Attack Vector Miner – AI Technology for Detecting Zero-Day Attacks
Eniko Toth

Attack Vector Miner – AI Technology for Detecting Zero-Day Attacks

Artificial Intelligence (AI) is spreading quickly in many industries, and we can gladly announce the Attack Vector Miner, one of our latest developments based on AI. But before we tell you more about that, let’s get a bit more familiar with AI. If you’re an AI expert, know everything about it, and are only curious about the Attack Vector Miner, just scroll down to the last paragraph. History of AI It’s not a new thing that machines “stole” people’s jobs; let’s think about the steam engine, the calculator, or the PC. But trends today show that we’d like to delegate even more tasks to mach...
Read more
Zero Day phpMyAdmin Vulnerablity Patched by BitNinja
Laszlo Takacs

Zero Day phpMyAdmin Vulnerablity Patched by BitNinja

A new flaw on the horizon! A new flaw has been discovered in phpMyAdmin, in which an attacker has the possibility to include files on the server. This vulnerability is caused because of a portion of a code where the pages are redirected and loaded in phpMyAdmin. Here are the steps, how it can be achieved:  1) First, the intruder has to be authenticated, after this procedure the sql query will create a session. 2) Invoking the  ../../../../../..../var/lib/sessionId the attack can be performed. There are some exceptions though:   - $cfg['AllowArbitrary...
Read more
Drupalgeddon 3 in retrospect
Nikolett Hegedüs

Drupalgeddon 3 in retrospect

As you know, recently we’ve released multiple security patches for the Drupalgeddon vulnerabilities. The last one was Drupal Remote Code Execution - SA-CORE-2018-004, CVE-2018-7602, patched only 2 days after it was first discovered. We’re very proud of our quick reaction time and would like to share some statistics with you about the attacks that were prevented since then - with the help of BitNinja. The data from the first incident that we’ve caught looks like this (the URL is masked for privacy purposes): Url: [###.hu//] Headers: [array ( 'User-Agent' => 'Mozilla/5.0 (X...
Read more
3rd Drupalgeddon alert! How to be protected with BitNinja?
Eniko Toth

3rd Drupalgeddon alert! How to be protected with BitNinja?

Third critical Drupal vulnerability discovered!!! Those who are running a Drupal website couldn’t have a rest over the past few weeks. This is the third time when Drupal recommends to update these sites. During exploring the previous remote code execution (RCE) vulnerability, the CVE-2018-7600, the team discovered a new RCE vulnerability (CVE-2018-7602). If  you or your customers have Drupal websites and would like to avoid  backdoors, cryptocurrency miners and other malwares, BitNinja is here to  help you! Just make sure your WAF rule #402003 is enabl...
Read more
Security by design
Laszlo Takacs

Security by design

Our team has attended the CloudFest back in March where during the security panel we have attended a presentation about the importance of security by design an important thing in terms of responsibility and suggested OWASP as a standard to start with. In this blog post we would like to show, why it is important for developers too, not just for security providers. The best way to define it is an approach to software and hardware development where the main goal is to make a system as free of vulnerabilities and imprevious to attack as possible. To achieve this there is a need for a huge amoun...
Read more
Will our toys break us?
Boglarka Angalet

Will our toys break us?

CloudFest 2018 – The Security Panel Attending at Cloudfest (formerly known as WHD.Global) is always the highlight of the year event-wise. Catching up with our partners, having lively debates about new technologies and learning from industry leaders are things we always go for. As our ninjas attended in incognito this time – only as attendees, not exhibitors–  they had time to crawl around the different vendors and visit some great presentations. – Should I even say this? - Security-themed speeches were our favourite. As most of the presentations are published at &nbs...
Read more
Serious Drupal vulnerability alert! How to virtual patch it with BitNinja WAF?
Eniko Toth

Serious Drupal vulnerability alert! How to virtual patch it with BitNinja WAF?

2 days ago, a serious vulnerability, SA-CORE-2018-002 (CVE-2018-7600) has been found in Drupal 6, 7 and 8, which affects over one million websites. All the unpatched Drupals are in serious danger! An attacker can upload backdoors or malware via this newly discovered vulnerability. The vulnerability is scored 21/25 Highly Critical! Details of the vulnerability: This vulnerability has been categorized as a Highly Critical issue because… With a simple user visit, the hackers can easily leverage the SA-CORE-2018-002. There is no need for special privilege levels. All users or even an...
Read more
BitNinja Daily Routine - How to eliminate hackers on your servers completely?
George Egri

BitNinja Daily Routine - How to eliminate hackers on your servers completely?

We have collected the best practices of the most successful BitNinja customers. Would you like to completely eliminate hackers on your servers? Follow this guideline to achieve the most with BitNinja and stop all hackers. The initial steps When you first install BitNinja on your server, the best you can do is to enable all modules. All the beta modules are used in many production servers, it is safe in most of the cases to simply enable them all. If you have considerations about enabling all the modules, then here is a list of minimal modules to enable: IP reputation DoS detectio...
Read more
Fun way to read a book
Anita Batari

Fun way to read a book

What do you think about SPAMs? Most of us think they are useless and heavily annoying, but not for everybody. There are some geeks, who totally understand the background and find it rubbish, but sometimes they read them to “entertain themselves” and learn more about the recent patterns hacker tactics. Have you ever found a hidden gem among spams, worth showing to your friend? ‘Cus we have! We captured a spam attack causing some funny moments and now we’ll show it. Contact form spams - nightmare for a sysadmin Yesterday, while one of our talented administrators anal...
Read more
Meltdown and Spectre attacks
Eniko Toth

Meltdown and Spectre attacks

A new class of side-channel attacks have been appeared, which exploit the following CPU vulnerabilities: CVE-2017-5715 : branch target injection CVE-2017-5753 : bounds check bypass CVE-2017-5754 : rogue data cache load Meltdown and Spectre rely on them and allow the hackers to read the memory content of other programs, it means they can access the stored sensitive data like passwords, photos, emails, secret documents, etc. The original coordinated disclosure date of this issue was planned for January 9, but the issue became public 6 days earlier....
Read more