You are viewing 'exploit'

Hacking Gift Cards: Part 2

Ways to safeguard against gift card exploitable vulnerabilities

Will Caput

July 07, 2016 - Posted by Will Caput to Security Insight

In my previous blog, Hacking Gift Cards, I outlined how you can get free food by enumerating valid gift cards with Burp Intruder. This blog continues that narrative, but adds in other types of cards and attack vectors. In addition, I’ll illustrate some problems with gift card balance checking, and how gift cards can be easily enumerated without the card holder’s knowledge or permission. In some cases, the security surrounding a gift card is so bad you don’t even need to use Burp Intruder.

Prerequisites:

Burp Suite Professional
https://portswigger.net/burp/

In Hacking Gift Cards Part 1, I discussed six gift cards that had a discernible pattern. Identifying the pattern allowed us to find values on cards that were already sold and had value. In searching for more targets, I... read more >

Server Victimology

Understanding the How and Why Ransomware Targets are Identified and Pursued

Ramece Cave

June 16, 2016 - Posted by Ramece Cave to Security Insight

Server Victimology - What Makes a Server a Target?

Welcome back to our discussion about the Second Victim. You’ll recall that these are the unknown victims in a ransomware campaign. These are the servers used to deliver a message or accept payment, completely under someone else’s control and all without your knowledge. Today we are exploring some of the aspects that elevates a server from unknown, to target, and finally a victim. Whether its contents are being held for ransom, or they are a pawn in the actor’s nefarious game.

A researcher that I follow recently issued a “Heads Up” warning that new ransomware is targeting servers. At the time of the reporting there were at least 400 affected servers. After doing some digging, I confirmed that at least 40 servers are victims of ransomware and at least two dozen others may be affected, but are taking steps to remediate the problem. But how did this happen? What was it about these servers that made them vulnerable? Plagued by these questions, I... read more >

The Evolution of Ransomware

Think You've Seeen It All from Ransomware?

David Biser

April 26, 2016 - Posted by David Biser to Security Insight

The Evolution of Ransomware

We’ve all seen them. Recent headlines filled with reports of massive ransomware attacks against a multitude of targets. With healthcare organizations, financial institutions, and even the government falling prey, it would appear that none are safe. Many, many blogs and security posts have been issued warning businesses against this attack vector, seemingly to no avail!  So, you might ask: “Why should I continue reading this blog post?” The answer is simple. Ransomware is evolving!

That’s right – you haven’t seen the end of ransomware or its effects. Since so many businesses are learning to effectively recover from devastating ransomware attacks, cyber criminals are adopting new methods to continue their campaign. Recent research from Talos indicates that ransomware authors are changing their weaponry to be even more... read more >

eSymposium: Cyberespionage

Zach Holt

April 12, 2016 - Posted by Zach Holt to Security Insight

Cyberespionage

Over the years, cyberespionage has gone from being a fascinating Hollywood script plot to the topic of newsworthy, political discussions. It is likely that such activity has been going on for decades in various forms. Now, as technology increasingly becomes a cornerstone of a global society, these attacks have increased in terms of sophistication and impact. The nation-state actor, previously a distant threat, has become a real, if not intimidating foe.

Between recent events such as Russia attacking Ukrainian power and media infrastructure and the United States and Israel being credited with attacks against Iran with the Stuxnet, Duqu, and Flame malware, you might be wondering how your organization would stand up to a cyberespionage... read more >

The Other Side of the (bit)Coin

Understanding the Second Victim in Ransomware

Ramece Cave

March 31, 2016 - Posted by Ramece Cave to Security Insight

Bitcoin ransom

We are only three months into 2016, and it is already looking like a ransomware year. Malicious actors, like savvy investors, are diversifying their portfolio. The long-standing belief that Microsoft Windows was the stock of stocks that paid out dividends by the truckload is still a trusted, viable option - but there are new, better, and more prolific arenas, full of ripe, unsuspecting users. Fresh meat for the cybercrime grinder.

Being part of a generation that becomes more accustomed and - dare I say it - dependent on technology with each passing moment, ransomware has ventured into nearly every aspect of our digital lives. Mobile phones and tablets are a high-value target, and to some are probably more valuable than their computer. Windows is now just another option in list of potential targets. The Apple OS X operating system, for a long time, was touted as virus free until more and more malware authors started targeting this platform. Lastly, the Grand Poohbah of them... read more >

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | Older Entries >>

Voted one of the Best Computer Security Blogs 2016
NTT Security (US), Inc. (formerly Solutionary) is a security consulting and managed security services provider. The NTT Security blog is a place for IT professionals to both learn and talk about the latest in IT security and compliance.

Get the NTT Security Blog delivered to your inbox!

Enter your Email:

(We will not share your email or use it for anything else.)

LATEST TWEETS