-Transport-Security to the nginx web server

16/5/2017

 
The HTTP Strict-Transport-Security standard (HSTS) is a HTTP server header sent by SSL/TLS enabled websites to prevent communication over HTTP in order to protect content and authentication cookies from interception or alteration.

To enable this header on the nginx web server, modify the nginx.conf file. Within the server block, find and edit the location block and set the "add_header" directive with a value of e.g. Strict-Transport-Security "max-age=31536000"; (for 365 days).

E.g:

server {
 location / {
  add_header Strict-Transport-Security "max-age=31536000";
​ }
​}

Microsoft Malware Protection remote code execution

10/5/2017

 
Dear clients,

This is a quick email to alert you about a newly disclosed vulnerability that affects all Microsoft operating systems from Windows 7 to Server 2016.

The vulnerability is present within the Malware Protection engine that runs as the SYSTEM superuser.
The detailed vulnerability report by the Google Security team is now public with proof of concept code. To summarise, the vulnerability results in remote code execution and can be triggered on any system which scans a vulnerability triggering text string or file.
Exploitation scenarios include:
  • Exchange receiving an incoming or outgoing email.
  • Reading an email on a desktop.
  • Visiting a website.
  • The malicious file being uploaded to a server (such as Sharepoint, FTP, IIS webserver or network File Share)
  • Opening the file or saving it to disk.
Products affected include:
  • Microsoft Forefront Endpoint Protection 2010
  • Microsoft Endpoint Protection
  • Microsoft Forefront Security for SharePoint Service Pack 3
  • Microsoft System Center Endpoint Protection
  • Microsoft Security Essentials
  • Windows Defender for Windows 7
  • Windows Defender for Windows 8.1
  • Windows Defender for Windows RT 8.1
  • Windows Defender for Windows 10, Windows 10 1511, Windows 10 1607, Windows Server 2016, Windows 10 1703
  • Windows Intune Endpoint Protection
Microsoft has released Security Update for Microsoft Malware Protection Engine to address this issue.

Ensure the Microsoft Malware Protection Engine is able to receive the latest updates and threat definitions to resolve this issue.
​
It is also worth mentioning that another Microsoft vulnerability has been found by the Google Security team which has not yet been made public or patched. The issue is rumoured to affect all versions of Microsoft Windows and is remotely exploitable and wormable and may affect the TCP/IP implementation which would also bypass the Windows firewall.
We will send another alert when details become public.
    View my profile on LinkedIn

    Archives

    September 2017
    August 2017
    July 2017
    June 2017
    May 2017
    April 2017
    December 2015
    August 2015
    April 2014
    May 2013
    April 2013
    July 2012
    May 2012
    November 2011
    August 2011
    July 2011
    February 2011
    January 2011
    October 2010
    August 2010
    June 2010

    Categories

    All
    Apache
    Backdoor
    Best Practice
    Configuration
    Credentials
    Desktop
    DNS
    Encryption
    Exploit
    Firewall
    Hardening
    HTTP
    HTTP/S
    IDS
    Information Disclosure
    Linux
    Malware
    Man-in-the-middle
    Newsletter
    Patch
    Policy
    Samba
    Server
    Service
    SMB
    SMTP
    Unix
    VPN
    Vulnerability
    Web Browser
    Web Server
    Zero Day

    RSS Feed

NSW Government ICT Services (SCM0020) approved supplier
OSI Security is an approved supplier to the Victorian Government
OSI Security is an approved supplier to the Queensland Government
OSI Security is an approved supplier to the New Zealand Government
Picture
External Penetration Testing
Managed Security Services
​Source Code Review
Web Application Security Testing
Firewall Configuration and Rulesets
WiFi Access Point and Client Auditing
Forensics and Data Recovery
System Hardening and Configuration
Metasploit Pro
Tenable Nessus
Acunetix Web Scanner
Nexpose Vulnerability
Secunia Software Inspection
Elcomsoft Password Cracking
PortSwigger BurpSuite
HP Fortify
 
Contact
Clients
Advisories
Privacy policy
​
Ethics Statement
Disclosure Policy
OSI SECURITY ACN 144 579 751 © 2010 - 2025.
​ALL RIGHTS RESERVED. SYDNEY, AUSTRALIA.
Join newsletter

Picture

OSI Security is proud to support a number of recognised charities, development projects and industry groups...

The Australian Computer Museum Society Incorporated
Hackers Helping Hackers
sqlmap.org
Metasploit Framework
2600-AU Australia