Current security measures against phishing links focus on automated checks and timely blocking before they reach users. Yet, some links still make it to their targets, leaving them vulnerable as they often have no simple, fast, and reliable tool at hand to check these links at the final stage. 

To address this security gap, we created Safebrowsing, which makes it easy to safely and easily open any link and manually verify its content.

What is Safebrowsing? 

Safebrowsing offers a fully-interactive browser in the cloud that lets you open and navigate any website as you normally would in a completely isolated and secure environment. This ensures that any malicious activity encountered during browsing is contained and does not affect your local systems or network. 

With Safebrowsing, you can launch a quick virtual browser session to manually explore potentially harmful URLs. The service identifies malicious content in real time using ANY.RUN‘s proprietary technology and notifies you about it.  

After each session, you receive a list of indicators of compromise (IOCs) along with a detailed threat report. 

Safebrowsing gives you the ability to follow the entire chain of attack when facing phishing threats and get an in-depth network traffic analysis, including: 

Connections  

DNS and HTTP requests 

Network threats identified by Suricata IDS 

How does it work? 

Safebrowsing is built to be simple and effective, letting you quickly run analysis in three steps: 

Step 1: Submit URL

You enter the URL of the website you want to analyze and hit “Browse”. 

Step 2: Interact and Examine Threats

You interact with the website, clicking links, opening tabs, solving CAPTCHAs, and seeing what happens after each step with your own eyes.

While you explore, the service monitors the websites for any malicious content and lets you know about the danger. 

Step 3: Collect IOCs

Once you finish, the service generates a report outlining detected threats and suspicious activities, as well as lets you export packet data in PCAP. 

Safebrowsing demonstration 

The service quickly identifies malicious content and provides access to triggered Suricata detection rules

Check out the video above in which we investigate a phishing link using Safebrowsing. 

How is Safebrowsing different from the ANY.RUN sandbox? 

Unlike our advanced malware sandbox, Safebrowsing focuses exclusively on URL analysis.  

It provides a less complex interface that eliminates the need for in-depth system monitoring and file system access, which makes it easy-to-use for non-experts. Yet, ANY.RUN’s signature interactivity is still there. 

How is Safebrowsing different from a URL scanner? 

Compared to URL scanners that simply check any given URL against a database of known malicious URLs, Safebrowsing provides a fully interactive environment for exploring websites. 

What are possible use cases for Safebrowsing? 

Safebrowsing is a universal tool that can be of great help in different scenarios.  

Open URLs within a secure, isolated, and full-size virtual browser to prevent any potential threats from affecting your local system. 

Speed up the process of analyzing and responding to suspicious links.   

Make link checks safe, simple, and quick for non-security employees. 

Prevent infections and increase the general level of security in the organization. 

Demonstrate the risks of clicking on suspicious links as part of training on safe browsing practices. 

Observe network traffic for malicious activity to detect threats in real time. 

Improve detection of phishing threats thanks to ANY.RUN’s advanced capabilities. 

Download traffic data and the identified indicators of compromise. 

Share the completed session as evidence of malicious content. 

How Safebrowsing can help your business 

Phishing Protection  

By allowing your team to safely explore suspicious URLs, Safebrowsing helps in identifying phishing attempts before they can impact your organization. The proactive approach significantly reduces the risk of data breaches and financial losses. 

Staff Training  

Safebrowsing can be used as a training tool to educate employees about the dangers of phishing and other web-based threats. By demonstrating real-world examples in a safe environment, you can enhance your team’s awareness and preparedness. 

Empowering Non-Expert Employees  

Safebrowsing equips non-expert employees with a fast and safe way to check suspicious links without needing to involve the security team. This saves time and resources, allowing your security professionals to focus on more critical tasks 

Try Safebrowsing beta now 

Real-time threat detection, fast performance, and easy-to-use interface make Safebrowsing a perfect tool for any individual and organization that wants to avoid falling victim to phishing attacks.  

The FREE beta version is available to all ANY.RUN users. 

Analyze your first URL right away. 

About ANY.RUN  

ANY.RUN helps more than 400,000 cybersecurity professionals worldwide. Our interactive sandbox simplifies malware analysis of threats that target both Windows and Linux systems. Our threat intelligence products, TI Lookup, Yara Search and Feeds, help you find IOCs or files to learn more about the threats and respond to incidents faster.  

With ANY.RUN you can: 

Detect malware in seconds

Interact with samples in real time

Save time and money on sandbox setup and maintenance

Record and study all aspects of malware behavior

Collaborate with your team 

Scale as you need

Request free trial →

The post Introducing Safebrowsing: Explore Suspicious Links in a Safe Virtual Browser appeared first on ANY.RUN’s Cybersecurity Blog.

ANY.RUN’s Cybersecurity Blog – ​Read More

Overview

The Cybersecurity and Infrastructure Security Agency (CISA) has highlighted a vulnerability in Versa Networks’ Versa Director, a centralized management platform for Secure SD-WAN and SASE solutions. This vulnerability, identified as CVE-2024-45229, stems from improper input validation and affects various versions of the software. Organizations using vulnerable versions of Versa Director are urged to take immediate action to protect their network security.

Versa Director plays an important role in orchestrating and managing network and security policies across diverse locations. Its REST APIs facilitate automation and streamline operations through a unified interface, allowing IT teams to configure and monitor their network systems efficiently. However, the recent vulnerability exposes critical weaknesses that could compromise its effectiveness and, more importantly, the security of the organizations utilizing it.

The identified flaw involves improper input validation in certain APIs that do not require authentication by design. For Versa Directors connected directly to the Internet, attackers could potentially exploit this vulnerability by injecting invalid arguments into a GET request. This could expose authentication tokens of currently logged-in users, which can then be used to access additional APIs on port 9183. Importantly, this exploit does not reveal usernames or passwords, but the implications of token exposure could lead to broader security breaches.

Affected Versions and Severity Assessment

The vulnerability identified in Versa Director, tracked as CVE-2024-45229, highlights critical security risks that organizations must address promptly. This flaw arises from improper input validation in certain REST APIs, which are integral to the platform’s operation. As a centralized management solution for Secure SD-WAN and SASE, Versa Director plays a vital role in orchestrating and managing network and security policies across various locations. The implications of this vulnerability can impact the security and functionality of network operations for affected organizations.

The vulnerability affects multiple versions of Versa Director, specifically those released prior to September 9, 2024, including 22.1.4, 22.1.3, and 22.1.2, along with all versions of 22.1.1, 21.2.3, and 21.2.2. The CVSS score assigned to this vulnerability is 6.6, indicating a high severity level. The flaw primarily stems from certain APIs that, by design, do not require authentication. These include interfaces for logging in, displaying banners, and registering devices.

When Versa Directors are directly connected to the Internet, attackers can exploit this vulnerability by injecting invalid arguments into a GET request. This exploitation can lead to the unauthorized exposure of authentication tokens belonging to currently logged-in users. While this flaw does not compromise usernames or passwords, the exposure of these tokens can allow attackers to access additional APIs. Such unauthorized access could facilitate broader security breaches, potentially impacting sensitive data and operational integrity.

Conclusion

The vulnerability discovered in Versa Director represents a serious security risk, particularly for the instances exposed to the Internet. As the management platform plays a crucial role in network operations, organizations need to prioritize patching and security enhancements. The CISA advisory highlights the importance of being proactive in addressing vulnerabilities, as failure to do so could lead to severe consequences, including data breaches and operational disruptions.

Mitigation and Recommendations

Implement the latest patches provided by Versa Networks immediately.

Upgrade from version 22.1.1 to 22.1.3 and from 21.2.2 to 21.2.3 for comprehensive protection.

Critical systems are isolated through network segmentation to limit potential attack surfaces.

Using Web Application Firewalls (WAF) or API gateways to block access to vulnerable URLs.

Utilizing advanced Security Information and Event Management (SIEM) systems to detect unusual activities.

Regularly reviewing logs and alerts for real-time threat identification.

Uncover weaknesses in the network infrastructure.

Remediate vulnerabilities before malicious actors can exploit them.

The post Critical Vulnerability Discovered in Versa Director: What Organizations Need to Know appeared first on Cyble.

Blog – Cyble – ​Read More