Tag: Vulnerability

Old WordPress Plugin Being Exploited in RCE Attacks

Researchers are warning that attackers are abusing a vulnerability in WordPress site admins’ outdated versions of a migration plugin called Duplicator – allowing them to execute remote code. All Duplicator plugins earlier than version 1.2.42 are vulnerable to the attack. The plugin facilitates the migration of a WordPress site by allowing its duplication.

“WordPress Duplicator does not remove sensitive files after the restoration process,” wrote researchers at Synacktiv (PDF) last month. As a consequence, “an attacker could abuse these scripts to execute arbitrary code on the server and take it over.”

Read more about the WordPress plugin vulnerability on Threatpost.

Zero-Day Bug Allows Hackers to Access CCTV Surveillance Cameras

Between 180,000 and 800,000 IP-based closed-circuit television cameras are vulnerable to a zero-day vulnerability that allows hackers to access surveillance cameras, spy on and manipulate video feeds or plant malware.

According to a new Tenable Research Advisory, the bugs are rated critical and tied to firmware possibly used in one of 100 different cameras that run the affected software. NUUO, the company that makes the firmware, is expected to issue a patch for the bug today. The company lists over a 100 different partners including Sony, Cisco Systems, D-Link and Panasonic. It’s unclear how many OEM partners may use the vulnerable firmware.

Read more about the zero-day bug affecting CCTV cameras on Threatpost.

CSS-Based Attack Causes iOS, macOS Devices to Crash

A newly-revealed proof-of-concept attack can cause iOS devices to crash or restart with a mere 15 lines of code, a researcher revealed over the weekend. Sabri Haddouche, a security researcher at Wire, has tweeted the source code of the proof-of-concept (PoC) attack that restarts iOS devices – such as the iPhone or iPad – with just a few lines of specially crafted Cascading Style Sheets (CSS) and HTML code.

Haddouche, who came across the attack after looking at DoS attacks on browsers last week, said that users who open a specially formatted link from any iOS-based browser, or using Safari on macOS, are privy to the attack. He has notified Apple and the tech giant is investigating the issue.

Read more about the newly discovered CSS-based attack on Threatpost.

EternalBlue Infections Persist

The infamous EternalBlue exploit used in the game-changing WannaCry and NotPetya cyberattacks just won’t die: new research shows 300,000 machines around the globe suffering repeat infections of the attack code.

EternalBlue, pilfered from the NSA and leaked by the mysterious Shadow Brokers group, abuses a flaw in Microsoft’s Server Message Block, SMB1, protocol. Researchers at Avira found a large number of machines – mainly running versions of Windows that don’t get updates and the older SMB2 protocol getting infected over and over with EternalBlue.

Read more about the findings of the new research on DarkReading.

New cold boot attack affects “nearly all modern computers”

Security researchers have uncovered a new variation of a cold boot attack that can meddle with a computer’s firmware to disable security measures and allow an attacker to recover sensitive data stored on that computer.

The attack is a variation of old cold boot attacks, known for nearly a decade. Cold boot attacks are when an attacker forces a computer reset/reboot and then steals any data left over in the RAM. Over the years, OS makers and hardware vendors have shipped various security measures to reduce the impact of cold boot attacks, even if they happen. But security researchers discovered that they could circumvent one of these protections.

Read more about how current cold boot attack firmware security measures can be disabled to steal sensitive data from high-value computers on ZDNet.

2 Billion Bluetooth Devices Remain Exposed to Attack Vulnerabilities

One year after security vendor Armis disclosed a set of nine exploitable vulnerabilities in Bluetooth, some 2 billion devices — including hundreds of millions of Android and iOS smartphones — remain exposed to the threat. Armis disclosed the vulnerabilities — collectively dubbed “BlueBorne” — last September, describing them as an attack vector for adversaries to take complete control of Bluetooth devices.

At the time, some 5 billion Bluetooth-enabled products, including laptops, phones, smartwatches, and TVs, were impacted. Since then, the vendors of many of these products have issued patches and software updates addressing the flaws. Despite this, about 2 billion devices remain at risk.

Read more about the BlueBorne vulnerabilities and learn why 2 billion devices remain at risk, on DarkReading.

Mirai, Gafgyt Botnets Return to Target Infamous Apache Struts, SonicWall Flaws

Researchers have discovered new variants for the infamous Mirai and Gafgyt IoT botnets. The new Mirai strain targets the Apache Struts flaw associated with the 2017 Equifax breach, while the Gafgyt variant uses a newly-disclosed glitch impacting older, unsupported versions of SonicWall’s Global Management System, according to researchers with Palo Alto Networks.

Researchers said that they discovered samples of a Mirai variant on Sept. 7 incorporating exploits that targeted 16 separate vulnerabilities, including the Apache Struts vulnerability.

Read more about the new Mirai and Gafgyt variants on Threatpost.

Cisco warns customers of critical security flaws, including Apache Struts

Cisco has issued a security advisory to customers detailing a swathe of critical and highly-rated vulnerabilities which have been resolved. The security advisory documents three critical vulnerabilities, 19 bugs rated “important,” and a number of medium-severity security flaws.

One of the most serious bugs is a vulnerability impacting Apache Struts 2, which was publicly disclosed in August together with proof-of-concept (PoC) code. If exploited, the security flaw, CVE-2018-11776 , permits attackers to remotely execute code due to insufficient validation of user input.

Read more about the massive Cisco security update on ZDNet.

The Vulnerability Disclosure Process: Still Broken

Vulnerability disclosure has long been the third rail in the relationship between researcher and vendor. While bug-bounty programs have been a step in the right direction, friction still exists for a meaningful percentage of vendors and researchers.

“The relationship between vulnerability researcher and vendor in the context of disclosure is broken,” said Casey Ellis, chairman, founder and CTO of bug-bounty platform Bugcrowd. “If you look at the entire ecosystem of companies and researchers – especially outside the scope of a bounty program – it still needs to be fixed.”

Read more about why, despite the advent to bug bounty programs and enlightened vendors, researchers still complain of abuse, threats and lawsuits, on Threatpost.

Over 3,700 exposed 3D printers open to remote attackers

SANS ISC researchers have discovered thousands of exposed 3D printers that require no password for remote access. The finding is striking since OctoPrint, an open-source web interface for 3D printers that many manufacturers embed in the devices, offers numerous secure ways to remotely access a 3D printer without putting it on the public internet for anyone to abuse.

SANS ISC researcher Richard Porter first warned about the exposed OctoPrint 3D web interfaces after receiving a tip, but then SANS ISC researcher Xavier Mertens took it much further by spelling out what could go wrong with the thousands of exposed 3D printers.

Read more about how thousands of exposed 3D printers open to remote attackers could be used for sabotage, espionage, or spying, on CSO.