Patch Tuesday, January 2019

In 2018 we saw a rise in sextortion scams in which cyber-criminals notified their victims via email that they have hacked or infected the victim’s computer with malware. Or the perpetrators had procured evidence in the form of personal recordings of the victim performing sexual acts or having illegal files of sexual content on their computer. The scammers then threatened to publicly expose the victim unless a ransom demand is paid in cryptocurrency (bitcoin) within a given time.

Trustwave recently reported a Kernel based vulnerability in a driver bundled along with IBM Trusteer Rapport for MacOS. The vulnerability is a signedness bug leading to a Kernel stack memory corruption issue in a call to memcpy. IBM Trusteer Rapport is security software advertised as an additional layer of security to anti-virus software. It is designed to protect confidential data, such as account credentials, from being stolen by malicious software (malware) and via phishing.

About a year ago webminers began to appear on more and more website. It was popularized by CoinHive and a couple of high-profile scandals revolving around ThePirateBay and Showtime and, in the span of a year, it has evolved into the most common consequence a compromised site suffers- a webminer injection, or “cryptojacking”.

We all shop online. How many times, just before placing an online order, have you noticed the Coupon Code option and wondered – Could I get it cheaper if I had a coupon code? Most of us will drop the order to go and look for an available coupon code. Some will skip this thought and continue with the purchase, feeling a bit gullible. A hacker, on the other hand, will probably have other ideas in mind...

The last Patch Tuesday of 2018 is here and we are easing into the New Year with only 40 CVEs to address. Nine of these are rated "Critical" with the other 31 rated "Important". The "Critical" list includes the typical Internet Explorer and the scripting engine vulnerabilities, but also include Remote Code Execution (RCE) vulnerabilities in the .NET Framework and the Windows DNS server. Another RCE exists in the Microsoft Text-To-Speech feature in the Windows OS.

This blog post offers insight into Magecart and offers advice on how t protect your systems from this threat using a number of methods including ModSecurity WAF rules.

Scavenger confronts a challenging issue typically faced by Penetration Testing consultants during internal penetration tests; the issue of having too much access to too many systems with limited days for testing.

We are happy to announce ModSecurity version 2.9.3!

During Thanksgiving week, we noticed this quite unusual XML-format MS Office Document file Figure 1: Email Sample Saving a Word document file as XML is a legitimate option but criminals had taken advantage of this file format to circumvent malware...

Sometimes pentesters and security researchers need to modify existing Java application but have no access to its source. For example, it might be necessary to adjust the logic a bit to see how the application works in certain specific conditions....

Hacker's Wish Come True After Infecting Visitors of Make-A-Wish Website With Cryptojacking After coming back from a vacation, the first thing to do is catch up with what happened while you were gone. That is what I did earlier this...

Whilst there is a wealth of information out there about how to build environments that can be used for training, offensive tradecraft development and blue team response detection, a vital part of these environments is hard to emulate. A computer...

Context AJAX stands for Asynchronous JavaScript And XML. It's a set of web development techniques using many web technologies on the client side to create asynchronous web applications. In some cases, XML is not used, but JavaScript is almost always...

The second to last Patch Tuesday of 2018 is here with patches for 55 CVEs. This includes 11 rated "Critical", 42 rated "Important" and one each rated "Moderate" and "Low". The release also contains three advisories including the standard patch...

At precisely 155 commits ahead of the latest version, ModSecurity version 3.0.3 contains a number of improvements and features to enhance the ModSecurity experience. In this blog post, we'll explain some of the new capabilities in the latest release. Better...

Many types of malware send and receive data via HTTP. They may either be sending updates back to their command and control (CnC) centers or they may receive updates. Typically these won't be sent in plain text but rather with...

David Middlehurst of Trustwave SpiderLabs presented at the first ever conference dedicated to the Mitre ATT&CK framework earlier this week, on October 23, 2018.

It has been ten years since the release of MS08-067. Unlike many of the other incidents over the years, this vulnerability has developed a celebrity life of its own (even including pillow shams!). It has a warm place in the...

"Leave your ego at the door every morning, and just do some truly great work. Few things will make you feel better than a job brilliantly done." Robin S. Sharma The last time we visited the cybercriminal underground, we introduced...