Arstechnica has an old story that I thought was interesting:
From 2005 – 2012 there were multiple break -ins thus the hacker “owned” the various company sites.
The overwhelming attack vector sued was SQL -injection.
Her is an excerpt that I want to emphasize:
“NASDAQ is owned,” Aleksandr Kalinin, a 26-year-old resident of St. Petersburg, Russia, allegedly reported in a January 2008 instant message after finally obtaining administrative access to the stock exchange’s network. Like a rock climber slowly scaling a craggy cliff, he spent months methodically escalating his access into the highly sensitive system. In an instant message he sent six months earlier, after initially gaining less-privileged access, he said, “30 SQL servers, and we can run whatever on them, already cracked admin PWS but the network not viewable yet. those dbs are hell big and I think most of info is trading histories.” “PWS” and “dbs” are presumed to be shorthand for passwords and databases respectively.
Notice the methodology and thinking of the hacker they find vulnerabilities by probing networks and database servers with many different methods. Eventually the prosecutors found that they had stolen $160 million. the hackers are very sophisticated and motivated. today this is big business the attack on your database servers is a big business operation.
Managers have to make decisions as to what to focus on:
HP Loadrunner vulnerability is one of those. specifically 11.52
and here is the money quote:
HP has provided LoadRunnner patch 11.52 Patch 1 to resolve this issue. Download the patch from HP Software Support Online (SSO).
Note: For LR versions before 11.52 Patch 1 the issue can be addressed by this KB “How to disable the “Service Emulation” application in Load Runner” please see http://support.openview.hp.com/selfsolve/document/KM00753542
IBM’s ISS explains the potential problem and with informative links:
The problem is the software is vulnerable to a specially crafted HTTP request to SecurityGateway.dll using a long username parameter, a remote attacker can overflow a buffer and execute arbitrary code.
This means that a system vulnerable will be potentially owned by hackers in no time flat.
Do you have a vulnerable system?
Internet Storm Center has an important current status on a new malware.
It scans for port 32764 and port 23 (telnet) so it can propagate and create more.
It also tries to “phone home”
With our help we can scan (Alpha Scan) for any machines that actually respond to this open port (32764)
According to the National Vulnerability Database
Cisco Intelligent Automation for Cloud in Cisco Cloud Portal does not properly restrict the content of MyServices action URLs, which allows remote authenticated users to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history
This vulnerability is medium, and although is not a direct access vulnerability, it allows an attacker an in, and slowly with more and more information they can make a case to attack within other methods and directions.
Cisco Link about Intelligent Automation vulnerability.