Security Bulletin #99
WordPress admins: RCE and password reset vulnerabilities revealed
Independent security researcher Dawid Golunski has released a proof-of-concept exploit code for an unauthenticated remote code execution vulnerability in WordPress 4.6 (CVE-2016-10033), and information about an unauthorized password reset zero-day vulnerability (CVE-2017-8295) in the latest version of the popular CMS. The vulnerability exists in the PHPMailer library, and can be exploited by unauthenticated remote attackers to gain access to and compromise a target application server on which a vulnerable WordPress Core version is installed (in its default configuration). Admins who still run these older versions of the popular CMS should upgrade to newer versions, ideally to the latest one (v4.7.4).
Majority of workers blindly open email attachments
The vast majority (82 percent) of users open email attachments if they appear to be from a known contact, despite the prevalence of well-known sophisticated social engineering attacks, according to Glasswall. Altogether, the survey examined 1,000 office workers in medium and large-scale businesses across the U.S. to determine their email security awareness, particularly regarding known and unknown attachments, and related behaviors around best practices. Among other things, the research demonstrated how lax approaches to popular threat vectors such as email attachments, inadequate threat-awareness, poor work-practices and out-of-date technology, are exposing organizations to hacking, ransomware and zero-day attacks. Conventional antivirus and sandboxing solutions are no longer effective and relying on the vigilance of employees clearly leaves a business open to devastating cyber-attacks.
The SS7 Attack — Hackers Are Stealing Money from Bank Accounts
Security researchers have been warning for years about critical security holes in the Signaling System 7 (SS7) that could allow hackers to listen in private phone calls and read text messages on a potentially vast scale, despite the most advanced encryption used by cellular networks. Cellular networks, on the other hand, have consistently been ignoring this serious issue, saying that it is a very low risk for most people, as the exploitation of the SS7 flaws requires significant technical and financial investment. But some unknown hackers have just proved them wrong by recently exploiting the design flaws in the SS7 to drain victims' bank accounts. SS7 weaknesses have recently been exploited by cybercriminals to bypass two-factor authentication (2FA) banks used to prevent unauthorized withdrawals from users’ bank accounts. The attackers first spammed out traditional bank-fraud Trojans to infect account holders' computers and steal passwords used to log into bank accounts, view accounts balance, along with their mobile number. But what prevented the attackers from making money transfers is the one-time password the bank sent via a text message to its online banking customers in order to authorize the transfer of funds between accounts. To overcome this issue, the cyber crooks then purchased the access to a fake telecom provider and set-up a redirect for the victim's phone number to a handset controlled by them. Specifically, they used SS7 to redirect the SMSes containing OTPs sent by the bank. Next, the attackers logged into victims' online bank accounts and transferred money out, because as soon as the authorization codes were sent by the bank, instead of designated account holders, they were routed to numbers controlled by the attackers, who finalized the transaction
Current Alerts CERTFR-2017-ALE-008 : Vulnérabilité dans RDP pour Microsoft Windows XP et Windows Server 2003 (14 avril 2017) Link: http://cert.ssi.gouv.fr/site/CERTFR-2017-ALE-008.pdf CERTFR-2017-ALE-006 : Multiples vulnérabilités dans Siemens RUGGEDCOM ROX I (29 mars 2017) Link: http://cert.ssi.gouv.fr/site/CERTFR-2017-ALE-006.pdf CERTFR-2017-ALE-005 : Vulnérabilité dans les commutateurs Cisco (20 mars 2017) Link: http://cert.ssi.gouv.fr/site/CERTFR-2017-ALE-005.pdf Patches CERTFR-2017-AVI-139 : Multiples vulnérabilités dans les produits Cisco (04 mai 2017) Link: http://cert.ssi.gouv.fr/site/CERTFR-2017-AVI-139.pdf