Patrick Domingues

There is a critical vulnerability in the WordPress plugin called Simple Social Buttons. The vulnerability can be used to enable a non-admin user to modify your WordPress installation and allow them to take over your website.

So what is the issue here? The researchers with WebARX stated on Monday (2-11-19) that the vulnerability results from two issues in the Simple Social Buttons plugin being how the application was coded and a lack of permission checks. This vulnerability allow any user type to change any option from the ‘wp_options’ database table, which is where the crucial configuration of a WordPress installation is located.

“Improper application design flow, chained with lack of permission check resulted in privilege-escalation and unauthorized actions in WordPress installation allowing non-admin users, even subscriber user type to modify WordPress installation options from the wp_options table,” Luka Sikic, developer and researcher with WebARX, stated on a Monday post.… Read the rest

Remote Desktop Protocol has plenty of code-execution flaws in both open-source RDP and Microsoft’s RDP client. This makes it possible for a malicious hackers to infect a client computer and then allow them to intrude into the IT network as a whole.

What IS RDP?

Remote Desktop Protocol (RDP) is a proprietary protocol developed by Microsoft, which provides a user with a graphical interface to connect to another computer over a network connection. The user employs RDP client software for this purpose, while the other computer must run RDP server software. Clients exist for most versions of Microsoft Windows (including Windows Mobile), Linux, Unix, macOS, iOS, Android, and other operating systems. RDP servers are built into Windows operating systems; an RDP server for Unix and OS X also exists.

So What Is The Issue?

According to Check Point research released on Tuesday at a Las Vegas event, open-source and Microsoft … Read the rest

A new malware campaign has been found containing a new Backdoor Trojan called SpeakUp and they are targeting Linux Servers and MacOS by exploiting vulnerabilities in their systems. 

Check Point researchers stated that the malware campaign attacks Linux servers from all over the world using the CVE-2018-20062 ThinkPHP remote code execution vulnerability as an initial infection vector.

To upload a “PHP shell that serves and executes a Perl backdoor” on vulnerable Linux machines, it will employ command injection techniques to send shell commands via a GET request’s “module” parameter:

s=/index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=echo ^>index.php

Followed by the Trojan injecting a backdoor by pulling the ibus Perl script payload and store it in /tmp/e3ac24a0bcddfacd010a6c10f4a814bc, which will immediately be launched with the help of a follow-up malicious HTTP request designed to execute the Perl-based backdoor, pause for a couple of seconds and delete the file to remove any indication that something is wrong.

The malware … Read the rest

Apple has disabled the Group FaceTime software temporarily due to a software bug that allows other iOS users to listen in on private conversations without any notification to reject or accept a call.
The bug is believed to impact any pair of devices running iOS 12.1 or later, according to reports. Security Experts – like Eva Galperin, director of cybersecurity at the Electronic Frontier Foundation – urged iOS users to delete the FaceTime function until a fix becomes available.

• Automating System Updates with Unattended-Upgrades on Ubuntu
• How to Add a Large Disk Partition as Storage in Proxmox VE
• How to Remove Radmin Viewer with PowerShell
• How to Automate Ubuntu Server System Updates and Package Installation
• Introducing Zevonix: Your Pathway to Smarter IT

The Department of Homeland Security states that some agencies are being targeted by specific attacks that modify the Domain Name System Records, which critical function of the processes to locate websites.

DHS issued an emergency statement giving government agencies 10 days to verify that their DNS records are accurate. There has been a series of incidents where email and website traffic has been redirected.

The DHS’s Cyber Security Team said it “is aware of multiple executive branch agency domains that were impacted by the tampering campaign and has notified the agencies that maintain them,” .

Cyber attacks that target DNS systems can be quite powerful. By modifying a DNS record it can allow an attacker to see traffic flowing to a website or service. They can also craft effective phishing attacks to collect login username and passwords for anything. Hackers can also set a different IP address for the domain … Read the rest

MySQL has released a security statement providing the following information:

The LOAD DATA statement can load a file located on the server host, or, if the LOCAL keyword is specified, on the client host.

There are two potential security issues with the LOCALversion of LOAD DATA:

• The transfer of the file from the client host to the server host is initiated by the MySQL server. In theory, a patched server could be built that would tell the client program to transfer a file of the server’s choosing rather than the file named by the client in the LOAD DATA statement. Such a server could access any file on the client host to which the client user has read access. (A patched server could in fact reply with a file-transfer request to any statement, not just LOAD DATA LOCAL, so a more fundamental issue is that clients should

This Critical Cisco vulnerability affects the following: Cisco Small Business 200 Series Smart Switches, 250 Series Smart Switches, 300 Series Managed Switches, 350 Series Managed Switches, Cisco 350X Series Stackable Managed Switches, 500 Series Stackable Managed Switches and 550X Series Stackable Managed Switches.

The vulnerability (CVE-2018-15439), which has a critical base severity rating of 9.8 because the default configuration on the devices includes a default, privileged user account that is used for 1st time login and cannot be removed from the switch. The administrator can disable the account by configuring another admin account with access privilege set to level 15. If any of the previous created admin accounts are removed it re-enables the default privileged admin account without any notification.

“Under these circumstances, an attacker can use this account to log in to an affected device and execute commands with full admin rights,” Cisco explained in its advisory… Read the rest

Looks like there was a single sign-on vulnerability with Fortnite that could have had hackers break into millions of accounts and steal their virtual assets. On Wednesday the researchers at Check Point found the vulnerability which is tied to the way the single-sign-on (SSO) works between PlayStation Network, Xbox Live, Nintendo, Facebook and Google and the Epic Games server. The attacker could create a malicious link using a legitimate Epic Games sub-domain to trigger the attack. I’m sure they will be on top of PR and protecting the brand. Every Game is just a Game and can be replaced. Best of luck Fortnite.… Read the rest

Independent researcher and bug-hunter Paulos Yibelo has identified four vulnerabilities at the web-hosting platform Bluehost and was found to contain multiple account takeover and information leak vulnerabilities. one of which is a “High” severity information leak through CORS misconfigurations that could allow attackers to steal personally identifiable information, partial payment details and tokens which can give access to hosted WordPress, Mojo, SiteLock and others.

The site is also vulnerable to account takeover because of improper JSON request validation CSRF, Man-in-the-middle attacks due to improper validation of CORS scheme and cross scripting on my.bluehost.com, according to the Yibelo’s recent blog post.

Yibelo tested four other web hosting companies and also found cross scripting and information disclosure vulnerabilities in Dreamhost,  information disclosure among other vulnerabilities in Hostgator and OVH, and account takeover and other vulnerabilities in iPage.… Read the rest

Hacker Group TA505 are cyber criminals through and through, they are the bunch that brought you the Locky Ransomware.  TA505 have decided to go after more US companies so get ready for more phishing attacks. 

These phishing attacks will be tailored specifically to their targets so watch out for tricky emails containing attachments like word docs, excel and pdf’s.

1. Don’t open an attachment unless you know who it is from & are expecting it.
2. Be cautious about email messages that instruct you to enable macros before downloading Word or Excel attachments. 
3. Read More Email Security Tips

These attachments will have RAT payloads which will contain a macro that will deployed the AMMYY Remote Software To the computer without the end user knowing which then it will allow them to remotely access your computer and they will install Cryptocurrency miners. These miners are less noticeable to the user because it uses … Read the rest