http


Apache Struts 1 is a popularly used JAVA EE web application framework. It offers many kinds of validators to filter user input by using the Apache Common Validator library, which is both convenient and fast. However, a bug in Apache Struts can be used to easily bypass the input validation process, allowing an attacker to submit arbitrary dirty data to the database, possibly resulting in a cross-site scripting attack when the user views the JSP file that refers directly to the corrupted data. [Read More]
by RSS Dehui Yin  |  Oct 25, 2017  |  Filed in: Security Research
Apache Struts 1 ValidatorForm is a commonly used component in the JAVA EE Web Application that requires validated form fields input by a user, such as a login form, registration form, or other information form. By configuring the validation rules, Apache Struts can validate many different kinds of fields - username, email, credit card number, etc. However, a bug in Apache Struts 1 can be used to manipulate the property of ValidatorForm so as to modify the validation rules, or even worse, cause a denial of service or execute arbitrary code in the... [Read More]
by RSS Dehui Yin  |  Oct 25, 2017  |  Filed in: Security Research
While some of everyone's social media presence is inevitably publicly viewable, there are parts that we only want shared/visible to "friends" or other confirmed connections. Facebook, which is already using security tools like HTTPS with HSTS (HTTP Strict Transport Security) to authenticate and secure user/Facebook connections -- and offering a Tor "onion" site for users wanting even more security, announced on June 1 that it will be (slowly) letting (some) users PGP-encrypt the content (as in, message body and attachments,... [Read More]
by RSS Daniel Dern  |  Jun 09, 2015  |  Filed in: Industry Trends
A few weeks ago, our FortiGuard Labs Threat Intelligence system discovered some new suspicious samples as usual. One of these samples caught our attention when we checked its network traffic. For this particular sample, which Fortinet already detects as W32/Foreign.LXES!tr, we found that most of its communication has the HTTP/1.1 404 Not Found status, which should mean that some error has occurred generally. But when we analysed the data further, we realized that it was actually a special trick. The Ping & Pong Commands When it first... [Read More]
by RSS He Xu  |  Apr 09, 2015  |  Filed in: Security Research
Advanced Persistent Threats (APTs) usually start off with using a common tactic, which is through a spear phishing email. Disguised as coming from a well-known organization, the email certainly draws the user's attention, as seen in the one that I've recently received. Figure 1: Spear phishing email The unsuspecting user may open up the attached ZIP file and double click the extracted file, which turns out to be malware. This particular malware, which we detect as W32/Bublik.BDYG!tr, is found to be a simple downloader which is relatively small... [Read More]
by RSS Danny Choi  |  Oct 28, 2013  |  Filed in: Security Research
I had always wanted to look into Firefox OS. It's done. I created my first application. What kind of application does a reverse engineer write as first app? A CrackMe of course. You can try it: the sources are available here. But, honestly, it is really a very (very) simple CrackMe, as my real goal was to get acquainted with Firefox OS, and understand the possible risks in terms of malware. We, anti-virus analysts, won't need disassemblers or decompilers for Firefox OS malware That's cool, isn't it (although part of the mystery of our job is... [Read More]
by RSS Axelle Apvrille  |  Jul 30, 2012  |  Filed in: Security Research