Showing 1238 results

WD My Cloud EX2 Serves Your Files to Anyone

Western Digital's My Cloud is a popular storage/backup device that lets users backup and store important documents, photos and media files. Unfortunately the default configuration of a new My Cloud EX2 drive allows any unauthenticated local network user to grab...

Using IPv6 to Bypass Security

Introduction All too often when we conduct pen tests against organizations we find a robust security posture against their Iv4 infrastructure. They lock down services, use a host-based firewall and generally follow best practice security guidelines. However, these same organizations...

Patch Tuesday, April 2018

April's Patch Tuesday didn't let up much compared to March. Overall April brings with it patches for 70 vulnerabilities including 27 rated as "Critical", 42 rated as "Important" and 1 rated as "Moderate". Along with most of our "usual suspects",...

Crypter-as-a-Service Helps jRAT Fly Under The Radar

(Contributor: Dr. Fahim Abbasi and Phil Hay) In this blog, we provide an analysis of a Java-based malware sample circulated via spam, that leverages Crypter services hosted on the dark web to create mutations to evade detection. We observed a...

Patch Tuesday, March 2018

March is coming in like a lion with this Patch Tuesday. The release patches 73 CVEs and includes the perennial rollup advisory for Adobe Flash. Fifteen of the 73 patched CVEs are rated as "Critical", 56 of the CVEs are...

Fake ASIC Renewal Spam Delivers Malware to Australian Companies

The Australian Securities and Investment Commission (ASIC) is an independent government agency that is Australia's corporate, market and financial services regulator. ASIC provides several services including registration services for Australian companies. Opportunist Scammers taking advantage of the new year, leveraged...

Multi-Stage Email Word Attack Without Macros

Malware authors often distribute malware through code macros in Microsoft Office documents such as Word, Excel, or PowerPoint. Regardless of the particular Office version, macros can be executed whenever the user opens the file. By default users get warnings from...

Flash Zero Day (CVE-2018-4878)

A zero day Flash exploit caught targeting South Korean users was announced by South Korea's CERT on January 31, 2018. The exploit was embedded in an Excel spreadsheet. Upon opening the spreadsheet the Flash file loads a second stage which...

Microsoft Patch Tuesday, February 2018

February's Patch Tuesday is here and after the light January, it's back with patches for 50 CVEs and two "roll up" advisories. Running down the CVEs, there are 14 rated "Critical", 34 rated "Important" and 2 rated "Moderate". Once again...

Multiple Vulnerabilities in NETGEAR Routers

Last year I discovered multiple vulnerabilities in NETGEAR products. Now that these vulnerabilities have gone through the disclosure process and have been patched we can discuss the technical details. TWSL2018-002: Password Recovery and File Access on Some Routers and Modem...

Multiple Vulnerabilities in WD MyCloud

While performing security research on personal storage I found some vulnerabilities in the WD (Western Digital) MyCloud device. Trustwave reported them to WD back in 2017 and now that patches are available we can discuss the technical details. The first...

ModSecurity - News and Commercial Rules Update

Over the past few months there has been a lot going on with ModSecurity. There was libModSecurity (aka 3.0) release which was covered in details in a recent blog post by Lead Developer @zimmerle. There was also two recent presentations...

ModSecurity Version 3.0 Announcement

libModSecurity aka ModSecurity version 3.0 is out there. libModSecurity starts a new era in terms of ModSecurity extensibility. The modular architecture provides flexibility to extend ModSecurity core with scripting languages and from scripting languages. Facilitating work such as: UI integration,...

Microsoft Patch Tuesday, January 2018

Happy 2018 everyone! January's Patch Tuesday will ease you into the new year with just 23 CVEs patched. Historically January has always been a light patch month. The release patches one CVE each that's rated "Critical", "Moderate" and "Low". The...

Overview of Meltdown and Spectre

You have probably heard the news of new vulnerabilities that affect most major chipsets, including Intel, Arm, and AMD. This means that the vulnerability affects nearly everyone who owns a computing device. What is the vulnerability? The vulnerability affects how...

BrickerBot mod_plaintext Analysis

A week ago, the author of BrickerBot claimed that they retired and published their manifesto along with some source code of their bot. In the manifesto, they wrote: "Take a look at the number of payloads, 0-days and techniques and...

CHM Badness Delivers a Banking Trojan

Like good old Microsoft Office Macros, Compiled HTML (CHM) Help files have been utilized by malware authors for more than a decade to sneak malicious downloader code into files making them harder to detect. CHMs are a Microsoft proprietary online...