WordPress is one of the most used content management system (CMS) in the world. So when there is a security flaw in its system, it affects millions of users on the Internet. That is exactly what has been discovered by security researchers at Sucuri, an Internet security company which revealed that WordPress websites are vulnerable to a critical and easily exploitable zero-day Content Injection vulnerability.

Sucuri found a Content Injection or Privilege Escalation vulnerability affecting the REST API allowing an attacker to modify the content of any post or page within a WordPress site. However, there is good news since Sucuri discretely reported the vulnerability to WordPress security team who handled the matter professionally and informed as many security providers and hosts and implemented a patch before this became public.
If you are using WordPress on your website the only way you may be at risk is if you have not updated your WordPress to the latest version 4.7.2. The update was issued on January 26th.

In their blog post, Marc Alexandre Montpas from Sucuri stated that “This privilege escalation vulnerability affects the WordPress REST API that was recently added and enabled by default on WordPress 4.7.0. One of these REST endpoints allows access (via the API) to view, edit, delete and create posts. Within this particular endpoint, a subtle bug allows visitors to edit any post on the site. The REST API is enabled by default on all sites using WordPress 4.7.0 or 4.7.1. If your website is on these versions of WordPress, then it is currently vulnerable to this bug.”

Montpas further stated that “This is a serious vulnerability that can be misused in different ways to compromise a vulnerable site. We are hiding some technical details to make it harder for the bad guys, but depending on the plugins installed on a site, it can lead to a RCE (remote command execution). Also, even though the content is passed through wp_kses, there are ways to inject Javascript and HTML through it. Update now!”

If you or your friends are using WordPress, it is highly advisable to update your website and inform others about the issue so they can also update their WordPress to the latest version.

WordPress has also acknowledged the issue and published a blog post earlier today urging users to update their WordPress since it poses a “severe security risk” for users.

 

Share

Live Cyber Attacks

Author: Martin Voelk
January 6, 2016

For those of you who always wondered how to get a quick At-A-Glance overview of ongoing Cyber attacks….The Internet wouldn’t be the Internet if there wouldn’t be a website for that.

Use Firefox and sometimes it requires some patience to load:

http://map.norsecorp.com/

Share

Awesome Hacking Demonstration

Author: Martin Voelk
April 7, 2015

We have been in the industry for a long time……..
<sarcasm> This video is still amazing. We have all learnt a lot from this bright young guy. If all hackers would have his skill set – the world would be doomed </sarcasm>

Please don’t take it too seriously and don’t abuse the knowledge ­čÖé

Enjoy!

Share

Amazing Hacking App

Author: Martin Voelk
March 24, 2015

Enjoy ­čÖé

Share

March 20, 2015

Conducting the interview ­čÖé

Screen Shot 2015-03-19 at 21.30.18 Bongo the Security Journalist

IMG_1556 Max (Blackhat)

IMG_1554 Pilas (Whitehat)

Interview with Black Hat Hacker Max

Bongo (Journalist): Thanks Max and Pilas for being with me today.
Max (Blackhat): I don’t have much time
Pilas (Whitehat): Pleasure.
Bongo (Journalist): First question to Max: What does a Blackhat do?
Max (Blackhat): I hack into other peoples machines and steal their logins to Amazon, Paypal etc.
Bongo (Journalist): Isn’t this illegal?
Max (Blackhat): Yes, but I am using the TOR Network where I stealth my IP address. Also I live in Asia where law enforcement doesn’t really care.
Bongo (Journalist): Who do you attack?
Max (Blackhat): Random people and businesses around the world. We target financial information like Credit Cards, PayPal accounts etc. Some we use for shopping, some for resale.
Bongo (Journalist): How much money do you make?
Max (Blackhat): A lot.
Bongo (Journalist): How do you get the money out?
Max (Blackhat): Dark Web laundering services, Bitcoin transfers, prepaid ATM cards etc.
Bongo (Journalist): What tools do you use?
Max (Blackhat): Open Source only. Like Kali Linux, Metasploit, RAT Tools, Social Engineering Tool kit, virus and malware generators and encoders
Bongo (Journalist): Do you mean all those tools are free?
Max (Blackhat): Yes all on the Web and Youtube has the How Tos! I gotta go now, I have a Bot Net to run. Time is money….
Bongo (Journalist): Thanks for your time

Interview with White Hat Hacker Pilas

Bongo (Journalist): Now to you Pilas. You are a white hat? What does a white hat do?
Pilas (Whitehat): I work for various clients as a contractor. Both private and public sectors.
Bongo (Journalist): What do you do for them?
Pilas (Whitehat): I perform Penetration Tests with the authorization of them.
Bongo (Journalist): What does that mean?
Pilas (Whitehat): I hack their networks with the same tools a Blackhat would, but I do it with the authorization of the client to strengthen security, provide reporting and mitigation.
Bongo (Journalist): So you are a good hacker?
Pilas (Whitehat): Yes. I am helping to secure networks by understanding a hacker’s tools and methods. I am a certified ethical hacker.
Bongo (Journalist): Interesting. Who are your clients?
Pilas (Whitehat): Banks, Government, Insurance companies, Utilities. Across the board.
Bongo (Journalist): What tools do you use and does it pay well?
Pilas (Whitehat): The same tools Max the blackhat does. Yes it pays very well. We are a well sought group within the IT Industry
Bongo (Journalist): Have you ever abused your knowledge?
Pilas (Whitehat): No. I am a whitehat. Grey hats would sometimes.
Bongo (Journalist): Last question. Should every company get a Pentest?
Pilas (Whitehat): Guys like Max don’t care whether they hack a private individual or a large corporation. The threat is real and everyone should consider having their IT tested.
Bongo (Journalist): Thanks for your time.

Share

March 19, 2015

A very interesting and slightly worrying article from CNN Money. We are dealing with the tip of the iceberg. It’s well known that only a fraction of actual security breaches and hacking activities make it into the news and media. Imagine how many corporations are silently infiltrated and hacked for years without even knowing about it. Scary article.

http://money.cnn.com/2015/03/13/technology/security/chinese-hack-us/

Share

How do Hackers attack?

Author: Martin Voelk
December 9, 2014

We often get asked by our clients, where are those hackers who are behind attacks and how do they disguise themselves? Well, to answer this question it would probably take weeks or even months. Let’s try to put this into a little blog post.

There are 3 categories of individual attackers

The security aware hackers

Those are the guys who know how to cover tracks and disguise themselves. A lot of those guys route their attacks through different countries, the TOR network (an anonymous Network which conceals the real source IP) and compromise weak systems. What are weak systems? Typically schools where teachers with very limited or no IT Security knowledge are responsible for the server maintenance. We had 5 cases recently where corporate clients in the US have been attacked and the forensics revealed that they hacked numerous grammar schools in Europe, installed their tools there and used this to attack. Tracking down those attackers is often hard or impossible.

The stupid hackers

Those are guys who sit in Western countries and start running attack scripts (mainly young teenagers) who are only able to run automated freeware tools. Then they are surprised if law enforcement knocks on their doors.

The hackers who sit outside Western legislation

Not every attacker has to be worried getting caught. Actually a lot of the attacks source from countries which do not cooperate with Western law enforcement or where countries have bad relationships with the United States, European Union or other Western countries. Just to name a few countries where attacks on Western systems will likely not result in any problems for the attackers: China, North Korea, Russia, Syria, Iraq, Afghanistan, Yemen, Sudan, Cuba, Nicaragua, Ecuador, Bolivia, Venezuela and many more in Africa and Asia.

Our customers often get frustrated when we have to tell them that the attacker likely┬áresides outside their home country and even if they involve law enforcement, chances are next to nothing to actually prosecute the attackers. We recommend to be pro-active instead of re-active. Getting your security tested by us and deploy countermeasures is a lot cheaper than waiting for an attack and then firefighting it. The question for any business is not IF an attack is gonna happen….then question is WHEN

Share