Prophaze WAF Blog (9)

bot detection, bot management

Bot Detection

The Problems

Rajaneesh

Securing IoT APIs

Prophaze Raspberry PI based custom appliance can be hooked at the gateway of your IoT interface . It can be any control system , let it be CCTV Camera’s , or a Advanced Data fetching and parsing device . Prophaze can secure your api end points against OWASP Top 10 and many other threats including Zero days

Rajaneesh

api waf, api profiling

WAF API Gateway

Mar 10, 2020 10:58:45 AM

WAF for your API Gateway

Prophaze EagleEye can secure your API end points against OWASP TOP 10 threats and API Abusing . Prophaze’s Customized and self learning machine learning models can identify user’s behaviours and can profile your api against most common and un-common methods of attacks

Rajaneesh

Google Chrome Marks ICICI Bank’s Banking site as Unsafe – Attack or False Positive?

Feb 27, 2020 11:53:05 AM

Google chrome’s anti-phishing algorithms show false positives? While trying to login to the internet banking website of India’s No:1 Private Bank (icicibank.com). It stopped the browser showing the below page

Rajaneesh

api security

API Security Web Application Firewall

Jan 7, 2020 10:48:00 AM

How can you secure your Exposed services without installing the patch by the vendor?

Have a look at the use case below about recent security updates by router giant cisco. Recently 12 severe security vulnerabilities and Patches issued by Cisco. Among those three of them are critical authentication bypass issues.

Rajaneesh

CVE-2019-13409, CVE-2019-13410

Vulnerability was discovered in TOPMeeting before version 8.8

Oct 18, 2019 9:17:07 PM

Overview :

TOPMeeting security issues fixed.

Affected Product(s) :

TOPMeeting before version 8.8

Vulnerability Details :

CVE ID :

...

Rajaneesh

CVE-2019-15265, CVE-2019-15268, CVE-2019-15280, CVE-2019-15269, CVE-2019-15282, CVE-2019-15270

Cisco Security issues released

Oct 17, 2019 3:32:11 PM

Overview :

Cisco Aironet Access Points Unauthorized Access Vulnerability

CWE-284 / CVE-2019-15260

Rajaneesh

IBM Maximo Anywhere root detection hack

Oct 10, 2019 10:53:41 PM

Overview :

IBM Maximo Anywhere does not have device root detection which could result in an attacker gaining sensitive information about the device.

Affected Product(s) :

Affected IBM Maximo Anywhere Affected Versions
IBM Maximo Anywhere 7.6.2
IBM Maximo Anywhere 7.6.3
IBM Maximo Anywhere 7.6.1
IBM Maximo Anywhere 7.6.0

Vulnerability Details :

CVE ID :	CVE-2019-4265
	IBM Maximo Anywhere does not have device root detection would could result in an attacker gaining sensitive information about the device. CVSS Base Score: 2.4 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/160198 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Remediation / Fixes :

Product	VRMF	Remediation / First Fix
IBM Maximo Anywhere	7.6.0.0	Request LA Fix from Support.
IBM Maximo Anywhere	7.6.1.0	Request LA Fix from Support.
IBM Maximo Anywhere	7.6.2.x	Request LA Fix from Support.
IBM Maximo Anywhere	7.6.3.x	Request LA Fix from Support.

Rajaneesh

vBulletin 5.5.4 allows Two SQL Injection Vulnerabilities

Oct 8, 2019 9:45:55 PM

Overview :

vBulletin 5.5.4 allows SQL Injection via the ajax/api/hook/getHookList or ajax/api/widget/getWidgetList where parameter.

Affected Product(s) :

Rajaneesh

SugarCRM security issues released

Oct 8, 2019 6:50:52 PM

Overview :

CVE-2019-17292
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the pmse_Inbox module by an Admin user.

Rajaneesh