Millions of WordPress sites are being probed & attacked with recent plugin bug
An easy-to-exploit vulnerability in a popular WordPress plugin has triggered an internet-wide hacking spree.
Millions of WordPress sites have been probed and attacked this week, Defiant, the company behind the Wordfence web firewall said on Friday.
The sudden spike in attacks happened after hackers discovered and started exploiting a zero-day vulnerability in "File Manager," a popular WordPress plugin installed on more than 700,000 sites.
The zero-day was an unauthenticated file upload vulnerability that allowed an attacker to upload malicious files on a site running an older version of the File Manager plugin.
https://www.zdnet.com/article/millions-of-wordpress-sites-are-being-probed-attacked-with-recent-plugin-bug/
#Wordpress #plugin #vulnerability #hacking
An easy-to-exploit vulnerability in a popular WordPress plugin has triggered an internet-wide hacking spree.
Millions of WordPress sites have been probed and attacked this week, Defiant, the company behind the Wordfence web firewall said on Friday.
The sudden spike in attacks happened after hackers discovered and started exploiting a zero-day vulnerability in "File Manager," a popular WordPress plugin installed on more than 700,000 sites.
The zero-day was an unauthenticated file upload vulnerability that allowed an attacker to upload malicious files on a site running an older version of the File Manager plugin.
https://www.zdnet.com/article/millions-of-wordpress-sites-are-being-probed-attacked-with-recent-plugin-bug/
#Wordpress #plugin #vulnerability #hacking
Forwarded from BlackBox (Security) Archiv
Major German shopping site leaks customer data
A publicly-listed multinational retailer with millions of dollars in annual revenues was discovered to be operating a completely unsecured server, thereby publicly exposing private data belonging to around 700,000 of its customers.
Our Security team, led by Anurag Sen, discovered a vulnerable and unsecured server containing more than 6 terabytes of data operated by German company windeln.de.
Our team detected the breach on 13 June 2020 and estimates that the server vulnerability was exposed on the Internet on 11 June 2020.
The ElasticSearch server and its vulnerability were discovered during a routine check of IP addresses on particular ports. Our team found that the server was completely unsecured and publicly exposed without a password – meaning that anyone in possession of the server’s IP address could access the entire database.
We tried to reach out to Windeln.de, but nobody ever got back to us. We then contacted the German CERT, so they could inform the company about the data leak. A few days later, the server got secured.
👀 👉🏼 https://www.safetydetectives.com/blog/windeln-leak-report/
#windeln #germany #vulnerability #leak #data #dataleak #customers
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag
A publicly-listed multinational retailer with millions of dollars in annual revenues was discovered to be operating a completely unsecured server, thereby publicly exposing private data belonging to around 700,000 of its customers.
Our Security team, led by Anurag Sen, discovered a vulnerable and unsecured server containing more than 6 terabytes of data operated by German company windeln.de.
Our team detected the breach on 13 June 2020 and estimates that the server vulnerability was exposed on the Internet on 11 June 2020.
The ElasticSearch server and its vulnerability were discovered during a routine check of IP addresses on particular ports. Our team found that the server was completely unsecured and publicly exposed without a password – meaning that anyone in possession of the server’s IP address could access the entire database.
We tried to reach out to Windeln.de, but nobody ever got back to us. We then contacted the German CERT, so they could inform the company about the data leak. A few days later, the server got secured.
👀 👉🏼 https://www.safetydetectives.com/blog/windeln-leak-report/
#windeln #germany #vulnerability #leak #data #dataleak #customers
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag
SafetyDetectives
Major German shopping site leaks customer data
A publicly-listed multinational retailer with millions of dollars in annual revenues was discovered to be operating a completely unsecured server, thereby publi
Forwarded from BlackBox (Security) Archiv
Exploitation of LAN vulnerability found in Firefox for Android (PoC)
I tested this PoC exploit on 3 devices on same wifi, it worked pretty well.
I was able to open custom URL on every smartphone using vulnerable Firefox (68.11.0 and below)
👀 👉🏼 https://twitter.com/LukasStefanko/status/1307013106615418883
👀 👉🏼 Firefox for Android LAN-Based Intent Triggering:
https://gitlab.com/gitlab-com/gl-security/security-operations/gl-redteam/red-team-tech-notes/-/tree/master/firefox-android-2020
#android #security #exploit #firefox #LAN #vulnerability #poc
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag
I tested this PoC exploit on 3 devices on same wifi, it worked pretty well.
I was able to open custom URL on every smartphone using vulnerable Firefox (68.11.0 and below)
👀 👉🏼 https://twitter.com/LukasStefanko/status/1307013106615418883
👀 👉🏼 Firefox for Android LAN-Based Intent Triggering:
https://gitlab.com/gitlab-com/gl-security/security-operations/gl-redteam/red-team-tech-notes/-/tree/master/firefox-android-2020
#android #security #exploit #firefox #LAN #vulnerability #poc
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag
Forwarded from BlackBox (Security) Archiv
Google patches actively exploited Chrome browser zero-day vulnerability
Upgrading your Chrome build as quickly as possible is recommended.
Google has warned of reports that a zero-day vulnerability in the Chrome browser is being actively exploited in the wild.
The vulnerability, tracked as CVE-2021-21166, was reported by Alison Huffman from the Microsoft Browser Vulnerability Research team on February 11 and is described as an "object lifecycle issue in audio."
Google has labeled the vulnerability as a "high" severity security flaw and has fixed the issue in the latest Chrome release.
Alongside CVE-2021-21166, Huffman also recently reported another high-severity bug, CVE-2021-21165, another object lifestyle issue in audio problem, and CVE-2021-21163, an insufficient data validation issue in Reader Mode.
The tech giant has not revealed further details concerning how CVE-2021-21166 is being exploited, or by whom.
Google's announcement, published on Tuesday, also marked the release of Chrome 89 to the stable desktop channel for Windows, Mac, and Linux machines, which is currently rolling out. Users should upgrade to Chrome 89.0.4389.72 once available.
https://www.zdnet.com/article/google-patches-actively-exploited-chrome-browser-zero-day-vulnerability/
#google #chrome #zeroday #vulnerability
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
Upgrading your Chrome build as quickly as possible is recommended.
Google has warned of reports that a zero-day vulnerability in the Chrome browser is being actively exploited in the wild.
The vulnerability, tracked as CVE-2021-21166, was reported by Alison Huffman from the Microsoft Browser Vulnerability Research team on February 11 and is described as an "object lifecycle issue in audio."
Google has labeled the vulnerability as a "high" severity security flaw and has fixed the issue in the latest Chrome release.
Alongside CVE-2021-21166, Huffman also recently reported another high-severity bug, CVE-2021-21165, another object lifestyle issue in audio problem, and CVE-2021-21163, an insufficient data validation issue in Reader Mode.
The tech giant has not revealed further details concerning how CVE-2021-21166 is being exploited, or by whom.
Google's announcement, published on Tuesday, also marked the release of Chrome 89 to the stable desktop channel for Windows, Mac, and Linux machines, which is currently rolling out. Users should upgrade to Chrome 89.0.4389.72 once available.
https://www.zdnet.com/article/google-patches-actively-exploited-chrome-browser-zero-day-vulnerability/
#google #chrome #zeroday #vulnerability
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
ZDNET
Google patches actively exploited Chrome browser zero-day vulnerability
Upgrading your Chrome build as quickly as possible is recommended.
Forwarded from BlackBox (Security) Archiv
Apple’s AirDrop leaks users’ PII, and there’s not much they can do about it
Apple has known of the flaw since 2019 but has yet to acknowledge or fix it.
AirDrop, the feature that allows Mac and iPhone users to wirelessly transfer files between devices, is leaking user emails and phone numbers, and there's not much anyone can do to stop it other than to turn it off, researchers said.
AirDrop uses Wi-Fi and Bluetooth Low Energy to establish direct connections with nearby devices so they can beam pictures, documents, and other things from one iOS or macOS device to another. One mode allows only contacts to connect, a second allows anyone to connect, and the last allows no connections at all.
A matter of milliseconds
To determine if the device of a would-be sender should connect with other nearby devices, AirDrop broadcasts Bluetooth advertisements that contain a partial cryptographic hash of the sender's phone number and email address. If any of the truncated hashes matches any phone number or email address in the address book of the receiving device or the device is set to receive from everyone, the two devices will engage in a mutual authentication handshake over Wi-Fi. During the handshake, the devices exchange the full SHA-256 hashes of the owners' phone numbers and email addresses.
Hashes, of course, can't be converted back into the cleartext that generated them, but depending on the amount of entropy or randomness in the cleartext, they are often possible to figure out. Hackers do this by performing a "brute-force attack," which throws huge numbers of guesses and waits for the one that generates the sought-after hash. The less the entropy in the cleartext, the easier it is to guess or crack, since there are fewer possible candidates for an attacker to try.
The amount of entropy in a phone number is so minimal that this cracking process is trivial since it takes milliseconds to look up a hash in a precomputed database containing results for all possible phone numbers in the world. While many email addresses have more entropy, they too can be cracked using the billions of email addresses that have appeared in database breaches over the past 20 years.
https://arstechnica.com/gadgets/2021/04/apples-airdrop-leaks-users-pii-and-theres-not-much-they-can-do-about-it
#apple #mac #iphone #airdrop #vulnerability
📡 @nogoolag 📡 @blackbox_archiv
Apple has known of the flaw since 2019 but has yet to acknowledge or fix it.
AirDrop, the feature that allows Mac and iPhone users to wirelessly transfer files between devices, is leaking user emails and phone numbers, and there's not much anyone can do to stop it other than to turn it off, researchers said.
AirDrop uses Wi-Fi and Bluetooth Low Energy to establish direct connections with nearby devices so they can beam pictures, documents, and other things from one iOS or macOS device to another. One mode allows only contacts to connect, a second allows anyone to connect, and the last allows no connections at all.
A matter of milliseconds
To determine if the device of a would-be sender should connect with other nearby devices, AirDrop broadcasts Bluetooth advertisements that contain a partial cryptographic hash of the sender's phone number and email address. If any of the truncated hashes matches any phone number or email address in the address book of the receiving device or the device is set to receive from everyone, the two devices will engage in a mutual authentication handshake over Wi-Fi. During the handshake, the devices exchange the full SHA-256 hashes of the owners' phone numbers and email addresses.
Hashes, of course, can't be converted back into the cleartext that generated them, but depending on the amount of entropy or randomness in the cleartext, they are often possible to figure out. Hackers do this by performing a "brute-force attack," which throws huge numbers of guesses and waits for the one that generates the sought-after hash. The less the entropy in the cleartext, the easier it is to guess or crack, since there are fewer possible candidates for an attacker to try.
The amount of entropy in a phone number is so minimal that this cracking process is trivial since it takes milliseconds to look up a hash in a precomputed database containing results for all possible phone numbers in the world. While many email addresses have more entropy, they too can be cracked using the billions of email addresses that have appeared in database breaches over the past 20 years.
https://arstechnica.com/gadgets/2021/04/apples-airdrop-leaks-users-pii-and-theres-not-much-they-can-do-about-it
#apple #mac #iphone #airdrop #vulnerability
📡 @nogoolag 📡 @blackbox_archiv
Ars Technica
Apple’s AirDrop leaks users’ PII, and there’s not much they can do about it
Apple has known of the flaw since 2019 but has yet to acknowledge or fix it.
Qualcomm Chip Flaw Could Leave 30 Percent of the World's Phones Vulnerable to Hackers
https://gizmodo.com/qualcomm-chip-flaw-could-leave-30-percent-of-the-worlds-1846837667
#qc #Qualcomm #soc #hack #vulnerability
https://gizmodo.com/qualcomm-chip-flaw-could-leave-30-percent-of-the-worlds-1846837667
#qc #Qualcomm #soc #hack #vulnerability
Gizmodo
Qualcomm Chip Flaw Could Leave 30 Percent of the World's Phones Vulnerable to Hackers
A recently discovered vulnerability inside Qualcomm-produced phone chips could be exploited to gain access to data on affected devices, allowing an intruder to snoop on phone calls and text messages.
WiFi devices going back to 1997 vulnerable to new Frag Attacks
https://therecord.media/wifi-devices-going-back-to-1997-vulnerable-to-new-frag-attacks/
A Belgian security researcher has discovered a series of vulnerabilities that impact the WiFi standard, with some bugs dating back as far back as 1997 and affecting devices sold for the past 24 years.
The vulnerabilities, known as Frag Attacks, allow an attacker within a device’s WiFi radio range to gather information about the owner and run malicious code to compromise a device, may it be a computer, smartphone, or other smart device.
Devices are also vulnerable even if the WiFi standard’s security protocols were activated, such as WEP and WPA.
#WiFi #vulnerability #frag
https://therecord.media/wifi-devices-going-back-to-1997-vulnerable-to-new-frag-attacks/
A Belgian security researcher has discovered a series of vulnerabilities that impact the WiFi standard, with some bugs dating back as far back as 1997 and affecting devices sold for the past 24 years.
The vulnerabilities, known as Frag Attacks, allow an attacker within a device’s WiFi radio range to gather information about the owner and run malicious code to compromise a device, may it be a computer, smartphone, or other smart device.
Devices are also vulnerable even if the WiFi standard’s security protocols were activated, such as WEP and WPA.
#WiFi #vulnerability #frag
therecord.media
WiFi devices going back to 1997 vulnerable to new Frag Attacks
A Belgian security researcher has discovered a series of vulnerabilities that impact the WiFi standard, with some bugs dating back as far back as 1997 and affecting devices sold for the past 24 years.
Holes in the WiFi
https://lwn.net/Articles/856044/
The discoverer of the KRACK attacks against WPA2 encryption in WiFi is back with a new set of flaws in the wireless-networking protocols. FragAttacks is a sizable group of WiFi vulnerabilities that (ab)use the fragmentation and aggregation (thus "Frag") features of the standard. The fixes have been coordinated over a nine-month period, which has allowed security researcher Mathy Vanhoef time to create multiple papers, some slide decks, a demo video, patches, and, of course, a web site and logo for the vulnerabilities.
Three of the vulnerabilities are design flaws in the WiFi standards, so they are likely present in all implementations, while the other nine are various implementation-specific problems. The design flaws may be more widespread, but they are much harder to exploit "because doing so requires user interaction or is only possible when using uncommon network settings". That means the real danger from FragAttacks lies in the programming errors in various WiFi implementations. "Experiments indicate that every Wi-Fi product is affected by at least one vulnerability and that most products are affected by several vulnerabilities."
In fact, in the FAQ section of the web site, Vanhoef offers to list any products that he can verify as not having been affected by the flaws described on the site. He also notes that even though the design flaws are difficult to exploit on their own, they can be combined with the other flaws found to make for a much more serious problem. "In other words, for some devices the impact is minor, while for others it's disastrous."
...
#wifi #hole #vulnerability
https://lwn.net/Articles/856044/
The discoverer of the KRACK attacks against WPA2 encryption in WiFi is back with a new set of flaws in the wireless-networking protocols. FragAttacks is a sizable group of WiFi vulnerabilities that (ab)use the fragmentation and aggregation (thus "Frag") features of the standard. The fixes have been coordinated over a nine-month period, which has allowed security researcher Mathy Vanhoef time to create multiple papers, some slide decks, a demo video, patches, and, of course, a web site and logo for the vulnerabilities.
Three of the vulnerabilities are design flaws in the WiFi standards, so they are likely present in all implementations, while the other nine are various implementation-specific problems. The design flaws may be more widespread, but they are much harder to exploit "because doing so requires user interaction or is only possible when using uncommon network settings". That means the real danger from FragAttacks lies in the programming errors in various WiFi implementations. "Experiments indicate that every Wi-Fi product is affected by at least one vulnerability and that most products are affected by several vulnerabilities."
In fact, in the FAQ section of the web site, Vanhoef offers to list any products that he can verify as not having been affected by the flaws described on the site. He also notes that even though the design flaws are difficult to exploit on their own, they can be combined with the other flaws found to make for a much more serious problem. "In other words, for some devices the impact is minor, while for others it's disastrous."
...
#wifi #hole #vulnerability
lwn.net
Holes in the WiFi
The discoverer of the KRACK attacks
against WPA2 encryption in WiFi is back with a new set of flaws in the
wireless-networking protocols. FragAttacks is a sizable group of
WiFi vulnerabilities that (ab)use the fragmentation and aggregation (thus
"Frag") features…
against WPA2 encryption in WiFi is back with a new set of flaws in the
wireless-networking protocols. FragAttacks is a sizable group of
WiFi vulnerabilities that (ab)use the fragmentation and aggregation (thus
"Frag") features…
A serious bug in #Linux from 12 years ago allows you to get root on any distro
To fix it upgrade or:
chmod 0755 /usr/bin/pkexec
#PwnKit: Local Privilege Escalation #Vulnerability Discovered in polkit’s pkexec (CVE-2021-4034)
https://blog.qualys.com/vulnerabilities-threat-research/2022/01/25/pwnkit-local-privilege-escalation-vulnerability-discovered-in-polkits-pkexec-cve-2021-4034
To fix it upgrade or:
chmod 0755 /usr/bin/pkexec
#PwnKit: Local Privilege Escalation #Vulnerability Discovered in polkit’s pkexec (CVE-2021-4034)
https://blog.qualys.com/vulnerabilities-threat-research/2022/01/25/pwnkit-local-privilege-escalation-vulnerability-discovered-in-polkits-pkexec-cve-2021-4034
Qualys Security Blog
PwnKit: Local Privilege Escalation Vulnerability Discovered in polkit’s pkexec (CVE-2021-4034) | Qualys Security Blog
The Qualys Research Team has discovered a memory corruption vulnerability in polkit’s pkexec, a SUID-root program that is installed by default on every major Linux distribution.
New Linux bug gives root on all major distros, exploit released.
A new Linux vulnerability known as 'Dirty Pipe' allows local users to gain root privileges through publicly available exploits.
Today, security researcher Max Kellermann responsibly disclosed the 'Dirty Pipe' vulnerability and stated that it affects Linux Kernel 5.8 and later versions, even on Android devices.
The vulnerability is tracked as CVE-2022-0847 and allows a non-privileged user to inject and overwrite data in read-only files, including SUID processes that run as root.
Kellerman discovered the bug after tracking down a bug that was corrupting web server access logs for one of his customers.
Kellerman states that the vulnerability is similar to the Dirty COW vulnerability (CVE-2016-5195) fixed in 2016.
https://www.bleepingcomputer.com/news/security/new-linux-bug-gives-root-on-all-major-distros-exploit-released/
https://dirtypipe.cm4all.com/
📡@cRyPtHoN_INFOSEC_EN
#linux #root #vulnerability
A new Linux vulnerability known as 'Dirty Pipe' allows local users to gain root privileges through publicly available exploits.
Today, security researcher Max Kellermann responsibly disclosed the 'Dirty Pipe' vulnerability and stated that it affects Linux Kernel 5.8 and later versions, even on Android devices.
The vulnerability is tracked as CVE-2022-0847 and allows a non-privileged user to inject and overwrite data in read-only files, including SUID processes that run as root.
Kellerman discovered the bug after tracking down a bug that was corrupting web server access logs for one of his customers.
Kellerman states that the vulnerability is similar to the Dirty COW vulnerability (CVE-2016-5195) fixed in 2016.
https://www.bleepingcomputer.com/news/security/new-linux-bug-gives-root-on-all-major-distros-exploit-released/
https://dirtypipe.cm4all.com/
📡@cRyPtHoN_INFOSEC_EN
#linux #root #vulnerability