Posts

Showing posts from April, 2020

Pharming Attack: How attackers use fake websites to steal data

Image
Pharming definition A pharming attack tries to redirect a website's traffic to a fake website controlled by the attacker, usually for the purpose of collecting sensitive information from victims or installing malware on their machines. Attackers tend to focus on creating look-alike eCommerce and digital banking websites to harvest credentials and payment card information. How pharming attacks work Though they share similar goals, pharming uses a different method from phishing. “Pharming attacks are focused on manipulating a system, rather than tricking individuals into going to a dangerous website,” explains David Emm, a principal security researcher at Kaspersky. “When either a phishing or pharming attack is completed by a criminal, they have the same driving factor to get victims onto a corrupt location, but the mechanisms in which this is undertaken are different.” Pharming attacks involve redirecting user requests by manipulating the Domain Name Service (DNS) protocol

vMX configuration vulnerability in Juniper Networks Junos OS

Image
vMX configuration vulnerability in Juniper Networks Junos OS Component Affected • Juniper Networks Junos OS: o 17.1 versions prior to 17.1R2 -S11, 17.1R3-52 on vMX; o 17.2 versions prior to 17.2R3-53 on vMX; o 17.3 versions prior to 17.3R2 -S5, 17.3R3-57 on vMX; o 17.4 versions prior to 17.4R2 -S9, 17.4R3 on vMX; o 18.1 versions prior to 18.1R3-59 on vMX; o 18.2 versions prior to 18.2R2 -S7, 18.2R3-53 on vMX; o 18.2X75 versions prior to 18.2X75 -D420, o 18.2X75 -D60 on vMX; o 18.3 versions prior to 18.3R1 -S7, 18.3R2 -S3, o 18.3R3 -S1 on vMX; o 18.4 versions prior to 18.4R1 -S5, 18.4R2 -S3, o 18.4R3 on vMX; o 19.1 versions prior to 19.1R1 -S4, 19.1R2, 19.1R3 on vMX; o 19.2 versions prior to 19.2R1 -S3, 19.2R2 on vMX; o 19.3 versions prior to 19.3R1 -S1, 19.3R2 on vMX. Overview A vulnerability has been reported in vMX installations which could allow an attacker to access the vMX instance without authorization. Description A vulnerability exists in the fac

GHIDRA : NSA Reverse Engineering Tool

Image
Ghidra is a software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate. This framework includes a suite of full-featured, high-end software analysis tools that enable users to analyze compiled code on a variety of platforms including Windows, macOS, and Linux. Capabilities include disassembly, assembly, decompilation, graphing, and scripting, along with hundreds of other features. Ghidra supports a wide variety of processor instruction sets and executable formats and can be run in both user-interactive and automated modes. Users may also develop their own Ghidra plug-in components and/or scripts using Java or Python. In support of NSA's Cybersecurity mission, Ghidra was built to solve scaling and teaming problems on complex SRE efforts, and to provide a customizable and extensible SRE research platform. NSA has applied Ghidra SRE capabilities to a variety of problems that involve analyzing malicious code and gener

Multiple Vulnerabilities in Drupal

Image
Multiple Vulnerabilities in Drupal Software Affected  Drupal 8.x Overview Multiple Vulnerability has been reported in Drupal which could be exploited by an attacker to execute arbitrary commands  on a targeted system. Description 1. Access bypass Vulnerability This vulnerability exists due to insufficient check user permissions to access its workflows entities. An attacker could exploit this vulnerability by Forms Steps provides a UI to create form workflows using form modes. Successful exploitation of this vulnerability could allow the attacker to see any entities that have been created through the different steps of its multistep forms. 2. Insecure session token management Vulnerability This vulnerability allows you to store external images on your server and apply your own Image Styles. The module exposes cookies to external sites when making external image requests. An attacker could exploit this vulnerability successfully take control of the targeted website

Marriott Data Breach of 5.2 Million customers

Image
Marriott has confirmed a second data breach in three years — this time involving the personal information on 5.2 million guests. The hotel giant said Tuesday it discovered in late February the breach of an unspecified property system at a franchise hotel. The hackers obtained the login details of two employees, a hotel statement said and broke in weeks earlier during mid-January. Marriott said it has “no reason” to believe payment data was stolen but warned that names, addresses, phone numbers, loyalty member data, dates of birth and other travel information — such as linked airline loyalty numbers and room preferences — were taken in the breach. Starwood, a subsidiary of Marriott, said in 2018 its central reservation system was hacked, exposing the personal data and guest records on 383 million guests. The data included five million unencrypted passport numbers and eight million credit card records. It prompted a swift response from European authorities, which issued Marrio