Tag WordPress

InfoSec Week 4, 2019

Microsoft's mobile Edge browser begins issuing fake news warnings. It is powered by news rating company NewsGuard. It gives you fake news warning for Wikileaks, so decide for yourself.
https://www.engadget.com/2019/01/23/microsoft-edge-mobile-fake-news

A vulnerability in the apt package allows a network man-in-the-middle or malicious mirror to execute arbitrary code as root on a machine installing any packages.
https://justi.cz/security/2019/01/22/apt-rce.html

Encryption mode in the well-known compression software 7-Zip uses poor randomness when generating AES initialization vectors.
https://sourceforge.net/p/sevenzip/bugs/2176/

Turns out that the MySQL server has access to all client local files. Patched server can upload clients' files like SSH keys.
https://gwillem.gitlab.io/2019/01/20/sites-hacked-via-mysql-protocal-flaw/

Daniel Miessler published a short blog about the reasons why software remains insecure.
TLDR: "Basically, software remains vulnerable because the benefits created by insecure products far outweigh the downsides. Once that changes, software security will improve—but not a moment before."
https://danielmiessler.com/blog/the-reason-software-remains-insecure/

Trend Micro engineers found applications in the Google Play store that drop Anubis banking malware after the device motion sensors are activated to evade initial detection.
https://blog.trendmicro.com/trendlabs-security-intelligence/google-play-apps-drop-anubis-banking-malware-use-motion-based-evasion-tactics/

Interesting Twitter bug was filled via HackerOne platform - changing email address on Twitter for Android unsets “Protect your Tweets” flag and make protected tweets public.
https://hackerone.com/reports/472013

Great in-depth blog about the finding and exploiting bugs in Marvell Avastar Wi-Fi.
https://embedi.org/blog/remotely-compromise-devices-by-using-bugs-in-marvell-avastar-wi-fi-from-zero-knowledge-to-zero-click-rce/

WPintel - Chrome extension designed For WordPress vulnerability scanning and information gathering.
https://github.com/Tuhinshubhra/WPintel

InfoSec Week 26, 2018

A reverse shell connection is possible from an OpenVPN configuration file. So be cautious and treat ovpn files like shell scripts.
https://medium.com/tenable-techblog/reverse-shell-from-an-openvpn-configuration-file-73fd8b1d38da

Mozilla integrates Troy Hunts' Have I Been Pwned (HIBP) database of breached passwords into Firefox. They will make breach data searchable via a new tool called Firefox Monitor.
https://www.troyhunt.com/were-baking-have-i-been-pwned-into-firefox-and-1password/

The suspected ringleader behind the well known Carbanak malware is under arrest, but of course, his malware attacks live on.
https://www.bloomberg.com/news/features/2018-06-25/the-biggest-digital-heist-in-history-isn-t-over-yet

It is possible to attack resources in the private network from the Internet with DNS rebinding attack.
"Following the wrong link could allow remote attackers to control your WiFi router, Google Home, Roku, Sonos speakers, home thermostats and more."
https://medium.com/@brannondorsey/attacking-private-networks-from-the-internet-with-dns-rebinding-ea7098a2d325

Wi-Fi Alliance Introduces Wi-Fi Certified WPA3 Security. Again with a questionable cryptography, but we will see. That's how industrial alliances with expensive membership works.
https://www.wi-fi.org/news-events/newsroom/wi-fi-alliance-introduces-wi-fi-certified-wpa3-security

IETF published draft of Issues and requirements for Server Name Indication (SNI) encryption in TLS.
The draft lists known attacks against SNI encryption, discusses the current "co-tenancy fronting" solution, and presents requirements for future TLS layer solutions.
https://tools.ietf.org/html/draft-ietf-tls-sni-encryption-03

The unpatched WordPress vulnerability allows code execution for authors. Exploiting the vulnerability grants an attacker the capability to delete any file of the WordPress installation or any other file the PHP process user has the proper permissions to delete.
https://blog.ripstech.com/2018/wordpress-file-delete-to-code-execution/

Researchers identified three attack vectors against LTE (Long-Term Evolution, basically 4G) on layer 2 - an active attack to redirect network packets, a passive identity mapping attack, and website fingerprinting based on resource allocation.
https://alter-attack.net/

Cisco Talos team releases ThanatosDecryptor, the program that attempts to decrypt certain files encrypted by the Thanatos malware.
https://github.com/Cisco-Talos/ThanatosDecryptor

DEDA is a tool that gives the possibility to read out and decode color tracking dots which encode information about the printer. It also allows anonymisation to prevent arbitrary tracking.
https://github.com/dfd-tud/deda