Author: nlqip
In the Ramnit configuration, there were a number of targets that didn’t belong to a particular company or website: Instead, there were several words in French, Italian, and English. This is an innovation we have not seen in previous Ramnit configurations. It appears as though the Ramnit authors cast a wider net in hopes of…
Read MoreThere's often a gap between what we say we need for an effective security posture, and what we actually do. Examining the gaps between "best practices" and reality helps us get to more tangible results. Source link lol
Read MoreThe table in Figure 4 shows the top 50 ASNs attacking Australia from Dec 1, 2018 to March 1, 2019 in order of highest to lowest number of attacks. Interestingly, these top 50 networks were split fifty-fifty between ISPs and hosting companies whereas the company types attacking other regions lean heavier towards ISPs. For comparison,…
Read MorePanda’s target list includes two productivity web applications that use Ajax. This is notable because unlike web applications that execute completely on a server, Ajax applications utilize functions across both the client and the server. This extends the possible attack surface, and allows for more opportunities to potentially inject malicious code, steal sessions/authentication tokens, or…
Read MoreThe discovery of a significant container-based (runc) exploit sent shudders across the Internet. Exploitation of CVE-2019-5736 can be achieved with “minimal user interaction” it subsequently allows attackers to gain root-level code execution on the host. Scary, to be sure. Scarier, however, is that the minimal user interaction was made easier by failure to follow a…
Read MoreThe following table summarizes the vulnerability impact for each of the tested HTTP/2 implementations: Tested Webserver Test result Mitigation applied following disclosure Apache httpd Stops responding to new requests. The connection never timed out. Patched and allocated CVE-2018-11763 NGINX Consumes 100% of the server CPU resources and makes NGINX respond slower to incoming connections. The…
Read MoreConclusion Banking trojans—malware designed to attack the customers of financial institutions and engage in fraudulent activity when they log into a target bank—are just as effective now as they were a decade ago. One reason is because malware authors are good at evading detection, and many organizations have yet to implement web fraud prevention systems…
Read MoreAs it’s been said, we’re trying to have a civilization here. So, what is the foundation of a society? Is it the economy? Personal relationships? Employment? Institutions like a legal system or a free press? I would argue that the cornerstone underlying all of those is trust—and trust’s corollary, reputation. Because nothing really works without…
Read MoreThe table in Figure 4 shows the top 50 ASNs attacking US systems from Dec 1, 2018 to March 1, 2019 in order of highest to lowest number of attacks, the majority of which were ISPs. Interestingly, there are more ASNs on this list from India then any other country, followed by Russia. Three of…
Read MoreOracle WebLogic WLS Security Component RCE (CVE-2019-2725) On April 21, 2019, information regarding a deserialization vulnerability in Oracle WebLogic Server was published by KnownSec 404 Team. According to the CVE, the vulnerability exists in the Web Services subcomponent of Oracle WebLogic. Similar to the previous Oracle WebLogic vulnerability discussed above, this new vulnerability also stems…
Read More