CryptoPHP is a threat that uses backdoored Joomla, WordPress, and Drupal themes and plug-ins to compromise webservers on a large scale. By publishing pirated themes and plug-ins free for anyone to use instead of having to pay for them, the CryptoPHP actor is social engineering site administrators into installing the included backdoor on their server.
c7dfe85cde25dbe5c269bd310b1cfea91ea45e7b76f3c8eb974764ac3d6e7fcaWhitepaper called Nazca: Detecting Malware Distribution in Large-Scale Networks. In this paper, they study how clients in real-world networks download and install malware, and present Nazca, a system that detects infections in large scale networks. Nazca does not operate on individual connections, nor looks at properties of the downloaded programs or the reputation of the servers hosting them. Instead, it looks at the telltale signs of the malicious network infrastructures that orchestrate these malware installation that become apparent when looking at the collective traffic produced and becomes apparent when looking at the collective traffic produced by many users in a large network. Being content agnostic, Nazca does not suffer from coverage gaps in reputation databases (blacklists), and is not susceptible to code obfuscation. They have run Nazca on seven days of traffic from a large Internet Service Provider, where it has detected previously-unseen malware with very low false positive rates.
032e0a68647df30e19b1e6384d3777c89aaa648d1c9fa02c224a00ccae04a680This write up goes into detail about how real world cross site request forgery attacks can be used to hijack DNS on TP-Link routers.
97ebb3cb84a6a9a66f84afff891ff378fa74b1e2ed747d6a5cd984a436456d72This document contains the results of a second comparative penetration test conducted by a team of security specialists at Zero Science Lab against two cloud-based Web Application Firewall (WAF) solutions: Incapsula and Cloudflare. This test was designed to bypass security controls in place, in any possible way, circumventing whatever filters they have. Given the rise in application-level attacks, the goal of the test was to provide IT managers of online businesses with a comparison of these WAFs against real-world threats in simulated real-world conditions.
049e90fe97f45591ee478a6bbbd1000e75975f5dbc47b2e1e89cfc59d6426fdcThis whitepaper analyzes the extent of infection, business risk, data exposure, and more in regards to the malware known as VBS/Jenxcus.A.
567e2ee22a9d5c0dcf6342c5288c26f13373faaaa3fef362a1409482a99db009This whitepaper analyzes the extent of infection, business risk, data exposure, and more in regards to the malware known as TrojanDropper.Win32-Rovnix.l.
483c3bdf2e2790640efc1c8e907d63d753619f2b530de037d2a0a9fcaabc0290This is an analysis of APT1 that was inspired by the original work from Mandiant.
e8a10ba6e3eb63c176971035cac6afc991e42b40fbd61c9bf22dc4a5716116feThis document is a detail analysis of the Java applet vulnerability as noted in CVE-2012-5076.
7eeb8ee0aa1f322c9171f7d50fdfb6981bdfe07f9917cd5cb594c930fb228140This paper is the result of various security assessments performed on several CheckPoint/SofaWare firewalls in both a controlled (computer lab) and production environments during several penetration tests. Several different CheckPoint/SofaWare firewall models were purchased for testing in their computer lab. By having full access to the target devices, it becomes possible to discover new vulnerabilities that could be missed during a standard unauthenticated penetration test.
c35375f660fa53fbebaaebb25ec6173e990a9bc1e26ffd2917339ccfbf6a2454This whitepaper is a thorough analysis of the Adobe Flash Player integer overflow vulnerability and documented in CVE-2012-1535.
e46a3e43ec3e9446bcf1fa801d93b9d52396891905bbbce417daada24526d84cThis document is an analysis of the Microsoft Internet Explorer use-after-free vulnerability as noted in CVE-2012-4969.
71be4f13df3ab83a03a854c8af051074e8ab424be281df96d72b7c7300338be3This document is an analysis of the Oracle Java Applet SunToolkit.getField remote code execution vulnerability as noted in CVE-2012-4681.
984b4382479c7f5ba1f0cdda3a43a567466a673b2a4732358d08f4d66b5b22cfThis document is an analysis of the XMLCoreServices vulnerability as noted in CVE-2012-1889.
828b379ab4424701b75ce391f88d286539d3a8d455c851c98b434fdae395ec19Since the 30th of May 2012 hackers were abusing the Microsoft XML core services vulnerability. The 10th of July 2012 Microsoft finally published a security advisory which fixes this issue. The present document and video explains the details about this fix. As a lab test they used a Windows XP workstation with Service Pack 3. The Internet explorer version is 6.0.
0663e2de1f39f4495717f0290d861ffdd11a1fe7f2edc6deba2d85db93bac5bdWhitepaper called Browser Security Comparison: A Quantitative Approach. The Accuvant LABS research team completed an extensive security evaluation of the three most widely used browsers – Mozilla Firefox, Google Chrome, and Microsoft Internet Explorer – to determine which browser best secures against attackers. The team used a completely different and more extensive methodology than previous, similar studies. They compared browsers from a layered perspective, taking into account security architecture and anti-exploitation techniques.
e054bd896f56e8be803b55bc04ad540e6247fb7a0bbcf3094c27a9a421226a18A whitepaper called An Approach To Malware Collection Log Visualization.
6daff3c4fd8e665fe93ebd37a11bb5cb62e02381d122fbf1d87f7b5da4eed8ddThis paper discusses potential security weaknesses that may be present in messaging systems either as a result of software flaws, application design or the misconfigurations of services. It focuses on TIBCO Rendezvous, as an example of a commonly used enterprise messaging system. Recommendations are then presented which mitigate these security issues.
30f5a8238e6edc015d11426f17a737139cb286ac98539e6c0c99d7c160fc1c83Analysis whitepaper detailing Cyber-terrorism defacement attacks on pro-Israeli servers by Team Evil.
b5c0b1a8f42634e6f235bab6d79b65c54bd1315b316a4aad456f35821a58aaa9A paper discussing the various vulnerabilities in DNS: "The vulnerabilities described in this advisory affect implementations of the Domain Name System (DNS) protocol. Many vendors include support for this protocol in their products and may be impacted to varying degrees, if at all."
d5c3453b8775ce662de82820c87934d3586b2daf744da4869731b0767a4a765aThe Web Application Firewall Evaluation Criteria project is proud to announce version 1.0 of The Web Application Firewall Evaluation Criteria (WAFEC), its first official release. WAFEC is a result of a collaboration between web application firewall vendors and independent security professionals to create a comprehensive, vendor-neutral, web application firewall evaluation criteria. The resulting framework can be used to evaluate and and compare web application firewalls.
30934b361df1e3d08250b193e224b8b6ceb4dc93d5c4c031e85dcf23afe88bf8GAO Report - Federal Efforts to Improve Security and Reliability of Electronic Voting Systems Are Under Way, but Key Activities Need to Be Completed.
a43c4a0ab9f407a8ca42196df289cf0094dd757c4da3b6459b1c1290efe12817Short white paper discussing some questionable circumstances surrounding the Barracuda Spam Firewall appliances.
e377627c8b875d81d5252b300f778362107dd0e56c83e2b4687e96dc8f2ba9f5A paper released by Relevant Technologies discussing the commercial CyberAngel product that provides laptop recovery and file encryption all-in-one.
7056e8965c4297f056c153ba29228321fc8f6bd82ccc8e41c57e87670cd5daadA paper released by Relevant Technologies discussing ways and means to combat Spam using various filters available.
f9225336dd0fe9690207e4daf5130cb98c478b6a3c29732d0ccbb08c5944aa64Network Intrusion Detection of Third Party Effects v1.0.1 - This paper describes "third party effects," generally caused by adversaries spoofing your IP addresses while attacking an unrelated victim. The events are explained from the points of view of the three parties: the first party (the adversary), the second (the victim), and you, the third party (the bystander whose IPs were spoofed.) The paper includes packet captures, diagrams, and material not originally presented in the author's "Interpreting Network Traffic," such as a comparison of SYN vs ACK floods.
96e5b344c8fc7d81d1401194a28fdea918751bf78780c5bc31ef9ea0ee322d2a
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed