You are viewing 'exploit'
Ways to safeguard against gift card exploitable vulnerabilities
In my previous blog, Hacking Gift Cards, I outlined how you can get free food by enumerating valid gift cards with Burp Intruder. This blog continues that narrative, but adds in other types of cards and attack vectors. In addition, I’ll illustrate some problems with gift card balance checking, and how gift cards can be easily enumerated without the card holder’s knowledge or permission. In some cases, the security surrounding a gift card is so bad you don’t even need to use Burp Intruder.Prerequisites:
Burp Suite Professional
In Hacking Gift Cards Part 1, I discussed six gift cards that had a discernible pattern. Identifying the pattern allowed us to find values on cards that were already sold and had value. In searching for more targets, I... read more >
Understanding the How and Why Ransomware Targets are Identified and Pursued
Welcome back to our discussion about the Second Victim. You’ll recall that these are the unknown victims in a ransomware campaign. These are the servers used to deliver a message or accept payment, completely under someone else’s control and all without your knowledge. Today we are exploring some of the aspects that elevates a server from unknown, to target, and finally a victim. Whether its contents are being held for ransom, or they are a pawn in the actor’s nefarious game.
A researcher that I follow recently issued a “Heads Up” warning that new ransomware is targeting servers. At the time of the reporting there were at least 400 affected servers. After doing some digging, I confirmed that at least 40 servers are victims of ransomware and at least two dozen others may be affected, but are taking steps to remediate the problem. But how did this happen? What was it about these servers that made them vulnerable? Plagued by these questions, I... read more >
Think You've Seeen It All from Ransomware?
We’ve all seen them. Recent headlines filled with reports of massive ransomware attacks against a multitude of targets. With healthcare organizations, financial institutions, and even the government falling prey, it would appear that none are safe. Many, many blogs and security posts have been issued warning businesses against this attack vector, seemingly to no avail! So, you might ask: “Why should I continue reading this blog post?” The answer is simple. Ransomware is evolving!
That’s right – you haven’t seen the end of ransomware or its effects. Since so many businesses are learning to effectively recover from devastating ransomware attacks, cyber criminals are adopting new methods to continue their campaign. Recent research from Talos indicates that ransomware authors are changing their weaponry to be even more... read more >
Over the years, cyberespionage has gone from being a fascinating Hollywood script plot to the topic of newsworthy, political discussions. It is likely that such activity has been going on for decades in various forms. Now, as technology increasingly becomes a cornerstone of a global society, these attacks have increased in terms of sophistication and impact. The nation-state actor, previously a distant threat, has become a real, if not intimidating foe.
Between recent events such as Russia attacking Ukrainian power and media infrastructure and the United States and Israel being credited with attacks against Iran with the Stuxnet, Duqu, and Flame malware, you might be wondering how your organization would stand up to a cyberespionage... read more >
Understanding the Second Victim in Ransomware
We are only three months into 2016, and it is already looking like a ransomware year. Malicious actors, like savvy investors, are diversifying their portfolio. The long-standing belief that Microsoft Windows was the stock of stocks that paid out dividends by the truckload is still a trusted, viable option - but there are new, better, and more prolific arenas, full of ripe, unsuspecting users. Fresh meat for the cybercrime grinder.
Being part of a generation that becomes more accustomed and - dare I say it - dependent on technology with each passing moment, ransomware has ventured into nearly every aspect of our digital lives. Mobile phones and tablets are a high-value target, and to some are probably more valuable than their computer. Windows is now just another option in list of potential targets. The Apple OS X operating system, for a long time, was touted as virus free until more and more malware authors started targeting this platform. Lastly, the Grand Poohbah of them... read more >