CryptoPHP is a threat that uses backdoored Joomla, WordPress, and Drupal themes and plug-ins to compromise webservers on a large scale. By publishing pirated themes and plug-ins free for anyone to use instead of having to pay for them, the CryptoPHP actor is social engineering site administrators into installing the included backdoor on their server.
c7dfe85cde25dbe5c269bd310b1cfea91ea45e7b76f3c8eb974764ac3d6e7fca
Whitepaper called Nazca: Detecting Malware Distribution in Large-Scale Networks. In this paper, they study how clients in real-world networks download and install malware, and present Nazca, a system that detects infections in large scale networks. Nazca does not operate on individual connections, nor looks at properties of the downloaded programs or the reputation of the servers hosting them. Instead, it looks at the telltale signs of the malicious network infrastructures that orchestrate these malware installation that become apparent when looking at the collective traffic produced and becomes apparent when looking at the collective traffic produced by many users in a large network. Being content agnostic, Nazca does not suffer from coverage gaps in reputation databases (blacklists), and is not susceptible to code obfuscation. They have run Nazca on seven days of traffic from a large Internet Service Provider, where it has detected previously-unseen malware with very low false positive rates.
032e0a68647df30e19b1e6384d3777c89aaa648d1c9fa02c224a00ccae04a680
This write up goes into detail about how real world cross site request forgery attacks can be used to hijack DNS on TP-Link routers.
97ebb3cb84a6a9a66f84afff891ff378fa74b1e2ed747d6a5cd984a436456d72
This document contains the results of a second comparative penetration test conducted by a team of security specialists at Zero Science Lab against two cloud-based Web Application Firewall (WAF) solutions: Incapsula and Cloudflare. This test was designed to bypass security controls in place, in any possible way, circumventing whatever filters they have. Given the rise in application-level attacks, the goal of the test was to provide IT managers of online businesses with a comparison of these WAFs against real-world threats in simulated real-world conditions.
049e90fe97f45591ee478a6bbbd1000e75975f5dbc47b2e1e89cfc59d6426fdc
This whitepaper analyzes the extent of infection, business risk, data exposure, and more in regards to the malware known as VBS/Jenxcus.A.
567e2ee22a9d5c0dcf6342c5288c26f13373faaaa3fef362a1409482a99db009
This whitepaper analyzes the extent of infection, business risk, data exposure, and more in regards to the malware known as TrojanDropper.Win32-Rovnix.l.
483c3bdf2e2790640efc1c8e907d63d753619f2b530de037d2a0a9fcaabc0290
This is an analysis of APT1 that was inspired by the original work from Mandiant.
e8a10ba6e3eb63c176971035cac6afc991e42b40fbd61c9bf22dc4a5716116fe
This document is a detail analysis of the Java applet vulnerability as noted in CVE-2012-5076.
7eeb8ee0aa1f322c9171f7d50fdfb6981bdfe07f9917cd5cb594c930fb228140
This paper is the result of various security assessments performed on several CheckPoint/SofaWare firewalls in both a controlled (computer lab) and production environments during several penetration tests. Several different CheckPoint/SofaWare firewall models were purchased for testing in their computer lab. By having full access to the target devices, it becomes possible to discover new vulnerabilities that could be missed during a standard unauthenticated penetration test.
c35375f660fa53fbebaaebb25ec6173e990a9bc1e26ffd2917339ccfbf6a2454
This whitepaper is a thorough analysis of the Adobe Flash Player integer overflow vulnerability and documented in CVE-2012-1535.
e46a3e43ec3e9446bcf1fa801d93b9d52396891905bbbce417daada24526d84c
This document is an analysis of the Microsoft Internet Explorer use-after-free vulnerability as noted in CVE-2012-4969.
71be4f13df3ab83a03a854c8af051074e8ab424be281df96d72b7c7300338be3
This document is an analysis of the Oracle Java Applet SunToolkit.getField remote code execution vulnerability as noted in CVE-2012-4681.
984b4382479c7f5ba1f0cdda3a43a567466a673b2a4732358d08f4d66b5b22cf
This document is an analysis of the XMLCoreServices vulnerability as noted in CVE-2012-1889.
828b379ab4424701b75ce391f88d286539d3a8d455c851c98b434fdae395ec19
Since the 30th of May 2012 hackers were abusing the Microsoft XML core services vulnerability. The 10th of July 2012 Microsoft finally published a security advisory which fixes this issue. The present document and video explains the details about this fix. As a lab test they used a Windows XP workstation with Service Pack 3. The Internet explorer version is 6.0.
0663e2de1f39f4495717f0290d861ffdd11a1fe7f2edc6deba2d85db93bac5bd
Whitepaper called Browser Security Comparison: A Quantitative Approach. The Accuvant LABS research team completed an extensive security evaluation of the three most widely used browsers – Mozilla Firefox, Google Chrome, and Microsoft Internet Explorer – to determine which browser best secures against attackers. The team used a completely different and more extensive methodology than previous, similar studies. They compared browsers from a layered perspective, taking into account security architecture and anti-exploitation techniques.
e054bd896f56e8be803b55bc04ad540e6247fb7a0bbcf3094c27a9a421226a18
A whitepaper called An Approach To Malware Collection Log Visualization.
6daff3c4fd8e665fe93ebd37a11bb5cb62e02381d122fbf1d87f7b5da4eed8dd
This paper discusses potential security weaknesses that may be present in messaging systems either as a result of software flaws, application design or the misconfigurations of services. It focuses on TIBCO Rendezvous, as an example of a commonly used enterprise messaging system. Recommendations are then presented which mitigate these security issues.
30f5a8238e6edc015d11426f17a737139cb286ac98539e6c0c99d7c160fc1c83
Analysis whitepaper detailing Cyber-terrorism defacement attacks on pro-Israeli servers by Team Evil.
b5c0b1a8f42634e6f235bab6d79b65c54bd1315b316a4aad456f35821a58aaa9
A paper discussing the various vulnerabilities in DNS: "The vulnerabilities described in this advisory affect implementations of the Domain Name System (DNS) protocol. Many vendors include support for this protocol in their products and may be impacted to varying degrees, if at all."
d5c3453b8775ce662de82820c87934d3586b2daf744da4869731b0767a4a765a
The Web Application Firewall Evaluation Criteria project is proud to announce version 1.0 of The Web Application Firewall Evaluation Criteria (WAFEC), its first official release. WAFEC is a result of a collaboration between web application firewall vendors and independent security professionals to create a comprehensive, vendor-neutral, web application firewall evaluation criteria. The resulting framework can be used to evaluate and and compare web application firewalls.
30934b361df1e3d08250b193e224b8b6ceb4dc93d5c4c031e85dcf23afe88bf8
GAO Report - Federal Efforts to Improve Security and Reliability of Electronic Voting Systems Are Under Way, but Key Activities Need to Be Completed.
a43c4a0ab9f407a8ca42196df289cf0094dd757c4da3b6459b1c1290efe12817
Short white paper discussing some questionable circumstances surrounding the Barracuda Spam Firewall appliances.
e377627c8b875d81d5252b300f778362107dd0e56c83e2b4687e96dc8f2ba9f5
A paper released by Relevant Technologies discussing the commercial CyberAngel product that provides laptop recovery and file encryption all-in-one.
7056e8965c4297f056c153ba29228321fc8f6bd82ccc8e41c57e87670cd5daad
A paper released by Relevant Technologies discussing ways and means to combat Spam using various filters available.
f9225336dd0fe9690207e4daf5130cb98c478b6a3c29732d0ccbb08c5944aa64
Network Intrusion Detection of Third Party Effects v1.0.1 - This paper describes "third party effects," generally caused by adversaries spoofing your IP addresses while attacking an unrelated victim. The events are explained from the points of view of the three parties: the first party (the adversary), the second (the victim), and you, the third party (the bystander whose IPs were spoofed.) The paper includes packet captures, diagrams, and material not originally presented in the author's "Interpreting Network Traffic," such as a comparison of SYN vs ACK floods.
96e5b344c8fc7d81d1401194a28fdea918751bf78780c5bc31ef9ea0ee322d2a