470 matches found
ACSC Releases Advisory on Password Spraying Attacks
The Australian Cyber Security Centre ACSC has released an advisory on password spraying attacks. Password spraying is a type of brute-force attack in which a malicious actor uses a single password against targeted user accounts before moving on to attempt a second password, and so on. This...
A case study in industry collaboration: Poisoned RDP vulnerability disclosure and response
Earlier this year, I reached out to Check Point researcher Eyal Itkin, who had published multiple flaws in several Remote Desktop Protocol RDP clients, including a vulnerability in mstsc.exe, the built-in RDP client application in Windows. While there were no active exploits detected in the wild,...
Ninja Turtles in your network: LAN Turtle 3G. A how-to for red teaming
Introduction This post will detail how to configure and utilise a LAN turtle 3G from Hak 5 to gain a persistent, remotely accessible presence within a network. With ethernet ports becoming less common on new hardware, many people have been forced into deploying an array of various dongles and...
MozDef - Mozilla Enterprise Defense Platform
The inspiration for MozDef comes from the large arsenal of tools available to attackers. Suites like metasploit, armitage, lair, dradis and others are readily available to help attackers coordinate, share intelligence and finely tune their attacks in real time. Defenders are usually limited to...
SQL Injection Vulnerability in B2C_UQ Cloud Business System (CNVD-2019-18481)
UQ Cloud Business System B2C version is a compact e-commerce system, the platform is developed by PHP7.0+Mysql. B2CUQ Cloud Business System suffers from a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive database information...
Egyptian DDoS Campaign Observations
Between March 19 and March 25, 2019, there was a very large amount of DDoS traffic sourced from a specific Egyptian Autonomous System ASN directed at Akamai Prolexic customers. It's worth noting this is an ASN we rarely see in our pre-attack, or top source IPs during active attacks. When it showe...
What’s Behind the Wolters Kluwer Tax Outage?
Early in the afternoon on Friday, May, 3, I asked a friend to relay a message to his security contact at CCH, the cloud-based tax division of the global information services firm Wolters Kluwer in the Netherlands. The message was that the same file directories containing new versions of CCH's...
Edge DNS Secondary Implementation: Order or Operations for NS Zone & Registrar Records
Akamai's Edge DNS service provides cloud-based, authoritative domain services to thousands of organizations. Edge DNS is the most widely deployed cloud DNS service pushed to the edge of the Internet. Every organization must protect their domain name. Akamai originally built Fast DNS now Edge DNS ...
Docker Hub Suffers a Data Breach, Asks Users to Reset Password
Docker Hub, one of the largest cloud-based library of Docker container images, has suffered a data breach after an unknown attacker gained access to the company's single Hub database. Docker Hub is an online repository service where users and partners can create, test, store and distribute Docker...
Partner Perspectives: Blending Analytics with Endpoint Detection and Response Better Defends the Modern Worker
Ryan Stolte is the co-founder and CTO for Bay Dynamics. There are clearly many reasons why Endpoint Detection and Response EDR has materialized into such a hotbed of interest, investment and emerging best practices - endpoint security must continually evolve within the context of threats and...
Critical RCE Bug in Cisco WebEx Browser Extensions Faces 'Ongoing Exploitation'
A critical vulnerability in Cisco WebEx browser extensions that could allow unauthenticated remote code-execution RCE on targeted machines is being actively exploited in the wild. The news comes just days after Cisco issued a flurry of 24 different patches for its IOS XE operating system and warn...
Securing Your Direct Internet Access Connections
With the rapid uptake in SaaS applications and the ease of moving enterprise applications from the data center to the cloud, many global companies are transforming the way they connect branch offices. In the past, the conventional approach was to connect all of your locations over an MPLS Wide Ar...
Are hackers gonna hack anymore? Not if we keep reusing passwords
Enterprises have a password problem, and it’s one that is making the work of hackers a lot easier. From credential stuffing to brute force and password spraying attacks, modern hackers don’t have to do much hacking in order to compromise internal corporate networks. Instead, they log in using wea...
Dissecting a NETWIRE Phishing Campaign's Usage of Process Hollowing
Introduction Malware authors attempt to evade detection by executing their payload without having to write the executable file on the disk. One of the most commonly seen techniques of this "fileless" execution is code injection. Rather than executing the malware directly, attackers inject the...
Call for Papers | Microsoft BlueHat Shanghai 2019
The Microsoft Security Response Center MSRC recently announced our first BlueHat security conference in Shanghai which will take place on May 29-30, 2019. After 15 years of BlueHat events in Redmond, Washington and Israel, we are thrilled to expand to a new location. We work with many talented...
Vanilla Forums 2.x Open Redirection
Exploit Title : VanillaForums 2.x Open Redirection Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 11/03/2019 Vendor Homepage : open.vanillaforums.com Software Information Link : vanillaforums.com/en/software/ open.vanillaforums.com/addon/vanilla-core Software...
Carbon Black + VMware at RSA2019: Working Together to Secure the Digital Workspace
VMware and Carbon Black have a strong history of working together to fundamentally change the model for securing the virtualized data center, a concept that is resounding with attendees here at RSA2019 in San Francisco. A little more than a year ago, we announced a jointly developed, integrated...
Google Launches Backstory — A New Cyber Security Tool for Businesses
Google's one-year-old cybersecurity venture Chronicle today announced its first commercial product, called Backstory , a cloud-based enterprise-level threat analytics platform that has been designed to help companies quickly investigate incidents, pinpoint vulnerabilities and hunt for potential...
On the Security of Password Managers
There's new research on the security of password managers, specifically 1Password, Dashlane, KeePass, and Lastpass. This work specifically looks at password leakage on the host computer. That is, does the password manager accidentally leave plaintext copies of the password lying around memory? Al...
Payroll Provider Gives Extortionists a Payday
Payroll software provider Apex Human Capital Management suffered a ransomware attack this week that severed payroll management services for hundreds of the company's customers for nearly three days. Faced with the threat of an extended outage, Apex chose to pay the ransom demand and begin the...