Category Archives: Uncategorized

EXPLORING BLIND SSRF (SERVER-SIDE REQUEST FORGERY) AND MITIGATIONS

Let us delve into the concept of Server-side request Forged (SSRF), a security vulnerability that allows an attacker to trick a server into performing unintended requests on their behalf. In an SSRF attack, the server is tricked into connecting to external or internal resources, potentially exposing sensitive information or allowing unauthorized access. This occurs when …

Continue reading “EXPLORING BLIND SSRF (SERVER-SIDE REQUEST FORGERY) AND MITIGATIONS”

Walkthrough : Routing Protocols (BGP and OSPF in Network Security)

Understanding how routers communicate is crucial for maintaining secure and reliable networks. Throughout this teaching aide, you will gain insights into two primary types of routing protocols: Interior Gateway Protocols (IGP) like OSPF, which operate within a single organization, and Exterior Gateway Protocols (EGP) like BGP, which manage routing between different autonomous systems. What You …

Continue reading “Walkthrough : Routing Protocols (BGP and OSPF in Network Security)”

Walkthrough: DNS Tunnel Attack (Detection and Measures)

We are happy to introduce our group project: DNS Tunnel Attack (Detection and Measures) This project has been completed by A S M Nazimuddoullah and FAHIM UDDIN In this project, we studied DNS functionalities, DNS tunneling attacks with their features, and different methods to detect DNS tunneling attacks. At the same time, we explored different …

Continue reading “Walkthrough: DNS Tunnel Attack (Detection and Measures)”

Malicious AI-powered Cyber Threats: WormGPT

Artificial intelligence (AI) as we know it is growing in use at an exponential rate. Specifically, within the cybersecurity field, the rise of such AI technology simultaneously presents extraordinary opportunities and intimidating challenges. While AI can identify and exploit vulnerabilities easily, it introduces significant risks if it does not deploy its own set of security …

Continue reading “Malicious AI-powered Cyber Threats: WormGPT”

Network Sandbox: Creating a Secured Test Environment

Imagine a playground where you can build, break and rebuild without the fear of consequences! This is the essence of a Network Sandbox. Welcome to our project Network Sandbox: Creating a Secured Test Environment, executed by Maria, Kamaldeep and Achu. A sandbox is an isolated environment on a network that mimics end-user operating environments. They …

Continue reading “Network Sandbox: Creating a Secured Test Environment”

Cicada3301. The new trend in ransomware attacks

Can you imagine a situation where your data has been kidnaped by someone else? This is a very inconvenient position that a ransomware can bring to your computer or a whole company. Let’s analyze a new ransomware trend that seems to be very effective in multiple industries. What is ransomware? Let’s start by explaining what …

Continue reading “Cicada3301. The new trend in ransomware attacks”

Ascension Healthcare: Yet Another Crippling Ransomware Attack

Hospitals and other healthcare organizations has been a lucrative target for threat actors since the dawn of ransomware attacks. This is primarily due to the volume of sensitive information stored in hospitals like Patients personal information, their medical records and access to diagnostic devices. Some of the industry experts believe that a patients medical and …

Continue reading “Ascension Healthcare: Yet Another Crippling Ransomware Attack”

$44 Million Stolen from Crypto Platform in Singapore: A Growing Concern for Cryptocurrency Security

The fast-evolving world of cryptocurrencies continues to be plagued by security concerns, as demonstrated by the recent theft of $44 million from a Singapore-based cryptocurrency platform, BingX. BingX confirmed that on September 20th,2024. They detected abnormal network access, potentially indicating an attack on BingX’s hot wallet. The crypto platform discovered the illicit movements of funds …

Continue reading “$44 Million Stolen from Crypto Platform in Singapore: A Growing Concern for Cryptocurrency Security”

Security Researcher Exposes Critical WHOIS Vulnerability

In Brief Benjamin Harris, CEO of watchTowrs, successfully manufacture fake HTTP certificates, tracked email activity, and execute code of his choice on thousands of servers for $20. He registered the domain dotmobregistry.net, which was previously the authoritative WHOIS server for .mobi. He observed the domain’s expiration and set up his own .mobi WHOIS server there, …

Continue reading “Security Researcher Exposes Critical WHOIS Vulnerability”

Powered by UCalgary

The views, information, or opinions expressed on this site are solely those of the individual(s) involved and do not necessarily represent the position of the University of Calgary as an institution.

Website Terms & Conditions | Privacy Policy | Copyright © 2024