Key Considerations in API security

Every day, there are billions of API calls being executed. These include public APIs, private APIs, SaaS APIs, APIs performing mobile back-end functions and many more. Given the gravity of the threat and the sheer volume of what’s exposed, how do we develop systems that are both safe and robust?...

botbait Information Disclosure Vulnerability

botbait is a tool used in the npm ecosystem for tracking bot and automation tool usage. An information disclosure vulnerability exists in botbait. An attacker could exploit this vulnerability to disclose information...

Mail.ru: Загрузка png бомбы, которая начинает DDOS атаку на бота со Стикерами.

ICQ sticker bot was vulneraeble to DoS via PNG compression bomb attack...

CVE-2017-16126

The module botbait is a tool to be used to track bot and automated tools usage with-in the npm ecosystem. botbait is known to record and track user information. The module tracks the following information. Source IP process.versions process.platform How the module was invoked test, require,...

Perspectives on Russian hacking

Russia is an endlessly fascinating subject both in and around infosec. Recent years have shifted attention away from pure malware capabilities, to psyops, social engineering, and an endless slew of mind games designed to destabilize and keep nations ever-so-slightly off balance. Security firms in...

Introducing Web Security Analytics

Every security team knows that the success of any security product relies heavily on the ability to maintain an optimal security configuration. Any misconfiguration can result in malicious or undesired traffic reaching the application, or worse - legitimate traffic being blocked. In addition, it...

WhoAmIMailBot - A Service To Mask Your Email

What is it? A service to mask your e-mails, it was inspired by Blur service, where you create a alias for your e-mail, and use it to signup on applications, but the problem on Blur, is that all e-mails pass trough they infraestructure, and I don't need anybody looking on my e-mails, to solve that...

Week in security (February 26 – March 4)

Last week on Malwarebytes Labs, we explained how to protect your computer from malicious cryptomining, we gave an encryption 101 lesson using ShiOne ransomware as a case study, and we offered an explanation about SQL injection. We also released a report on the state of malicious cryptomining from...

Blast from the past: stowaway Virut delivered with Chinese DDoS bot

Recently, we described an unusual Chinese drive-by attack that was delivering a variant of the Avzhan DDoS bot. The attack also contained multiple components that were not-so-new. Among the exploits, the newest was from 2016. Avzhan is also not a recent malware—the compilation timestamp of the...

A week in security (February 19 – February 25)

Last week on Malwarebytes Labs, we gave readers a primer on encryption, took a stab at that Deepfakes tool Internet users seem to be interested in, and started a new series that talks about GDPR. We also looked at a drive-by download campaign that starts in booby-trapped Chinese websites that dro...

Avzhan DDoS bot dropped by Chinese drive-by attack

The Avzhan DDoS bot has been known since 2010, but recently we saw it in wild again, being dropped by a Chinese drive-by attack. In this post, we'll take a deep dive into its functionality and compare the sample we captured with the one described in the past. Analyzed sample...

swap-bot.com XSS vulnerability

Open Bug Bounty ID: OBB-488492 Description| Value ---|--- Affected Website:| swap-bot.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Disclosure Standard:| Coordinated Disclosure based ...

A state of constant uncertainty or uncertain constancy? Fast flux explained

Last August, WireX made headlines. For one thing, it was dubbed the first-known DDoS botnet that used the Android platform. For another, it used a technique that—for those who have been around in the industry for quite a while now—rung familiar in the ears: fast flux. In the context of...

Microsoft teams up with law enforcement and other partners to disrupt Gamarue (Andromeda)

Today, with help from Microsoft security researchers, law enforcement agencies around the globe, in cooperation with Microsoft Digital Crimes Unit DCU, announced the disruption of Gamarue, a widely distributed malware that has been used in networks of infected computers collectively called the...

Microsoft teams up with law enforcement and other partners to disrupt Gamarue (Andromeda)

Today, with help from Microsoft security researchers, law enforcement agencies around the globe, in cooperation with Microsoft Digital Crimes Unit DCU, announced the disruption of Gamarue, a widely distributed malware that has been used in networks of infected computers collectively called the...

Check Point Gaia Operating System HTTP evasion protection failure (sk98814)

The remote host is running a version of Gaia OS which is affected by an issue where protections in the following components may fail under specific HTTP evasions : - IPS - Application Control - URL Filtering - Anti-Virus - Anti-Bot - Threat Emulation C Tenable Network Security, Inc...

Good Bots In. Bad Bots Out.

More than half of Internet traffic today comes from bots. These non-human visitors crawl the web constantly, their numbers are increasing, and they are getting smarter and more human-like by the minute. Imperva has been tracking these trends for more than five years, in an ongoing statistical stu...

Disdain exploit kit and a side of social engineering deliver Neutrino Bot

Today we picked up new activity from an exploit kit that was first discovered back in August of this year. The Disdain exploit kit, simply identified by a string of the same name found in its source code, is being distributed again after a short interruption via malvertising chains. Disdain EK...

Low Resource Defeat of reCaptcha’s Audio Challenge: unCaptcha

Across the Internet, hundreds of thousands of sites rely on Google’s reCaptcha system for defense against bots in fact, Devpost uses reCaptcha when creating a new account. After a Google research team demonstrated a near complete defeat of the text reCaptcha in 2012, the reCaptcha system evolved ...

Yelp: Leaking sensitive information lead to compromise employer API keys

The configuration file of an internal IRC bot which included credentials to internal services and some external services used by Yelp developers was inadvertently included by an employee in a personal public GitHub repository. The repository was taken down and the affected credentials rotated...