Tag: Threats

Hackers have a soft spot for targeting cryptocurrencies thanks to a lack of heavy regulation unlike traditional financial services. Cryptocurrency funds have no legal obligation to implement protection measures, so inherently they are not as exhaustive or technical. This makes them prime targets for hackers. Transactions can be extremely difficult to reverse, so although some…

Read More

F5 Labs published the first edition of our annual Application Protection Report in July 2018. For that report, we collaborated with Whitehat Security, Loryka, the Ponemon Institute, and Whatcom Community College’s Cybersecurity Center to analyze a wide range of data from 2017, and offer a comprehensive breakdown on the threats, tactics, vulnerabilities and impacts facing…

Read More

Introduction This year we are releasing our 2019 Application Protection Report as a series of short, tightly focused episodes. This helps ensure we provide timely threat intelligence that our readers can add to their own threat models and use to prepare appropriate defenses and responses. Last episode, we focused on PHP’s continuing run as one…

Read More

As we can see in Figure 8, the developers for SG Optimizer added a permission_callback command to the newly registered REST API routes. This indicates that prior to version 5.0.13, the SG Optimizer plugin had various privilege escalation vulnerabilities. Those vulnerabilities allowed any threat actor to send a malicious request to these registered REST API…

Read More

Conclusion Organizations should continually run external vulnerability scans to discover what systems are exposed publicly, and on which specific ports. Any systems exposed publicly with the top attacked ports open should be prioritized for vulnerability management. A lot of the attacks we see on ports supporting access services like SSH are brute force, so any…

Read More

In the Ramnit configuration, there were a number of targets that didn’t belong to a particular company or website: Instead, there were several words in French, Italian, and English. This is an innovation we have not seen in previous Ramnit configurations. It appears as though the Ramnit authors cast a wider net in hopes of…

Read More

The table in Figure 4 shows the top 50 ASNs attacking Australia from Dec 1, 2018 to March 1, 2019 in order of highest to lowest number of attacks. Interestingly, these top 50 networks were split fifty-fifty between ISPs and hosting companies whereas the company types attacking other regions lean heavier towards ISPs. For comparison,…

Read More

Panda’s target list includes two productivity web applications that use Ajax. This is notable because unlike web applications that execute completely on a server, Ajax applications utilize functions across both the client and the server. This extends the possible attack surface, and allows for more opportunities to potentially inject malicious code, steal sessions/authentication tokens, or…

Read More

The following table summarizes the vulnerability impact for each of the tested HTTP/2 implementations:  Tested Webserver Test result Mitigation applied following disclosure Apache httpd Stops responding to new requests. The connection never timed out. Patched and allocated CVE-2018-11763 NGINX Consumes 100% of the server CPU resources and makes NGINX respond slower to incoming connections. The…

Read More

Conclusion Banking trojans—malware designed to attack the customers of financial institutions and engage in fraudulent activity when they log into a target bank—are just as effective now as they were a decade ago. One reason is because malware authors are good at evading detection, and many organizations have yet to implement web fraud prevention systems…

Read More