Books & Papers Security Vulnerabilities

CVE-2021-31786

The Bluetooth Classic Audio implementation on Actions ATS2815 and ATS2819 devices does not properly handle a connection attempt from a host with the same BDAddress as the current connected BT host, allowing attackers to trigger a disconnection and deadlock of the device by connecting with a forged....

CVE-2021-31611

The Bluetooth Classic implementation on Zhuhai Jieli AC690X and AC692X devices does not properly handle an out-of-order LMP Setup procedure that is followed by a malformed LMP packet, allowing attackers in radio range to deadlock a device via a crafted LMP packet. The user needs to manually reboot....

CVE-2021-31613

The Bluetooth Classic implementation on Zhuhai Jieli AC690X and AC692X devices does not properly handle the reception of a truncated LMP packet during the LMP auto rate procedure, allowing attackers in radio range to immediately crash (and restart) a device via a crafted LMP...

CVE-2021-34150

The Bluetooth Classic implementation on Bluetrum AB5301A devices with unknown firmware versions does not properly handle the reception of oversized DM1 LMP packets while no other BT connections are active, allowing attackers in radio range to prevent new BT connections (disabling the AB5301A...

CVE-2021-28155

The Bluetooth Classic implementation on JBL TUNE500BT devices does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service and shutdown a device by flooding the target device with LMP Feature Response...

CVE-2021-28135

The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service (crash) in ESP32 by flooding the target device with LMP Feature Response...

CVE-2021-34144

The Bluetooth Classic implementation in the Zhuhai Jieli AC6366C BT SDK through 0.9.1 does not properly handle the reception of truncated LMP_SCO_Link_Request packets while no other BT connections are active, allowing attackers in radio range to prevent new BT connections (disabling the AB5301A...

CVE-2021-28136

The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly handle the reception of multiple LMP IO Capability Request packets during the pairing process, allowing attackers in radio range to trigger memory corruption (and consequently a crash) in ESP32 via a...

How to Exploit SQL Server Using OLE Automation

As part of the Imperva Research Labs we have the opportunity to examine various security scenarios. In this post, we will consider database security on SQL Server. One standard method that security practitioners use to protect databases is deploying honeypots and waiting for hackers to take the...

Phishing Attack Prevention — How to Spot, What Should Do❓ | Wallarm

Phishing Attack Prevention — How to Spot, What Should Do❓ No business, small or large, is impervious to phishing attacks. Some of the largest-scale attacks have been on renowned multi-million dollar corporations. Fortunately, there is a light at the end of the tunnel. It is possible to defend...

MySQL User-Defined (Linux) x32 / x86_64 - 'sys_exec' Local Privilege Escalation (2)

...

MySQL User-Defined (Linux) x32 / x86_64 - (sys_exec) Local Privilege Escalation Exploit (2)

...

MySQL User-Defined (Linux) x32 / x86_64 sys_exec Local Privilege Escalation

...

California Man Hacked iCloud Accounts to Steal Nude Photos

A California man impersonated an Apple customer support technician in a socially engineered email campaign that stole people’s iCloud passwords to break into accounts and collected upwards of 620,000 private photos and videos. Hao Kuo Chi, 40, of La Puente, has agreed to plead guilty to four...

SQLancer - Detecting Logic Bugs In DBMS

SQLancer (Synthesized Query Lancer) is a tool to automatically test Database Management Systems (DBMS) in order to find logic bugs in their implementation. We refer to logic bugs as those bugs that cause the DBMS to fetch an incorrect result set (e.g., by omitting a record). SQLancer operates in...

Financial Services: Web Application Attacks Grow by 38% In First Half of 2021

During his career in the middle of the last century, professional bank robber Willie Sutton made off with an estimated $2 million in stolen money. Urban legend has it that when a journalist asked Sutton why he robbed banks, he replied, “That’s where the money is.” In later interviews, Sutton...

Spotting brand impersonation with Swin transformers and Siamese neural networks

Every day, Microsoft Defender for Office 365 encounters millions of brand impersonation emails. Our security solutions use multiple detection and prevention techniques to help users avoid divulging sensitive information to phishers as attackers continue refining their impersonation tricks. In this....

Spotting brand impersonation with Swin transformers and Siamese neural networks

Every day, Microsoft Defender for Office 365 encounters millions of brand impersonation emails. Our security solutions use multiple detection and prevention techniques to help users avoid divulging sensitive information to phishers as attackers continue refining their impersonation tricks. In this....

We COVID-Clicked on Garbage, Report Finds: Podcast

Squawking pets, stir-crazy kids, Tiger King: Is it any wonder that work-from-home humans clicked on malicious CAPTCHAs at the astonishing rate of 50 times more than the non-pandemic year before? In the company’s annual Human Factor 2021 report assessing how the threat landscape morphed over the...

CVE-2021-37587

In Charm 0.43, any single user can decrypt DAC-MACS or MA-ABE-YJ14...

CVE-2021-37588

In Charm 0.43, any two users can collude to achieve the ability to decrypt YCT14...

CVE-2021-37588

In Charm 0.43, any two users can collude to achieve the ability to decrypt YCT14...

CVE-2021-37587

In Charm 0.43, any single user can decrypt DAC-MACS or MA-ABE-YJ14...

CVE-2021-37587

In Charm 0.43, any single user can decrypt DAC-MACS or MA-ABE-YJ14...

CVE-2021-37588

In Charm 0.43, any two users can collude to achieve the ability to decrypt YCT14...

Design/Logic Flaw

In Charm 0.43, any single user can decrypt DAC-MACS or MA-ABE-YJ14...

Design/Logic Flaw

In Charm 0.43, any two users can collude to achieve the ability to decrypt YCT14...

CVE-2021-37587

In Charm 0.43, any single user can decrypt DAC-MACS or MA-ABE-YJ14...

CVE-2021-37588

In Charm 0.43, any two users can collude to achieve the ability to decrypt YCT14...

Law Firm to the Fortune 500 Breached with Ransomware

Campbell Conroy & O’Neil, P.C. – U.S. law firm to a dazzling array of huge companies – told its star-studded clientele that an intruder may have groped their data. It was hit with ransomware in February and is now suffering the data-breach fallout. That client list spans a slew of industries and...

Linux/x86 - Egghunter Reverse TCP Shell dynamic IP and port Shellcode

...

ARTIF - An Advanced Real Time Threat Intelligence Framework To Identify Threats And Malicious Web Traffic On The Basis Of IP Reputation And Historical Data.

ARTIF is a new advanced real time threat intelligence framework built that adds another abstraction layer on the top of MISP to identify threats and malicious web traffic on the basis of IP reputation and historical data. It also performs automatic enrichment and threat scoring by collecting,...

How to leverage accountability to ensure sustainable enterprise data security

As post-pandemic economic recovery continues to drive rapid acceleration in digital transformation, documented data breaches and service disruptions caused by cybercriminal activity have become an unwelcome part of our daily news feed. In spite of the regulations and compliance requirements that...

Why the Robot Hackers Aren’t Here (Yet)

“Estragon: I'm like that. Either I forget right away or I never forget.” - Samuel Beckett, Waiting for Godot Hacking and Automation As hackers, we spend a lot of time making things easier for ourselves. For example, you might be aware of a tool called Metasploit, which can be used to make getting.....

Hackers Spread BIOPASS Malware via Chinese Online Gambling Sites

Cybersecurity researchers are warning about a new malware that's striking online gambling companies in China via a watering hole attack to deploy either Cobalt Strike beacons or a previously undocumented Python-based backdoor called BIOPASS RAT that takes advantage of Open Broadcaster Software...

How to Empower Employees to be Secure and Productive

How can CISOs make cybersecurity positive, productive, inclusive, and maintain best practices across the enterprise? -- Do your staff feel valued and important in their roles? More than 65 percent of employees report they do not feel recognized at work, and 31 percent say they're "engaged but feel....

Five Common Myths about Ransom DoS Attacks

Did you know that 86% of organizations surveyed in CyberEdge’s Cyberthreat Defense Report this year were compromised by cyberattacks? Since the first known incident in 1989, ransom DoS attacks have become increasingly sophisticated over time. If you are not well versed on the potential threats...

Five Tips to Impress at Your CISO Job Interview

Chief Information Security Officers (CISOs) are in demand and the lack of experienced candidates, coupled with the evolving required skill set, helped make it the highest paying tech job in 2020. With 100% of large corporations (Fortune 500, Global 2000) forecast to have a CISO or equivalent...

OpenAttack - An Open-Source Package For Textual Adversarial Attack

OpenAttack is an open-source Python-based textual adversarial attack toolkit, which handles the whole process of textual adversarial attacking, including preprocessing text, accessing the victim model, generating adversarial examples and evaluation. Features & Uses OpenAttack has following...

Top five insights from the 2021 CyberEdge Cyberthreat Defense Report

For the last eight years, the Cyberthreat Defense Report has been helping enterprise security professionals gauge their internal practices and security investments against their peers across multiple countries and industries. The report is based upon data from 1,200 qualified IT security...

Know your enemy! The four types of cyber attackers trying to breach your security today

As business needs compel organizations to manage an ever-increasing number of database types, both on-premise and in the cloud, the threat surface has also become larger and far more difficult to manage effectively. The bad actors out there know this, too. They are constantly probing, testing, and....

How to confuse antimalware neural networks. Adversarial attacks and protection

Introduction Nowadays, cybersecurity companies implement a variety of methods to discover new, previously unknown malware files. Machine learning (ML) is a powerful and widely used approach for this task. At Kaspersky we have a number of complex ML models based on different file features,...

Lessons Learned from 100 Data Breaches: Part 4, Trends in Average Volumes of Stolen Records

Imperva research shows an increase in the volume of data stolen every year. In 2020, we started to see more and more breaches that exfiltrate records in billions. Based on the analysis of thousands of data breach details published on dbdigest, we made calculations on the raw data and found some...

Cisco AnyConnect Posture (HostScan) Security Service CVE-2021-1366 Bypass

Advisory Information Title: Cisco AnyConnect Posture (HostScan) Security Service CVE-2021-1366 Bypass Advisory ID: CORE-2021-0002 Advisory URL: ** https://www.coresecurity.com/core-labs/advisories/cisco-anyconnect-posture-hostscan-security-service-bypass Date published: 2021-06-16 Date of last...

Lessons Learned from 100 Data Breaches: Part 3, Securing Public Cloud Services

In the first two parts of this series, we gained insight into what specific types of data get stolen and what the root causes of breaches are, based on data breach information that Imperva’s Security Labs’ gathered, studied, and analyzed over the last ten years. You can get the full report,...

Analysis of 100 Data Breaches: Part 2, What are the root causes of breaches?

As we discussed in Part 1 of this series, Imperva’s Security Labs continuously monitor cyber threat levels around the world and report on them. In the last post, we reported the breakdown of the specific types of data that get stolen and explained what organizations needed to do to mitigate the...

Information Flows and Democracy

Henry Farrell and I published a paper on fixing American democracy: "Rechanneling Beliefs: How Information Flows Hinder or Help Democracy." It's much easier for democratic stability to break down than most people realize, but this doesn't mean we must despair over the future. It's possible,...

Bad bots continue to evolve. Your mitigation strategy should, too.

With the global pandemic continuing to catalyze digitalization, we’ve seen two years worth of digital transformation take place in a mere two months, according to Microsoft CEO Satya Nadella. Clearly, bad actors are capitalizing on the opportunities that digital transformation creates, as more...

Application Layer is Still the Front Door for Data Breaches

By Terry Ray, SVP and Fellow, Imperva Each year, the number of data breaches grows by 30% while the number of records compromised increases by an average of 224%. 2021 is far from over, but we’re already on pace for another record-setting year. In fact, Imperva research finds that more records...

Lessons Learned from 100 Data Breaches: Part 1, What Specific Types of Data Get Stolen?

As part of Imperva’s Security Labs’ ongoing efforts to monitor and report on the current Application and Data Security Threat landscape, we studied and analyzed over 100 of the largest and best-known data breaches of the last decade. Download the full report, Lessons Learned From Analyzing 100...