Tag: Client-side Attacks
The number of Mirai scanner systems across the world decreased slightly from December 2017 to June 2018. There is less concentration of scanner systems in North America, South America, and Asia in June 2018 versus December 2017. Europe is the only region where Mirai scanner infections remained relatively the same from December 2017 to June…
Read MoreImagine you’re a military leader. What if I offered you a weapon to cleanly take out enemy infrastructure with minimal incidental civilian deaths? It has near-infinite operational reach and it’s highly stealthy. Oh, and it’s cheap compared to say, strategic missiles, which cost about a million or so dollars apiece.1 Well, have I got a…
Read MoreData from the Retail Cyber Intelligence Sharing Center (R-CISC) echoes the F5 SOC findings and shows that dramatic increases in shopping activity actually continue into January, making retailers a likely target of attackers.1 In a 2018 survey of R-CISC members, respondents expressed their concern, identifying phishing, credential compromise, and account takeover (ATO) among their top…
Read MoreWhen this happens, customers are seeing lots of DNS queries from a wide variety of never-seen-before addresses. Often these requests are for nonsensical domains or even ‘localhost’ addresses, as they are bot-generated as with the DNS water torture attack. Sometimes attackers will use large Internet DNS resolvers like Yahoo or Google to reflect their attacks…
Read MoreWhat is Certificate Transparency? Certificate Transparency (CT) is a method for publicly logging, auditing, and monitoring the creation of new SSL/TLS (digital) certificates. Originally a concept from Google, CT is now an open standard under RFC 6962, albeit still an experimental one. Originally designed to enhance the veracity of Extended Validation (EV) certificates, many certificate…
Read MoreGozi “banking” trojan continues to shift its targets beyond banking as it employs client-side and server-side evasion techniques via time-tested web injection. Source link lol
Read MoreIntroduction This year we are releasing our 2019 Application Protection Report as a series of short, tightly focused episodes. This helps ensure we provide timely threat intelligence that our readers can add to their own threat models and use to prepare appropriate defenses and responses. Last episode, we focused on PHP’s continuing run as one…
Read MoreIn the Ramnit configuration, there were a number of targets that didn’t belong to a particular company or website: Instead, there were several words in French, Italian, and English. This is an innovation we have not seen in previous Ramnit configurations. It appears as though the Ramnit authors cast a wider net in hopes of…
Read MorePanda’s target list includes two productivity web applications that use Ajax. This is notable because unlike web applications that execute completely on a server, Ajax applications utilize functions across both the client and the server. This extends the possible attack surface, and allows for more opportunities to potentially inject malicious code, steal sessions/authentication tokens, or…
Read MoreConclusion Banking trojans—malware designed to attack the customers of financial institutions and engage in fraudulent activity when they log into a target bank—are just as effective now as they were a decade ago. One reason is because malware authors are good at evading detection, and many organizations have yet to implement web fraud prevention systems…
Read More