You are viewing 'zero-day'

Apache Struts 2 Exploit Analysis

Data Analysis of CVE-2017-5638 Exploit Attempts

Terrance DeJesus

March 23, 2017 - Posted by Terrance DeJesus to Threat Intelligence

A major vulnerability, the Apache Struts 2 0-Day vulnerability (CVE-2017-5638), was recently discovered on March 6, 2017. Here at NTT Security, we analyze these types of vulnerabilities, setup detection capabilities and analyze any exploit attempts by threat actors as detected via the NTT Security Global Managed Security Services Platform.

This blog takes a further look, via data analysis, into the active exploit attempts of the Apache Struts 2 0-Day vulnerability as seen in the NTT Security Global Managed Security Services Platform. Through our analysis, we were able to uncover the source of the attacks, industries targeted, malware samples, and more. Additionally, based on our research, we were able to conclude that exploit attempts for this vulnerability will remain popular for some time, and have listed migitation and recommended actions further below in this blog to avoid future exploit attempts.

Background

On March 6, Apache released a... read more >

Public Vulnerability Disclosure

How long is too long?

Michael Born

March 09, 2017 - Posted by Michael Born to Security Insight

File Analysis

There has been a lot of chatter on social media lately surrounding the topic of public vulnerability disclosure. Doing a quick Google search, I found a ton of resources, discussions and blog posts available, covering different ways to properly disclose a vulnerability. Several are listed below:

  1. http://www.cert.org/vulnerability-analysis/vul-disclosure.cfm
  2. https://www.dhs.gov/xlibrary/assets/vdwgreport.pdf
  3. http://www.ccssforum.org/disclosure-guidelines.php
  4. ...
read more >

0-Day in Linux Kernels: High or Low Threat?

CVE-2016-0728: Evaluating the Threat Level

Jeremy Scott

January 26, 2016 - Posted by Jeremy Scott to Threat Intelligence

Lightbulb Overview

On January 14, 2016 researchers at Perception Point identified a 0-day local privilege escalation vulnerability (CVE-2016-0728) in Linux Kernel versions 3.8 to 4.4 (2012 – 2016). This flaw exists due to the kernel’s keyrings security facility used to retain cached security data, authentication keys, encryption keys and other data. Using a local user account, one can free a referenced keyring object and overwrite it to be executed in the kernel, escalating privileges to root. Based on statistics provided by Perception Point, tens of millions of personal computers (PCs), servers and 66% of all Android devices may be vulnerable.

The Solutionary Security Engineering... read more >

Adobe Flash in the Zero Day Spotlight Again

Danika Blessman

December 28, 2015 - Posted by Danika Blessman to Threat Intelligence

Siren

On December 28, Adobe published a new version of Flash Player to secure 19 flaws in its code, updating a version of Flash which Adobe released earlier this month. Today’s release patches these 19 flaws, including multiple zero day vulnerabilities. Of these, CVE-2015-8561 is being actively exploited in the wild.

Adobe states this vulnerability “is being used in limited, targeted attacks” and described it as “an integer overflow vulnerability that could lead to code execution.” The only observed exploitation to date has been via a phishing campaign.

Below are several additional zero day vulnerabilities Adobe addressed in this out-of-band security advisory, APSB16-01. Quoted directly from the Adobe website Security... read more >

POODLE - Teaching an Old Dog New Tricks

2014 is the Year of the Retro Vulnerability

Bob Bybee

October 15, 2014 - Posted by Bob Bybee to Threat Intelligence

notebook poodle

Last month, Shellshock exploited a 24+ year old flaw in the bash shell. Now we find that SSL 3.0, which is almost old enough to drive, is the basis of an attack which renders more modern encryption useless. This one goes by the name of POODLE (Padding Oracle On Downgraded Legacy Encryption).

Despite its name, this one has nothing to do with the Oracle database system (or dogs, for that matter). It’s a new way to exploit known flaws (CVE-2014-3566) in SSL 3.0. The details are in this short research paper, published by Google researchers on the OpenSSL site. The paper contains some heavy math, but the upshot is a conversation similar to this one:

Server: Please log in using a secure protocol. I recommend TLS.

Client: I don’t speak... read more >

1 | 2 | 3 | 4 | Older Entries >>

Voted one of the Best Computer Security Blogs 2016
NTT Security (US), Inc. (formerly Solutionary) is a security consulting and managed security services provider. The NTT Security blog is a place for IT professionals to both learn and talk about the latest in IT security and compliance.

Get the NTT Security Blog delivered to your inbox!

Enter your Email:

(We will not share your email or use it for anything else.)

LATEST TWEETS