The Most Famous Vulnerabilities – Remote Code Execution (RCE)
Jozsef Konnyu

The Most Famous Vulnerabilities – Remote Code Execution (RCE)

If someone wants to use a server resource or take control of the server in some way or wants to steal data, then he does it via remote code execution vulnerability. What is Remote Code Execution? This vulnerability triggers in so many ways, but in most cases, it is possible via the following methods. •Untreated inputs •Untreated file uploads We talk about an untreated input when there is little validation on the server side or none at all. For example, we have a server control panel, and we have an input on it, where we can add commands which will run directly on the server. In...
Read more
Using server security scanners besides BitNinja: consequences, solutions
József Pálfi

Using server security scanners besides BitNinja: consequences, solutions

There are tons of paid/free cloud-based solutions or standalone applications available over the internet that allow the user to check a system’s security level. Depending on the need, people can choose from simple nmap through “blackbox” security assessment tools to a wide range of heavy-weight penetration testing tools. Our approach Here at BitNinja we think that security testing is the given organization’s responsibility. They should create a security-testing strategy and keep it up to date (often with help of an external partner, but it is very important that this is with the responsi...
Read more
How to protect your web hosting business during the holiday season attack wave
Boglarka Angalet

How to protect your web hosting business during the holiday season attack wave

For devops in the web hosting business, holiday season is not exactly the most wonderful time of the year. If you’ve ever sneaked out from Christmas dinner to check on your servers’ status, or been woken up by attack alerts when only Santa Claus is supposed to be awake, you know what I mean. The Rise of Holiday Hacking Holiday season is peak period for cyber attacks, and we’ve written about it several times. But we’re not the only ones analyzing historical data and finding any indication of what’s to come. Just taking a look at last year, The SSL Store predicted over 50 millio...
Read more
The Most Famous Vulnerabilities: Cross-Site Request Forgery (CSRF)
Jozsef Konnyu

The Most Famous Vulnerabilities: Cross-Site Request Forgery (CSRF)

Before I begin to explain CSRFs we need to understand some facts. First of all, we have to see how websites usually work when they have a login. Most pages use username/email and password for authentication. In today's world, it's not uncommon for newer sites to support two-step authentication. Normally we use a login once on a website because it generates on the server side a session which reminds our browser that we are already logged in. Generally, the session has an expiration time and when it expires we have to login again. After we login, the browser receives some cookies which...
Read more
The Most Famous Vulnerabilities - HTTP Parameter Pollution
Jozsef Konnyu

The Most Famous Vulnerabilities - HTTP Parameter Pollution

In the previous blog article, we learned about SQL injection and how it works. If you read it then you will know that it belongs to the family of the most serious vulnerabilities. The next vulnerability is not going to be so serious, but it's worth taking care of. What is HTTP Parameter Pollution? The easiest way to introduce this vulnerability is to show the method that you have seen many times on websites or any other application that can be linked to the Internet at some level: redirection. A lot of websites use this technique to redirect from one website to another, or even within...
Read more
New SenseLog rules against WordPress and Joomla vulnerabilities
Eniko Toth

New SenseLog rules against WordPress and Joomla vulnerabilities

A few days ago, we released a new agent version (1.23.3), which contains very important developments: We added two new SenseLog rules. The first one detects arbitrary file uploader bots, and the second one is for Joomla Spam regers. SenseLog is prepared for future remote config update. Instant blacklist action added to WAF Manager. It can be enabled for rules in the config.ini. Virtual WAF honeypotify command added to CLI. It could be useful for blocking web shell access. We'd like to talk a bit more about the first point; the new SenseLog rules. SenseLog rule agai...
Read more
Classification of malware
Eniko Toth

Classification of malware

The current world war isn’t happening in the physical world. However, cyber attacks have stepped into the foreground, and blackhat hackers can gain millions with their targeted attacks. Their main weapon in this war: malware. In this article, we’ll diversify the different types of malware so that you can better understand their behaviour. There are many ways in which malware can be categorized, but now we’d like to introduce Christopher C. Elisan's classifications from his book, Malware, Rootkits & Botnets. 1.Infectors Infectors have a very important limitation: they can only sprea...
Read more
IT security misbeliefs – third IT security meetup by BitNinja
Eniko Toth

IT security misbeliefs – third IT security meetup by BitNinja

We like attending meetups because we believe that great ideas are created when we share our experience and knowledge. That’s why we decided to organize regularly an IT security meetup in our town, Debrecen. On 24th August, we held our third meetup and we are so happy that the number of the attendees is increasing. Not only did the cold beer and the delicious pizza attract participants, but so did the interesting topics we were discussing. The most recent topic was: IT security misbeliefs. 1.“If I’m using a strong password, everything is OK.” Most people believe that if they have a...
Read more
HackerOne – The Biggest Bug Bounty Platform
Jozsef Konnyu

HackerOne – The Biggest Bug Bounty Platform

Our world would be insecure without bug bounty platforms. We don’t know who we can or cannot trust. If we find a vulnerability in a software as a white hat hacker, we would be afraid to report it to the software owners because we wouldn’t know what their reaction would be. Will they reward or sue? The same fear is present on the other side. As a software or IT company, we were worried about the agreement of the external penetration tester because we were afraid that the related information would come to a bad man. Fortunately, nowadays bug bounty platforms solve these problems. One of the b...
Read more
Old IoT Botnet has been Revived
Eniko Toth

Old IoT Botnet has been Revived

The “Hello, Peppa!” botnet and the /ept/out.php vulnerability were newly discovered attacks by our Attack Vector Miner. But now, it has recognized the reactivation of a forgotten IoT botnet. This botnet exploits the D-Link router DSL-2750B  remote command execution. What does the attack look like?  The discovered pattern is the /login.cgi?cli= as you can see below:  In the case of the D-Link router DSL-2750B firmware 1.01 to 1.03, there’s an option for remote command execut...
Read more