An Elevation of privilege vulnerability in Intel’s Management solutions, was confirmed by Intel who released INTEL-SA-00075 for the same. The vulnerability can allow an unprivileged attacker to take over the management features. This vulnerability is assigned ID CVE-2017-5689, it rated as critical for affected targets. It is important to note that this bug does not affect … Continue reading “CVE-2017-5689: Intel Elevation Of Privilege Vulnerability”
PASSFREELY: Bypassing Oracle Database Authentication (ShadowBrokers)
The ShadowBrokers group recently released an archive of exploits, tools and utilities used by NSA to compromise various Windows servers and Oracle databases. We started investigating further into database archives to find out some interesting tools and exploits. This archive contains a tool called PASSFREELY that can be used to bypass Oracle Database authentication. This tool patches the Oracle … Continue reading “PASSFREELY: Bypassing Oracle Database Authentication (ShadowBrokers)”
Doublepulsar backdoor spreading rapidly in the wild
On April 14, 2017 – The mysterious hacking group ShadowBrokers released cyber spying tools allegedly employed by the U.S. National Security Agency. This week, it’s reported that more than 300,000 Windows machines are affected by a backdoor called “Doublepulsar” from the tools. This blog is about what “Doublepulsar” is and how we detect it. … Continue reading “Doublepulsar backdoor spreading rapidly in the wild”
EternalBlue SMB Exploit
UPDATED: May 12, 2017 In what may be the first public weaponizing of April’s Shadow Brokers dump of NSA exploits, a ransomware attack has crippled IT systems globally and disrupted operations at major organizations, including patient services at UK hospitals. WannaCry exploits the ETERNALBLUE vulnerability and please refer to the Qualys blog on WannaCry for … Continue reading “EternalBlue SMB Exploit”
D-Link DCS Series Network Cameras Cross-Site-Request-Forgery (CSRF) Vulnerability
On a recent long weekend, my friend told me about the D-Link camera he’s been using for quite a while. It’s a D-Link DCS-933L network camera which seems to be most popular. At the time of writing this blog there were more than 30000 cameras online. I downloaded the latest firmware for this device. While … Continue reading “D-Link DCS Series Network Cameras Cross-Site-Request-Forgery (CSRF) Vulnerability”
ShadowBrokers NSA Tool Dump
On Friday, April 14, 2017 – The mysterious hacking group ShadowBrokers released over 300MB of NSA hacking tools and exploits. The dump is hosted as a Yandex disk with password “Reeeeeeeeeeeeeee”. The current dump contains 3 folders oddjob, windows, swift as described below, and a detailed list of the contents can be found here. oddjob An implant builder … Continue reading “ShadowBrokers NSA Tool Dump”
Windows OLE Zero-Day Vulnerability
An exploit for an unpatched Windows OLE vulnerability has been observed in the wild. The user opens a document containing the embedded exploit, which executes a Visual Basic script. The vulnerability was initially reported by Ryan Hanson . As per McAfee the earliest attack were observed in late January 2017. The exploit works against all Microsoft … Continue reading “Windows OLE Zero-Day Vulnerability”
Microsoft XML Information Disclosure Vulnerability – CVE-2017-0022
Introduction: An Information disclosure vulnerability was found in the Microsoft XML services, the vulnerability can be exploited to detect files on target machines. The bug is fixed in MS17-022. The exploit uses an XMLDOM object to call res (Microsoft HTML Resource pluggable protocol) URL protocol. By default the support for res protocol is disabled so if you open … Continue reading “Microsoft XML Information Disclosure Vulnerability – CVE-2017-0022”
Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 SP2 Multiple Vulnerabilities
After Trend Micro fixed the vulnerabilities I reported earlier, I started testing this product again to see if I could still find few more vulnerabilities. Stored Cross Site Scripting (XSS) Vulnerability (CVE-2017-6340): I wanted to check if reports functionality had any injection vulnerabilities. I created a low privileged user ‘test2’ with Reports-Only role who could run just … Continue reading “Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 SP2 Multiple Vulnerabilities”
Sophos Secure Web Appliance Session Fixation Vulnerability
It was last month when I came across Sophos Secure Web Appliance. It’s a purpose-built secure web gateway appliance which makes web protection simple. It provides advanced protection from today’s sophisticated web malware with lightning performance that won’t slow users down. You get full control and instant insights over all web activity on your network. … Continue reading “Sophos Secure Web Appliance Session Fixation Vulnerability”