-->
The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Cybersecurity News and Analysis: AlienVault

How to Protect Yourself against XcodeGhost like iOS Malware Attacks

How to Protect Yourself against XcodeGhost like iOS Malware Attacks

October 19, 2015Wang Wei
Recently, Chinese iOS developers have discovered a new OS X and iOS malware dubbed XcodeGhost that has appeared in malicious versions of Xcode, Apple's official toolkit for developing iOS and OS X apps. The hack of Apple's Xcode involves infecting the compiler with malware and then passing that malware onto the compiled software. This is a unique approach because the hack does not attempt to inject attack code into a single app, and then try and sneak that past Apple's automated and human reviewers. Instead, the malicious code is infected on Xcode itself, which is used by software developers to craft and develop the apps for iOS and OS X operating system. The primary behavior of XcodeGhost in infected iOS apps is to collect information on devices and upload that data to command and control (C2) servers. Once the malware has established a foothold on infected devices, it has the ability to phish user credentials via fake warning boxes, open specific URLs in a
The Bash Vulnerability: How to Protect your Environment

The Bash Vulnerability: How to Protect your Environment

October 23, 2014Swati Khandelwal
A recently discovered hole in the security of the Bourne-Again Shell (bash) has the majority of Unix/Linux (including OS X) admins sweating bullets. You should be, too--attackers have already developed exploits to unleash on unpatched web servers, network services and daemons that use shell scripts with environment variables ( this can include network equipment, industrial devices, etc .) Jaime Blasco , AlienVault Labs Director, gives a good explanation of the exploit in this blog post . And, the video below gives you a quick overview of how AlienVault Unified Security Management (USM)  can detect malicious traffic on your network trying to locate and exploit this vulnerability. Basically, this vulnerability allows an attacker to execute shell commands on a server due to an issue in how bash interprets environment variables (such as "cookie", "host", "referrer"). Exploiting this allows an attacker to run shell commands directly. Once they have access to run shell comm
How to Detect SQL Injection Attacks

How to Detect SQL Injection Attacks

September 19, 2014Swati Khandelwal
SQL Injection (SQLi) attacks have been around for over a decade. You might wonder why they are still so prevalent. The main reason is that they still work on quite a few web application targets. In fact, according to Veracode's 2014 State of Security Software Report , SQL injection vulnerabilities still plague 32% of all web applications. One of the big reasons is the attractiveness of the target – the database typically contains the interesting and valuable data for the web application. A SQLi attack involves inserting a malformed SQL query into an application via client-side input. The attack perverts the intentions of web programmers who write queries and provide input methods that can be exploited. There is a reason they're on the OWASP Top 10 . Termed " injection flaws ", they can strike not only SQL, but operating systems and LDAP can fall prey to SQLi. They involve sending untrusted data to the interpreter as a part of the query. The attack tricks the interpreter into
AlienVault Releases Intrusion Detection Systems (IDS) Best Practices

AlienVault Releases Intrusion Detection Systems (IDS) Best Practices

August 20, 2014Swati Khandelwal
Network security practitioners rely heavily on intrusion detection systems (IDS) to identify malicious activity on their networks by examining network traffic in real time. IDS are available in Network (NIDS) and Host (HIDS) forms, as well as for Wireless (WIDS). Host IDS is installed via an agent on the system you are monitoring and analyzes system behavior and configuration status. Network IDS inspects the traffic between hosts to find signatures of suspicious behavior and anomalies. Wireless IDS identifies rogue network access points, unauthorized login attempts, encryption-level in use, and other anomalous behavior. There are many options for open source IDS tools if your budget for buying new tools is tight. Asset inventory and vulnerability management go hand in hand with IDS. Knowing the role, function, and vulnerabilities of your assets will add valuable context to your investigations. AlienVault Unified Security Management (USM) includes IDS integrated with asset di
Crowd-Sourced Threat Intelligence: AlienVault Open Threat Exchange™ (OTX)

Crowd-Sourced Threat Intelligence: AlienVault Open Threat Exchange™ (OTX)

July 14, 2014Swati Khandelwal
For years, the systems and networks that run our businesses have been secured by the efforts of IT and security practitioners acting on their own. We continue to deploy the latest countermeasures, always trying to keep up with adversaries. Criminal attackers, on the other hand, have shared information quite successfully to facilitate their exploits. Couple this with the "attacker's advantage" of choosing where, when and how to launch attacks, and it is no surprise that collaborative hackers appear to be winning against even the largest companies, despite generous spending on security tools. As an industry, we need a threat-sharing solution that is open and available to everyone for the mutual benefit of all who contribute. With this goal in mind, AlienVault created the Open Threat Exchange™ (OTX) . What is the Open Threat Exchange (OTX)? OTX is an open information sharing and analysis network that provides real-time, actionable threat information submitted by over 8,
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.