Latest News & Research

  • Blog

    Scripting with ZAP: adding a new header to each scan request

    Burak Kelebek, March 2017

    ZAP has scripting support that allows programmatical access to code and data structures but also to automatically modify requests and responses passing through ZAP's proxy or Active Scanner. Sometimes it can be useful to automatically add a (header) value to each request passing through the proxy or Active Scanner for monitoring purposes. This can be achieved with ZAP's scripting capabilities.
    read more...

  • Advisory

    Microsoft Edge Fetch API allows setting of arbitrary request headers

    Yorick Koster, January 2017

    It was found that the Fetch API in Microsoft Edge allows websites to set arbitrary HTTP request headers, including the Content-Length, and Host headers. Amongst others, a malicious website can use this issue to bypass the same origin policy, read HTTP response headers, or initiate arbitrary HTTP requests from the victim's browser (HTTP request smuggling).
    read more...

  • Advisory

    Stack-based buffer overflow in Western Digital My Cloud allows for remote code execution

    Remco Vermeulen, January 2017

    It was discovered that the Western Digital My Cloud is vulnerable to a stack-based buffer overflow in the authentication mechanism. By exploiting this vulnerability it is possible for an unauthenticated attacker to run arbitrary code with root privileges.
    read more...

  • Advisory

    Western Digital My Cloud vulnerable to Cross-Site Request Forgery vulnerability

    Remco Vermeulen, January 2017

    It was discovered that the Western Digital My Cloud is affected by Cross-Site Request Forgery. This issue can be combined with a command injection vulnerability (see advisory SFY201703) to gain complete control (root access) of the affected device.
    read more...

  • Advisory

    Western Digital My Cloud vulnerable to multiple command injection vulnerabilities

    Remco Vermeulen, January 2017


    read more...

  • Advisory

    Cross-Site Request Forgery in WordPress Press This function allows DoS

    Sipke Mellema, July 2016

    A Cross-Site Request Forgery (CSRF) vulnerability exists on the Press This page of WordPress. This issue can be used to create a Denial of Service (DoS) condition if an authenticated administrator visits a malicious URL.
    read more...

  • Advisory

    WordPress audio playlist functionality is affected by Cross-Site Scripting

    Yorick Koster, July 2016

    Two Cross-Site Scripting vulnerabilities exists in the playlist functionality of WordPress. These issues can be exploited by convincing an Editor or Administrator into uploading a malicious MP3 file. Once uploaded the issues can be triggered by a Contributor or higher using the playlist shortcode.
    read more...

  • Advisory

    Multiple persistent Cross-Site Scripting vulnerabilities in osTicket

    Han Sahin, July 2016

    Two persistent Cross-Site Scripting vulnerabilities have been found in osTicket. These issues exists due to the lack of output encoding on user input. These vulnerabilities allow an attacker to inject malicious JavaScript code into the application. This code will then be executed within the browser of a user who views the dashboard. The attacker-supplied code can perform a wide variety of actions, such as stealing victims' session tokens or login credentials, performing arbitrary actions on their behalf.
    read more...

  • Blog

    Marcher - Android banking Trojan on the rise

    Pham Duy Phuc, Niels Croese & Han Sahin, February 2017

    The past months many different banking Trojans for the Android platform have received media attention. One of these, called Marcher, seems to be especially active with different samples appearing on a daily basis. This malware variant also appears to be technically superior to many other banking Trojans being able to use its overlay attack even on Android 6, which has technical improvements compared to the previous Android versions to prevent such attacks.
    read more...

  • Blog

    AutoRun is dead, long live AutoRun

    Yorick Koster, February 2017

    This blog explains how the Windows AutoRun feature can be exploited to run arbitrary code. While running software automatically is no longer possible on recent versions of Windows there are still possibilities to trick a user into running malicious software from a USB thumb drive - handy if you're Red Teaming for example. In this blog I'll explain how this can be done using an USB armory. Note that this technique can also be done using other similar devices, but the armory's form factor makes it especially suitable for this purpose.
    read more...

  • Blog

    Spot The Bug challenge 2016 write-up

    Sipke Mellema, January 2016

    Write-up for the Securify Spot The Bug challenge held on December 2016. It was a close call this year, as the top submissions are of excellent quality. People submitted entire reports with recommendations, risk analysis and some even re-wrote parts of the code! The top two reports were submitted by:

    1. Egidio Romano from Karma(In)Security
    2. Thomas Chauchefoin from Synacktiv

    Congratulations Egidio, for winning the bitcoin!
    read more...

  • Advisory

    WordPress Adminer plugin allows public (local) database login

    David Vaartjes, July 2016

    The Adminer WordPress plugin allows public login to the site's editor. As a result this allows an attacker to connect to any database running on the local host or on internal systems which are accessible from the target WordPress server.
    read more...

  • Advisory

    VaultPress - Remote Code Execution via Man in The Middle attack

    David Vaartjes, July 2016

    A Man in The Middle (MiTM) vulnerability has been identified in the VaultPress plugin of WordPress. This issue allows an attacker to to sniff clear-text communication and to run arbitrary PHP code on the affected WordPress host.
    read more...

  • Advisory

    Cross-Site Scripting in Alpine PhotoTile for Instagram WordPress Plugin

    Antonis Manaras, July 2016

    A Cross-Site Scripting vulnerability was found in the Alpine PhotoTile for Instagram WordPress Plugin. This issue allows an attacker to perform a wide variety of actions, such as stealing Administrators' session tokens, or performing arbitrary actions on their behalf. In order to exploit this issue, the attacker has to lure/force a logged on WordPress Administrator into opening a malicious website.
    read more...

  • Advisory

    Cross-Site Scripting in Google Analytics Dashboard WordPress Plugin

    Yorick Koster, July 2016

    A Cross-Site Scripting vulnerability was found in the Google Analytics Dashboard WordPress Plugin. This issue allows an attacker to perform a wide variety of actions, such as stealing Administrators' session tokens, or performing arbitrary actions on their behalf. In order to exploit this issue, the attacker has to lure/force a logged on WordPress Administrator into opening a malicious website.
    read more...

  • Advisory

    Cross-Site Scripting in Magic Fields 1 WordPress Plugin

    Burak Kelebek, July 2016

    A reflected Cross-Site Scripting vulnerability has been encountered in the Magic Fields 1 WordPress plugin. This issue allows an attacker to perform a wide variety of actions, such as stealing Administrators' session tokens, or performing arbitrary actions on their behalf.
    read more...

  • Advisory

    Popup by Supsystic WordPress plugin vulnerable to Cross-Site Request Forgery

    Radjnies Bhansingh, July 2016

    A Cross-site Request Forgery vulnerablity exists in the Popup by Supsystic WordPress Plugin. This vulnerablity allows attackers to add and modify scripting code that will target authenticated admins or visitors that see the popup generated by this plugin. In order to get exploited and scripting code can be injected an victim admin needs to click a specialiy crafted link or visit a malicious attacker controlled webpage.
    read more...

  • Advisory

    Reflected Cross-Site Scripting in FormBuilder WordPress Plugin

    Burak Kelebek, July 2016

    A reflected Cross-Site Scripting vulnerability has been found in the FormBuilder WordPress plugin. This issue allows an attacker to perform a wide variety of actions, such as stealing Administrators' session tokens, or performing arbitrary actions on their behalf. In order to exploit this issue, the attacker has to lure/force a logged on WordPress Administrator into opening a malicious website.
    read more...

  • Advisory

    Cross-Site Scripting in Atahualpa WordPress Theme

    Spyros Gasteratos, July 2016

    A number of Cross-Site Scripting vulnerabilities were found in the Atahualpa WordPress Theme. This issue allows an attacker to perform a wide variety of actions, such as stealing Administrators' session tokens, or performing arbitrary actions on their behalf.
    read more...

  • Advisory

    Cross-Site Request Forgery in Atahualpa WordPress Theme

    Spyros Gasteratos, July 2016

    A Cross Site Request Forgery vulnerability exists in the Atahualpa Wordpress theme which allows attackers to legitimate users into performing unintended actions on the Atahualpa theme configuration page.
    read more...

Work with us →