Nettitude Blog

Adam Williams

Recent Posts

New Threat Advisory Report: Nettitude finds malicious content embedded in image files

Posted by Adam Williams on Nov 11, 2015 9:39:44 AM

Nettitude’s security researchers are always on the lookout for attack trends and changes in the cyber threat landscape. Our team has recently found malicious content embedded in Graphics Interchange Format (GIF) image files, which when uploaded to a vulnerable server, can result in the complete or partial compromise of the host. The vulnerabilities targeted by this exploit can be found either entirely within a poorly coded web application or in a poorly configured hosting environment.

Read More

Topics: Security Blog, Uncategorized

Nettitude Uncovers WordPress Vulnerabilities

Posted by Adam Williams on Jul 21, 2015 2:01:31 PM

Nettitude has recently observed multiple attacks utilising existing and known vulnerabilities in the WordPress blogging and publishing platform. The issue, described in the accompanying threat advisory, allows an attacker whom is able to post content to a WordPress installation, such as via a comment or blog entry, to craft a message that will bypass data sanitisation methods and potentially inject arbitrary JavaScript into the website. When a user views a page that contains this specially crafted message, the attacker’s JavaScript is able to interact with the site as if it were that user. This is referred to as a Cross-Site scripting (XSS) vulnerability.

Read More

Topics: Security Blog, Uncategorized

Fuzzing with American Fuzzy Lop (AFL)

Posted by Adam Williams on Jul 14, 2015 5:38:38 PM

In a previous entry we gave a brief introduction to the concept of fuzzing and why we use it. In this entry we’ll guide you through using a fuzzer on Linux to help identify bugs and vulnerabilities in Linux’s main archiving application “tar”.

Read More

Topics: Security Blog, Uncategorized

The Problem of Data Loss Intelligence

Posted by Adam Williams on Jul 9, 2015 9:54:20 AM

Data Loss Intelligence (DLI) concerns the information that is available to you when your data has been compromised. It’s distinct from Data Loss Protection (DLP) technologies, which are more concerned with preventing your data being compromised in the first place. Think of DLI as your last line; it tries to let you know when DLP has failed, and what is happening now that your data is out in the wild.

Read More

Topics: Security Blog, Uncategorized

Vulnerability Discovery Via 'Fuzzing'

Posted by Adam Williams on Mar 11, 2015 10:14:28 AM

Why would you fuzz? People fuzz for many reasons, depending on the industry they are in, from reliable assurance through to testing and validation. In security research, our primary goal is to discover potential vulnerabilities or weaknesses. Fuzzing allows us do this in an automated, if not somewhat less rigorous, manner. This is the first of two entries reviewing fuzzing techniques and tools. The first gives an overview of what fuzzing actually is, while the second will further review some real-world fuzzing tools.

Read More

Topics: Security Blog, Uncategorized

About Nettitude

Nettitude is the trusted cyber security provider to thousands of businesses around the world. We stop at nothing to keep your data and business secure in an age of ever-evolving cyber threats.

Our experts use an award winning Threat Intelligence led approach that incorporates real-time data, ensuring that your company is protected at every stage of its journey.

Receive an update when we post!

Recent Posts