Tag: Network Tier
The encapsulated IP packet header uses the same parameters as the encapsulating IP header. The Transport Layer protocol for the encapsulated IP packet is UDP. Most public routers will pass along the GRE packet because it’s a widely used protocol for generating VPN connections. We speculate that GRE might be the protocol of choice due to…
Read MoreThe latest evolution of cyber weaponry is brought to you by the default passwords in Internet of Things (IoT) devices. That includes just about every conceivable modern electronic device—from home thermostats, lighting systems, refrigerators, cars, and water meters, to personal fitness devices, toasters, bicycle helmets, toys, and even shoes and clothing. Today, the number…
Read MoreFigure 1: CVE-2017-5638 campaign The exploit triggers the vulnerability via the Content-Type header value, which the attacker customized with shell commands to be executed if the server is vulnerable. In the first days of this campaign, shell commands were observed to infect the machine with the “PowerBot” malware, which is written in PERL, and uses…
Read MoreThis article was revised 5/15/17 at 9:12 a.m. (PDT) with updated recommendations. Over a dozen years ago, malware pioneer Dr. Peter Tippett coined the expression “virus disaster,” which describes the point at which more than 25 machines are infected on a single network as the “tipping point” for complete shutdown of a network.1 The new…
Read MoreFigure 2: Authentication success! While Intel didn’t come out and tell everyone exactly what the problem was, the guys at Tenable figured it out within minutes,2 and even show how simple it would be to exploit via Burp Suite. They’ve updated Nessus3 to scan for it, and everyone is broadly recommending that we all disable ports…
Read MoreNeed-to-Know Facts CVE-2017-74942 has a CVSS Score of 7.5 (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)3. This vulnerability is the Linux version of WannaCry, appropriately named SambaCry. A malicious Samba client that has write access to a Samba share could use this flaw to execute arbitrary code typically as root. The flaw allows a malicious client to upload a shared library to…
Read MoreExecutive Summary The Internet of Things (IoT) and, specifically, the hunt for exploitable IoT devices by attackers, has been a primary area of research for F5 Labs for over a year now—and with good reason. IoT devices are becoming the “cyberweapon delivery system of choice” by today’s botnet-building attackers. And, why not? There are literally…
Read MoreF5 threat researchers have discovered a new Apache Struts campaign. This new campaign is a sophisticated multi-staged attack targeting internal networks with the NSA-attributed EternalBlue and EternalSynergy exploits. We have dubbed the campaign “Zealot” based on the name of the zip file containing the python scripts with the NSA-attributed exploits. As we continue to research…
Read MoreWe’re celebrating our one-year anniversary here at F5 Labs, the application threat intelligence division of F5! Although F5 researchers have been providing threat-related, F5-specific guidance to our customers for many years through DevCentral, the time was right a year ago today to launch a dedicated website that provides the general public with vendor-neutral, application-focused, actionable…
Read MoreExecutive Summary Like coral reefs teeming with a variety of life, web applications are “colony creatures.” They consist of a multitude of independent components, running in separate environments with different operational requirements and supporting infrastructure (both in the cloud and on premises) glued together across networks. In this report, we examine that series of interacting…
Read More