Tag: Threats

The table in Figure 4 shows the top 50 ASNs attacking US systems from Dec 1, 2018 to March 1, 2019 in order of highest to lowest number of attacks, the majority of which were ISPs. Interestingly, there are more ASNs on this list from India then any other country, followed by Russia. Three of…

Read More

Oracle WebLogic WLS Security Component RCE (CVE-2019-2725) On April 21, 2019, information regarding a deserialization vulnerability in Oracle WebLogic Server was published by KnownSec 404 Team. According to the CVE, the vulnerability exists in the Web Services subcomponent of Oracle WebLogic. Similar to the previous Oracle WebLogic vulnerability discussed above, this new vulnerability also stems…

Read More

Injection Detection Injection vulnerabilities can be detected during development but are more difficult to detect in deployed systems. Because injection flaws can be exploited in any stage of an attack, finding and evaluating their impact depends on context. Often attackers use lower-priority vulnerabilities such as cross site scripting (XSS) to gain an initial foothold to…

Read More

Comparing ports targeted in Canada versus the US, Europe, or Australia, Canada was the only region where DNS port 53 and the UPnP port 37215 were on the top 20 targeted port list. The UPnP port relates to Huawei small office home office (SOHO) routers with a Remote Code Execution (RCE) vulnerability (CVE-2017-17215 and Exploit…

Read More

(We wanted to give an assessment of JS redirection content, but it was not reachable at the time of writing; we can assume by script name it had an output of a blank page response or other misleading action.) Conclusion Gootkit remains active by maintaining this campaign of redirection. We’ve noticed multiple configurations targeting the…

Read More

This struck me as a problem: the ability to embed an iframe into an email is already a vulnerability. Even worse, as the iframe was not affected by the block external images setting that prevents tracking pixels and web beacons. But if an attacker could gain the ability to run JavaScript in an email, there…

Read More

Advanced Attackers Like criminal actors, state-sponsored actors or APTs often initiate their illicit access campaigns with spear phishing. However, advanced actors have more time and resources on their hands, and can fashion something of value even from apparently useless data. Large caches of innocuous information, such as email addresses, can be used to look for…

Read More

Security researchers at F5 Networks constantly monitor web traffic at various locations throughout the world. This allows us to detect “in the wild” malware, and to get an insight into the current threat landscape. Here’s an overview of what we saw in May 2019. Throughout the month of May, the team detected 10 new attack…

Read More

F5 researchers uncovered a cryptominer campaign delivering new Golang malware that targets Linux-based servers. Golang malware is not often seen in the threat landscape; it was first seen to mid-2018 and has continued throughout 2019. The malware campaign propagates using 7 different methods: 4 web application exploits (2 targeting ThinkPHP, 1 targeting Drupal, and 1…

Read More

What is the Problem with IoT Security? Security guru Dan Geer notes that the cybersecurity industry came of age with the introduction of Windows 95 and its built-in TCP/IP stack. Suddenly every home computer was on the Internet in a world “where every sociopath is your next-door neighbor.” These home computers were poorly administered by…

Read More