Tag: Cybercrime
Introduction This year we are releasing our 2019 Application Protection Report as a series of short, tightly focused episodes. This helps ensure we provide timely threat intelligence that our readers can add to their own threat models and use to prepare appropriate defenses and responses. Last episode, we focused on PHP’s continuing run as one…
Read MoreAs we can see in Figure 8, the developers for SG Optimizer added a permission_callback command to the newly registered REST API routes. This indicates that prior to version 5.0.13, the SG Optimizer plugin had various privilege escalation vulnerabilities. Those vulnerabilities allowed any threat actor to send a malicious request to these registered REST API…
Read MoreIn the Ramnit configuration, there were a number of targets that didn’t belong to a particular company or website: Instead, there were several words in French, Italian, and English. This is an innovation we have not seen in previous Ramnit configurations. It appears as though the Ramnit authors cast a wider net in hopes of…
Read MoreThe table in Figure 4 shows the top 50 ASNs attacking Australia from Dec 1, 2018 to March 1, 2019 in order of highest to lowest number of attacks. Interestingly, these top 50 networks were split fifty-fifty between ISPs and hosting companies whereas the company types attacking other regions lean heavier towards ISPs. For comparison,…
Read MorePanda’s target list includes two productivity web applications that use Ajax. This is notable because unlike web applications that execute completely on a server, Ajax applications utilize functions across both the client and the server. This extends the possible attack surface, and allows for more opportunities to potentially inject malicious code, steal sessions/authentication tokens, or…
Read MoreThe following table summarizes the vulnerability impact for each of the tested HTTP/2 implementations: Tested Webserver Test result Mitigation applied following disclosure Apache httpd Stops responding to new requests. The connection never timed out. Patched and allocated CVE-2018-11763 NGINX Consumes 100% of the server CPU resources and makes NGINX respond slower to incoming connections. The…
Read MoreConclusion Banking trojans—malware designed to attack the customers of financial institutions and engage in fraudulent activity when they log into a target bank—are just as effective now as they were a decade ago. One reason is because malware authors are good at evading detection, and many organizations have yet to implement web fraud prevention systems…
Read MoreOracle WebLogic WLS Security Component RCE (CVE-2019-2725) On April 21, 2019, information regarding a deserialization vulnerability in Oracle WebLogic Server was published by KnownSec 404 Team. According to the CVE, the vulnerability exists in the Web Services subcomponent of Oracle WebLogic. Similar to the previous Oracle WebLogic vulnerability discussed above, this new vulnerability also stems…
Read MoreInjection Detection Injection vulnerabilities can be detected during development but are more difficult to detect in deployed systems. Because injection flaws can be exploited in any stage of an attack, finding and evaluating their impact depends on context. Often attackers use lower-priority vulnerabilities such as cross site scripting (XSS) to gain an initial foothold to…
Read MoreComparing ports targeted in Canada versus the US, Europe, or Australia, Canada was the only region where DNS port 53 and the UPnP port 37215 were on the top 20 targeted port list. The UPnP port relates to Huawei small office home office (SOHO) routers with a Remote Code Execution (RCE) vulnerability (CVE-2017-17215 and Exploit…
Read More