Tag: Threats
Figure 2: Top domains in a Shodan search for CVE-2014-0160 on January 22, 2017 That’s disconcerting because there is a tendency to “fire and forget” in the public cloud, and concerns over understanding the shared responsibility model of public cloud have been previously voiced. This remains my favorite quote, from AWS head of global…
Read MoreThe essence of this attack is van Beek’s Microsoft Exchange Autodiscover vulnerability. In a September 2016 interview with The Register, van Beek said, “I recently discovered that most, if not all, Microsoft Exchange clients (eg, Outlook, iPhone mail app, Android mail app, Blackberry Mail App) are more than happy to provide a user’s password in plain…
Read MoreMalware that steals banking credentials is still one of today’s most lucrative cybercrime schemes. It’s not unusual for a banking Trojan to evolve over the years, and Ramnit is a perfect example. It was active for several years until it was disrupted in early 2015 by Europol working with several tech companies. It resurfaced in…
Read MoreIf Shakespeare were alive today (and blogging), he might have written about the latest vulnerability to sweep the Internet by pointing out: Hath not the cloud interfaces, code, logic, data? Accessed with the same protocols, exploited with the same weapons, subject to the same vulnerabilities, mitigated by the same solutions, patched by the same methods…
Read MoreBut that’s not the worst news coming out of this survey. No, not by any stretch of the imagination is that the bad news. Sit down and strap in, because it gets much worse. In spite of pushing vulnerable applications into production (and into the hands of consumers), a staggering 44% admitted they aren’t doing anything to…
Read More“Managing” vulnerabilities is an endless effort that is only truly noticed when it fails. More often than not, the constant debate over which vulnerabilities get prioritized for remediation is decided based on likelihood of exploit, followed by impact, and level of effort to fix. The typical result is that low- and medium-grade vulnerabilities get de-prioritized—in…
Read MoreNo matter how application-savvy you are, it should be fairly obvious that this is not a typical Content-Type header for an HTTP request. According to the RFC, Content-Type is usually of the form “type/subtype”7. This leviathan contains a valid Content-Type header in the very first line—multipart/form-data—but even a rudimentary BNF parser would flag this as a…
Read MoreA DNS amplification attack floods the victim’s server with a tsunami of fake requests. DNS Hijacking Who owns what domain name and what DNS servers are designated to answer queries are managed by Domain Registrars8. These are commercial services, such as GoDaddy, eNom, and Network Solutions Inc., where there are registered accounts storing this information.…
Read MoreFigure 1: CVE-2017-5638 campaign The exploit triggers the vulnerability via the Content-Type header value, which the attacker customized with shell commands to be executed if the server is vulnerable. In the first days of this campaign, shell commands were observed to infect the machine with the “PowerBot” malware, which is written in PERL, and uses…
Read MoreOne of the weakest links in our cyber defenses is the human factor. The (ISC)2 Cybersecurity Trends Report for 2017 stated that cybersecurity professionals are most concerned about phishing attacks.1 But phishing is just one of many social engineered attacks mediated by technology. Now we are seeing an upswing in virtual kidnapping scams. How the Scam Works…
Read More