DANGER: Unpatched Microsoft DNS servers

Source: https://www.engadget.com/check-point-sigred-microsoft-dns-exploit-200027095.html

Microsoft is patching a dangerous Windows DNS Server exploit

SigRed is a dangerous flaw that should be patched immediately.Security researchers have discovered a serious flaw in Windows’ Domain Name System software that users must patch immediately. Sagi Tzaik from Check Point found a way to run malicious code which can be used to hijack websites, intercept emails, steal private information and take sites offline. Microsoft has already acknowledged the issue and has issued a fix in today’s Patch Tuesday update, which it urges all users to download immediately.

The vulnerability has been codenamed SigRed and Check Point says it affects Windows Server versions from 2003 to 2019. Microsoft said that the flaw is “wormable,” enabling hackers to take over multiple machines at once and causing large amounts of damage. That’s especially a risk for big corporate customers that run their own platforms, especially since the exploit is fairly easy to

take advantage of.

Photo shows a 5 minute DNSlog of the actual attacks against BNS DNS server:

.Image may contain: text

A suggested quick Registry edit is as follows:
https://support.microsoft.com/en-us/help/4569509/windows-dns-server-remote-code-execution-vulnerability

Workaround


Important
Follow the steps in this section carefully. Serious problems might occur if you modify the registry incorrectly. Before you modify it, back up the registry for restoration in case problems occur.

To work around this vulnerability, make the following registry change to restrict the size of the largest inbound TCP-based DNS response packet that’s allowed:

Subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters 

Value: TcpReceivePacketSize

Type: DWORD 

Value data: 0xFF00

Notes

  • The default (also maximum) Value data = 0xFFFF.
  • The recommended Value data = 0xFF00 (255 bytes less than the maximum).
  • You must restart the DNS Service for the registry change to take effect. To do this, run the following command at an elevated command prompt:

net stop dns && net start dns

After the workaround is implemented, a Windows DNS server will be unable to resolve DNS names for its clients if the DNS response from the upstream server is larger than 65,280 bytes.

Important information about this workaround

TCP-based DNS response packets that exceed the recommended value will be dropped without error. Therefore, it is possible that some queries might not be answered. This could cause an unanticipated failure. A DNS server will be negatively impacted by this workaround only if it receives valid TCP responses that are greater than allowed in the previous mitigation (more than 65,280 bytes).

The reduced value is unlikely to affect standard deployments or recursive queries. However, a non-standard use-case may exist in a given environment. To determine whether the server implementation will be adversely affected by this workaround, you should enable diagnostic logging, and capture a sample set that is representative of your typical business flow. Then, you will have to review the log files to identify the presence of anomalously large TCP response packets

Internship

Bitstop, BNSHosting and TechCare are now accepting limited number of students for their GREAT summer internship program. NO internship FEEs will be charged (except for the required insurance).

Requirements:
1. You must belong to the top 10% of your class (endorsed by your school)
2. You must be prepared to do 8 hours of work a day for at least 2 months.
3. You have *drive* to explore and expand your horizons by doing new things.

Please share with your friends and families for this opportunity to learn and gain experience.

Interested parties should email us to team@bnshosting.net.

Certificates of attendance and appreciation for wordpress optimization workshop

Certificates of attendance and appreciation for wordpress optimization workshop conducted on January 25, 2020 @Bitstop Network Services, inc.

Have you heard of Foreman?

What is Foreman?

Foreman is an open source project that helps system administrators manage servers throughout their lifecycle, from provisioning and configuration to orchestration and monitoring. Provisioning support gives you easy control of setting up new servers, and using configuration management (Puppet, Ansible, Chef and Salt are supported), you can easily automate repetitive tasks. With Foreman, you can quickly deploy applications, and proactively manage change, both on-premise with VMs and bare-metal or in the cloud. Foreman scales well to multiple locations (offices, data centres, etc) and multiple organisations, allowing you to grow without losing your single source of infrastructure truth.

Read More

Failure to Patch caused Travelex to shutdown

Image result for ransomware travelex

Background

Infosecurity Magazine reports that currency exchange bureau Travelex was hit by a new year’s eve cyber attack. This attack disrupted UK bank customers.  Travelex took all of its system offline as a precaution. They identified the culprit as Sodinokibi (REvil).  Travelex has been unable to resume normal operations since the attack.

Meanwhile, Soidnokibi creators says that “Travelex will pay, One way or another”. The attackers are applying pressure to pay a multi-million dollar ransom by stating that they will release or sell stolen data that allegedly contains Travelex’ customer personal data.

How did this happen?  Read More

WordPress Site Optimization by Tzar Umang

Wordpress Site Optimization
WordPress Site Optimization

Learn how Tzar Umang dealt with a WordPress site, whose size was around 5GB to eventually load in 2 seconds!

Tzar will share with the participants the tools that he used:

1. WP Rocket
2. Auto-optimize
3. Imagify.io (ultra compression)

Server Side:
1. PHP Compress – cPanel
2. Content Delivery // Packet Compression (made with python)

To reserve your slot, kindly register for the FREE event here.

Increased Vigilance Urged in Spillover of US-IRAN conflict on cyber arena

Image may contain: one or more people

Here are some primer and tips from the US Homeland Security on securing your network against potential collateral attacks and damage brought on by the US-Iran conflict.

Alert (AA20-006A)
Potential for Iranian Cyber Response to U.S. Military Strike in Baghdad

Recommended Actions

The following is a composite of actionable technical recommendations for IT professionals and providers to reduce their overall vulnerability. These recommendations are not exhaustive; rather they focus on the actions that will likely have the highest return on investment. In general, CISA recommends two courses of action in the face of potential threat from Iranian actors: 1) vulnerability mitigation and 2) incident preparation.

  1. Disable all unnecessary ports and protocols. Review network security device logs and determine whether to shut off unnecessary ports and protocols. Monitor common ports and protocols for command and control activity.
  2. Enhance monitoring of network and email traffic. Review network signatures and indicators for focused operations activities, monitor for new phishing themes and adjust email rules accordingly, and follow best practices of restricting attachments via email or other mechanisms.
  3. Patch externally facing equipment. Focus on patching critical and high vulnerabilities that allow for remote code execution or denial of service on externally facing equipment.
  4. Log and limit usage of PowerShell. Limit the usage of PowerShell to only users and accounts that need it, enable code signing of PowerShell scripts, and enable logging of all PowerShell commands.
  5. Ensure backups are up to date and stored in an easily retrievable location that is air-gapped from the organizational network.

Patterns of Publicly Known Iranian Advanced Persistent Threats

Read More

WordPress TOOL to erase Personal Data

WordPress 4.9.6 included a feature to delete a user’s personal data upon verified request. Deleted data is permanently removed from the database. Erasure requests cannot be reversed after they have been confirmed.

Basic Usage

Erase Personal Data tool uses email validation to send a user’s request to an administrator.

1. Select Tools -> Erase Personal Data from Administration Screens.

Erase Personal Data Screen

Read More