A new piece of malware has been identified by the Foregenix DFIR team. The malware is a PHP webshell - a script, which when installed on a compromised system, presents a sophisticated administration platform allowing the attacker to browse the filesystem of the compromised server, upload, create, edit, download or delete files or stop running processes.
We have come across Manage Engine EventLog installations a few times in our penetration tests at Foregenix, and have identified different vulnerabilities in our attempts to compromise it. In most situations a default guest account was left open and becomes a focus point as we attempt to use it to elevate privileges or otherwise influence the profiles behaviour to our advantage. These attempts resulted in the following vulnerabilities being discovered and reported to the vendor. While the installations encountered during the engagements may not be running an up-to-date version of the ManageEngine EventLog software we validated whether the vulnerabilities still exist on the latest version as of the time of reporting them to the Vendor.
Magento websites have been under attack from a new malicious JavaScript family of malware - our forensic team has been working with many hacked websites to help them regain control of their online businesses and to limit losses.
Last month Magento released SUPEE-8788 to fix a number of security issues – you can read about SUPEE-8788 in detail here. A LOT of websites have not yet patched and are at risk of being hacked.
A new piece of malware has been identified by the Foregenix DFIR team. The malware is a PHP webshell - a script, which when installed on a compromised system, presents a sophisticated administration platform allowing the attacker to browse the filesystem of the compromised server, upload, create, edit, download or delete files or stop running processes.
We have come across Manage Engine EventLog installations a few times in our penetration tests at Foregenix, and have identified different vulnerabilities in our attempts to compromise it. In most situations a default guest account was left open and becomes a focus point as we attempt to use it to elevate privileges or otherwise influence the profiles behaviour to our advantage. These attempts resulted in the following vulnerabilities being discovered and reported to the vendor. While the installations encountered during the engagements may not be running an up-to-date version of the ManageEngine EventLog software we validated whether the vulnerabilities still exist on the latest version as of the time of reporting them to the Vendor.
Magento websites have been under attack from a new malicious JavaScript family of malware - our forensic team has been working with many hacked websites to help them regain control of their online businesses and to limit losses.
Last month Magento released SUPEE-8788 to fix a number of security issues – you can read about SUPEE-8788 in detail here. A LOT of websites have not yet patched and are at risk of being hacked.
Discover
Respond
Secure
Assure
