Unpatched Bug Under Active Attack Threatens WordPress Sites with XSS

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

 

An unpatched vulnerability in the Rich Reviews plugin for WordPress is putting an estimated 16,000 sites in danger of stored cross-site scripting (XSS) attacks.

Sites running the plugin are vulnerable to unauthenticated plugin option updates, which can be used to deliver malware payloads; and according to Wordfence, attacks are already happening in the wild.

Read more

 

Top 5 Security News

Microsoft rushes out fix for Internet Explorer zero-day

Magecart Group Continues Targeting E-Commerce Sites

iOS 13 Bug Lets 3rd-Party Keyboards Gain ‘Full Access’ — Even When You Deny

Why You Need to Think About API Security

HTTP/3: the past, the present, and the future

Security Software & Tools Tips – September 2019

In this monthly post, we try to make you aware of five different security-related products.
This is a repost from my personal website Ulyaoth

This month we have chosen for the following:
* CipherCloud
* CodeDiaper
* N-Stalker
* Passhunt
* SonarTS

CipherCloud

Information from the CipherCloud website:

The CipherCloud CASB+ platform provides deep visibility, end-to-end data protection, advanced threat protection, and comprehensive compliance capabilities for enterprise embracing cloud-based applications.

Website:

https://www.ciphercloud.com/ciphercloud-overview/

CodeDiaper

Information from the CodeDiaper website:

You can search for a specific string from all the source code on GitHub and check if it has been posted illegally.

Website:

https://github.com/future-architect/code-diaper

N-Stalker

Information from the N-Stalker website:

N-Stalker Web Application Security Scanner X Free Edition provides a restricted set of free Web Security Assessment checks to enhance the overall security of your web server infrastructure, using the most complete web attack signature database available in the market – “N-Stealth Web Attack Signature Database”.

Website:

https://www.nstalker.com/products/editions/free/

Passhunt

Information from the Passhunt website:

Passhunt is a simple tool for searching of default credentials for network devices, web applications and more. Search through 523 vendors and their 2084 default passwords.

Website:

https://github.com/Viralmaniar/Passhunt

SonarTS

Information from the SonarTS website:

Static code analyzer for TypeScript detecting bugs and suspicious patterns in your code.

Website:

https://github.com/SonarSource/SonarTS

Image by Pete Linforth from Pixabay

Millions of passenger data publicly accessible in cloud storage buckets

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

The breach, which reportedly exposed data on millions of passengers, is one of many that have resulted from organizations leaving data publicly accessible in cloud storage buckets.

Read more

 

Top 5 Security News

Robocalls now flooding US phones with 200m calls per day

Is Your Medical Data Safe? 16 Million Medical Scans Left Out in the Open

GitHub gobbles biz used by NASA, Google, etc to search code for bugs and security holes in Mars rovers, apps…

LastPass Fixes Bug That Leaks Credentials

Huawei suspended from the Forum of Incident Response and Security Teams

Historic data is an insufficient basis for making good decisions

You cannot see the future by looking backwards. That’s why it’s important for Swedish business leaders to take charge of their decisions by ensuring access to up-to-date data. So writes Fredrik Ohlsen, CEO at Basefarm.

Trends based on how the market has evolved historically are not infrequently used as the basis for decisions on how Swedish companies should act going forward. The problem with this approach is that old data is no longer enough to be able to make good decisions. Combined with the traditional Swedish approach in which “everybody” is involved in decision-making, this unfortunately creates a sluggish approach to business that risks making Swedish companies less competitive than they have hitherto been.

Data about the past is only a fraction of what is required to make smart decisions. As business processes become increasingly interlinked with IT processes, companies and organizations need to learn to focus and act on what is happening right now.

To achieve this, companies have to ensure that rapid technological development becomes an advantage rather than an obstacle. Data that allows companies to make good decisions is available, and when the manager has easy access to it, he or she can make quick decisions, without having to fear that the basis for such decisions is wrong or flawed.

We have to be humble when faced with the fact that almost unbelievable developments in IT have meant that there is no longer anything to be gained from trying to predict the future. Development is simply moving far too fast for that. Instead, the answer is to invest significantly in day-to-day continuous development that focuses on the very latest technologies, such as public clouds, AI, big data or other elements of the digitalization process. This puts IT service providers in an important position, and they need to be able to discuss concrete solutions with their customers rather than potential scenarios that seldom or never come to pass.

In other words, Swedish companies must be better at creating a situation in which they can fully exploit their industry expertise by using the new doors that can be opened with the latest technology. Behind these doors are solutions that are directly linked to collecting, presenting and acting on information on how their market is changing from day to day. Not only that – every week there are hundreds of changes and upgrades taking place in various underlying systems. As a result, it is vital to keep track of how those changes can be fully utilized and how they affect one another from an operational perspective. In the worst-case scenario, the system crashes because one or more applications no longer interact with the system as a whole.

In the best-case scenario, the business pulls ahead of its competitors by both acting on the basis of constant changes in the market and ensuring that everything works as it should in technical terms. If you want to be part of the latter group, it is no longer possible to run your business based on outdated data and yesterday’s technology. That’s why the advice to Swedish business leaders is to take charge of their decisions by ensuring that you have access to the very latest data. Only then can you, as a manager, also make faster, more accurate decisions, without having to worry that you’re doing so on entirely the wrong basis.

DNS-over-HTTPS, a curse or a blessing?

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

“Mozilla plans to enable support for the DNS-over-HTTPS (DoH) protocol by default inside the Firefox browser for a small number of US users starting later this month.

When DoH support is enabled in Firefox, the browser will ignore DNS settings set in the operating system, and use the browser-set DoH resolver.

By moving DNS server settings from the OS to the browser level, and by encrypting the DNS traffic, DoH effectively hides DNS traffic from internet service providers (ISPs), local parental control software, antivirus software, enterprise firewalls and traffic filters, and about any other third-party that tries to intercept and sniff a user’s traffic.” according to Catalin Cimpanu for Zero Day.

This is causing some controversy and might affect current mitigating measures in place at businesses.

Read more

Top 5 Security News

Initial Metasploit Exploit Module for BlueKeep (CVE-2019-0708)

18 months after indictment, Iranian phishers are still targeting universities

Instagram Confirms Security Issue Exposed User Accounts And Phone Numbers—Exclusive

Simjacker attack exploited in the wild to track users for at least two years

State-sponsored entities targeting Airline Industry (Part 1)

Diversity and Security. Why it is so important?

Being inspired of the event “Diversity & Security” organized by Microsoft Norway and Oda Network (Norwegian leading network for women in tech) I want to share some ideas about this topic with Basefarmers.

 

Why diversity is so important nowadays?

 

“Diversity is not just about the color of our skin, gender, religious or ethnic background, it is also about being surrounded by people whose varied experiences contribute new ideas to problem solving.” – Ann Johnson Corporate Vice President, Cybersecurity Solutions Group

Studies have shown the importance of diversity and inclusion in generating more creative solutions to business problems and enhancing performance and competitiveness. It’s particularly important in tech because it serves as a catalyst for success and a foundation for innovation in so many industries.

McKinsey report “Diversity Matters” shows how diversity impacts organizational performance and especially decisions making.

It’s quite impressive to see how many % of the time a better decision is made, based on what kind of people are around you. And I’m pretty sure that we in Basefarm do the right things moving into that direction.

 

While many organizations working on implementation of “diversity measures” to encourage more women and other underrepresented groups to explore careers in tech, it’s still remains a deficiency of women and minorities, especially in cybersecurity.

It’s easy to calculate the gender gap in cybersecurity. Women – who make up 11% of the industry – hold few leadership roles in security.

As recently predicted that by 2021, 3.5 million cybersecurity positions will go unfilled, so to gain the advantage in fighting cybercrime we are dependent on diverse talents and consciousness about this subject! 🙂

 

Sources:

https://www.mckinsey.com

https://www.forbes.com/diversity-inclusion

https://www.darkreading.com

https://news.microsoft.com

https://www.csoonline.com/article/3200024/cybersecurity-labor-crunch-to-hit-35-million-unfilled-jobs-by-2021.html

Crimeware

Crimeware in the Modern Era

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

“Crimeware is a cornerstone to financially motivated threat actors’ toolsets and sees consistent and continuous evolution in its operation. Crimeware developers have demonstrated resilience in the face of an evolving security landscape and law enforcement actions through constant shifts and updates to their tools, techniques, and procedures. This has resulted in a perennial back and forth between criminally-minded attackers and budget-constrained defenders.” according to Brandon Levene the Head of Applied Intelligence (Chronicle) at Google

Read more

Top 5 Security News

PowerShell Script with a builtin DLL

Google throws bug bounty bucks at mega-popular third-party apps

AI mimics CEO voice to scam UK energy firm out of £200k

Facebook loses control of key used to sign Android app

Exim – local or remote attacker can execute programs with root privileges (CVE-2019-15846)

 

 

Backdoor Found in Utility for Linux, Unix Servers

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

Backdoor was intentionally planted in 2018 and found during the DEF CON 2019 security conference when researchers stumbled upon malicious code.

In an unnerving twist, when a critical zero-day vulnerability was reported in a Unix administration tool, called Webmin, it was revealed the flaw was no accident. According to researchers, the vulnerability was a secret backdoor planted in the popular utility nearly a year before its discovery.

Read more

Top 5 Security News

A Telegram bug that disclose phone numbers of any users in public groups

GitHub supports Web Authentication (WebAuthn) for security keys

I Visited 47 Sites. Hundreds of Trackers Followed Me.

Forced Password Reset? Check Your Assumptions

Bumper Cisco patches fix four new ‘critical’ vulnerabilities

Security Software & Tools Tips – August 2019

In this monthly post, we try to make you aware of five different security-related products.
This is a repost from my personal website Ulyaoth

This month we have chosen for the following:
* Vuls
* Dirhunt
* InsightIDR
* SubDomainizer
* Atomic Red Team

Vuls

Information from the Vuls website:

Vuls is open-source, agent-less vulnerability scanner for Linux, FreeBSD, Container Image, Running Container, WordPress, Programming language libraries and Network devices based on information from NVD, OVAL, etc.

Website:

https://vuls.io/

Dirhunt

Information from the Dirhunt website:

Dirhunt is a web crawler optimize for search and analyze directories. This tool can find interesting things if the server has the “index of” mode enabled. Dirhunt is also useful if the directory listing is not enabled. It detects directories with false 404 errors, directories where an empty index file has been created to hide things and much more.

Website:

https://github.com/Nekmo/dirhunt

InsightIDR

Information from the InsightIDR website:

Rapid7 InsightIDR is an intruder analytics solution that gives you the confidence to detect and investigate security incidents faster, a Cloud SIEM for your modern network.

Website:

https://www.rapid7.com/products/insightidr/

SubDomainizer

Information from the SubDomainizer website:

SubDomainizer is a tool designed to find hidden subdomains and secrets present is either webpage, Github, and external javascripts present in the given URL. This tool also finds S3 buckets, cloudfront URL’s and more from those JS files which could be interesting like S3 bucket is open to read/write, or subdomain takeover and similar case for cloudfront. It also scans inside given folder which contains your files.

Website:

https://github.com/nsonaniya2010/SubDomainizer

Atomic Red Team

Information from the Atomic Red Team website:

Atomic Red Team is a library of simple tests that every security team can execute to test their defenses. Tests are focused, have few dependencies, and are defined in a structured format that can be used by automation frameworks.

Website:

https://atomicredteam.io/

Image by vishnu vijayan from Pixabay

Security Software & Tools Tips – July 2019

In this monthly post, we try to make you aware of five different security related products.
This is a repost from my personal website Ulyaoth

This month we have chosen for the following:
* anevicon
* OpenVPN
* HoneyPy
* sqreen
* Dshell

anevicon

Information from the anevicon website:

A high-performant traffic generator, designed to be as convenient and reliable as it is possible. It sends numerous UDP packets to a server, thereby simulating an activity that can be produced by your end users or a group of hackers.

Website:

https://github.com/Gymmasssorla/anevicon

OpenVPN

Information from the OpenVPN website:

OpenVPN provides flexible VPN solutions to secure your data communications, whether it’s for Internet privacy, remote access for employees, securing IoT, or for networking Cloud data centers.

Website:

https://openvpn.net

HoneyPy

Information from the HoneyPy website:

A low interaction honeypot with the capability to be more of a medium interaction honeypot.

Website:

https://github.com/foospidy/HoneyPy

sqreen

Information from the sqreen website:

Unified security monitoring and protection for modern cloud environments. Easily enable protections tailored to your stack, get unprecedented visibility into your security and scale it in production.

Website:

https://www.sqreen.com

Dshell

Information from the Dshell website:

An extensible network forensic analysis framework. Enables rapid development of plugins to support the dissection of network packet captures.

Website:

https://github.com/USArmyResearchLab/Dshell

Photo by Markus Spiske on Unsplash