Announcing the Launch of the Azure SSRF Security Research Challenge

Microsoft is excited to announce the launch of a new, three-month security research challenge under the Azure Security Lab initiative. The Azure Server-Side Request Forgery SSRF Research Challenge invites security researchers to discover and share high impact SSRF vulnerabilities in Microsoft...

A playbook for modernizing security operations

The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest post from our new Voice of the Community blog series, Microsoft Product Marketing Manager Natalia Godyla talks with Dave Kennedy, Founder and...

Anti-Phishing process with advanced phishing attacks simulation

This time I want to write about the service of my friends from Antiphish. They call it “security awareness and employee behaviour management platform”. Simply put, they teach company employees how to detect and avoid phishing attacks. By the way, they are great guys, made a demo for me, prepared...

How Imperva’s New Attack Crowdsourcing Secures Your Business’s Applications

Attacks on applications can be divided into two types: targeted attacks and “spray and pray” attacks. Targeted attacks require planning and usually include a reconnaissance phase, where attackers learn all they can about the target organization’s IT stack and application layers. Targeted...

OrangeForum 1.4.0 Open Redirection

Open Redirection Vulnerabilities in OrangeForum 1.4.0 Information -------------------- Advisory by Netsparker Name: Open Redirection Vulnerabilities in OrangeForum 1.4.0 Affected Software: OrangeForum Affected Versions: 1.4.0 Homepage: https://github.com/s-gv/orangeforum Vulnerability: Open...

Threat Landscape for Industrial Automation Systems in H1 2018

For many years, Kaspersky Lab experts have been uncovering and researching cyberthreats that target a variety of information systems – those of commercial and government organizations, banks, telecoms operators, industrial enterprises, and individual users. In this report, Kaspersky Lab Industria...

Drupal, Phishing and A New Cryptomining Botnet

It’s a well-known fact that security solutions must quickly adapt to new attack methods. There are several ways to achieve this goal, regularly applying security patches and updates, relying on threat intelligence and more. At Imperva, we use pattern anomaly detection as one of the tools to...

Excerpts from Building a High Speed SOC: Achieving Speed (Part 2)

Carbon Black recently published an in-depth guide on what it takes to develop a "high speed" security operations center, or SOC; this is the last excerpt from that guide, which you can find here. For more information on building high speed SOCs, including how to eliminate the "response gap," chec...

The CIS Critical Security Controls Series

What are the CIS Critical Security Controls? The Center for Internet Security CIS Top 20 Critical Security Controls previously known as the SANS Top 20 Critical Security Controls, is an industry-leading way to answer your key security question: "How can I be prepared to stop known attacks?" The...

Windows Defender ATP thwarts Operation WilySupply software supply chain cyberattack

Several weeks ago, the Windows Defender Advanced Threat Protection Windows Defender ATP research team noticed security alerts that demonstrated an intriguing attack pattern. These early alerts uncovered a well-planned, finely orchestrated cyberattack that targeted several high-profile technology...

Concrete CMS: Multiple XSS Vulnerabilities in Concrete5 5.7.3.1

Proof of Concept URLs for XSS in Concrete5: URL: /concrete5.7.3.1/index.php/dashboard/system/conversations/bannedwords/success Parameter Name: bannedword%5b%5d Parameter Type: POST Attack Pattern: '"--alert0x000936 URL:...

2014 Verizon Data Breach Investigations Report DBIR

Most of us—hopefully—awaken every day, shower and brush our teeth. If you own a home, you patch a leaky roof and paint the shutters so they don’t rot. You own a vehicle, you change the oil when you’re supposed to and make sure the brakes work the way they’re supposed to. It’s simple hygiene. Yet ...

Poison Ivy RAT Spotted in Three New China Attacks

The Poison Ivy remote access Trojan may be old, but it’s not losing favor with nation states that continue to make it the center piece of targeted attacks. Three groups of hackers, reportedly all with ties to China and possibly related in terms of their funding and training, are currently managin...

[fuzzdb] Attack and Discovery Pattern Database for Application Fuzz Testing

fuzzdb aggregates known attack patterns, predictable resource names, server response messages, and other resources like web shells into the most comprehensive Open Source database of malicious and malformed input test cases. What's in fuzzdb? Predictable Resource Locations - Because of the...

Researchers Analyzing Attack Patterns With Cloud-Based Malware Data

BARCELONA–Successful targeted attacks against companies such as RSA, Google and others have made huge splashes in the news in the last year or two and drawn a lot of attention to the phenomenon. But it’s not just the successful attacks that are interesting, security researchers say. In many cases...