In this post you may find description of a vulnerability I found in Babel - a CMSMS module - when searching for sites affected by Open Redirection vulnerabilities...
Unless you live completely cut off from the rest of human civilization, chances are good you’ve heard about the WannaCry ransomware. However, so we’re all on the same page, I’ll go over the salient points of its history before discussing why it is still a threat. WannaCry - the first successful crypto-ransomware worm - started to spread on May 12th 2017 using the EternalBlue exploit and DoublePulsar backdoor implant (both courtesy of the Shadow Brokers and - by proxy - Equation Group/NSA) and supposedly hit more than 100 countries within the first 24 hours.
I’ve added a new page to the site with links to miscelaneous tools and materials useful for Incident Response, Malware Analysis, Penetration Testing, etc. It may be accessed here or through the easily remembered URL http://csirt.xyz.
Untrusted Network is back! I've managed to salvage most of the posts from old version of the site so you may find links to those on the main page. So far that's the only content but you may look forward to new posts in 2019!
ALEF NULA (in the interest of full disclosure, I’d like to mention that I am currently employed by AN) launched a new competition called ALEF Hacker Challenge last week. The intended aim is to compromise a specific system and gather data from it. Although not unique, it is an interesting competition and not only because the main price is 12 000 CZK.
October was named European Month of Cyber Security and because of that, many events intended to raise cyber security awareness (such as Security Fest in Prague) were held during the 30 day period. Unfortunately, October has seen just as many new developments on the proverbial “dark side” of cyber security. One of these was a widely followed theft of personal data (including credit card numbers) of up to four milion customers of a British telecommunication service provider TalkTalk.
Information concerning number of devices vulnerable to Heartbleed vulnerability has appeared in the news during September. Given that the existence of Heartbleed was made public almost a year and a half ago it may be surprising that the number of vulnerable devices exceeds 200.000. Affair concerning the Stagefright vulnerability (which was mentioned in the last Looking back) continued in September when Zimperium – the company which discovered Stagefright – released a proof-of-concept code which exploits the vulnerability.
One of the most important information related to cyber security pertains to August release of a patch for the Stagefright vulnerability, to which almost all versions of the Android OS from versions 2.2 to version 5.1 are vulnerable. The existence of Stagefright had been made public at the end of July and it is estimated that vulnerable device number in hundreds of millions. The vulnerability enables the attacker to cause arbitrary code execution by sending a specially crafted MMS.
The most important IT security-related news in July has definitely been the affair surrounding a theft of data from the Hacking Team – company, which develops commercial spyware intended for use by police departments and other security agencies. More than 400 GB of stolen data were made public and afterwards analyzed by IT security specialists, leading to discovery of a large number (still growing) of zero-day vulnerabilities which were used in Hacking Team’s products.
Probably the most interesting of security-related news in June has been an announcement by OPM (Office of Personnel Management of United States), organization which is responsible for HR services and administration of US federal employees, about an attack which exposed records for approximately four million current and past employees. The breach has apparently been active for some time before it was discovered using a special IDS called Einstein. Anonymous US officials attributed the attack to China.