Introduction: Recently, IoT devices have been used to create large-scale botnet of devices that can execute crippling distributed denial-of-service (DDoS) attacks. Because many IoT devices are unsecured or weakly secured, which allows the bot to access hundreds of thousands of devices. The IoT devices affected in the latest incidents were primarily home routers, network-enabled cameras, … Continue reading “Netgear DGN2200, DGND3700 and WNDR4500 Sensitive Information Disclosure Vulnerability”
Category: ThreatPROTECT
Firefox SVG Animation Remote Code Execution CVE-2016-9079
Introduction: A zero day exploit against Tor Browser and FireFox has been observed in the wild. The exploit is initiated when a target accesses a compromised web page or web page hosted by an attacker. The vulnerability has been assigned CVE Id – 2016-9079, Bugzilla id – 1321066. The exploit targets a use after free vulnerability … Continue reading “Firefox SVG Animation Remote Code Execution CVE-2016-9079”
Remote Code Execution Attack Against Eircom D1000 Router
In last month more than 900,000 routers belonging to Deutsche Telekom users in Germany were under attack due to remote code execution. TR-064 protocol is abused in new attack. Port 7547 is used by a remote management protocol known as either TR-069 or CWMP. “According to Shodan, about 41 Million devices have port 7547 open. … Continue reading “Remote Code Execution Attack Against Eircom D1000 Router”
NTPD read_mru_list() DoS Layman Analysis
Background: NTP stands for Network Time Protocol, which is a UDP based protocol designed to synchronize clocks of devices over a network with Coordinated Universal Time (UTC). In it’s fourth version, it is one of the oldest networking protocols. NTP.org implemented this as a daemon. Many vendors use this implementation in their products. In it’s … Continue reading “NTPD read_mru_list() DoS Layman Analysis”
Shell Code Analysis for The Active Firefox Tor Attack
On November 29, an exploit code against TorBrowser was published. It is reported that Firefox and TorBrowser are under active attack for this vulnerability. This blog explains what the attackers are trying to do on their victim’s machine (shell code) and the techniques used under the hood. Get The Shell Code Ready Shell code is … Continue reading “Shell Code Analysis for The Active Firefox Tor Attack”
NTP CVE-2016-7434 Vulnerability Analysis
Last week, the Network Time Foundation’s NTP Project released a new version, NTP 4.2.8p9, to fix 10 security vulnerabilities. We noticed that after the new release came out, the original research published a POC for exploiting CVE-2016-7434. This blog is about the verifying the exploit published and a deep analysis about this vulnerability. NTP MRU … Continue reading “NTP CVE-2016-7434 Vulnerability Analysis”
Windows Disk Cloning Vulnerability CVE-2016-7224
Introduction: Microsoft has released many fixes in the month of November, MS16-138 focuses on the virtual hard disk driver(VHD) vulnerabilities. In article we will be focusing on the CVE-2016-7224, Google Project Zero disclosed this vulnerability to microsoft. The vulnerability also compromises confidentiality as it leaks information. We will first provide some background about virtual disks … Continue reading “Windows Disk Cloning Vulnerability CVE-2016-7224”
CVE-2016-7255 Vulnerability Analysis and Patch Diff
On November’s Patch Tuesday, Microsoft patched an elevation of privilege vulnerability (CVE-2016-7255) in MS16-135. It was reported that this vulnerability is being actively exploited by Pawn Storm, APT28, Fancy Bear. This blog is about what is this vulnerability and how does Microsoft fix it. Window, Child Window and CVE-2016-7255 Window plays an important part in Microsoft’s … Continue reading “CVE-2016-7255 Vulnerability Analysis and Patch Diff”
Sundown Exploit Kit and The EITEST Campaign
Abstract: After the vanishing of Angler and Neutrino Exploit kits (EK), the underground cyber world of EK was left with only one major player with Rig EK. Pseudo-Darkleech and EITEST, the two most popular website compromise campaigns, both redirected their victims to Rig EK. However, a few days back, our systems recently detected a major … Continue reading “Sundown Exploit Kit and The EITEST Campaign”
IE Information Disclosure 0-day used in Malvertising campaigns and Neutrino EK
Introduction: The success of an exploit kit depends on many parameters infecting effective targets, avoiding honeypots, sandboxes and researchers who are always on the lookout for new exploit kits and expose it to world. An exploit kit that is stealthy will have a longer life time and gains more reputation. This is reflected in an EK’s capability … Continue reading “IE Information Disclosure 0-day used in Malvertising campaigns and Neutrino EK”
