How to Fix Insecure Deserialisation

The following checks should be implemented before the Java objects are getting deserialized/being read or any operation is being performed: 1. The returned Object is also cast to the specified type 2. Check the classes referenced are safe (Class whitelisting) 3. The number of bytes allowed should be limited (else may lead to denial of …

After New Feb Microsoft patch update,CVE-2019-0686.

  Posted in Cyber Security on

  by Rajat Bajpai

Technical findings: CVE-2019-0686  Relatable CVE-2019-0724 Affected Prdoucts: Microsoft Exchange Server 2010 SP3 UR26 Microsoft Exchange Server 2013 CU22 Microsoft Exchange Server 2016 CU12 Microsoft Exchange Server 2019 CU1  Description: -Microsoft Exchange Server is affected by a elevation of privilege vulnerabilities. An attacker who successfully exploits the vulnerability may impersonate any other user of the Exchange server. …

MICROSOFT IIS RCE VULNERABILITY CVE-2017-7269

  Posted in Cyber Security on

  by Rajat Bajpai

Affected Product:  IIS 6.0 for Microsoft Windows Server 2003 R2 This vulnerability was discovered by Zhiniang Peng and Chen Wu. (Information Security Lab & School of Computer Science & Engineering, South China University of Technology Guangzhou), China around July or August 2016. Description: Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet …

TOP 5 resources for Security Professionals

  Posted in Cyber Security on

  by Suman Tiwari

Security Domain is very vast domain and there’s plethora of resources and knowledge-base available on internet for free to refer. Here, this article is listing TOP 5 resources that every cyber security consultant should refer on daily basis. Security Domain is very vast domain and there’s plethora of resources and knowledge-base available on internet for …

Emotet Outbreak

  Posted in Cyber Security on

  by Suman Tiwari

2

The Emotet banking trojan was first identified in 2014. Emotet was originally designed as a banking malware that attempted to sneak onto your computer and steal sensitive and private information. Later versions of the software saw the addition of spamming and malware delivery services—including other banking Trojans What is Emotet? Emotet is a Trojan that is primarily …