92 matches found
Automated Attacks Call for Automated Protection – 2020 Trend #3
In our blog series on security trends, we’ve been diving deeper into the five security predictions for 2020 made by our CTO Kunal Anand during his fireside chat with Imperva CMO David Gee. Watch it here. As I'll discuss in my upcoming blog on defense-in-depth and reducing risk, being “connected”...
Blue is a color we love but can’t Keep!
Recent reports this year revealed nearly 1 million computer systems are still vulnerable and exposed to BlueKeep in the wild. These systems are still easy targets for an unauthenticated attacker or malware to execute code leveraging this patchable vulnerability. Because so many systems are still...
ThreatList: Half of All Social Media Logins Are Fraud
More than half of logins 53 percent on social-media sites are fraudulent; and 25 percent of all new account applications on social media are fake, according to a recent analysis. Those numbers far outstrip the overall rate of 10 percent of interactions being fraudulent. The Arkose Labs Q3 Fraud a...
A New Chapter in Bot Management Begins Today [Video]
I am excited to share that we have closed the acquisition of Distil Networks, the pioneer and leader in Bot Management. Over the past few weeks, we have been welcoming Distil’s employees into the Imperva family and have started integrating their powerful, analyst-recognized Bot Management solutio...
Imperva to Acquire Distil Networks, the Leader in Bot Management
As an established leader in cybersecurity, Imperva provides our customers the most comprehensive, analyst-recognized application security solution on the market. We are a five-time leader in Gartner’s 2018 Magic Quadrant for Web Application Firewalls WAF. Our DDoS Protection continues to...
0D1N v2.6 - Web Security Tool To Make Fuzzing At HTTP/S
0d1n is a tool for automating customized attacks against web applications. You can do: Brute force login and passwords in auth forms Directory disclosure use PATH list to brute, and find HTTP status code Test to find SQL Injection and XSS vulnerabilities Options to load ANTI-CSRF token each reque...
RSA Conference 2019: How to Defend Against an AI vs AI Flash War
SAN FRANCISCO – As perimeter cyber defenses adopt new strategies such artificial intelligence and machine learning, security experts predict adversaries will adopt similar techniques when it comes to an attack chain. Derek Manky, chief of security insights at Fortinet, said that “black-hat...
UPDATE: Cameradar v3.0.1
PenTestIT RSS Feed My initial post covering this open source Real Time Streaming Protocol RTSP surveillance camera access multi-tool was about an older version. A lot has happened since then and an update – Cameradar v3.0.1 was recently made available by the author. In actuality, this post...
Defending Credentials From Automated Attack Tools
By Danny Wasserman The folks on the Akamai Professional Services team are the people who help implement, configure, and tune the cloud security products that protect our customers' web applications from the daily onslaught of bots blasting login attempts against their websites, mobile apps, and...
NoSQLMap v0.6 - Automated NoSQL Database Pwnage
NoSQLMap is an open source Python tool designed to audit for as well as automate injection attacks and exploit default configuration weaknesses in NoSQL databases, as well as web applications using NoSQL in order to disclose data from the database. It is named as a tribute to Bernardo Damele and...
'Every Drupal 7 Site Was Compromised' Unless Patched By Oct. 15
The maintainers of the Drupal content management system are warning users that any site owners who haven’t patched a critical vulnerability in Drupal Core disclosed earlier this month should consider their sites to be compromised. The vulnerability, which became public on Oct. 15, is a SQL...
Multiple vulnerabilities in Joomla-Base
Hello 3APA3A! These are Denial of Service, XML Injection, Cross-Site Scripting, Full path disclosure and Insufficient Anti-automation vulnerabilities in Joomla-Base. This is package of Joomla with different plugins with their vulnerabilities. These vulnerabilities are in Google Maps plugin for...
IRCCloud: CSRF - Creating accounts
Hi there, I've discovered the following CSRF issue: There's no CSRF / Bot protection on the registration form. Details An attacker could automate the registration process to flood your database with invalid/useless accounts. He could also source the process out to his victims CSRF. Steps to...
Avoid The Attack Attribution Distraction
Plenty has been written this month about attack attribution, but, really, if your network is under siege, how often does the “who” matter as much as the “how,” “what,” and “where”? It seems that knowing who the actor is behind a network intrusion matters little to a bank, restaurant or retail...
MyBB 1.6.1 Login Enumeration / Cross Site Scripting
Hello list! I want to warn you about Abuse of Functionality, Insufficient Anti-automation, XML Injection and Cross-Site Scripting vulnerabilities in MyBB. ------------------------- Affected products: ------------------------- Vulnerable are MyBB 1.6.1 and previous versions. In versions MyBB 1.6.2...
Vulnerabilities in DataLife Engine
Здравствуйте 3APA3A! Сообщаю вам о найденных мною Abuse of Functionality и Insufficient Anti-automation уязвимостях в DataLife Engine DLE. Abuse of Functionality: http://site/index.php?do=register На странице регистрации функция "Проверить имя" позволяет выявить логины пользователей в системе...
Cybergangs use cheap labor to break codes on social sites
From USA Today Byron Acohido It’s become the new front in cybercrime: scams and identity-theft programs that attack e-mail accounts and users of social-networking sites such as Facebook and MySpace. To carry out many of these automated attacks, cybercriminals first must overcome “captchas,” the...
CVE-2008-2019
Simple Machines Forum SMF, probably 1.1.4, relies on "randomly generated static" to hinder brute-force attacks on the WAV file aka audio CAPTCHA, which allows remote attackers to pass the CAPTCHA test via an automated attack that considers Hamming distances. NOTE: this issue reportedly exists...
CVE-2008-2020
The CAPTCHA implementation as used in 1 Francisco Burzi PHP-Nuke 7.0 and 8.1, 2 my123tkShop e-Commerce-Suite aka 123tkShop 0.9.1, 3 phpMyBitTorrent 1.2.2, 4 TorrentFlux 2.3, 5 e107 0.7.11, 6 WebZE 0.5.9, 7 Open Media Collectors Database aka OpenDb 1.5.0b4, and 8 Labgab 1.1 uses a codebg.jpg...
SMF 1.1.4 - Audio CAPTCHA Security Bypass
source: https://www.securityfocus.com/bid/28866/info SMF Simple Machine Forum is prone to a security-bypass vulnerability that occurs in the audio CAPTCHA protocol. Successfully exploiting this issue may allow attackers to send unsolicited spam or perform other automated attacks...