All information, data, and material contained, presented, or provided on is for educational purposes only.
Company names mentioned herein are the property of, and may be trademarks of, their respective owners.
It is not to be construed or intended as providing legal advice.
Company names mentioned herein are the property of, and may be trademarks of, their respective owners and are for educational purposes only.
17 U.S. Code § 107 - Limitations on exclusive rights: Fair use
Notwithstanding the provisions of sections 106 and 106A, the fair use of a copyrighted work, including such use by reproduction in copies or phonorecords or by any other means specified by that section, for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright.
This volume of the Microsoft Security Intelligence Report focuses on the first and second quarters of 2016, with trend data for the last several quarters presented on a quarterly basis. Because vulnerability disclosures can be highly inconsistent from quarter to quarter and often occur disproportionately at certain times of the year, statistics about vulnerability disclosures are presented on a half-yearly basis
Behavior Analysis Of Malicious Web Pages Through Client Honeypot For Detectio...IJERA Editor
Malwares which is also known as malicious software’s is spreading through the exploiting the client side applications such as browsers, plug-ins etc. Attackers implant the malware codes in the user’s computer through web pages; thereby they are also known malicious web pages. Here in the paper, we present the usefulness of controlled environment in the form of client honeypots in detection of malicious web pages through collections of malicious intent in web pages and then perform detailed analysis for validation and confirmation of malicious web pages. First phase is collection of malicious infections through high interaction client honeypot, second phase is validations of the malicious infections embedded into web pages through behavior based analysis. Malwares which infect the client side applications and drop the malwares into user’s computers sometimes overrides the signature based detection techniques; thereby there is a need to study the behavior of the complete malicious web pages.
A Review paper on Securing PHP based websites From Web Application Vulnerabil...Editor IJMTER
In today’s Era, Web applications are one of the most part ubiquitous platforms for
information sharing and services over Internet which play significant role in individual life as well
as in any country’s growth. Web applications have gone through a very rapid Growth As they are
increasingly used for the financial organization, government, hospitality and many critical services.
Web applications become a popular and precious target for security attacks. at the present time,
billions of transactions are done online through net banking, online shopping, online billing and
many more. Even though these applications are used by lots of people modern web applications
often implements the complex structure requires for user to carry out actions in given order, in
many cases the security level is too low, which makes them vulnerable to get compromised. Even
though a large number of techniques have been developed to build up web applications and
mitigate the attacks toward web applications, there is little effort constant to drawing relations
among these techniques and building a big picture of web application security(WAS) research. In
this paper, we present a survey on various types of web application vulnerabilities(WAV).
All information, data, and material contained, presented, or provided on is for educational purposes only.
Company names mentioned herein are the property of, and may be trademarks of, their respective owners.
It is not to be construed or intended as providing legal advice.
Company names mentioned herein are the property of, and may be trademarks of, their respective owners and are for educational purposes only.
17 U.S. Code § 107 - Limitations on exclusive rights: Fair use
Notwithstanding the provisions of sections 106 and 106A, the fair use of a copyrighted work, including such use by reproduction in copies or phonorecords or by any other means specified by that section, for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright.
This volume of the Microsoft Security Intelligence Report focuses on the first and second quarters of 2016, with trend data for the last several quarters presented on a quarterly basis. Because vulnerability disclosures can be highly inconsistent from quarter to quarter and often occur disproportionately at certain times of the year, statistics about vulnerability disclosures are presented on a half-yearly basis
Behavior Analysis Of Malicious Web Pages Through Client Honeypot For Detectio...IJERA Editor
Malwares which is also known as malicious software’s is spreading through the exploiting the client side applications such as browsers, plug-ins etc. Attackers implant the malware codes in the user’s computer through web pages; thereby they are also known malicious web pages. Here in the paper, we present the usefulness of controlled environment in the form of client honeypots in detection of malicious web pages through collections of malicious intent in web pages and then perform detailed analysis for validation and confirmation of malicious web pages. First phase is collection of malicious infections through high interaction client honeypot, second phase is validations of the malicious infections embedded into web pages through behavior based analysis. Malwares which infect the client side applications and drop the malwares into user’s computers sometimes overrides the signature based detection techniques; thereby there is a need to study the behavior of the complete malicious web pages.
A Review paper on Securing PHP based websites From Web Application Vulnerabil...Editor IJMTER
In today’s Era, Web applications are one of the most part ubiquitous platforms for
information sharing and services over Internet which play significant role in individual life as well
as in any country’s growth. Web applications have gone through a very rapid Growth As they are
increasingly used for the financial organization, government, hospitality and many critical services.
Web applications become a popular and precious target for security attacks. at the present time,
billions of transactions are done online through net banking, online shopping, online billing and
many more. Even though these applications are used by lots of people modern web applications
often implements the complex structure requires for user to carry out actions in given order, in
many cases the security level is too low, which makes them vulnerable to get compromised. Even
though a large number of techniques have been developed to build up web applications and
mitigate the attacks toward web applications, there is little effort constant to drawing relations
among these techniques and building a big picture of web application security(WAS) research. In
this paper, we present a survey on various types of web application vulnerabilities(WAV).
To protect your business from cyber attack, you must understand where you are vulnerable and structure defenses to thwart attacks. This innovative study from HP Security Research brings the information you need to do that.
It provides a broad view of the 2014 threat landscape — a specter of new threats brought by new technologies on a backdrop of known vulnerabilities and exploits. Then it drills down into specific technologies you may use like open source, mobile, and the Internet of Things.
Imperva's ADC analyzed real-world traffic from sixty Web applications in order to identify attack patterns. The report demonstrates that, across a community of Web applications, early identification of attack sources and attack payloads can significantly improve the effectiveness of application security. Furthermore, it reduces the cost of decision making with respect to attack traffic across the community. Here's how, based on the traffic analyzed by the ADC: (1) multiple target SQL attackers generated nearly 6x their share of the population (2) multiple target comment spam attackers generated 4.3x their share of the population (3) multiple target RFI attackers generated 1.7x their share of the population (this amounted to 73% of total attacks).
In the real world, a water hole is a source of water where many animals gather to quench their thirst. This makes a water hole an ideal spot for a hunter.
In the most recent Hacker Intelligence Initiative report, Imperva analyses vulnerabilities found in the SuperGlobal parameters of the PHP platform, and finds that a multi-step attack requires a multi-layered application security solution.
Analysis of XSS attack Mitigation techniques based on Platforms and Browserscscpconf
In the recent years, everything is in web. It may be Organization’s administration software,
Custom ERP application, Employee portals or Real estate portals. The Social networking sites
like Face book, Twitter, MySpace which is a web application is been used by millions of users
around the world. So web applications have become very popular among users. Hence they are
observed and may be exploited by hackers. Researchers and industry experts state that the
Cross-site Scripting (XSS) is the one of the top most vulnerabilities in the web application. The
cross-site scripting has become a common vulnerability of many web sites and web
applications. XSS consists in the exploitation of input validation flaws, with the purpose of
injecting arbitrary script code which is later executed at the web browser of the victim.
According to OSWAP, Cross-site scripting attacks on web applications have experienced an
important rise in recent year. This demands an efficient approach on the server side to protect
the users of the application as the reason for the vulnerability primarily lies on the server side.
The actual exploitation is within the victim’s web browser on the client-side. Therefore, an
operator of a web application has only very limited evidence of XSS issues. However, there are
many solutions for this vulnerability. But such techniques may degrade the performance of the
system. In such scenarios challenge is to decide which method, platform, browser and
middleware can be used to overcome the vulnerabilities, with reasonable performance over
head to the system. Inspired by this problem, we present performance comparison of two mitigation techniques for Cross-site Scripting (XSS) at the server side based on the parameters like application’s platform, middleware technology and browser used by the end user. We implemented Mitigation parsing technique using database and replace technique in different platforms, middleware and checked its performance. We calculated the time taken by different browsers to render the pages using two techniques under different platform and middleware. In this paper we proposed the best combination of development platform, browser and the middleware for the two mitigation technique with respect to developer and end users.
Vulnerability Analysis of 802.11 Authentications and Encryption Protocols: CV...AM Publications
This paper analysis vulnerability of known attacks on WLAN cipher suite, authentication mechanisms and credentials using common vulnerability scoring system (CVSS).
In this article we will be the focusing on all the aspects of Phishing attacks including the technological advancements, exploitation, post exploitation techniques and the countermeasures techniques against Advanced Phishing” The Art of Stealing” .
We will also learn about payloads , Web Application attacks and Network Attacks and how they contribute to advanced phishing attacks.
Study of Cross-Site Scripting Attacks and Their CountermeasuresEditor IJCATR
In present-day time, most of the associations are making use of web services for improved services to their
clients. With the upturn in count of web users, there is a considerable hike in the web attacks. Thus, security becomes
the dominant matter in web applications. The disparate kind of vulnerabilities resulted in the disparate types of attacks.
The attackers may take benefit of these vulnerabilities and can misuse the data in the database. Study indicates that
more than 80% of the web applications are vulnerable to cross-site scripting (XSS) attacks. XSS is one of the fatal
attacks & it has been practiced over the maximum number of well-known search engines and social sites. In this paper,
we have considered XSS attacks, its types and different methods employed to resist these attacks with their
corresponding limitations. Additionally, we have discussed the proposed approach for countering XSS attack and how
this approach is superior to others.
The FireEye Advanced Threat Report is based on research and trend analysis conducted by the FireEye Malware Intelligence Labs providing insights to the most current threat landscapes.
The ubiquity of mobile devices is empowering consumers, businesses and partners to more seamlessly communicate and create high-quality, meaningful transactions when and how they want. View the info-graphic to find out more.
Read the following whitepaper to learn:
1. The top 5 vulnerabilities for most data breaches in the Retail industry
2. Where do most attackers come from? And what motivates them?
3. The 3 essential parts of a security strategy to protect from intrusions
To protect your business from cyber attack, you must understand where you are vulnerable and structure defenses to thwart attacks. This innovative study from HP Security Research brings the information you need to do that.
It provides a broad view of the 2014 threat landscape — a specter of new threats brought by new technologies on a backdrop of known vulnerabilities and exploits. Then it drills down into specific technologies you may use like open source, mobile, and the Internet of Things.
Imperva's ADC analyzed real-world traffic from sixty Web applications in order to identify attack patterns. The report demonstrates that, across a community of Web applications, early identification of attack sources and attack payloads can significantly improve the effectiveness of application security. Furthermore, it reduces the cost of decision making with respect to attack traffic across the community. Here's how, based on the traffic analyzed by the ADC: (1) multiple target SQL attackers generated nearly 6x their share of the population (2) multiple target comment spam attackers generated 4.3x their share of the population (3) multiple target RFI attackers generated 1.7x their share of the population (this amounted to 73% of total attacks).
In the real world, a water hole is a source of water where many animals gather to quench their thirst. This makes a water hole an ideal spot for a hunter.
In the most recent Hacker Intelligence Initiative report, Imperva analyses vulnerabilities found in the SuperGlobal parameters of the PHP platform, and finds that a multi-step attack requires a multi-layered application security solution.
Analysis of XSS attack Mitigation techniques based on Platforms and Browserscscpconf
In the recent years, everything is in web. It may be Organization’s administration software,
Custom ERP application, Employee portals or Real estate portals. The Social networking sites
like Face book, Twitter, MySpace which is a web application is been used by millions of users
around the world. So web applications have become very popular among users. Hence they are
observed and may be exploited by hackers. Researchers and industry experts state that the
Cross-site Scripting (XSS) is the one of the top most vulnerabilities in the web application. The
cross-site scripting has become a common vulnerability of many web sites and web
applications. XSS consists in the exploitation of input validation flaws, with the purpose of
injecting arbitrary script code which is later executed at the web browser of the victim.
According to OSWAP, Cross-site scripting attacks on web applications have experienced an
important rise in recent year. This demands an efficient approach on the server side to protect
the users of the application as the reason for the vulnerability primarily lies on the server side.
The actual exploitation is within the victim’s web browser on the client-side. Therefore, an
operator of a web application has only very limited evidence of XSS issues. However, there are
many solutions for this vulnerability. But such techniques may degrade the performance of the
system. In such scenarios challenge is to decide which method, platform, browser and
middleware can be used to overcome the vulnerabilities, with reasonable performance over
head to the system. Inspired by this problem, we present performance comparison of two mitigation techniques for Cross-site Scripting (XSS) at the server side based on the parameters like application’s platform, middleware technology and browser used by the end user. We implemented Mitigation parsing technique using database and replace technique in different platforms, middleware and checked its performance. We calculated the time taken by different browsers to render the pages using two techniques under different platform and middleware. In this paper we proposed the best combination of development platform, browser and the middleware for the two mitigation technique with respect to developer and end users.
Vulnerability Analysis of 802.11 Authentications and Encryption Protocols: CV...AM Publications
This paper analysis vulnerability of known attacks on WLAN cipher suite, authentication mechanisms and credentials using common vulnerability scoring system (CVSS).
In this article we will be the focusing on all the aspects of Phishing attacks including the technological advancements, exploitation, post exploitation techniques and the countermeasures techniques against Advanced Phishing” The Art of Stealing” .
We will also learn about payloads , Web Application attacks and Network Attacks and how they contribute to advanced phishing attacks.
Study of Cross-Site Scripting Attacks and Their CountermeasuresEditor IJCATR
In present-day time, most of the associations are making use of web services for improved services to their
clients. With the upturn in count of web users, there is a considerable hike in the web attacks. Thus, security becomes
the dominant matter in web applications. The disparate kind of vulnerabilities resulted in the disparate types of attacks.
The attackers may take benefit of these vulnerabilities and can misuse the data in the database. Study indicates that
more than 80% of the web applications are vulnerable to cross-site scripting (XSS) attacks. XSS is one of the fatal
attacks & it has been practiced over the maximum number of well-known search engines and social sites. In this paper,
we have considered XSS attacks, its types and different methods employed to resist these attacks with their
corresponding limitations. Additionally, we have discussed the proposed approach for countering XSS attack and how
this approach is superior to others.
The FireEye Advanced Threat Report is based on research and trend analysis conducted by the FireEye Malware Intelligence Labs providing insights to the most current threat landscapes.
The ubiquity of mobile devices is empowering consumers, businesses and partners to more seamlessly communicate and create high-quality, meaningful transactions when and how they want. View the info-graphic to find out more.
Read the following whitepaper to learn:
1. The top 5 vulnerabilities for most data breaches in the Retail industry
2. Where do most attackers come from? And what motivates them?
3. The 3 essential parts of a security strategy to protect from intrusions
Learn:
How agile teams work and the unique approach they utilize
What strategies and tooling help you scale your agile practice
How a disciplined agile approach helps you deliver working solutions faster
Ten agile adoption mistakes and how to avoid them
The following paper offers a glimpse into what retailing will look like in 2020 and outlines the implications for retailers today. In order to succeed, retailers will have to rethink their strategies and their points of differentiation; the customers of 2020 will require it.
McAfee Labs explores top threats expected in the coming year.
Welcome to the McAfee Labs 2017 Threats Predictions
report. We have split this year’s report into two sections.
The first section digs into three very important topics,
looking at each through a long lens.
The second section makes specific predictions about
threats activity in 2017. Our predictions for next year
cover a wide range of threats, including ransomware,
vulnerabilities of all kinds, the use of threat intelligence
to improve defenses, and attacks on mobile devices.
Welcome to the Threatsploit Report of covering some of the important cybersecurity events, incidents and exploits that occurred this month such as Application Security, Mobile App Security, Network Security, Website Security, API Security, Cloud Security, Host Level Security, Cyber Intelligence, Thick Client Security, Threat Vulnerability, Database Security, IOT Security, Wireless Security.
Alert Logic Cloud Security Report analyze a year of security data to find insights to better help defend against latest threats.
Three interesting things found in the report are:
1. Differences between threats in the cloud and in traditional infrastructure
2. what makes a company more vulnerable to attacks
3. why having a good understanding of the Cyber Kill Chain could help take a preventative approach to cloud security
Microsoft Unified Communications - Securing Exchange Server 2007 Messaging Wh...Microsoft Private Cloud
Information system security is a hot topic and a major focus for most organizations. As technology spreads throughout your business, so do security threats associated with technology. E-mail, one of the most prevalent IT systems, reaches into all areas of business. It can pose a security threat because e-mail transports information between users and from the Internet to your user desktops.
Open Source Insight: CVE–2017-9805, Equifax Breach & Wacky Open Source LicensesBlack Duck by Synopsys
Our vulnerability of the week is CVE-2017-9805, which resides in Apache Struts’ REST plugin, a must-have in almost all Struts enterprise deployments. Attackers can exploit the bug via HTTP requests or via any other socket connection, with a public exploit published on Thursday. Happily, on Monday the Apache Struts team released Apache Struts v2.5.13, which includes a fix for CVE-2017-9805. As always, the byword of the week is “patch and update.”
Also looming large in this week’s news is the massive cyber-break-in at Equifax, where highly sensitive personal and financial information for around 143 million U.S. consumers (the editor apparently being among those affected) was compromised.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
Infosec 2014: Risk Analytics: Using Your Data to Solve Security ChallengesSkybox Security
“How secure are we?” “What's our strategy for advanced threats?” “How do we manage changes?” “What should we focus on?” “How is risk changing over time?” These are the difficult questions that IT security and network operations professionals face daily. The answer is in your data. Risk analytics is critical to answering the questions you face every day, opening new paths to find and prioritise vulnerabilities, quickly find firewall rule errors, and determine potential threats before they can be exploited.
This presentation is targeted at enterprise IT professionals looking to add security metrics and analytics into their security program.
- Understand why the existing approaches, processes and technologies for IT security get less effective over time
- Know what metrics and analytics are missing from your current strategy
- Recognise how risk analytics can be used to automate and secure your network devices
- Understand how vulnerability management process can be optimized with risk analytics - See how a risk analytics platform can impact an organisation
Using Your Network as a Sensor for Enhanced Visibility and Security Lancope, Inc.
Driven by the mobility, cloud computing, and Internet of Everything megatrends and fueled by increasingly sophisticated cybercriminals, today’s information landscape is more dynamic and more vulnerable than ever before.
Join Cisco and Lancope for a complimentary webinar to learn how you can implement a comprehensive, network-enabled approach to cybersecurity.
During the webinar we will discuss:
Using the Network as a Security Sensor with Lancope’s StealthWatch System and Flexible NetFlow and to obtain visibility at scale, monitor network activity efficiently, discover security incidents quickly, and help achieve compliance.
Using the Network as a Security Enforcer with Cisco TrustSec to ensure policy-based access control and network segmentation for containment of the network attacks, assist compliance and reduce risks of data-breaches.
Key Findings from the 2015 IBM Cyber Security Intelligence IndexIBM Security
View on-demand presentation: http://securityintelligence.com/events/ibm-2015-cyber-security-intelligence-index/
The cyber threat landscape is increasing in complexity and frequency. Organizations that have historically not been the target of cyber attacks now make headline news with large data losses and compromised transactions. Organizations need a clear point of view on how to respond to these threats, and one that incorporates not only the relevant technology but also the organizational changes needed.
Nick Bradley, Practice Leader of the IBM Threat Research Group and the X-Force Threat Analysis Team, and Nick Coleman, Global Head Cyber Security Intelligence Services outline what organizations need to do now and in the future to stay ahead of the growing cyber security threat.
Looking to understand how hackers and other attackers use cyber technology to attack your network and your executives? This slide set provides an overview and details the anatomy of a cyber attack, and the strategies you can use to manage and mitigate risk.
What the New OWASP Top 10 2013 and Latest X-Force Report Mean for App SecIBM Security
Despite being on vulnerability “Top 10” lists for many years, application vulnerabilities such as SQL injection and Cross-Site scripting continue to be significant attack paradigms for organizational data breaches. In fact, the IBM X-Force 2013 Mid-Year Trend and Risk Report confirmed that SQL Injection (SQLi) remained the most common paradigm for attackers to breach organizational security controls. Meanwhile, Cross-Site Scripting continued to be the most common type of application vulnerability.
In this session, we review the latest trends in application and mobile security vulnerabilities, and how to combat them with improved security awareness, organizational controls and application security testing technologies. We also address how to improve application security on your organization’s mobile devices.
Cyberthreats broke new ground with mobile devices, while reaching deeper into social media. Online criminals also stepped up attacks via email, web and other traditional vectors.
Michael andersson - att ligga steget före in en allt mer hotfylld värld BC14IBM Sverige
Michael Andersson, säkerhetsexpert på IBM, berättar om hur en intelligent och automatiserad säkerhet kan göra din organisation mer proaktiv mot dagens allt mer sofistikerade hot.
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise21CT Inc.
In this security insight brief, 21CT researchers look at the malicious network behaviors that concern organizations the most, and how to use security analytics to find them before damage is done. Understanding these 12 indicators of compromise are critical to identifying a network breach.
[Infographic] The MSP Journey to AI_ML-Powered Detection and Response.pptxCompanySeceon
Seceon’s multi-tenant and multi-tier aiSIEM and aiXDR are cost-effective and risk-reducing and are increasingly required today by many industries and cyber insurance providers. MSPs are also recognizing the importance of collaboration and intelligence sharing within the cybersecurity community. Sharing threat intelligence and insights allows MSPs to stay informed about emerging threats and adopt more effective defense strategies. Call us at +1 (978)-923-0040
AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...IJNSA Journal
End users are increasingly vulnerable to attacks directed at web browsers which make the most of popularity of today’s web services. While organizations deploy several layers of security to protect their systems and data against unauthorised access, surveys reveal that a large fraction of end users do not utilize and/or are not familiar with any security tools. End users’ hesitation and unfamiliarity with security products contribute vastly to the number of online DDoS attacks, malware and Spam distribution. This work on progress paper proposes a design focused on the notion of increased participation of internet service providers in protecting end users. The proposed design takes advantage of three different detection tools to identify the maliciousness of a website content and alerts users through utilising Internet Content Adaptation Protocol (ICAP) by an In-Browser cross-platform messaging system. The system also incorporates the users’ online behaviour analysis to minimize the scanning intervals of malicious websites database by client honeypots. Findings from our proof of concept design and other research indicate that such a design can provide a reliable hybrid detection mechanism while introducing low delay time into user browsing experience.
Similar to IBM X-Force Threat Intelligence Quarterly 3Q 2014 (20)
Analytics facilitates a cohesive banding together of the organization for execution-oriented
organizational alignment, enterprise agility and better performance enabling action. Smarter
decisions result leading to superior performance.
Organizations who are looking to work faster and with greater agility often look to a private cloud as a solution. Not only can a private cloud improve data security, but it can also make better use of your existing IT resources. Unless you’re using Platform as a Service (PaaS), you’re not getting the full value out of your private cloud implementation. IBM’s Private Modular Cloud removes the bottlenecks that result from manual setups of middleware provisioning.
Learn how the next-generation data center can transform a static IT infrastructure into a resource-smart, workload-aware infrastructure. Open your business to new ways of working and innovating.
Discover the innovative and creative projects that highlight my journey throu...dylandmeas
Discover the innovative and creative projects that highlight my journey through Full Sail University. Below, you’ll find a collection of my work showcasing my skills and expertise in digital marketing, event planning, and media production.
Enterprise Excellence is Inclusive Excellence.pdfKaiNexus
Enterprise excellence and inclusive excellence are closely linked, and real-world challenges have shown that both are essential to the success of any organization. To achieve enterprise excellence, organizations must focus on improving their operations and processes while creating an inclusive environment that engages everyone. In this interactive session, the facilitator will highlight commonly established business practices and how they limit our ability to engage everyone every day. More importantly, though, participants will likely gain increased awareness of what we can do differently to maximize enterprise excellence through deliberate inclusion.
What is Enterprise Excellence?
Enterprise Excellence is a holistic approach that's aimed at achieving world-class performance across all aspects of the organization.
What might I learn?
A way to engage all in creating Inclusive Excellence. Lessons from the US military and their parallels to the story of Harry Potter. How belt systems and CI teams can destroy inclusive practices. How leadership language invites people to the party. There are three things leaders can do to engage everyone every day: maximizing psychological safety to create environments where folks learn, contribute, and challenge the status quo.
Who might benefit? Anyone and everyone leading folks from the shop floor to top floor.
Dr. William Harvey is a seasoned Operations Leader with extensive experience in chemical processing, manufacturing, and operations management. At Michelman, he currently oversees multiple sites, leading teams in strategic planning and coaching/practicing continuous improvement. William is set to start his eighth year of teaching at the University of Cincinnati where he teaches marketing, finance, and management. William holds various certifications in change management, quality, leadership, operational excellence, team building, and DiSC, among others.
Premium MEAN Stack Development Solutions for Modern BusinessesSynapseIndia
Stay ahead of the curve with our premium MEAN Stack Development Solutions. Our expert developers utilize MongoDB, Express.js, AngularJS, and Node.js to create modern and responsive web applications. Trust us for cutting-edge solutions that drive your business growth and success.
Know more: https://www.synapseindia.com/technology/mean-stack-development-company.html
Improving profitability for small businessBen Wann
In this comprehensive presentation, we will explore strategies and practical tips for enhancing profitability in small businesses. Tailored to meet the unique challenges faced by small enterprises, this session covers various aspects that directly impact the bottom line. Attendees will learn how to optimize operational efficiency, manage expenses, and increase revenue through innovative marketing and customer engagement techniques.
Falcon stands out as a top-tier P2P Invoice Discounting platform in India, bridging esteemed blue-chip companies and eager investors. Our goal is to transform the investment landscape in India by establishing a comprehensive destination for borrowers and investors with diverse profiles and needs, all while minimizing risk. What sets Falcon apart is the elimination of intermediaries such as commercial banks and depository institutions, allowing investors to enjoy higher yields.
Tata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s DholeraAvirahi City Dholera
The Tata Group, a titan of Indian industry, is making waves with its advanced talks with Taiwanese chipmakers Powerchip Semiconductor Manufacturing Corporation (PSMC) and UMC Group. The goal? Establishing a cutting-edge semiconductor fabrication unit (fab) in Dholera, Gujarat. This isn’t just any project; it’s a potential game changer for India’s chipmaking aspirations and a boon for investors seeking promising residential projects in dholera sir.
Visit : https://www.avirahi.com/blog/tata-group-dials-taiwan-for-its-chipmaking-ambition-in-gujarats-dholera/
Attending a job Interview for B1 and B2 Englsih learnersErika906060
It is a sample of an interview for a business english class for pre-intermediate and intermediate english students with emphasis on the speking ability.
Putting the SPARK into Virtual Training.pptxCynthia Clay
This 60-minute webinar, sponsored by Adobe, was delivered for the Training Mag Network. It explored the five elements of SPARK: Storytelling, Purpose, Action, Relationships, and Kudos. Knowing how to tell a well-structured story is key to building long-term memory. Stating a clear purpose that doesn't take away from the discovery learning process is critical. Ensuring that people move from theory to practical application is imperative. Creating strong social learning is the key to commitment and engagement. Validating and affirming participants' comments is the way to create a positive learning environment.
VAT Registration Outlined In UAE: Benefits and Requirementsuae taxgpt
Vat Registration is a legal obligation for businesses meeting the threshold requirement, helping companies avoid fines and ramifications. Contact now!
https://viralsocialtrends.com/vat-registration-outlined-in-uae/
Kseniya Leshchenko: Shared development support service model as the way to ma...Lviv Startup Club
Kseniya Leshchenko: Shared development support service model as the way to make small projects with small budgets profitable for the company (UA)
Kyiv PMDay 2024 Summer
Website – www.pmday.org
Youtube – https://www.youtube.com/startuplviv
FB – https://www.facebook.com/pmdayconference
LA HUG - Video Testimonials with Chynna Morgan - June 2024Lital Barkan
Have you ever heard that user-generated content or video testimonials can take your brand to the next level? We will explore how you can effectively use video testimonials to leverage and boost your sales, content strategy, and increase your CRM data.🤯
We will dig deeper into:
1. How to capture video testimonials that convert from your audience 🎥
2. How to leverage your testimonials to boost your sales 💲
3. How you can capture more CRM data to understand your audience better through video testimonials. 📊
What is the TDS Return Filing Due Date for FY 2024-25.pdfseoforlegalpillers
It is crucial for the taxpayers to understand about the TDS Return Filing Due Date, so that they can fulfill your TDS obligations efficiently. Taxpayers can avoid penalties by sticking to the deadlines and by accurate filing of TDS. Timely filing of TDS will make sure about the availability of tax credits. You can also seek the professional guidance of experts like Legal Pillers for timely filing of the TDS Return.
What is the TDS Return Filing Due Date for FY 2024-25.pdf
IBM X-Force Threat Intelligence Quarterly 3Q 2014
1. August 2014IBM Security Systems
IBM X-Force Threat Intelligence Quarterly,
3Q 2014
Get a closer look at Heartbleed—from the latest attack activity to mitigation strategies—
using 2014 mid-year data and ongoing research
2. 2 IBM X-Force Threat Intelligence Quarterly 3Q 2014
2 Executive overview
4 Heartbleed attack activity: Then and now
9 The race to prevent one-day attacks
13 Vulnerability disclosures in the first half of 2014
18 About X-Force
19 Contributors
19 For more information
Welcome to the latest quarterly report from the IBM®
X-Force® research and development team. In this report, we’ll
look at how the Heartbleed vulnerability—CVE-2014-0160,
disclosed in April 2014—impacted organizations around the
world. We’ll focus on how attackers continue to take advantage
of this pervasive vulnerability, review potential mitigation
strategies and assess how the disclosure compares to the rest of
our data from the first half of 2014.
So far, the disclosure of the Heartbleed vulnerability in the
OpenSSL library has been the biggest event to hit the security
industry in 2014. The bug permitted unauthenticated acccess
from servers and clients alike. While the initial impact of
Heartbleed is waning, a second wave of new vulnerabilities
found within open-source and reusable software merits further
discussion.
Servers worldwide continue to be affected by this serious
vulnerability, so we wanted to investigate what has happened
since the Heartbleed disclosure took so many organizations by
surprise. Not only did the flaw focus the attention of
researchers looking for new areas of vulnerabilities within
open-source and reusable code, it also gave attackers another
great opportunity to use one-day attack methods.
With the help of IBM Managed Security Services (MSS), we’ll
first look at how organizations dealt with the immediate
aftermath of the Heartbleed announcement, while also
adopting practical, large-scale mitigation strategies for ongoing
protection. Then, from an attack perspective, our X-Force
researchers will explain what the attackers might have been
looking for and attempting to achieve with this type of
vulnerability.
Executive overviewContents
3. IBM Security Systems 3
Throughout this report, you’ll learn how an unexpected,
widespread and difficult-to-patch vulnerability such as
Heartbleed forces organizations to look deeper into their risk
management and critical communication processes. This was
especially true for major software vendors who had integrated
OpenSSL into their commercial products and offerings. In
addition to protecting against imminent attacks to their own
potentially vulnerable systems, vendors also had to perform a
thorough investigation of their own products—that is, they had
to determine if any of their products were using this open-
source library in order to provide patches.
For many of these reasons, Heartbleed had a far greater risk
impact than other types of vulnerabilities; however,
consequences were not as disastrous as they could have been.
There were only a handful of breaches attributed to Heartbleed
even though it was a vulnerability in the core technology that
protects e-commerce and helps ensure privacy.
Finally, we’ll close the report with a look at how Heartbleed
compares to other publicly disclosed vulnerabilities, and how
this midway point of 2014 compares to previous years. The
good news is that the overall disclosure trend is decreasing. But
when comparing the real-world impact of Heartbleed to its
Common Vulnerability Scoring System (CVSS) ranking—
which is only a 5.0, or “medium” risk—our researchers noted a
significant disparity. We’ll discuss some of the shortcomings in
the current CVSS standard, the inconsistencies in scoring
across different organizations, and the loss of confidence in the
CVSS score as an accurate and reliable measure of risk. Then,
we’ll explain how the upcoming release of CVSS version 3 is
expected to address many concerns of the security industry.
What is Heartbleed?
The Heartbleed vulnerability is a bug in OpenSSL, a popular
open-source protocol used extensively on the Internet,
which allows anyone who knows how to exploit the
vulnerability to access and read the memory of systems
thought to be protected.
Vulnerable versions of OpenSSL allow compromise of secret
keys, user names, passwords and even actual content. Many
security experts believe that this vulnerability has actually
existed for at least two years and might have been exploited
for just as long. Although many companies have issued
statements claiming that they have now remedied the
vulnerability in their environment, there is truly no way of
knowing how much data has fallen into the wrong hands
through the exploitation of this vulnerability.
For more information about Heartbleed, refer to the IBM
Security Intelligence blog post from April 20141
or the
Heartbleed website.2
4. 4 IBM X-Force Threat Intelligence Quarterly 3Q 2014
What was the real-world impact of Heartbleed? Learn how the waves of attacks have
affected IBM Managed Security Services customers.
Heartbleed attack activity: Then and now
O
n 7 April 2014, one of the most significant security
events of the past few years occurred—that’s when
the Heartbleed vulnerability in OpenSSL (CVE-
2014-0160) was publicly disclosed. The bug was introduced
approximately two years ago and left more than half a million
servers vulnerable to unencrypted data leaks of system memory
with minimal trace of exploitation. The disclosure caused panic
across a wide range of industries, government agencies and
consumer groups that had used OpenSSL to keep their
transactions private—and had instead found themselves
vulnerable to an attack and without any proof of when leaks
occurred (that is, no log-file evidence).
Almost as soon as the vulnerability was released as an
OpenSSL advisory, IBM Managed Security Services (MSS)
witnessed attackers immediately re-tooling and exploiting the
bug on a global scale. Once the major vendors of intrusion
detection and prevention systems created protection
signatures, MSS was able to see just how bad the situation had
become. On 15 April 2014, MSS witnessed the largest spike in
activity across the customer base with more than 300,000
attacks in a single 24-hour period. That’s an average of 3.47
attacks per second for more than hundreds of customers.
Heartbleed attack activity for IBM Managed Security Services customers
April 2014
400,000
300,000
200,000
100,000
0
Event count
Figure 1. Attack activity related to the Heartbleed vulnerability, as noted for IBM Managed Security Services customers, in April 2014
Attacks peaked with
more than 300,000
attacks in one day
5. Execution of the attack activity
Let’s take a closer look at the attack activity after the
Heartbleed disclosure. Rather than a single IP address
executing the attack repeatedly, many of the attacks used a
distributed method. A wide range of IP addresses across
multiple autonomous system numbers (ASNs) attacked the
networks monitored by MSS. In fact, entire ranges of IP
addresses attacked several servers at once. This enabled
attackers to have a large, diversified attack surface and the
flexibility to overcome rudimentary blocking strategies.
What are autonomous system numbers?
On the Internet, an autonomous system refers to a
connected group of one or more Internet Protocol routing
prefixes run by one or more network operators to support a
single, clearly defined routing policy. Each autonomous
system is assigned a globally unique routing number, known
as an autonomous system number (ASN).
Originally, autonomous systems were controlled on behalf of
a single entity, such as an Internet service provider (ISP) or a
very large organization with independent connections to
multiple networks. Now, multiple organizations can run the
Border Gateway Protocol (BGP) using private ASNs that sit
behind an ISP. Although multiple autonomous systems may
be supported by the ISP, the Internet only sees the routing
policy of the ISP. Therefore, only the ISP must have an
officially registered ASN.
IBM Security Systems 5
Distributed Heartbleed attack
Attacker
1.1.1.1 1.1.1.2 1.1.1.3 1.1.1.4
Requests
Leaked data
Vulnerable server
Graphic 1. Distributed Heartbleed attack
6. The attacks slowed down after 22 April 2014. However, Figure
2 shows that despite the leveling off of attack activity, the
number of attacked customers has remained relatively
consistent over time. Why? As large organizations vulnerable
to Heartbleed were able to apply the issued patch to their
infrastructure, they rendered the attacks less fruitful. As a
result, attackers focused on other exploits. MSS witnessed a
significant drop in both the number of source IPs generating
attacks and the total number of attacks globally against the
MSS customer base.
6 IBM X-Force Threat Intelligence Quarterly 3Q 2014
A historical look at Heartbleed attack activity
April 2014 through June 2014
400,000
300,000
200,000
100,000
0
3,000
2,500
2,000
1,500
1,000
500
0
Event count Customer count Source IP count
Figure 2. A historical look at Heartbleed attack activity for IBM Managed Security Services customers, April 2014 through June 2014
A significant
decline
Continued
activity
Consistent
impact on
customers
7. IBM Security Systems 7
But the current status of attacks is still significant. MSS sees an
average of 7,000 attacks per day across a large attack surface.
Organizations that have applied the OpenSSL patch to their
infrastructure and deployed blocking mechanisms, such as
intrusion detection or intrusion prevention systems, can
breathe a little easier.
Sampling of Heartbleed attack activity
24 April 2014 through 1 July 2014
50,000
40,000
30,000
20,000
10,000
0
800
600
400
200
0
Final peak in
distributed
attacks
Attack activity
still averages
7,000 per day
Event count Customer count Source IP count
Figure 3. Sampling of Heartbleed attack activity for IBM Managed Security Services customers, 24 April 2014 through 1 July 2014
8. 8 IBM X-Force Threat Intelligence Quarterly 3Q 2014
Lessons learned and recommendations
There were many lessons learned from the Heartbleed attacks.
For example, MSS found that having an incident response
plan—and maintaining an asset database—were both absolutely
critical to reducing exposure to the attacks. Organizations that
had struggled to maintain a current asset database were left
blind to which systems were vulnerable and which systems were
critical. Even if they had an incident response plan, they needed
an up-to-date asset database in order to deploy it.
On the other hand, companies that had maintained their asset
database and incident response plan were able to rapidly deploy
patches on critical systems vulnerable to attack, thereby
reducing their exposure to Heartbleed. They also face
significantly less risk for threats in the future.
It’s also important to understand the detection and defense
strategies for attacks such as Heartbleed. In certain scenarios,
organizations can utilize firewalls to block out the bulk of the
attacks toward their networks. The MSS security operations
center (SOC) applies this methodology when large global
attacks happen and the majority of the attacks stem from a small
subset of hosts. This blocking technique can provide short,
temporary reprieve from attack activity, providing valuable time
for critical systems to be patched.
Firewalls are an excellent defense when a small subset of hosts
are generating the attacks. In addition, intrusion detection and
prevention devices can provide an even greater protection by
blocking attacks at the offending packet level. This alleviates the
need for maintaining an active list of attackers and reduces the
risk involved while systems are patched.
9. IBM Security Systems 9
The race to prevent one-day attacks
Discover how quickly attackers rush to exploit a vulnerability such as Heartbleed—and how
you can mitigate the threat.
“H
ow fast can we get a patch deployed?” That is the
question most organizations asked themselves
when the Heartbleed security advisory
(CVE-2014-0160) was published on 7 April 2014. Immediately
after the announcement, organizations rushed to patch their
systems. Meanwhile, just one day after the disclosure, a
proof-of-concept tool3
capable of exploiting the Heartbleed
bug began circulating, exposing unpatched systems to skilled
and unskilled attackers alike. But more troubling is the fact that
also a day after the disclosure, attacks leveraging the
vulnerability began to occur,4
and the actions of some of the
affected organizations in mitigating attacks or patching the
vulnerability were already too late.5, 6
Timeline of one-day attacks for Heartbleed vulnerability
7 April 2014 through 9 April 2014
Figure 4. Timeline of one-day attacks for Heartbleed vulnerability (CVE-2014-0160), 7 April 2014 through 9 April 2014
7 April 2014
2014
Heartbleed security
advisory issued
(CVE-2014-0160)
9 April 2014
Mumsnet patched
its systems, but a
breach had
already occurred
8 April 2014
First proof-of-
concept began
circulating
Attack against a
Mandiant client
occurred
Canadian Revenue
Agency removed
public access to its
online services, but
a breach had
already occurred
10. 10 IBM X-Force Threat Intelligence Quarterly 3Q 2014
Reflections of Java attacks in 2012
Heartbleed isn’t the first time one-day attacks have occurred—
that is, attacks leveraging an already-patched vulnerability. In
fact, X-Force analysts noted this trend after the disclosure of
the 2012 Java vulnerability (CVE-2012-1723), as discussed in
our IBM X-Force 2012 Trend and Risk Report.
In the case of this Java vulnerability, a security researcher
claimed that he was able to create a proof-of-concept exploit
just a day after a fix was issued for the vulnerability, and a week
later, published the details of the vulnerability.7
Fortunately, in
this particular case, the proof-of-concept code was not
released. However, the integration of working exploit code in a
popular mass exploit kit8
—posted just a month after the patch
was made available for the vulnerability—meant that many
still-unpatched systems became potential targets via drive-by
attacks. Later, the exploit for the vulnerability was integrated
into other exploit kits, further increasing the risk of unpatched
systems becoming compromised.
Timeline of one-day attacks for 2012 Java vulnerability
12 June 2012 through 11 July 2012
Figure 5. Timeline of one-day attacks for 2012 Java vulnerability (CVE-2012-1723), 12 June 2012 through 11 July 2012
2012
12 June 2012
Java security
advisory issued
(CVE-2012-1723)
11 July 2012
Exploit code
was integrated
into the
Blackhole
exploit kit
19 June 2012
Security
researcher
published the
vulnerability
details
13 June 2012
Security researcher
claimed that a
proof-of-concept
(private/unreleased)
was successfully
created
11. IBM Security Systems 11
A race to patch
Both the Heartbleed and Java vulnerability examples
demonstrate that one-day attacks can be just as dangerous as
zero-day attacks. Unlike zero-day attacks—where the
vulnerability is unknown and a patch is not available—the issue
with one-day attacks is in how long it takes a patch to be
deployed. Patch management is a complex challenge, especially
for large deployments and for mission-critical systems that
require extensive pre-deployment testing.
Additionally, if the vulnerability is in a widely-used library, such
as the OpenSSL library as in the case of Heartbleed, the issue is
further complicated because organizations are dependent on
the additional time it takes for software vendors to integrate
and test the patches in their own products before the patched
product is handed off to them. This additional waiting time
means an increased exposure window that attackers can turn to
their own advantage.
A race to exploit
From an attacker’s standpoint, recently-patched vulnerabilities
represent an opportunity, as they are potential (albeit
temporary) weak points in their targets’ infrastructure. For
one-day attacks, the goal of the attacker is to take advantage of
the exposure window of organizations between when the
patches are announced and when the patches are actually
deployed.
The following sections explain how attackers create one-day
exploits, so you can understand how quickly a weaponized
attack can take advantage of a patched vulnerability.
Locating the patched bug
Typically, attackers first need to identify the code that has been
patched in response to a vulnerability. For open-source projects,
this is a straightforward task because they can simply review
publicly accessible source-code repositories and source-code
check-ins relating to the vulnerability. For closed-source
applications, they can use a process called “binary diffing” to
find which parts of the binary code have changed, narrowing it
down to changed functions and, eventually, the vulnerable code.
For experienced attackers, binary diffing can be as
straightforward as finding differences in source code.
Our research has shown that an experienced attacker can find
vulnerable code in just a few minutes (in the case of open-
source applications with commented check-ins) to a maximum
of a few hours (in the case of binary applications with multiple
unrelated changes).
Exploiting the bug
The major factor that affects when an attacker might leverage a
vulnerability is the difficulty involved with developing an
exploit, or weaponizing it. On the one hand, there are
vulnerabilities that can only be exploited if the application is in
a particular state and/or exploit mitigations are bypassed. For
these cases, more research time is required in order to develop a
working exploit. But on the other hand, there are vulnerabilities
that can easily be exploited and the associated exploit
mitigations can be bypassed using previously-used or published
techniques.
For an experienced attacker, an exploit code for easy-to-exploit
vulnerabilities can usually be developed within a few hours. In
contrast, an exploit code for difficult-to-exploit vulnerabilities
can take up to a few days, weeks or even months to develop,
depending on the level of difficulty.
Unfortunately, in the case of Heartbleed, development of
exploit code was straightforward, as evidenced by the release of
the exploit code just a day after the disclosure.
12. 12 IBM X-Force Threat Intelligence Quarterly 3Q 2014
Mitigations
The race to deploy patches and develop exploits will not always
be won by organizations, and it is prudent to assume that most
of the time, attackers may win. However, there are ways for
organizations to improve their posture against one-day attacks
while patches are being tested and deployed:
• Apply workarounds. Check if the vendor provides guidance
for a temporary workaround that can help prevent
exploitation of the vulnerability. This may involve changing a
particular configuration or temporarily disabling a module or
a feature where the vulnerability exists or is being used as a
vector for exploiting the vulnerability.
• Block attacks. Security products—such as intrusion
detection or intrusion prevention systems and anti-virus
software—can serve as a first line of defense against
exploitation of vulnerabilities while patches are being tested
and deployed. Vendor programs such as the Microsoft Active
Protections Program (MAPP)9
provide security software
providers with early access to vulnerability information so
that when Microsoft patches are released, security vendors
can immediately release security content that can help detect
and block exploits against the recently patched vulnerabilities.
• Shut down systems temporarily. Although business leaders
may object, another solution is to temporarily shut down or
disconnect the affected system while a patch is being tested.
This option may be the best way to help prevent the loss of
customers’ personal or financial information. If a temporary
shutdown of a vulnerable system will help stop their
information from being stolen, customers will likely
understand why a service is temporarily unavailable.
Attackers are opportunistic; they will grab every opportunity to
attack when a target is in a weak state. An organization’s best
defense against one-day attacks is to be ready—to have action
plans prepared and mitigations in place when a critical
vulnerability is reported.
13. IBM Security Systems 13
S
ince 1997, X-Force has been tracking public disclosures
of vulnerabilities in software products, such as the
Heartbleed disclosure (CVE-2014-0160) from earlier this
year. Our X-Force researchers collect software advisories from
vendors, read security-related mailing lists, and analyze
hundreds of vulnerability web pages where remedy data,
exploits and vulnerabilities are disclosed.
In the first half of 2014, we reported just over 3,900 new
security vulnerabilities affecting 926 unique vendors. If this
trend continues through the end of the year, the total projected
vulnerabilities would fall below 8,000 total vulnerabilities for
the first time since 2011.
Vulnerability disclosures in the first half of 2014
What’s the state of security beyond Heartbleed? Find out about this year’s disclosure trends
and proposed changes for vulnerability scoring.
Vulnerability disclosures growth by year
1996 through 2014 (projected)
10,000
9,000
8,000
7,000
6,000
5,000
4,000
3,000
2,000
1,000
0
Figure 6. Vulnerability disclosures growth by year, 1996 through 2014 (projected)
ProjectedEvent count
14. 14 IBM X-Force Threat Intelligence Quarterly 3Q 2014
It is difficult to point to any one factor that has contributed to
the decline in the number of vulnerability disclosures in 2014.
However, it is interesting to note that the total number of
vendors disclosing vulnerabilities has decreased year over year
(1,602 vendors in 2013, compared to 926 vendors in 2014).
Even with the projected decline in the overall number of
vulnerability disclosures in 2014, the number of vulnerabilities
disclosed by the largest enterprise software vendors remains
relatively unchanged year over year (34 percent in 2013,
compared to 32 percent in 2014), as shown in Figure 7.
When looking at trends in enterprise software, the X-Force
team looks at major software vendors who create the widest
variety of enterprise software. We observed that out of
thousands of vendors, these companies consistently disclose a
significant number of security vulnerabilities. We categorize
these vendors in a top 10 group, leaving out the content
management system (CMS) vulnerabilities since the majority of
those are in third-party plug-ins and add-ons and not widely
used as enterprise-level software. These vendors typically have a
more comprehensive approach to security that includes policies
and practices for properly addressing and responding to
security vulnerabilities, which likely leads to a larger number of
public vulnerability disclosures.10
Vulnerability disclosures by large enterprise software vendors
2013 and 1H 2014
Figure 7. Vulnerability disclosures by large enterprise software vendors, 2013 and 1H 2014
Top 10 vendors
Other vendors
32%34%
66% 68%
2013 1H 2014
15. IBM Security Systems 15
Vulnerabilities in content management systems
Vulnerabilities in CMS continue to be some of the most
reported in 2014, accounting for nearly 10 percent of the total
vulnerabilities researched. What’s more, the largest percentage
of CMS vulnerabilities occur in plug-ins or modules written by
third-party sources—not by the core CMS vendor.
Many CMS plug-ins are maintained by one person or a small
group of people, and they may have infrequent updates (or
none at all). Therefore, many plug-ins contain tempting,
unpatched security vulnerabilities. Figure 8 shows the lag in
patch rates for plug-ins, as compared to core CMS platforms,
and the data is unchanged since our 2013 reporting.
While X-Force has previously cautioned against using CMS
plug-ins, a new wave of attacks against these platforms was
launched in recent months, showing the continued risk.
Russian site Yandex reported on a malware dubbed the
Mayhem Virus11
that seeks to compromise web servers through
CMS vulnerabilities and brute-force attacks of weak or default
credentials.
After these web servers are compromised, they can be used to
serve malware or carry out large-scale, high-bandwidth
distributed-denial-of-service (DDoS) attacks against other sites
and targets. For example, WordPress was used in an
amplification DDoS attack in March 2014 that affected more
than 162,000 sites.12
In this case, attackers used the legitimate
functionality of the XML-RPC pingback feature to link blog
content from different authors to a third-party website.
Figure 8. Web application vulnerabilities for core CMS platforms and CMS plug-ins,
as a percentage of all disclosures and corresponding patch rates, 1H 2014
Web application vulnerabilities for core CMS platforms and CMS plug-ins, 1H 2014
0% 1% 2% 3% 4% 5% 6% 7% 8% 9% 10%
Core CMS platforms
CMS plug-ins
0.9%
8.4%
Unpatched Patched
46%
22%
78% 54%
Core CMS vulnerabilities, 1H 2014 CMS plug-in vulnerabilities, 1H 2014
Patch rates for CMS vulnerabilities
16. 16 IBM X-Force Threat Intelligence Quarterly 3Q 2014
CVSS scoring
X-Force uses version 2 of the Common Vulnerability Scoring
System (CVSS) to communicate the severity of vulnerabilities.
We score vulnerabilities from three different perspectives: as a
vulnerability database that tracks third-party vulnerability
disclosures, as a security research organization that discovers
new vulnerabilities, and as a large software vendor that needs to
help customers accurately assess the severity of vulnerabilities
within its products. X-Force is currently working alongside
other organizations on developing the new CVSS, version 3.13
In the scoring of vulnerabilities for the first half of 2014, we
found that the majority of issues fall into the CVSS medium-
severity range (67 percent), with 24 percent of all
vulnerabilities rated critical or high. As shown in Figure 9,
these results are unchanged from 2013, and this is the third
consecutive year where the majority of vulnerabilities have
been rated as medium-level risks.
CVSS base scores, 2012 through 1H 2014
Figure 9. CVSS base scores, 2012 through 1H 2014
CVSS base score 2012 CVSS base score 2013 CVSS base score 1H 2014
10
7.0 – 9.9
4.0 – 6.9
0.0 – 3.9
Critical A successful exploit is likely to have catastrophic adverse effects
High A successful exploit is likely to have significant adverse effects
Medium A successful exploit is likely to have moderate adverse effects
Low A successful exploit is likely to have limited adverse effects
66%
Medium
1%
Critical
5%
Low
28%
High
67%
Medium
2%
Critical
8%
Low
23%
High
67%
Medium
1%
Critical
9%
Low
23%
High
CVSS score Severity level
17. IBM Security Systems 17
Many in the industry, including security analysts, corporate
incident response teams and enterprise software consumers,
have become dissatisfied with scoring inconsistencies that often
occur across different organizations. Sometimes the
inconsistencies are the result of the subjectivity that can go into
how an individual or organization scores vulnerabilities, but
they can also result from some of the inherent flaws in the
current CVSS standard and a lack of clear guidelines on how to
objectively assess certain types of vulnerabilities. As a result, the
CVSS score often fails to reflect the true risk a vulnerability
may pose to an organization, causing an overall loss of
confidence in the CVSS score as an accurate and reliable
measure of risk.
To learn more about the concerns surrounding CVSS and the
development of the new CVSS, version 3, refer to the CVSS v3
Development website, hosted by the Forum of Incident
Response and Security Teams (FIRST).13
The most obvious example of how some CVSS scores do not
always represent true risk and impact to an organization is the
Heartbleed vulnerability. As mentioned earlier in this report,
Heartbleed was disclosed in April 2014, but it had actually
existed for two years. This vulnerability received a CVSS base
score of 5.0, which falls into the medium-risk level—along with
67 percent of all other vulnerabilities reported during the first
half of 2014.
However, with the number of products impacted, the time and
attention IT teams spent patching systems and responding to
customer inquiries, as well as the potential sensitivity of data
exposed, the true impact of the Heartbleed vulnerability was
greater than the CVSS base score would indicate. This also
brings to question what other vulnerabilities fell into the
medium-risk category (CVSS base score 4.0 to 6.9) that may
have been disregarded by organizations, but that also had
potential large-scale impacts similar to Heartbleed.
Final thoughts on the first half of 2014
Although overall vulnerability numbers are down for the first
half of 2014, the impact to the top 10 enterprise software
vendors remains consistent. It is uncertain at this point whether
this trend will continue through the end of the year as attackers
continue to seek higher impact/higher potential reward targets
or whether we will see an increase in the second half of the year
in the number of disclosed vulnerabilities against smaller
vendors and components, such as CMS plug-ins.
X-Force also anticipates the release and adoption of CVSS
version 3 to help foster more consistency in risk assessment
across organizations and more confidence in the use of CVSS as
one of the primary components within an organization’s overall
incident response plan. This way, when disclosures such as
Heartbleed occur in the future, the industry as a whole will be
better prepared for potential threats.
18. 18 IBM X-Force Threat Intelligence Quarterly 3Q 2014
The IBM X-Force research and development team studies and
monitors the latest threat trends including vulnerabilities,
exploits, malware, spam, phishing and malicious web content.
The research team includes a variety of skill sets and
backgrounds, leveraging IBM acquisitions in the Internet
security market—including Internet Security Systems, IBM
Trusteer™14
and IBM Security AppScan®—and combining
them with intelligence from active network monitoring from
the IBM Managed Security Services group. In addition to
advising customers and the general public about emerging and
critical threats, X-Force also develops security content and
protection techniques to help protect IBM customers from
these threats.
IBM Security collaboration
IBM Security represents several brands that provide a broad
spectrum of security competency:
• The IBM X-Force vulnerability research and development
team discovers, analyzes, monitors and records a broad range
of computer security threats, vulnerabilities, and the latest
trends and methods used by attackers. Other groups within
IBM use this rich data to develop protection techniques for
our customers.
• The IBM Trusteer product family delivers a holistic endpoint
cybercrime prevention platform that helps protect
organizations against financial fraud and data breaches.
Hundreds of organizations and tens of millions of end users
rely on these products from IBM Security to protect their
web applications, computers and mobile devices from online
threats (such as advanced malware and phishing attacks).
• The IBM X-Force content security team independently
scours and categorizes the web by crawling, independent
discoveries, and through the feeds provided by IBM Managed
Security Services.
• IBM Managed Security Services is responsible for
monitoring exploits related to endpoints, servers (including
web servers) and general network infrastructure. This team
tracks exploits delivered over the web as well as via other
vectors such as email and instant messaging.
• IBM Professional Security Services delivers enterprise-wide
security assessment, design and deployment services to help
build effective information security solutions.
• IBM QRadar® Security Intelligence Platform offers an
integrated solution for security intelligence and event
management (SIEM), log management, configuration
management, vulnerability assessment and anomaly
detection. It provides a unified dashboard and real-time
insight into security and compliance risks across people, data,
applications and infrastructure.
• IBM Security AppScan enables organizations to assess the
security of web and mobile applications, strengthen
application security program management and achieve
regulatory compliance by identifying vulnerabilities and
generating reports with intelligent fix recommendations to
ease remediation. IBM Hosted Application Security
Management service is a cloud-based solution for dynamic
testing of web applications using AppScan in both pre-
production and production environments.
About X-Force
Advanced threats are everywhere. Help minimize your risk with insights from the experts
at IBM.
19. IBM Security Systems 19
Contributor Title
Brad Sherrill Manager, IBM X-Force Threat Intelligence Database
John Kuhn Senior Threat Researcher, IBM Managed Security Services
Leslie Horacek Manager, IBM X-Force Threat Response
Lyndon Sutherland Threat Intelligence Analyst, IBM Managed Security Services
Mark Vincent Yason Senior Threat Researcher, IBM X-Force Advanced Research
Nick Bradley Practice Lead, Threat Research Group
Pamela Cobb Worldwide Market Segment Manager, IBM X-Force and IBM Security Threat Portfolio
Robert Freeman Manager, IBM X-Force Advanced Research
Scott Moore Software Developer, Team Lead, IBM X-Force Threat Intelligence Database
Thomas Van Tongerloo Senior Cyber Threat Analyst, IBM Managed Security Services
Troy Bollinger Threat Intelligence Analyst, IBM Managed Security Services
Producing the IBM X-Force Threat Intelligence Quarterly is a
dedicated collaboration across all of IBM. We would like to
thank the following individuals for their attention and
contribution to the publication of this report.
To learn more about IBM X-Force, please visit:
ibm.com/security/xforce/
Contributors For more information