Fun way to read a book
Anita Batari

Fun way to read a book

What do you think about SPAMs? Most of us think they are useless and heavily annoying, but not for everybody. There are some geeks, who totally understand the background and find it rubbish, but sometimes they read them to “entertain themselves” and learn more about the recent patterns hacker tactics. Have you ever found a hidden gem among spams, worth showing to your friend? ‘Cus we have! We captured a spam attack causing some funny moments and now we’ll show it. Contact form spams - nightmare for a sysadmin Yesterday, while one of our talented administrators anal...
Read more
Bugs discovered in ModSecurity and MongoDB PHP extension
Eniko Toth

Bugs discovered in ModSecurity and MongoDB PHP extension

Eniko Toth
Bugs are always hunting us.  Recently we found some bugs during our work, but keep calm, they're not in the BitNinja agent. ;) Let’s see what we explored: ModSecurity bug: empty comment line In our WAF2.0 (beta will come soon) we implemented ModSecurity as well as the OWASP’s core ruleset. Recently, our developers found a strange bug in them. The crs’ 913100 rule has always caught the Chinese search engine, because of suspicious user agent:spider/4.0(+ http://www.sogou.com/docs/help/webmasters.htm#07); After checking the code , we didn’t understand why it has been trigger...
Read more
Server security on point – 5 +1 best practices for Linux sysadmins
Boglarka Angalet

Server security on point – 5 +1 best practices for Linux sysadmins

No matter if you’re a Linux security veteran or you’re just about to get your feet wet, you’ll face the same security threats and upcoming attacks forms. Here we come with a security cheat sheet with ultimate checkpoints that no sysadmins should miss. When meeting new company, usually the very first thing I’m asked about is „How should I get rid of hackers? Show me the silver bullet.” But it’s a little bit like asking an economist on „Where to invest my money?”. It depends. To get a grip in the jungle of security recommendations, here I collected some guidelines...
Read more
Meltdown and Spectre attacks
Eniko Toth

Meltdown and Spectre attacks

A new class of side-channel attacks have been appeared, which exploit the following CPU vulnerabilities: CVE-2017-5715 : branch target injection CVE-2017-5753 : bounds check bypass CVE-2017-5754 : rogue data cache load Meltdown and Spectre rely on them and allow the hackers to read the memory content of other programs, it means they can access the stored sensitive data like passwords, photos, emails, secret documents, etc. The original coordinated disclosure date of this issue was planned for January 9, but the issue became public 6 days earlier....
Read more
Which are the most scanned ports?
Eniko Toth

Which are the most scanned ports?

What is a port? Ever since computers are able to run more programs at the same time and can connect to modern networks, ports became important. 3 things are needed for the communication between two machines: IP address of the host Port number Type of protocol (e.g. TCP, UDP) A port number is a 16-bit number between 0 and 65535. There are some specific ports which identify some exact services, e.g. port 80 is used for HTTP communication. Types of ports: Well Known Ports: 0 - 1023 Registered Ports: 1024 - 49151 Dynamic/Private : 49152 - 65535 W...
Read more
Cyberstorm from Argentina
Anita Batari

Cyberstorm from Argentina

Two days ago storm clouds of cyberwar has reached our server from Argentina. In this article, we will share you some details about the attack. 22nd November started as a usual day. Until the afternoon nothing strange happened, then at about 5 o’clock a heavier request flood reached our servers, which has been increased until 7 o’clock, and stayed really high. As you can see on the chart below, the average request number has been doubled compared to numbers from a few hours before and even tripled compared to the result from a day ago. The numbers are decreasing, because lots of the IPs r...
Read more
Useful facts in cybersecurity landscape
Anita Batari

Useful facts in cybersecurity landscape

Today's post is a little eccentric. Thanks to the Crozdesk's  IT & Security we show you a really good infographic. You can check the past, the present and the future of the cybersecurity and the ITsecurity solutions. Which are the biggest fears? What are we expecting from a cybersecurity software? What kind of tools do you require to prevent attacks? You can find answers here: Which weapons are available in BitNinja? Malware Detection Web Application Firewall Intrusion Prevention System - with our greylist Denial of Service prevention...
Read more
The most common CMS attack types
Daniel Mecsei

The most common CMS attack types

Nowadays, the Internet plays a huge part in our lives. It gets bigger and bigger every day, now it has more than one billion websites. Most of these sites are built with CMS which stands for Content Management System. It is a tool that provides an easy-to-use method for users without any programming skills in creating websites. The most common CMSs are written in PHP because most shared-hosting providers only provide this way to share/operate your website with the community. According to the statistics, WordPress has the largest market share with 52%, followed by Joomla with only 6%. The...
Read more
The preface of digital war - WannaCry
Szabolcs Hegedűs

The preface of digital war - WannaCry

Szabolcs Hegedűs
On 12th May 2017, the biggest cyber attack of recent times has happened and the threat is still present. Started from Europe and within a couple of hours has grown into a worldwide virus. The crisis has been caused by the WannaCry ransomware and its variants. The virus locks the infected computer and informs the users with a message onscreen. They can only continue to use the PC after paying $300 or $600 in BitCoins. According to the experts, the device used during the attack was developed by the renown Shadow Brokers hacker group. The ransomware might have been combined with...
Read more
Remote Script Injection caught by BitNinja
Nikoletta Szabo

Remote Script Injection caught by BitNinja

Nikoletta Szabo
Let’s see a real-life evidence from the BitNinja logs how we detect and block script injection.  The hackers always think they can fool the software, but the malicious scripts and packages are constantly dropped by Ninja Security. Being a machine-learning system, BitNinja collects the attack information and spreads it to other protected servers, so they will be shielded from the attack. What does this code mean? This time, the hacker wrote a nice code which is encoded with base64, but even looking at this suspicious string you are able to see that there is something wro...
Read more