Thursday, May 18, 2017

Joomla! 3.7.1 is released to address a critical SQL Injection Vulnerability

A critical SQL Injection Vulnerability( CVE-2017-8917) with Joomla! 3.7, if you are Joomla user it’s you need to update immediately.
 Joomla! is a content management system (CMS), that allows you to make websites and powerful on-line applications.
A content management system software that keeps track of each piece of content on your internet site, very like your native library keeps track of books and stores them.
The serious advantage of employing a CMS is that it needs virtually no technical ability or information to manage. Since the CMS manages all of your content, you do not ought to.
at No comments:

WordPress 4.7.5 released with patch for Six Major Security Issues Including CSRF & XSS

Most expected WordPress 4.7.5 is now available for update. This security update covers six security issues that exist with WordPress version 4.7.4 including CSRF.

Security Issues addressed

  1. Insufficient redirect validation within the communications protocol category. Reported by Ronni Skansing.
  2. Improper handling of post meta information values within the XML-RPC API. Reported by guided missile Thomas.
at No comments:

A complete Lookback of Historical Wannacry Ransomware Cyber Attack

Wannacry (WannaCrypt,WanaCrypt0r 2.0,Wanna Decryptor), A Computer Malware family called Ransomware that actually target the Microsoft Windows Operating systems  SMB exploit leaked by the Shadow Broker that encrypting data and demanding ransom payments in the cryptocurrency bitcoin
This Ransomware rule spreads by means of spam messages and malicious download links uniquely intended to lock the documents on a PC, until the casualty pays the payment request, more often than not $300-$500 in Bitcoins.
at No comments:

SIEM better visibility for analyst to handle an incident with Event Id

We are in the complex world where attacks are increasing day by day, so today the cyber intelligence depends in siem as a part of infosec (security incident and event management).
Most companies depend on logs and packets to have a better view.. above 90 % of them are working with logs rather than packets. People, process, and technology will be a triangle for security operations.
at No comments:

Sunday, May 14, 2017

Android Application Penetration testing Part 2

With my last article(Android Application Penetration testing Part 1) we had look on basic architecture of the android device. Now Let’s collect some android application Pen-test tools and build a setup for hacking:
There are many tools for an android application penetration test, But which tools are used for which purpose and which details we can extract from it is the most important thing.
We can also use set of all tools built in some framework. They all are available as open source
Appuse, Appie, Santoku, Pentestbox, MobSF etc.
at No comments:

Saturday, May 13, 2017

Wireless Penetration Testing Checklist – A Detailed Cheat sheet

Wireless Penetration testing is the Actively Examine the Process of Information security Measures which  is Placed in Wireless Networks and also analyses the Weakness, technical flows and Critical wireless Vulnerabilities.
Most important counter Measures we should focus on Threat  Assessment,Data theft Detection, security control auditing ,Risk prevention and Detection , information system Management ,Upgrade infrastructure and Detailed report should be prepared.
at 1 comment:

Friday, May 12, 2017

Ransomware Back in Action-JAFF Distributed using malicious PDF documents

Ransomware JAFF Back in action this late April, circulating through malicious PDF files.Necurs, one of the biggest botnets, went disconnected amid the occasion time of 2016 and from May 11, Necurs began spreading another ransomware called JAFF.
Check Point’s global sensors have spotted as many as 40,000 emails in the last few hours, at an infection rate of approximately 10,000 emails sent per hour.
Ransomware is a kind of malware that keeps or cutoff user’s from getting their System, either by locking the system’s screen or by locking the user’s files unless a ransom is paid.     To read more about Ransomware.

at No comments:

Thursday, May 11, 2017

Critical Vulnerability with OnePlus devices allows Remote Exploitation

Security specialists from Alephsecurity found new insignificant vulnerabilities (CVE-2017-5948, CVE-2017-8850, CVE-2017-8851, CVE-2016-10370) on OnePlus One/X/2/3/3T OxygenOS and HydrogenOS.
They vulnerabilities influence with the most recent versions (4.1.3/3.0) and beneath.
With these vulnerabilities attackers can achieve a MitM attack and get included in OTA(update process), by doing this they can downgrade the OS and even they can replace OxygenOS with HydrogenOS, without a factory reset.
This vulnerability reported to OnePlus Security on January 26/2017, by Roee Hay from Aleph Research.
at No comments:

Wednesday, May 10, 2017

New Dangerous Android Permission Security Flaw leads to Ransomware and Banking Malware Attacks

A new Android vulnerability discovered in Android’s security Mechanism which leads to several android permission based attacks during run-time including ransomware, banking malware and adware.
According to the Google Policy  gives extensive permissions to apps installed directly from Google Play,this flow  consists of several groups of permissions, with permissions considered as “dangerous” granted only during run-time which introduced for Android version 6.0.0, “Marshmallow”
According to Check Point Researchers ,it means first time an app tries to access a “dangerous” resource, the user is required to approve the necessary permission.
at No comments:

Monday, May 8, 2017

Android Application Penetration Testing – Part 1

After web applications more concern area is mobile application penetration test Let’s start with some basics.
For hardware we always required drivers as software so that those hardware can smoothly work. We choose Linux kernel because it has Security features like
  • A user-based permissions model
  • Process isolation
  • Extensible mechanism for secure IPC
  • The ability to remove unnecessary and potentially insecure parts of the kernel
Hardware Abstraction Layer just gives Applications direct access to the Hardware resources.
Bluetooth, audio, radio are examples.

Read More at GBHackers On Security

at No comments:

Saturday, May 6, 2017

Exploitation Framework for Embedded devices – RouterSploit

The RouterSploit Framework is an open-source exploitation framework devoted to embedded devices. It includes various modules that aid penetration testing operations:
  • exploits – modules that take advantage of identified vulnerabilities
  • creds – modules designed to test credentials against network services
  • scanners – modules that check if a target is vulnerable to any exploit

Requirements

  • gnureadline (OSX only)
  • requests
  • paramiko
  • beautifulsoup4
  • pysnmp
It is a critical vulnerability which allows an attacker to take remote control of a router connected to the Internet and it can be fixed only by hardware vendors.
root@kali:~# routersploitrsf (Misfortune Cookie) > show options
at No comments:

Friday, May 5, 2017

A Botnet called “Bondnet” Compromised Thousands of Windows servers and Perform DDOS used to Mines for Cryptocurrencies

A Botnet called “Bondnet” compromised more than 15,000 machine including Thousands of  Windows servers and control all its Activities Remotely and recent Discover stats that “Bondnet” Suspect for mine different cryptocurrencies.
Bondnet Botnet performance seems highly sophisticated  and  everyday more than 2000 Compromised Machines which equals to 12,000 cores reports to Bondnet Command & Control Server (C&C Server) and performing DDOS Attack.
This Botnet Attack victim machines by using different type of public exploits and installs a Windows Management Interface (WMI) Trojan  communicates with a Command and Control (C&C) server under the name of Bond007.01 operation.
at No comments:

Analyzing embedded files and executable code with Frimware Images – Binwalk

Binwalk is a device for looking a given binary image for embedded documents and executable code. Specifically, it’s far designed for figuring out files and code embedded inner of firmware images.
Binwalk uses the libmagic library, so it is compatible with magic signatures created for the Unix file utility.
  • Author: Craig Heffner
  • License: MIT
Binwalk additionally consists of a custom magic signature report which contains progressed signatures for documents which are typically found in firmware photos including compressed/archived files, firmware headers, Linux kernels, bootloaders, filesystems, and so forth.
at No comments:
Subscribe to: Posts (Atom)