Cyber Security news for the month of February, 2017.
Attacks on WordPress Sites Intensify as Hackers Deface Over 1.5 Million Pages
Attacks on WordPress sites using a vulnerability in the REST API, patched in WordPress version 4.7.2, have intensified over the past few days, as attackers have now defaced over 1.5 million pages, spread across 39,000 unique domains.
Initial attacks using the WordPress REST API flaw were reported on recently by web security firm Sucuri, who said four group of attackers defaced over 67,000 pages.
Initially, the vulnerability was deemed of a very high-risk, and the WordPress security team kept it a secret for almost a week, allowing a large number of WordPress site owners to update their CMS without being in peril from impending attacks.
WordPress and Sucuri experts realized they couldn’t keep this a secret, and after a week, both teams revealed to the world that the WordPress 4.7.2 release included a secret fix for the WordPress REST API. Sucuri’s initial fears became reality a few days later, as both Sucuri and WordFence started seeing attacks leveraging the REST API flaw against sites the two were protecting.
“This vulnerability has resulted in a kind of feeding frenzy where attackers are competing with each other to deface vulnerable WordPress websites,” said Mark Maunder, Wordfence Founder, and CEO. “During the past 48 hours we have seen over 800,000 attacks exploiting this specific vulnerability across the WordPress sites we monitor.”
LeakedSource and its database of hacked accounts is gone
A user going by “LTD” wrote in an online forum: “LeakedSource is down forever and won’t be coming back. Owner raided early this morning. Wasn’t arrested, but all SSDs got taken, and LeakedSource servers got subpoenaed and placed under federal investigation. If somehow he recovers from this and launches LeakedSource again, then I’ll be wrong. But I am not wrong.” Such reports are currently unconfirmed, however.
LeakedSource has always maintained that the information in its database was already publicly accessible.
Troy Hunt, a security researcher that runs a similar service called Have I Been Pwned, writes on his blog: “There was a constant flow of data that wasn’t appearing anywhere else in the usual trading circles before first coming to air via their service. Speculation was rife that there was incentivisation occurring not just to provide data that had already been obtained, but to actively seek out new targets.”
LeakedSource was arguably doing the heavy lifting, making it a cinch for hackers to set up a script and gain access to some of their victim’s other accounts.
Google boosts G Suite manageability with enterprise-grade security controls
Google announced that it would be improving the G Suite with new security tools and controls to better protect sensitive data.
The new “Enterprise-grade” controls exist in three parts: Security key enforcement for more access control, Data Loss Prevention and S/MIME encryption across certain G Suite apps, and additional analytics capabilities.
The announcement follows a steady stream of security updates Google has made to its G Suite products.
While G Suite has had the ability to be configured for HIPAA compliance, Google recently added new encryption key management features and MDM solutions as well.
Hacker pwns 150,000 printers to issue a security warning
German researchers published the results of tests they had carried out to assess security on a cross-section of office networked printers.
Among a clutch of security problems they uncovered were several ways to exploit access to networked printers through what is termed RAW printing on port 9100.
The affected printers are all networked models – and that includes wireless printers. If your printer has built-in management, make sure you’ve secured it from remote access – starting with changing the default password, make sure your firewall is properly configured, and don’t leave your printer switched on if you’re not using it.
Serious Cloudflare bug exposed a potpourri of secret customer data
Cloudflare, a service that helps optimize the security and performance of more than 5.5 million websites, warned customers that a recently fixed software bug exposed a range of sensitive information that could have included passwords, and cookies and tokens used to authenticate users.
“The bug was serious because the leaked memory could contain private information and because it had been cached by search engines,” Cloudflare CTO John Graham-Cumming wrote in a blog post.
The parser bug could be exploited only opportunistically against certain sites that used Cloudflare.
In a Twitter message, Ormandy said Cloudflare customers affected by the bug included Uber, 1Password, FitBit, and OKCupid.
Google Achieves First-Ever Successful SHA-1 Collision Attack
SHA-1, Secure Hash Algorithm 1, a very popular cryptographic hashing function designed in 1995 by the NSA, is officially dead after a team of researchers from Google and the CWI Institute in Amsterdam announced the first ever successful SHA-1 collision attack.
In October 2015, a team of researchers headed by Marc Stevens from the Centrum Wiskunde & Informatica in the Netherlands had published a paper that outlined a practical approach to creating a SHA-1 collision attack – Freestart Collision.
According to researchers, the SHAttered attack is 100,000 faster than the brute force attack.
Google is planning to release the proof-of-concept code in 90 days, which the company used for the collision attack, meaning anyone can create a pair of PDFs that hash to the same SHA-1 sum given two distinct images with some pre-conditions.
Contact Rigid Bits with any questions or concerns about our services and our exceptional cyber security.