BlueKeep: A Novel Approach to Remote Code Execution

On May 14th, Microsoft surprised many security experts by announcing a patch for Windows XP, Windows 7, Server 2003, Server 2008, and Server 2008 R2 for a new remote code execution flaw that had been discovered in the remote desktop protocol (RDP) service. While it was not known to be exploited in the wild, like the WannaCry vulnerability before it, Microsoft advised all users of their older, and in some cases, no longer supported, versions of Windows to apply their patches as soon as possible, as attacks targeting the vulnerability were not far behind, since it was possible to decompile the patch and reverse engineer just how the originally identified attack worked.   

Read More
Fabrice Mouret
The Elegance of Simplicity

Once upon a time, a fox encountered a hedgehog. Startled, the hedgehog rolled into a ball. Fox then laughed at this sight, and said: "Hedgehog, that is the silliest thing I have ever seen. Surely if you were as clever as I am, you would have hundreds of ways to protect yourself.

Read More
Fabrice Mouret
Privilege Escalation Flaw: Manage Engine Op Manager

OpManager offers comprehensive network monitoring capabilities that help you monitor network performance, detect network faults in real time, troubleshoot errors, and prevent downtime. It is found that the service suffers from a weak permissions issue in which an attacker can replace the service binary with a binary of their choice. This service runs as Localsystem thus allowing for a privilege escalation vector.

Read More
Fabrice MouretComment
Passwords Are Dead, Long Live The Password

Security experts are pushing digital users towards more secure password solutions, like the wider use of multi-factor authentication, or towards one-time pads, yet we still haven’t seen anything truly replace passwords yet. Here we look at an overview of the password and how it may change in the future.

Read More
Fabrice Mouret
Windows Dynamic Data Exchange Protocol: Abuse for Fun and Profit

It’s not unknown that if a computers inputs are not sanitized, it’s applications could be vulnerable to various attacks. But during a recent Application Security Assessment, one of our Senior Security Consultants came across an interesting data sanitization insecurity that he says many analysts may be overlooking. Here is his overview of the insecurity and a recommendation on how to mitigate its risks.

Read More
The Thorny Road to Becoming a PCI Approved Scanning Vendor

enableIT is pleased to announce it is a PCI (Payment Card Industry) Approved Scanning Vendor (ASV). Becoming an ASV was an educational process for this organization, as the process is an ever changing one. Here I’ve outlined some recent changes to the ASV certification and application processes, as well as how the certification of our organization benefits our clients.

Read More
Fabrice Mouret
MacKeeper Data Breach

MacKeeper, an increasingly popular MacBook optimization tool suite designed to improve overall system speed, has been revealed to have unintentionally exposed several instances of MongoDB containing sensitive customer data. 

Read More
Fabrice Mouret
Evolution of DDoS Attacks

According to a recently released report from Kaspersky, distributed denial of service (DDoS) attacks for the third quarter of 2015 have given us a unique perspective on the future of DDoS trends. Attacks monitored during this period of time feature an attack sustained over 320 hours and include several noteworthy statistics. 

Read More
Fabrice Mouret
Who is Really Driving?

The things that a computer system allows you to do with your cars nowadays are simply astounding. While there is still a lot to be determined as to how far these vehicle computer systems will go, one thing is for sure, with more computer interactivity comes more potential attack vectors for attackers.

Read More
Fabrice Mouret