Category Archives for Security
Cracking PHP rand()
Sjoerd Langkemper writes about Cracking PHP rand(): Webapps occasionaly need to create tokens that are hard to guess. For example for session tokens or CSRF tokens, or in forgot password functionality where you get a token mailed to reset your password. These tokens should be cryptographically secure, but are often made by calling
rand() multiple times and transforming the output to a string. This post will explore how hard it is to predict a token made with rand().
Security Advisory: Stored XSS in Magento
Sucuri reports an stored cross site scripting (XSS) vulnerability in Magento CE <1.9.2.3 and Magento EE <1.14.2.3. This vulnerability affects almost every install of these versions, time to upgrade your Magento webshop!
WhatsApp prepares to share user info with Facebook – Time to switch
Android Authority reports: It was likely only a matter of time before Facebook and WhatsApp became more intertwined after the social media giant purchased the messaging service back in 2014. Now the first clues that closer integration is looming have appeared, as users have managed to find some new options tucked away in the latest beta build.
Critical 0-day vulnerability in Joomla patched, update to 3.4.6 now!
The Joomla security team have just released a new version of Joomla to patch a critical remote command execution vulnerability that affects all versions from 1.5 to 3.4. This is a serious vulnerability that can be easily exploited and is already in the wild.
Ponmocup – A giant hiding in the shadows
Fox-IT writes in a blogpost Ponmocup – A giant hiding in the shadows: Ponmocup, first discovered in 2006 as Vundo or Virtumonde, is one of the most successful botnets of the past decade, in terms of spread and persistence. The reasons why this botnet is considered highly interesting are that it is sophisticated, underestimated and is currently largest in size and aimed at financial gain.
10% WordPress plugins in top ~1000 is vulnerable, a PHP static code analysis shows
Marcin Probola conducted a PHP static code analysis of the top ~1000 WordPress plugins, and the results showed 103 plugins were vulnerable to at least one vulnerability type (XSS, SQL injection). This is roughly 10 percent! Marcin Probola writes that scanning results were manually verified in his spare time and delivered to official plugins@wordpress.org from 04.07.2015 to 31.08.2015. Most of reported plugins are already patched, some are not. Vulnerable and not patched plugins are already removed from official wordpress plugin repository.
WordPress Is the Most Attacked CMS Application
Imperva’s Web Application Attack Report shows spam is WordPress’ largest security threat. Imperva, an international cyber security company founded in 2002, published its 2015 web application attack report. The report includes a thorough analysis of attack data obtained through its Web Application Firewall (or WAF).
BIND 9.x vulnerable for remote Denial of Service through a magic packet
A vulnerability in BIND, and all it takes is just one tiny little packet…
BIND 9.x is vulnerable for a remote Denial of Service, where a tiny magic packet can cause BIND 9.x to stop and exit named with a REQUIRE assertion failure. All the attacker needs to send is a specially – and deliberately – constructed packet to exploit an error in the handling of queries for TKEY records. The vulnerability in BIND will crash and take down the BIND named daemon…
Continue readingMultiple critical vulnerabilities in PHP File Manager
Revived Wire Media’s PHP File Manager got some issues…
Sijmen Ruwhof, who also analysed the malware spread through NU.nl back in 2012, found some serious security vulnerabilities in a PHP web application called “PHP File Manager”. One, among others, is a backdoor for Revived Wire Media to use. How sick is that?! Another vulnerability makes it easy to download confidential files.
High-risk vulnerabilities in TheCartPress leaves WordPress sites at risk
TheCartPress eCommerce Shopping Cart – a popular WordPress e-commerce plugin that is actively used on over 5,000 websites – contains high-risk vulnerabilities that can be exploited to compromise customers’ data, execute arbitrary PHP code, and perform Cross-Site Scripting attacks against users of WordPress installations, claim High-Tech Bridge researchers. Users are advised to disable or remove the plugin.
XSS Vulnerability Affecting Multiple WordPress Plugins
Where the Vevida Optimizer WordPress plugin kept plugins on all my WordPress sites up-to-date: Sucuri reports that multiple WordPress plugins are vulnerable to Cross-site Scripting (XSS) due to the misuse of the add_query_arg() and remove_query_arg() functions. These are popular functions used by developers to modify and add query strings to URLs within WordPress. If you haven’t configured automatic updates for WordPress plugins, please update NOW!
Secure WordPress uploads folder, disable PHP execution
The following PHP function secures your WordPress website by disabling the execution of PHP scripts in wp-content/uploads, on IIS web servers. It creates a web.config file for this purpose.
Continue readingCritical Magento Shoplift Vulnerability (SUPEE-5344)
Web security firm Sucuri reports on their blog, that over 50% of all Magento installations haven’t applied a critical security patch (SUPEE-5344). Leaving them open to attacks. The security patch, to address a remote command execution (RCE) vulnerability, was released back in February.
“Statistics Will Crack Your Password”
Think like a hacker and ask yourself how fast your passwords might be able to be cracked based on their structure.
Polymorphic Beebone botnet sinkholed in international police operation
Help Net Security writes: On April 8, a global operation targeted the Beebone (also known as AAEH) botnet, a polymorphic downloader bot which installs various forms of malware on victims’ computers.