How to Protect Your Applications Against Log4Shell With tCell

By now, we’re sure you’re familiar with all things Log4Shell – but we want to make sure we share how to protect your applications. Applications are a critical part of any organization’s attack surface, and we’re seeing thousands of Log4Shell attack attempts in our customers' environments every...

Interactsh - An OOB Interaction Gathering Server And Client Library

Interactsh is an Open-Source Solution for Out of band Data Extraction, A tool designed to detect bugs that cause external interactions, For example - Blind SQLi, Blind CMDi, SSRF, etc. Features DNS/HTTP/SMTP Interaction support CLI Client / Web Dashboard support AES encryption with zero logging...

Mozi Botnet Accounts for Majority of IoT Traffic

The Mozi botnet, a peer-2-peer P2P malware known previously for taking over Netgear, D-Link and Huawei routers, has swollen in size to account for 90 percent of observed traffic flowing to and from all internet of things IoT devices, according to researchers. IBM X-Force noticed Mozi’s spike with...

Trend Micro Threat Discovery Appliance remote code execution（CVE-2016-7547）

A command injection in the adminsystime. the cgi interface that allows for an attacker to gain remote code execution CVE-2016-7547. Vulnerability linkage: https://www.seebug.org/vuldb/ssvid-92938 This module requires Metasploit: http://metasploit.com/download Current source:...

Trend Micro Threat Discovery Appliance admin_sys_time.cgi Remote Command Execution

This module exploits two vulnerabilities the Trend Micro Threat Discovery Appliance. The first is an authentication bypass vulnerability via a file delete in logoff.cgi which resets the admin password back to 'admin' upon a reboot CVE-2016-7552. The second is a cmdi flaw using the timezone...