Apache Struts 2 Exploit Analysis

Data Analysis of CVE-2017-5638 Exploit Attempts

Terrance DeJesus

March 23, 2017 - Posted by Terrance DeJesus to Threat Intelligence

A major vulnerability, the Apache Struts 2 0-Day vulnerability (CVE-2017-5638), was recently discovered on March 6, 2017. Here at NTT Security, we analyze these types of vulnerabilities, setup detection capabilities and analyze any exploit attempts by threat actors as detected via the NTT Security Global Managed Security Services Platform.

This blog takes a further look, via data analysis, into the active exploit attempts of the Apache Struts 2 0-Day vulnerability as seen in the NTT Security Global Managed Security Services Platform. Through our analysis, we were able to uncover the source of the attacks, industries targeted, malware samples, and more. Additionally, based on our research, we were able to conclude that exploit attempts for this vulnerability will remain popular for some time, and have listed migitation and recommended actions further below in this blog to avoid future exploit attempts.

Background

On March 6, Apache released a... read more >

OpenSSH: Overflowing and Leaking

Information Leakage (CVE-2016-0777) and Buffer Overflow (CVE-2016-0778)

Terrance DeJesus

January 15, 2016 - Posted by Terrance DeJesus to Threat Intelligence

Danger

On January 14, researchers from Qualys published information regarding information leakage (CVE-2016-0777) and buffer overflow (CVE-2016-0778) vulnerabilities in OpenSSH which result from default code in versions 5.4 through 7.1p1.

These vulnerabilities exist because OpenSSH clients support a feature called roaming. This feature allows for connectivity to an SSH server to resume the suspended SSH session if the existing connection breaks unexpectedly. Because of the roaming feature, however, these vulnerabilities exist and could be exploited by a malicious or compromised SSH server.

Information Leakage (CVE-2016-0777)
The information leak is exploitable because the default code in the OpenSSH client allows a malicious SSH server to steal the client's private keys. The client code was enabled by default, and a malicious server could trick that code into leaking client memory to the server, including private client user... read more >

Patched Vulnerability in FireEye Appliances

FireEye acted quickly to close a serious vulnerability in some appliances

Terrance DeJesus

December 16, 2015 - Posted by Terrance DeJesus to Security News

Firewall

On Tuesday, December 15, 2015, FireEye, a worldwide provider of cybersecurity and malware protection to clients in the public and private sectors, issued a Support Notice to its clients regarding a critical vulnerability in a module which analyzes Java Archive (JAR) files.

Google’s Project Zero, a team dedicated to finding new vulnerabilities, discovered this severe security hole in the way the Malware Input Processor (MIP) utilizes an open source Java decompiler called Java Optimize and Decompile Environment (JODE). MIP uses the JODE decompiler in conjunction with JAR helper to statically analyze JAR files and check for signatures which may suggest malicious code. JODE is then used by Java’s SimpleRuntimeEnvironment class to deobfuscate strings by dynamically executing a small sample of the bytecode.

Affected... read more >

Holiday Shoppers Beware!

Four threats to be aware of this holiday season

Terrance DeJesus

November 25, 2015 - Posted by Terrance DeJesus to Security Insight

When thinking about the period between November through the end of December, joyful thoughts of mouth-watering turkey, ham, mashed potatoes and (my personal favorite) stuffing, tend to come to mind. Let’s not forget about those Black Friday, Cyber Monday and holiday deals we are anxiously awaiting and hunting for. Once the deals are found, shoppers create stampedes at local stores to buy the intended items by swiping away at every credit/debit card system needed.

If you like to avoid the chaos, maybe you prefer entering your credit/debit card’s 16-digits, expiration date and CSV code into online shopping sites during Cyber Monday? Either way, with cybercrime on the rise and recent research making cyber news headlines, we should take a step back to ensure that our shopping process does not have negative results by reviewing a little bit of what has been going on, and how it could impact you during or after holiday shopping. Four scams to watch out for during this... read more >

Voted one of the Best Computer Security Blogs 2016
NTT Security (US), Inc. (formerly Solutionary) is a security consulting and managed security services provider. The NTT Security blog is a place for IT professionals to both learn and talk about the latest in IT security and compliance.

Get the NTT Security Blog delivered to your inbox!

Enter your Email:

(We will not share your email or use it for anything else.)

LATEST TWEETS