"LizaMoon" Detection Added to Nessus, PVS and LCE
Nessus plugin 29871 has been updated to look for the presence of malicious JavaScript on a remote web site.
(See Attack on ASP site that uses a SQL server database)
Below is an example of the plugin report:
Click for larger image
The Passive Vulnerability Scanner (PVS) has also been updated with plugin ID 5880, which will look for the malicious URL in transit across the network and fire an alert.
The Log Correlation Engine has been updated to include a TASL to look for queries that match the query being used in the LizaMoon attacks. For example, the SQL query used in the injection attacks has presented itself as:
surveyID=91+update+usd_ResponseDetails+set+categoryName=REPLACE(cast(categor |
(From: Attack on ASP site that uses a SQL server database)
The query used by LizaMoon is not unique to this particular malware so the TASL script will pick up similar SQL injection attacks.
Related Articles
How To Assess the Cybersecurity Preparedness of IT Service Providers and MSPs
December 13, 2022Improperly evaluating the cybersecurity capabilities of prospective IT service providers and managed service providers (MSPs) can put your organization's data and systems at risk. A new guide from CompTIA can help you ask the right questions.
A Holiday Story, Internet Edition: The Impact Of Assessing And Addressing Log4j Installations Proactively
December 30, 2021A look at our log4j data.
Apache Log4j Flaw Puts Third-Party Software in the Spotlight
December 12, 2021Even in the most mature organizations, addressing the issue, also known as Log4Shell, requires a complex mix of software development practices, vulnerability management and web application scanning.
Managing OT and IT Risk: What Cybersecurity Leaders Need to Know
October 7, 2024Security leaders face the challenge of managing a vast, interconnected attack surface, where traditional approaches to managing cyber risk are no longer sufficient. Modern threats exploit vulnerabilities across domains, requiring a more holistic approach to avoid operational disruption, safety risks and financial losses.
Cybersecurity Snapshot: Many Employees Overshare Work Info with AI Tools, Report Finds, as ‘Cybersecurity Awareness Month’ Kicks Off
October 4, 2024Check out the best practices cyber agencies are promoting during Cybersecurity Awareness Month, as a report warns that staffers are feeding confidential info to AI tools. Meanwhile, a study highlights how business decisions can derail OT security. Plus, get the latest on Active Directory security, CISO salary trends and ransomware attacks!
How to Unlock Advanced IoT Visibility for Cyber-Physical Systems
October 1, 2024As the number of IoT devices deployed globally continues to rise, cyber-physical systems and business operations are exposed to greater risk. Improving asset visibility, monitoring and risk management are critical steps to preventing breaches.
- Log Analysis
- Nessus
- Passive Network Monitoring