A vulnerability in Microsoft SharePoint which could allow remote code execution if a user opens a specially crafted Office file in an affected version of Microsoft SharePoint Server, Microsoft Office Services, or Web Apps.

@theartofmadeline
Mike Driver

JBB: An Artblog!
Claire Keane
ojovivo
PUT YOUR BEARD IN MY MOUTH

pixel skylines
will byers stan first human second

blake kathryn
Aqua Utopia|海の底で記憶を紡ぐ

Kiana Khansmith

#extradirty
No title available
Cosmic Funnies
d e v o n
I'd rather be in outer space 🛸
h
macklin celebrini has autism
AnasAbdin
Not today Justin
seen from Mexico
seen from Malaysia
seen from Netherlands

seen from France
seen from United States
seen from South Africa
seen from United States
seen from United States

seen from Türkiye
seen from United States
seen from United States
seen from United States
seen from United States

seen from United States

seen from United States
seen from United States
seen from United States

seen from United States
seen from United States

seen from United States
@iviz
A vulnerability in Microsoft SharePoint which could allow remote code execution if a user opens a specially crafted Office file in an affected version of Microsoft SharePoint Server, Microsoft Office Services, or Web Apps.
The current trend in the data ecosystem shows high rising volumes of logs and unstructured data which is becoming a rage these days. In fact the traditional technologies are lacking the abilities to match the performance with the growing volume of the data. Organizations across all industries are confronting the same challenge: data is arriving faster than existing data warehousing platforms are able to absorb and analyze it. Enterprises have enormous amount of logs generated which is either stored in the databases for further processing or is analyzed manually. In 2012, Gartner re-defined big data as follows: Big data is...
To know about the Top 5 OWASP Vulnerabilities of 2013 and the coding program to be written by a J2E Programmer to mitigate, read this Blog.
Online banking had been a lucrative target for cyber-criminals since its advent. Nowadays, almost all banks have an online presence and most allow their customers to do online transactions. In the initial days, phishing was a very widely used method to obtain banking credentials from unsuspecting victims. Other methods included incorporating key-loggers in malware to steal banking credential. Though phishing and key-loggers is still widely in use, banks have become aware of these threats and introduced multi-factor authentication including one-time passwords to thwart such attacks. A relatively new attack which defeats such multi-factor authentication is the man-in-the-browser attack. More details of the attack can be found here. Here we will talk about some precautions that one should take while doing online banking including counter-measures against Man-in-the-Browser attacks.
Description
Effectiveness against MITB
Why?
Use strong password or passphrase which is easier for you to remember but difficult for other to guess and change them at regular intervals.
Not effective
MITB malware can intercept the password from Browser directly or simply wait till user is authenticated.
Enable and use multi-factor authentication
Not effective
Ensure SSL certificates are valid and trusted (Green Lock)
Not effective
Basic Security Awareness, Keep OS, Browser updated.
Maybe
Chances of getting infected by Malware by Social Engineering attacks or Client-side exploits are lower.
Using separate system for and only for Online banking
Maybe
Chances of getting infected by Malware is lower but it is inconvenient and requires strict discipline which is rare (even among many security experts)
Use updated Anti-virus/Anti-malware
Sometimes
Depends on detection capability of anti-virus. Less likely to protect if the malware is new or is targeted.
Hardened Browser in an USB drive
Moderately effective
MITB Malware has less chance to infect the browser though it is still possible using 0-day exploits. Recently there was news of one such 0-day which was used against hardened Firefox. Also this may be inconvenient for corporates as USB drives are usually disabled for security reasons.
Be alert while doing Online banking and always read all transaction details and/or errors that you receive though the offline verification before proceeding with any transaction. Promptly inform your Bank if you notice any discrepancies.
Moderately Effective
Typically Banks that are aware of MITB attacks would send you details of your transaction though an Out-of-band channel (phone/sms). You should verify the details carefully before proceeding. Recent MITB attacks have become even smarter and suggest the victims to install malicious mobile application for online banking such that the malware can intercept and even change such Out of band messages.
In a nutshell, as an end-user, you have very little options to be fully secure against Man-in-the-browser attacks and so it makes sense to do online banking only with those banks that are aware of this threat and have implemented counter-measures. In the worst case, do not use online banking at all if your Bank has not implemented any safeguards against Man-in-the-browser attack.
In the next part we will list some of the security strategies that Banks can implement to safeguard their Customers.
Recently, we were pentesting a Data mining and Analytics company. The amount of data that they talked about is phenomenal and they are planning to move to Big Data. They invited me to write a blog on state of the art, Big Data security concerns and challenges and I happily accepted. Big data is fundamentally different from traditional relational databases in terms of requirements and architecture. Big data is often characterized by 3Vs, Volume, Velocity and Variety of data. Some of the fundamental differences in Big Data architecture are Distributed Architecture, Real Time, Stream and Continuous Computations, Ad-hoc Queries, Parallel and powerful Programming Language, Move the Code, Non Relational Data, Auto-tiering and Vareity of Input Data Sources. The top 5 vulnerabilities classes are Insecure Computation, End-point input validation/filtering, granular access control, Insecure Data Storage and communication, Privacy Preserving Data Mining and Analytics. Read more about this blog via link provided. . .
Fast & Furious Joomla Security Guide
Joomla is one of the most popular CMS which gives ease of installation, handling and managing your web application. Read this article that describes a comprehensive approach to pen-test Joomla applications.
http://www.ivizsecurity.com/blog/web-application-security/guidelines-for-pen-testing-a-joomla-based-site/
Joomla is one of the most popular CMS which gives ease of installation, handling and managing your web application. And so being obvious is used in many popular sites and therefore security of Joomla is of great importance in order to keep the web application secure. However Joomla being an open source project easily clears the basic vulnerabilities exam, although there are certainly some security risks which a pen-tester must not forget while testing such application. Such risks can be classified as:
Vulnerabilities in third party components.
Insecure custom development of certain features such as order booking, payment integration etc.
Misconfiguration related vulnerabilities, and
Vulnerabilities in Joomla Core (might need in depth testing of the core, however)
In my whitepaper, “Fast And Furious Joomla Security Testing Guide”, I have described a comprehensive approach to pen-test Joomla applications. I believe, it should be of great value to both pen-testers and developers.
Current Security State of Joomla:
When we talk about Security in Joomla, we have to focus on both Joomla framework and the extensions too. However Joomla itself is quite stable and less prone to attacks. As of now there are less number of vulnerabilities being discovered in Joomla core, however in early days of this project, lot of vulnerabilities had been discovered in its core which includes XSS, SQL Injections, Privilege Escalations, Code Injections, etc. So this makes it very clear that chances of hitting a vulnerability in a Joomla extensions is much higher than finding a zero day in the core.
Most Common vulnerabilities found in Joomla:
With Code Injection on the top followed by SQL Injection, Joomla core has been reported a total of 55 Injection Flaws, 16 Cross Site Scripting, 14 File Inclusions, 6 Information Disclosures, 3 Privilege Escalations, 2 CSRF, 1 HTTP Response Splitting and 2 Access Control Bypass vulnerabilities.
Need for this Document:
This documentation has been made to reveal the methodology which must be adopted (not strictly) to test a Web Application powered by Joomla. This guide will also help you recommend security countermeasures to your clients for bulletproofing their Joomla sites.
Detecting Joomla: Well, for detecting a Joomla site, one can start with manual approach by hitting a known Joomla path or digging into the source code of site. However, automated tools like Joomscan, CMS-explorer, etc. might also be used for this purpose. Also try to find the version of the installation, so that If older version has been implemented, you can Google out the previously known bugs which have been awarded CVEs. Automated tools also try to the same stuff by finding the version and listing down the known bugs for that particular version. However admin might have done some changes in order to escape from scanners, so manual approach must be tried positively.
Exploiting Joomla:
1. Find the version (as mentioned in above point). If the installation is not the latest one, there are chances of already disclosed bugs. Google out such information and try to regenerate the previously known bugs discovered by other researchers.
2. List down the plugins being used. Find as many input points and try injecting malicious data. As exploiting the core of Joomla will require more intense manual test, and your client is short of time, a time saving approach will be to dig the source code, find the third party extensions and try to locate the already known vulnerabilities in extensions.
3. Core as a target: As already mentioned, Joomla core is quite secure and finding a bug in core will need a more planned and intense testing. For this spider the application, find all the injection points, and try malicious input in each injection point. There might be client side validation at many points which can be bypassed by using any intercepting proxy like BurpSuite, Tamper Data, etc. Meanwhile you can try the same approach for testing plugins.
Automated Tools: These tools like CMS-explorer and Joomscan comes up with predefined test case which they generate according to the application. They identify vulnerabilities mainly on the basis of the detected version of core and plugins. However one advantage they give over manual testing is, they test insecure configurations on the server in a pretty fast manner.
SQL Injection: Joomla extensions have been reported a lot of SQL Injection flaws in core as well as plugins. So loading your kit with sqlmap will not be a bad idea. Make sure you try SQL injection as soon as you see some ID, catid, and other such parameter passing by.
Testing for LFI: Also, there have been quite a good number of LFI exploits in Joomla extensions and core, so wherever you see some page or a path going through a parameter, do not forget to inject the null bytes for directory traversal to internal files that may reveal critical information.
Testing for XSS: For testing XSS, try to find as many as injection points for which input is getting reflected on some page. On identifying such points, try to inject your XSS payloads. Also try to understand the filtering mechanism (if any). Most of the time, developers secure the application by patching the vulnerability improperly, thus becominga victim of the hack. For example, many times they might do output encoding for HTML tags and double quotes. But they forget that the injected value might be going into the JavaScript hotspot within single quotes which might be easily escaped by using giving an extra single quote which is not being encoded. Well, this was just a single example out of many bypassing techniques. So once you have an idea of understanding the filtering mechanism, try to bypass those filters. You can also have a look at our previous post on “Bypassing XSS filters” for getting a good start on Cross Site Scripting.
Testing for other vulnerabilities: Do not forget to test for Command Injection, LFI, RFI, CSRF, Privilege Escalation, Information Disclosure, and other such flaws. As Web App Sec is a huge field and there are a huge number of vulnerabilities being exploited in the wild. Make sure you are aware of those tests meanwhile trying to find a vulnerable extension to save your time. Another point which must be kept in mind is that while browsing application, you might not be able to reach every possible file that may be vulnerable. This can be down by either using Spider on the web application of getting a copy of the plugin explicitly in order to find all possible paths. If time allows, you can also do some source code review given that you have some web programming language.
Securing Joomla: Always keep your application updated, whether it isJoomla or your copy of Windows. There are zero days of which you are not aware, but specific vendors are and hence they release updates too. Keep track of your target visitors, use strong passwords and self-test your application time to time. You must also follow security practices which Joomla people mention in their Joomla Security Checklist. You can have look on the following points as well:
Always keep you Joomla up to date. Install the latest upgrade as soon as the upgrade is released.
Whatever extensions are being used, they must be properly patched with latest upgrade releases. Any old extension may give attacker a way to compromise the site.
Do not use extensions which have not being used by, or which have not been tested properly.
All user inputs must be properly validated. These inputs can be inputs in forms, URI, image uploads, etc. Suppose if a BROWSE button enables the user to upload the image, it must only enable him to upload an image and not a PHP shell which may later work like a backdoor on the server.
Use strong passwords for all logins. At least 8 characters, one special character, one number, and one case sensitive letter. It will protect your installation from a brute force.
Always keep a track of “Latest Visitors” in the Web Server’s log files for catching potential attacks. Never consider your log files as just a piece of information. It is highly useful in tracking and monitoring the users.
Put some stress to implement more security to the whole server on which you Joomla based site is hosted; being it hosted on shared server or a dedicated one.
Make a list of all the extensions you use and keep monitoring them.
Keep yourself up to date with latest vulnerabilities and disclosures at various security advisories. Exploit-db, osvdb, CVE, etc. are some of the good resources.
Change the permission on your .htaccess file as it is by default using write permissions (as Joomla has to update it). The best practice is to use 444 (r-xr-xr-x).
Proper file permissions on the public directories must be given so that any malicious file must not be uploaded or executed. The best practice in this context is 766 (rwxrw-rw-), i.e. only owner can read, write and execute. Others can only read and write.
No one must have the permission to write into PHP files on the server. They all must be set with 444 (r—r—r–), everyone can read only.
Delegate the roles. It makes your Administrator account safe. In case someone hacks into your machine, it must have access to the respective user only, and not the administrator account.
The database users must only have permission to give commands like INSERT, UPDATE, and DELETE rows. They must not be allowed to DROP tables.
Change the names of backend folders, e.g. you can change /administrator to /admin12345.
Last but not the least, keep updated with latest vulnerabilities.
iViZ Launches The Most Comprehensive Mobile Application Security Testing as a Service
We are excited to announce the launch of mobile application security testing. iViZ shall provide the most comprehensive mobile application security testing by combining static application security testing, dynamic application security testing and manual validation. The solution is aimed to provide zero false positive and business logic testing covering most of the WASC v2 threat classes. Due to the increased sophistication of mobile platforms and the proliferation of mobile applications, an organization’s mobile infrastructure represents yet another attack surface on an enterprise network.
Read more about this here:
http://www.ivizsecurity.com/blog/uncategorized/iviz-launches-the-most-comprehensive-mobile-application-security-testing-as-a-service/
A lot of great documentation exists for web application assessment from an external or contracted pen-testing side, like that provided by SamuraiWTF. One area that I haven’t found a lot of documentation on is the situation I happen to be, performing web assessments on in-house developed...
TL;DR How do I know if the penetration tester I am hiring is any good? Ask them some questions about distributed architecture and software development.
As the market for solid penetration testing services matures, we have more and more discussions on how to pick a good penetration tester....
Attack trees are introduced by Bruce Schneier, in the year 1999, as a methodological and graphical way to analyze various attacks in a system. Since its introduction, attack trees have been used in various ways by security researchers. I personally love their simplicity and comprehensiveness.
In this blog, I will talk about a few real life applications of attack trees.
Read more by clicking on the link provided
5 Real time applications of Attack Trees.
Attack trees are introduced by Bruce Schneier, in the year 1999, as a methodological and graphical way to analyze various attacks in a system. Since its introduction, attack trees have been used in various ways by security researchers. I personally love their simplicity and comprehensiveness.
Read more by clicking on link given.
Vulnerabilities in Security Products increasing at 37% CAGR !
We use security products to secure our systems and our businesses. However, the very security products we use, can themselves have vulnerabilities which can leave us susceptible to attacks. We conducted a study recently to understand the vulnerability trends in security products. Read further to know more on what we discovered this time around.
How was the research conducted?
We started off with some survey on the internet to find something closely related to vulnerability trends in security products. As part of our survey, we came across many interesting articles but could not find exactly what we were looking for. Finally, we decided to pull out data from NVD vulnerability database and run some SQL queries to create some interesting statistics.
Click here to download the full report
Key findings of the Report:
§ Total vulnerabilities reported in Security Products in 2012 have increased sharply with a CAGR of 37.29% over the last 3 Years. Tweet this!
§ Anti-Virus alone accounts for 49% of the vulnerabilities reported in Security Products followed by Firewall with 24%. Tweet this!
§ Top 3 Security vendors with maximum vulnerabilities published in 2012 are McAfee, Cisco followed by Symantec. Tweet this!
§ Top 3 Security products with maximum vulnerabilities published in 2012 are Rising-Global’s Antivirus , Cisco’s Adaptive Security Appliance and Ikarus Virus Utilities.Tweet this!
§ Access Control is the most prominent weakness in Security Products followed by Input Validation. Tweet this!
§ SQL Injection is the least found vulnerability among Security products in 2012. Tweet this!
Click here to download the full report
Conclusion:
Security products have been targeted by the hackers from the time they were introduced in the market.It should be noted that vulnerability findings in security products and software follow similar trend as any other general purpose commercial or open source product. It is also quite evident from our study that security products are vulnerable to same type of vulnerabilities such as Buffer Overflow, MITM, Information leakage etc. as any other products used in the organizations.
Some of our major predictions:
§ There will be an increase in attacks on security products, companies or solutions.
§ The majority of vulnerabilities discovered will not become public and shall remain in the hands of APT (Advanced Persistent Threat) actors.
How to combat vulnerabilities in Security Products?
§ Ask for security certifications of the products and independent third party penetration testing reports as part of procurement process.
§ Conduct independent penetration testing of security infrastructure/solutions.
§ Create an efficient detection and response mechanism.
Click here to download the full report
Disclaimer:
We have used well known vulnerability standards and database like Common Vulnerability Enumeration (CVE), Common Product Enumeration (CPE) and Nation Vulnerability Database (NVD). One of the major challenges we faced was in classifying the products into security and non-security products, as the current product standard (CPE) does not support it. We solved this challenge by considering that security products have certain keywords like, ‘ ID‘virus’, ‘firewall‘, ‘IPS‘, ‘scan’ etc. Hence there are chances of some date being missed and the report should be considered as indicative. iViZ disclaims all warranties, expressed or implied, with respect to this research for any particular purpose.
This Article speaks about “approach for bypassing XSS filters”. A lot of Vulnerabilities are being reported since the Bug Bounties are started. From the college students to Hard Core Security Researchers, all have been into it. Cross-site scripting or XSS is one such type of security flaw which is very frequently reported as this can be found much more easily than other flaws. But wait, are you sure this can be found easily always? Well, we disagree . . .
Read more by clicking on the link
We have developed the myth that technology can be an effective fortress – We can have security.
Saurabh Kaushik,Sr Manager Information Security, Lupin Pharma, talks to CISO Platform on the biggest drivers and barriers of IAM adoption and the top challenges a CISO/organization can face while adopting IAM.
Data explosion and advent of big data are phenomena, which are a result of economic development of nations and increase in digital footprint of organizations