Attacking the internal network from the public Internet using a browser as a proxy

March 19, 2019

At Forcepoint we continually seek to improve the protection our products provide. To this end, we often investigate unusual or potentially novel attack techniques. One such recent topic of research has been attacks against localhost and the internal network, launched from the public Internet. Though not a new attack, it is not widely known outside of the security research community that a malicious JavaScript can attack the internal network. Of the limited documentation that exists on this topic, most resources describe it in terms of inter-protocol exploitation [1] [2], whereas our focus is on intra-protocol exploitation.

Spotlight

Futurex

For over 35 years, Futurex has been a globally recognized provider of enterprise-class data encryption solutions. More than 15,000 customers worldwide have trusted Futurex's innovative technology to provide market-leading solutions for the secure encryption, storage, and transmission of sensitive data. Futurex maintains an unyielding commitment to offering advanced, standards-compliant data encryption solutions, including: • Hardware Security Modules for secure, reliable data encryption, information management, and key generation • Remote key management and injection platforms • Certificate Authority issuance and management • Secure, hand-held devices for configuration, management, and compliant key loading • High availability solutions for load balancing, monitoring, and disaster recovery • Secure storage and access of sensitive data Throughout every facet of our organization, we maintain a focus on providing exceptional customer service, best-in-class technology, and cost-

OTHER WHITEPAPERS
news image

Unify data security, privacy, and governance with contextual data classification

whitePaper | November 29, 2022

Enterprise data can be a transformative asset. It can unlock insights and intelligence to fuel innovation, accelerate organizational growth, and create a significant competitive advantage — so long as it’s properly used.

Read More
news image

Cybersecurity Considerations for Distributed Energy Resources on the U.S. Electric Grid

whitePaper | October 26, 2022

To address the impacts of climate change, the U.S. electric grid will be undergoing significant changes by integrating clean energy resources such as solar and wind. These efforts will be accelerated with the recent passage of the Infrastructure Investment and Jobs Act1 and the Inflation Reduction Act.

Read More
news image

Proven Ways to Prevent Ransomware Attacks

whitePaper | September 22, 2022

Ransomware is one of the fastest-growing and most costly cyber threats. According to a recent Perimeter 81 survey of over 500 IT professionals, 76% of respondents reported that their company experienced an attack within their organization.

Read More
news image

IoT Cybersecurity vision 2018-2019

whitePaper | November 6, 2019

The emergence of IoT – the networked connection of people, process, data and things – is expected to significantly grow the number of connected devices worldwide, from billions of units we have today, to tens of billions of units expected to be deployed in the coming years as stated by several analysts.

Read More
news image

OT/IoT Security Report Cyber War Insights, Threats and Trends, Recommendations

whitePaper | August 30, 2022

Nozomi Networks Labs is dedicated to reducing cyber risk for the world’s industrial and critical infrastructure organizations. Through its cybersecurity research and collaboration with industry and institutions, it helps defend the operational systems that support everyday life. The Labs team conducts investigations into industrial device vulnerabilities and, through a responsible disclosure process, contributes to the publication of advisories by recognized authorities.

Read More
news image

Adobe Primetime Advertising Security Overview

whitePaper | December 30, 2022

At Adobe®, we take the security of your digital experience and assets seriously. Security practices are integrated into our internal software development processes, operations, and tools. Our cross-functional incident response teams are proactive and nimble in preventing, detecting, and responding to incidents. Furthermore, our collaborative work with partners, leading researchers, and other industry organizations helps us stay updated with the latest threats, vulnerabilities, and security best practices; thereby enabling us to continually build security into the products and services we offer and regularly incorporate advanced security techniques into our product and service offerings.

Read More

Spotlight

Futurex

For over 35 years, Futurex has been a globally recognized provider of enterprise-class data encryption solutions. More than 15,000 customers worldwide have trusted Futurex's innovative technology to provide market-leading solutions for the secure encryption, storage, and transmission of sensitive data. Futurex maintains an unyielding commitment to offering advanced, standards-compliant data encryption solutions, including: • Hardware Security Modules for secure, reliable data encryption, information management, and key generation • Remote key management and injection platforms • Certificate Authority issuance and management • Secure, hand-held devices for configuration, management, and compliant key loading • High availability solutions for load balancing, monitoring, and disaster recovery • Secure storage and access of sensitive data Throughout every facet of our organization, we maintain a focus on providing exceptional customer service, best-in-class technology, and cost-

Events