I recently came across one of the Trend Micro’s enterprise security products ‘InterScan Web Security Virtual Appliance (IWSVA)’. It’s a secure web gateway that combines application control with zero-day exploit detection, advanced anti-malware and ransomware scanning, real-time web reputation, and flexible URL filtering to provide superior Internet threat protection. I downloaded the latest version ‘IWSVA version … Continue reading “Trend Micro Interscan Web Security Virtual Appliance (IWSVA) 6.5.x Multiple Vulnerabilities”
Ticketbleed Vulnerability On F5 BIG-IP
A remote memory leaking vulnerability called Ticketbleed (CVE-2016-9244) is found on F5 BIG-IP Devices. The vulnerability allows remote attacker to extract up to 31 bytes of uninitialized memory at a time. Root cause of this heartbleed style vulnerability is during the TLS/SSL handshake, F5 BIG-IP servers echos back fixed size of memory data even client asks less … Continue reading “Ticketbleed Vulnerability On F5 BIG-IP”
WordPress Vulnerabilities Are Being Actively Exploited
At the end of January 2017, WordPress released version 4.7.2 to fix multiple security vulnerabilities. Not long after that, active exploits against these vulnerabilities were detected. Attackers left messages like “by NG689Skw” or “by w4l3XzY3” on the victims’ websites. Here’s a screenshot: You can see that the attacker became “ADMIN” of the WordPress site, and that remote code … Continue reading “WordPress Vulnerabilities Are Being Actively Exploited”
Windows SMBv3 Zero Day Vulnerability
Introduction: A buffer overflow vulnerability in SMBv3 was made public on Feb 12017, by Laurent Gaffie. The CVE-ID is CVE-2017-0016. A PoC for the same is also available here. The bug affects Windows 2012, Server 2016 and Windows 10. At the moment the PoC only demonstrates DoS attack on the target, we are not sure … Continue reading “Windows SMBv3 Zero Day Vulnerability”
WebEx Browser Extension Remote Code Execution Vulnerability
Introduction: Cisco WebEx is used to provide on-demand , online meeting, web conferencing and videoconferencing applications. It is has millions of users across the globe. Recently a remote code execution vulnerability was discovered by Google Project Zero team, with ID – CVE-2017-3823. The bug was report on January 19 2016. It allows the WebEx extension … Continue reading “WebEx Browser Extension Remote Code Execution Vulnerability”
Microsoft Edge JavaScript Information leaking Vulnerability Analysis
On November’s Microsoft Patch Tuesday, Microsoft patched multiple security vulnerabilities in Edge browser. At the beginning of January, a security research published POC code on github which exploit CVE-2016-7200 and CVE-2016-7201. Not long after the POC code, these 2 vulnerabilities become actively being exploited by multiple exploit kits. This blog is about the analysis of root … Continue reading “Microsoft Edge JavaScript Information leaking Vulnerability Analysis”
Sundown Exploit Kit Attacking Microsoft Edge Browser
The Sundown Exploit Kit that first came to light in mid 2016, appears to be under aggressive development. The exploit-kit is actively attacking the Edge Browser from Microsoft shipped with Windows 10. Specifically, the exploit-kit is targeting CVE-2016-7200 and CVE-2016-7201 which Microsoft fixed with update MS16-129, released on Patch Tuesday in the month of November. The vulnerability … Continue reading “Sundown Exploit Kit Attacking Microsoft Edge Browser”
Netgear DGN2200, DGND3700 and WNDR4500 Sensitive Information Disclosure Vulnerability
Introduction: Recently, IoT devices have been used to create large-scale botnet of devices that can execute crippling distributed denial-of-service (DDoS) attacks. Because many IoT devices are unsecured or weakly secured, which allows the bot to access hundreds of thousands of devices. The IoT devices affected in the latest incidents were primarily home routers, network-enabled cameras, … Continue reading “Netgear DGN2200, DGND3700 and WNDR4500 Sensitive Information Disclosure Vulnerability”
Firefox SVG Animation Remote Code Execution CVE-2016-9079
Introduction: A zero day exploit against Tor Browser and FireFox has been observed in the wild. The exploit is initiated when a target accesses a compromised web page or web page hosted by an attacker. The vulnerability has been assigned CVE Id – 2016-9079, Bugzilla id – 1321066. The exploit targets a use after free vulnerability … Continue reading “Firefox SVG Animation Remote Code Execution CVE-2016-9079”
Remote Code Execution Attack Against Eircom D1000 Router
In last month more than 900,000 routers belonging to Deutsche Telekom users in Germany were under attack due to remote code execution. TR-064 protocol is abused in new attack. Port 7547 is used by a remote management protocol known as either TR-069 or CWMP. “According to Shodan, about 41 Million devices have port 7547 open. … Continue reading “Remote Code Execution Attack Against Eircom D1000 Router”
