Resume
Recent Posts
More than 90% of enterprise SAP installations exposed to high-security vulnerabilities that could allow attackers to hijack a company's business data and processes, new research claims entirely.
According to a new assessment released by SAP (short for Systems, Applications & Products) solutions provider Onapsis, the majority of cyber attacks against SAP applications in the enterprise are:
- Pivots - Pivoting from a low to high integrity systems in order to execute remote function modules.
- Database Warehousing - Exploiting flaws in the SAP RFC Gateway to execute admin privilege commands in order to obtain or modify information in SAP databases.
- Portal Attacks - Creating J2EE backdoor accounts by exploiting vulnerabilities to gain access to SAP portals and other internal systems.
"The big surprise is that SAP cyber security is falling through the cracks at most companies due to a responsibility gap between the SAP operations team and the IT security team," Onapsis chief executive Mariano Nunez says. "The truth is that most patches applied are not security-related, are late or introduce further operational risk."According to the research, SAP released 391 security patches last year and almost half of them were ranked as high priority.
The Attack Vectors:
Exploiting the vulnerabilities in SAP could result in sufficiently compromised business SAP systems, putting intellectual property, customer and supplier data, financial, credit card as well as database warehouse information at risk of getting stolen by hackers.
SAP HANA, according to Nunez, is responsible for a 450 percent increase in the number of new security patches.
"This trend is not only continuing, but exacerbating with SAP HANA, which has brought a 450 percent increase in new security patches," Nunez says. "With SAP HANA positioned in the center of the SAP ecosystem, data stored in SAP platforms now must be protected both in the cloud and on-premise."
To prevent from hack:
Keep your SAP applications as secure as possible and in order to do that…
- Businesses and companies should stay up-to-date with SAP Security Notes.
- Continually monitor your networks for security and compliance issues.
- Have both cyber security protection and risk management policies in the first place.
Share your thought,question and idea with us by comment.
Share it with your friend on social,
"Sharing is Caring"
Keep visit Here
Thanks :)
Already fed up of annoying app and game invites from friends on Facebook? There is some good news for you. You can now block all such irritating requests and reminders.
And that’s just a click of a few buttons away now, so let’s get started.
Invitations to install apps or join games are the number one most frustrating feature of Facebook. You could be bombarded with invites on a daily basis, and most apps make it quite easy to spam an entire friends list with annoying alerts.
Now you can put a lid on this nightmare.
Open your Settings screen on the Facebook Web client and click on the “Blocking” tab on the left sidebar.
Under the heading “Block App Invites”, type the name of the person on your friends list who has been pestering you for long enough now with unwarranted invites. It’s done!
You can use this same page to block specific apps from contacting you entirely, and even prevent your friends from sending you event invitations.
The world of hacking and the techniques of hackers has become more organized and reliable over recent years .
Nowadays, attackers use highly sophisticated tactics and often go to extraordinary lengths in order to mount an attack.
We are going to mention something new in the list :
A team of developers has created two pieces of malware that run on an infected computer’s graphics processor unit (GPU) instead of its central processor unit (CPU), in order to enhance their stealthiness and computational efficiency.
The two pieces of malware:
However, users may not worry about cyber criminals or hackers using GPU-based malware yet, but proof-of-concepts malware such as Jellyfish Rootkit and Demon keylogger could inspire future developments.
However, if exploited in future, What could be the area of attack vectors? Hit the comments below.
Nowadays, attackers use highly sophisticated tactics and often go to extraordinary lengths in order to mount an attack.
We are going to mention something new in the list :
A team of developers has created two pieces of malware that run on an infected computer’s graphics processor unit (GPU) instead of its central processor unit (CPU), in order to enhance their stealthiness and computational efficiency.
The two pieces of malware:
- Jellyfish Rootkit for Linux operating system
- Demon Keylogger
The source code of both the Jellyfish Rootkit and the Demon keylogger, which are described as proof-of-concepts malware, have been published on Github.
Until now, security researchers have discovered nasty malware running on the CPU and exploiting the GPU capabilities in an attempt to mine cryptocurrencies such as Bitcoins.
However, these two malware could operate without exploiting or modifying the processes in the operating system kernel, and this is why they do not trigger any suspicion that a system is infected and remain hidden.
JELLYFISH ROOTKIT
Jellyfish rootkit is a proof-of-concept malware code designed to show that running malware on GPUs is practically possible, as dedicated graphics cards have their processors and memory.
These types of rootkits could snoop on the CPU host memory through DMA (direct memory access), which allows hardware components to read the main system memory without going through the CPU, making such actions harder to detect.
The pseudo-anonymous developers describe their Jellyfish Rootkit as:
"Jellyfish is a Linux based userland gpu rootkit proof of concept project utilizing the LD_PRELOAD technique from Jynx (CPU), as well as the OpenCL API developed by Khronos group (GPU). Code currently supports AMD and NVIDIA graphics cards. However, the AMDAPPSDK does support Intel as well."
Advantages of GPU stored memory:
- No GPU malware analysis tools are available on the Internet
- Can snoop on CPU host memory via DMA (direct memory access)
- GPU can be used for fast/swift mathematical calculations like parsing or XORing
- Stubs
- Malicious memory is still inside GPU after device shutdown
- Have OpenCL drivers/icds installed
- Nvidia or AMD graphics card (Intel supports AMD's SDK)
- Change line 103 in rootkit/kit.c to server ip you want to monitor GPU client from
- client listener; let buffers stay stored in GPU until you send a magic packet from the server
DEMON KEYLOGGER
Moreover, the developers also built a separate, GPU-based keylogger, dubbed Demon though they did not provide any technical details about the tool.
Demon keylogger is also a proof-of-concept that is inspired by the malware described in a 2013 academic research paper titled "You Can Type, but You Can’t Hide: A Stealthy GPU-based Keylogger," but the developers stressed that they were not working with the researchers.
"We are not associated with the creators of this paper," the Demon developers said. "We only PoC’d what was described in it, plus a little more."As described in the research paper, GPU-based keystroke logger consists of two main components:
- A CPU-based component that is executed once, during the bootstrap phase, with the task of locating the address of the keyboard buffer in main memory.
- A GPU-based component that monitors, via DMA, the keyboard buffer, and records all keystroke events.
However, users may not worry about cyber criminals or hackers using GPU-based malware yet, but proof-of-concepts malware such as Jellyfish Rootkit and Demon keylogger could inspire future developments.
However, if exploited in future, What could be the area of attack vectors? Hit the comments below.
Share your thought,question and idea with us by comment.
Share it with your friend on social,
"Sharing is Caring"
Keep visit Here
Thanks :)
In computing, a denial-of-service (DoS) or distributed denial-of-service (DDoS) attack is an attempt to make a machine or network resource unavailable to its intended users. Although the means to carry out, the motives for, and targets of a DoS attack vary, it generally consists of efforts to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet. In this article I will show how to carry out a Denial-of-service Attack or DoS using hping3 with spoofed IP in Kali Linux.
If you are executing a Denial of Service attack or DoS using hping3 the main thing you can do with this is that:-
- You can hide your IP address.
- Your destination machine will see source from random source IP addresses rather than yours.
- Your destination machine will get overwhelmed within 5 minutes and stop responding.
Sounds good? I bet it does. But before we go and start using hping3, let’s just go over the basics..
What’s hping3?
hping3 is a free packet generator and analyzer for the TCP/IP protocol. Hping is one of the de-facto tools for security auditing and testing of firewalls and networks, and was used to exploit the Idle Scan scanning technique now implemented in the Nmap port scanner. The new version of hping, hping3, is scriptable using the Tcl language and implements an engine for string based, human readable description of TCP/IP packets, so that the programmer can write scripts related to low level TCP/IP packet manipulation and analysis in a very short time.hping3 should be used to…
- Traceroute/ping/probe hosts behind a firewall that blocks attempts using the standard utilities.Denial-of-service Attack – DoS using hping3 with spoofed IP in Kali Linux - blackMORE Ops - 61
- Perform the idle scan (now implemented in nmap with an easy user interface).
- Test firewalling rules.
- Test IDSes.
- Exploit known vulnerabilties of TCP/IP stacks.
- Networking research.
- Write real applications related to TCP/IP testing and security.
- and many more.
Here the fun begins but don't use this anywhere where you are not supposed to use(You know what i mean).
A Simple SYN Flood can be done by this command.
- hping3 -S --flood -V victim's IP
- hping3 --flood --rand-source --icmp -p 443 victim's IP
- Open the terminal in KALI LINUX
- Type hping3
- You can also Type hping3 --h or hping3 --help or man hping3(for manual page)
- Just type:- hping3 --flood --rand-source --icmp -p 443 victim's IP
Just look at my CPU Usage pre and post DOS attack by HPING3.
Before DOS attack
After DOS attack
Conclusion
Any new and modern firewall will block it and most Linux kernels are built in with SYN flood protection these days. This guide is meant for research and learning purpose.
For those who are having trouble TCP SYN or TCP Connect flood, try learning IPTables and ways to figure out how you can block DoS using hping3 or nping or any other tool.
Thanks for reading and visiting my website. Please share this guide.
Share your thought,question and idea with us by comment.
Share it with your friend on social,
"Sharing is Caring"
Keep visit Here
Thanks :)
Millions of WordPress websites are at risks of being completely hijacked by the hackers due to a critical cross-site scripting (XSS) vulnerability present in the default installation of the widely used content management system.
The cross-site scripting (XSS) vulnerability, uncovered by the security researcher reported by Robert Abela of Security firm Netsparker.
Wordpress vulnerability resides in Genericons webfont package that is part of default WordPress Twenty Fifteen Theme.
The cross-site scripting (XSS) vulnerability, uncovered by the security researcher reported by Robert Abela of Security firm Netsparker.
Wordpress vulnerability resides in Genericons webfont package that is part of default WordPress Twenty Fifteen Theme.
Here comes the threat:
The XSS vulnerability has been identified as a "DOM-based," which means the flaw resides in the document object model (DOM) that is responsible for text, images, headers, and links representation in a web browser.
The easy-to-exploit DOM-based Cross-Site Scripting (XSS) vulnerability occurred due to an insecure file included with Genericons that allowed the Document Object Model Environment in the victim’s browser to be modified.
What’s DOM-Based XSS attack?
In DOM-Based Cross-Site Scripting attack, the payload executes in the DOM (Document Object Model) instead of part of the HTML in the victim’s browser,
This means the page itself does not change, but the client side code contained in the page executes in a different manner due to the malicious modifications in the DOM environment.
DOM-based Cross-Site Scripting vulnerabilities are much harder to detect than classic XSS flaws because they reside in the script code from the website.
DOM-based XSS vulnerability allows hackers to steal or hijack your session, carry out very advanced phishing attacks.
The vulnerability is actively being exploited in the wild and so far, the researcher has discovered JetPack plugin and Twenty Fifteen theme to be vulnerable to a DOM-based XSS attack. Apparently, any WordPress plugin that comes with the Genericons package is potentially vulnerable to the attack.
JetPack is a popular WordPress plugin with more than 1 Million download. The plugin is bundled with many useful features including customization, traffic, mobile, content, and performance tools, which makes managing a WordPress site a whole lot easier.
How to hijack a WordPress website?
Generally, a DOM-based XSS attack requires an administrator to click on a malicious link while logging into a vulnerable WordPress installation and once clicked, the hackers can gain full control of the vulnerable website.
Security Firm Sucuri's researcher David Dede explains:
What is interesting about this attack is that we detected it in the wild days before disclosure. We got a report about it and some of our clients were also getting reports saying they were vulnerable and pointing to:
http:// site.com/wp-content/themes/twentyfifteen/genericons/example.html#1<img/ src=1 onerror= alert(1)>
In this proof of concept, the XSS printed a javascript alert, but could be used to execute javascript in your browser and take over the site if you are logged in as admin.It is not clear exactly how many websites are vulnerable to the attack, but JetPack plugin comes installed by default in millions of WordPress templates, making the count even larger.
Measure to protect your WordPress website:
Administrators of WordPress sites should check if their site is running the Genericons package.
In case it is running, they should either immediately delete the example.html file that is included with the package, or at least, make sure that their web application firewall or intrusion detection system is blocking access to it.
Sucuri has contacted and informed almost a dozen Web hosts who have already virtually patched the vulnerability on their websites they host.
The hosts include GoDaddy, ClickHost, Inmotion, HostPapa, DreamHost, WPEngine, Pagely, Pressable, SiteGround, Websynthesis, and Site5.
UPDATE - WORDPRESS INSTALL
WordPress released WordPress 4.2.2 update , resolving the above issues with Genericons icon font package as well as patching the critical cross-site scripting (XSS) vulnerability, which could enable hackers to compromise the websites.
Administrators are strongly recommended to immediately update their sites to WordPress 4.2.2.
WordPress allows security patches to get rolled out to users automatically. But administrators with 'Disabled Auto-update' feature are strongly recommended to upgrade their sites as soon as possible.
Share your thought,question and idea with us by comment.
Share it with your friend on social,
"Sharing is Caring"
Keep visit Here
Thanks :)
In Nowadays thousand of computers running on Linux and FreeBSD operating system. Many of them have been infected with sophisticated malware that turn the machines into spambots from past five years.
The new Linux malware, discovered by the security researchers from the antivirus provider Eset, has been dubbed "Mumblehard" because it is Muttering spam from your servers, says Eset 23-page long report titled "Unboxing Linux/Mumblehard."
The new Linux malware, discovered by the security researchers from the antivirus provider Eset, has been dubbed "Mumblehard" because it is Muttering spam from your servers, says Eset 23-page long report titled "Unboxing Linux/Mumblehard."
Mumblehard features two basic components:
- Backdoor
- Spamming daemon
Both written in the Perl programming language and "feature the same custom packer written in assembly language."
The backdoor allows hackers to infiltrate into the system and control the command and control servers, and the Spamming daemon is a behind-the-scenes process that focuses on sending large batches of spam emails from the infected servers.
The most worrying part of this :
The Mumblehard operators have been active for over five years, and perhaps even longer, without any disruption.
"Malware targeting Linux and [OpenBSD] servers [are] becoming more and more complex," Eset researchers wrote. "The fact that the [malware creator] used a custom packer...is somewhat sophisticated."
Who is responsible for the Spambot network?
The Mumblehard Linux malware actually exploits vulnerabilities in WordPress and Joomla content management systems in order to get into the servers.
Additionally, Mumblehard malware is also distributed by installing ‘pirated’ versions of a Linux and BSD program called DirectMailer, software developed by Yellsoft used for sending bulk e-mails and sold for $240 through the Russian firm's website.
So, when a user installs the pirated version of DirectMailer software, the Mumblehard operators gets a backdoor to the user's server that allows hackers to send spam messages.
How to prevent ...?
Web server administrators should check their servers for Mumblehard infections by looking for the so-called unwanted cronjob entries added by the malware in an attempt to activate the backdoor every 15-minute increments.
The backdoor is generally located in the /var/tmp or /tmp folders. You can deactivate this backdoor by mounting the tmp directory with the noexec option.
Share your thought,question and idea with us by comment.
Share it with your friend on social,
"Sharing is Caring"
Keep visit Here
Thanks :)
This is the first post from 1tech.in(of course this will be demo post) . Through this post we want to inform you from now no need to go for too many website for a search a solution and something new . you will get all in one solution here. latest news ,latest tutorials, templates, just in one word our tag line " A complete computer and web solution with its security." Tag line is enough for our intro. In return we not taking much from you .... only some time and subscription and one share from you hope you will help us . Thanks in advance.
Popular Post
-
In computing, a denial-of-service (DoS) or distributed denial-of-service (DDoS) attack is an attempt to make a machine or network resource... -
This is the first post from 1tech.in(of course this will be demo post) . Through this post we want to inform you from now no need to go for ...
-
More than 90% of enterprise SAP installations exposed to high-security vulnerabilities that could allow attackers to hijack a company's ... -
The world of hacking and the techniques of hackers has become more organized and reliable over recent years . Nowadays, attackers use highly...
-
In Nowadays thousand of computers running on Linux and FreeBSD operating system. Many of them have been infected with sophisticated malware ...
-
Already fed up of annoying app and game invites from friends on Facebook? There is some good news for you. You can now block all such irri... -
Millions of WordPress websites are at risks of being completely hijacked by the hackers due to a critical cross-site scripting (XSS) vulnera...