Showing 34 results for: 2017 ×

URSNIF is Back Riding a New Wave of Spam

The infamous data-stealing URSNIF malware has done it again and it's here to collect more keystrokes, login credentials, browsing activities, and other user activities. It continues to undress and dress itself differently, time and time again. Earlier this year, we...

TheShadowBrokers Babytalk Translation

TheShadowBrokers have just released a blog post (written in a child-like style to mock the lack of understanding of what they're doing) explaining their position and some of the recent events following the release of 'goodies' from TheEquationGroup. There are...

WannaCry: We Want to Cry

Contributors: Phil Hay, Rodel Mendrez, Gerald Carsula, Nicholas Ramos, Homer Pacag For the last few days the WannaCry ransomware event created mayhem, where organizations worldwide were hit with ransomware that spread quickly primarily via a self-propagating worm mechanism. It exploited...

The WannaCry Ransomware Campaign

By now you have likely heard about the WannaCry (aka WannaCrypt) ransomware campaign that has taken the world by storm. The campaign has affected organizations and end users in at least 99 countries, shutting down hospitals in the UK and...

Airachnid: Web Cache Deception Burp Extender

Introduction Cross-Site Request Forgery (CSRF) attacks are well established and understood, having been in the OWASP top ten for ten years. For those of you not so familiar with this vulnerability, it takes place when a user can be coerced...

Microsoft Patch Tuesday, May 2017

Microsoft is releasing 56 CVEs for the May 2017 Patch Tuesday today. This includes 15 CVEs rated "Critical", 40 rated "Important" and one rated "Moderate". Across them all these vulnerabilities there are security updates for the following software and services:...

Multiple Vulnerabilities in Avast Antivirus

Last year I decided to do some security research on an antivirus product. Avast seemed a good target since it is among most popular AV products used by home users and, as an added bonus, there is a bug bounty...

Microsoft Patch Tuesday, April 2017

April Patch Tuesday is here and, like the change of the seasons, this release comes with changes in how Microsoft presents these updates. Gone are the days of the Security Bulletins and instead Microsoft is taking a more CVE focused...

And Then? Where is the Risk with Steganography?

In the previous posts, Steganography... what is that? and Steganalysis, the Counterpart of Steganography, I gave a quick introduction about what steganography and steganalysis are. I know it was full of mathematical terms so now it is time to explain...

Protecting Yourself from MongoDB Ransomware

In the realm of malware, ransomware has been king for the last few years, compromising unsecured hosts and kindly requesting payment from their rightful owners. Back in January 2017, an attacker extended the concept to MongoDB and was hitting unsecured...

Exploiting Privilege Escalation in Serv-U by SolarWinds

I was recently working on an external network penetration test where I identified a new vulnerability in a file sharing web application called Serv-U by SolarWinds. This vulnerability granted me administrative privileges to the Serv-U application, and, allowed for remote...

Authentication and Encryption in PAS Web Shell Variant

Introduction During a recent incident response case, we were tasked with discovering the point of entry for an attacker that had compromised the entire Windows network. Among other things we uncovered evidence of web application attacks targeting the company's public...

Database Security Knowledgebase Update 5.12

This month's update for Database Security Knowledgebase is now available. Knowledgebase version 5.12 includes new and updated checks for Oracle and Sybase ASE. New Vulnerability and Configuration Check Highlights Oracle SQL Injection in CDBView package o Database Activity Monitoring -...

Microsoft Patch Tuesday, March 2017

We knew that the Microsoft's Valentine's gift to cancel Patch Tuesday on February 14th was only going to be a temporary stay and, sure enough, Patch Tuesday is back and bigger than ever for March. Over all there are 18...

Undocumented Backdoor Account in DBLTek GoIP

Trustwave recently reported a remotely exploitable issue in the Telnet administrative interface of numerous DblTek branded devices. The issue permits a remote attacker to gain a shell with root privileges on the affected device due to a vendor backdoor in...