- Upgrade your Cisco ASA to the below versions: (Depend on your Cisco ASA support which version)9.16.4.579.18.4.229.20.2.10
- Check your firewall log or SIEM to see if there are any IOC IP hit your log.
Friday, April 26, 2024
Hackers backdoored Cisco ASA devices via two zero-days (CVE-2024-20353, CVE-2024-20359)
Wednesday, April 24, 2024
H3C firewall SSL weak cipher
Nessus vulnerability scan report about H3C firewall SSL weak cipher
Go to "Objects" -> "SSL" -> "SSL Server Policies"
You will found that even you select "TLS 1.2" and Cipher suites "High level":
SSL_RSA_with_AES_128_CBC_SHA
SSL_RSA_with_AES_256_CBC_SHA
You still false in the security scanning report and it will show weak cipher.
Solution:
Use the following 4 Cipher:
https://www.tenable.com/plugins/nessus/156899
After change the cipher under firewall GUI, then SSH to the firewall
> system-view
] undo ip https enable
] ip https enable
] save force
] exit
>
H3C firewall SSL weak cipher
Saturday, April 20, 2024
H3C Firewall Change admin portal certificate
H3C Firewall Change admin portal certificate
Wednesday, April 17, 2024
Install certificates on Symantec Messaging Gateway (SMG)
- the private key included in the PEM file
- a CSR that already exists in the SMG
Install certificates on Symantec Messaging Gateway (SMG)
Tuesday, April 16, 2024
Free TI feed - rules.emergingthreats.net
Oracle JRE and JDK replacement
Azul Zulu OpenJDK 11 is a good choice.If your computer does not have any existing Java SE installed, it is suggested that you can download and install Azul Zulu OpenJDK 11 from the Zulu Community
Oracle JRE and JDK replacement
The 2 amber lights followed by 4 white lights on a DELL Latitude Laptop
1. Reseat the Original Memory: If applicable to your model, reseat the original memory module in the system. Sometimes, reseating the RAM can resolve the issue.
2. Check for Damaged RAM: If reseating the RAM doesn't work, consider checking for any visible damage to the RAM sticks. If they appear damaged, you may need to replace them.
3. Firmware Updates: Ensure that your system's firmware (BIOS) is up to date. Sometimes, updating the firmware can resolve hardware-related issues.
The 2 amber lights followed by 4 white lights on a DELL Latitude Laptop
Wednesday, April 10, 2024
Fortinet SSL VPN - SSL Certificate expired and you need to bypass tempoarilty
Configure SSL VPN to Not Require Certificates
Go to VPN > SSL > Settings > and un-check Require Client Certificate.
Fortinet SSL VPN - SSL Certificate expired and you need to bypass tempoarilty
Thursday, April 4, 2024
Broadcom SMG - Upgrade to SGOS and Advanced Secure Gateway 7.3.19.1
Support Content Notification - Support Portal - Broadcom support portal
Broadcom SMG - Upgrade to SGOS and Advanced Secure Gateway 7.3.19.1
Tuesday, April 2, 2024
Use Symantec Endpoint Protection to run the YARA rules to scan Linux servers for CVE-2024-3094
Use Symantec Endpoint Protection to run the YARA rules to scan Linux servers for CVE-2024-3094
Saturday, March 30, 2024
Supply Chain Attack - cve-2024-3094 - CVSS 10 - xz-utils package
Supply Chain Attack - cve-2024-3094 - CVSS 10 - xz-utils package
Thursday, March 28, 2024
Broadcom (Symantec) SEP 14.3 RU6 bug cause Linux hang up
If you plan to upgrade to 14.3 RU8 to resolve this issue.Before you upgrade to 14.3 RU8,you need to check the Kernel version is it on support list.https://linux-repo.us.securitycloud.symantec.com/SAL/1.3/seplinux_supported_kernels.htmlAfter the upgrade, you should to follow the following steps to check:(A scheduled downtime is required)
Broadcom (Symantec) SEP 14.3 RU6 bug cause Linux hang up
Thursday, March 21, 2024
Tencent Cloud VPC firewall engine upgrade
Tencent Cloud VPC firewall engine upgrade
Fortinet Fortigate Firewall Enable IPS
Fortinet Fortigate Firewall Enable IPS
Wednesday, March 13, 2024
Aruba AP running on 10.4.0.2 or above hit a horrible bug which is rebooted unexpectedly
Aruba AP running on 10.4.0.2 or above hit a horrible bug which is rebooted unexpectedly
Friday, March 8, 2024
Cisco Firepower Firewall 1000 series - ASA code and FTD code relationship
Cisco Firepower Firewall 1000 series - ASA code and FTD code relationship
H3C Security Management Platform - Firewall Management like Fortimanager
H3C Security Management Platform - Firewall Management like Fortimanager
Hillstone A Series NGFW Highlight and resource
- High performance
- Full security protection
- SD-WAN ready
- ZTNA ready
- Twin-mode for Active-Active data center
- Load balancing(Link, server)
- Advance Qos(iQOS)
- Intelligent Threat Detection in Encrypted Traffic Without Decryption
- ML-based Food Protection Baseline Establishment
- Smart policy operation(policy auto-learning, policy auditing, policy hit analysis, redundancy check, log visibility, hotfix support)
Hillstone A Series NGFW Highlight and resource
Tuesday, March 5, 2024
How to resolve the login failed after Cisco Anyconnect client update via Cisco ASA connection
How to resolve the login failed after Cisco Anyconnect client update via Cisco ASA connection
Broadcom Edge Secure Web Gateway (SWG)
Broadcom Edge Secure Web Gateway (SWG)
SVR cyber actors adapt tactics for initial cloud access
SVR cyber actors adapt tactics for initial cloud access
Friday, March 1, 2024
Symantec Endpoint Protection (SEP) being restarted automatically on Linux
systemctl stop sisamddaemon
systemctl disable sisamddaemonThe SEP will restart itself later.
Symantec Endpoint Protection (SEP) being restarted automatically on Linux
How to enable Cisco ASA anyconect client upgrade when they installed early version and connect to Cisco ASA firewall?
How to enable Cisco ASA anyconect client upgrade when they installed early version and connect to Cisco ASA firewall?
Monday, February 26, 2024
Broadcom Symantec Messaging Gateway Version Upgrade
Broadcom Symantec Messaging Gateway Version Upgrade
The NSFOCUS SAS-H which is hardware end of support and it is not support Edge. You need to use IE mode on Edge to access.
The NSFOCUS SAS-H which is hardware end of support and it is not support Edge. You need to use IE mode on Edge to access.
Using different proxy for individual broswering via broswer shortcut
Using different proxy for individual broswering via broswer shortcut
Sunday, February 25, 2024
Cannot visible the files and folder copy by robocopy (It is visible in old machine)
Cannot visible the files and folder copy by robocopy (It is visible in old machine)
Full data backup from C Drive to external USB driver by using Robocopy
Full data backup from C Drive to external USB driver by using Robocopy
Migrate Broadcom Symantec Messaging Gateway from physical to virtual appliance with different hostname and IP address
Migrate Broadcom Symantec Messaging Gateway from physical to virtual appliance with different hostname and IP address
Saturday, February 24, 2024
Prepare for NTLM disable in your domain environment
Microsoft has made an announcement stating that the NTLM authentication protocol will be disabled in Windows 11. Instead, it will be replaced by Kerberos, which is currently the default authentication protocol in Windows versions above Windows 2000.
https://petri.com/microsoft-disable-ntlm-windows-11/
To prepare for this change is coming, you can enable a GPO to audit what application is using NTLM I n your environment and also what version of NTLM still using?
https://superuser.com/questions/1694421/how-can-i-find-out-what-is-using-ntlm-in-my-environment
https://4sysops.com/archives/auditing-and-restricting-ntlm-authentication-using-group-policy/
Prepare for NTLM disable in your domain environment