Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
  • Security

    10 blog articles in this category

      Vulnerabilities in SAP Products Could compromise systems and it's data

      Multiple vulnerabilities have been reported in SAP products where things like cross-site scripting (xss) and server side request forgery open up access points through which a hacker can compromise the systems and it's data. These vulnerabilities have been patched in SAP Security Patch Day – July 2020 and it is strongly advised to make that update as soon as possible.
      Multiple Vulnerabilities in SAP NetWeaver AS JAVA (LM Configuration Wizard) (CVE-2020-6286). Security updates for the browser control Google Chromium delivered with SAP Business Client Information Disclosure in SAP NetWeaver (XMLToolkit for Java) (CVE-2020-6285). Multiple vulnerabilities in SAP Disclosure Management (CVE-2020-6267). Cross-Site Scripting (XSS) vulnerability in SAP Business Objects Business Intelligence Platform(BI Launch pad) (CVE-2020-6281). Cross-Site Scripting (XSS) vulnerability in SAP Business Objects Business Intelligence Platform(Bipodata) (CVE-2020-6276). Server-Side Request Forgery in SAP NetWeaver AS JAVA (IIOP service) (CVE-2020-6282). Cross-Site Scripting (XSS) vulnerability in SAP Business Objects Business Intelligence Platform (BI Launchpad and CMC) (CVE-2020-6278). Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface) (CVE-2020-6222). Information Disclosure in SAP NetWeaver (ABAP Server) and ABAP Platform (CVE-2020-6280).

      Critical Wordpress plugin bug compromise hosting accounts for thousands of users

      A critical bug in the popular Wordpress plugin wpDiscuz allow users to upload and execute code remotely. This is because of a bug in the file mime type detection that allowed any file type to be uploaded. This open up the server to remote code execution (RCE) that could result in the entire server being compromised. 
      The vulnerability was reported to wpDiscuz's developers by Wordfence's Threat Intelligence team on June 19 and was fully patched with the release of version 7.0.5 on July 23. Since then 25.000 users have downloaded this update, leaving at least 45.000 sites still vulnerable from this bug.
      According to Wordfence threat analyst Chloe Chamberland, the security flaw is rated as critical severity with a CVSS base score of 10/10.
      Disclosure Timeline
      June 18, 2020 – Initial discovery of vulnerability. We verify the Wordfence firewall provides protection against exploit attempts and we make our initial contact attempt with the plugin’s team.
      June 19, 2020 – Plugin team confirms inbox for handling disclosure. We send full disclosure details.
      June 20, 2020 – The plugin’s team let us know that a patch will be released in version 7.0.4.
      July 6, 2020 – Follow-up as no patch has been released.
      July 10, 2020 – They respond to let us know a patch is coming in 1-2 days.
      July 13, 2020 – Follow-up as no patch has been released.
      July 15, 2020 – They respond saying a patch will be released by the end of week.
      July 20, 2020 – A patch has been released. We check the patch and see that vulnerability is still exploitable and inform them.
      July 23, 2020 – A sufficient patch has been released in version 7.0.5
      If you are using wpDiscuz you should upgrade emediately to avoid having your server compromised.

      QNAP devices vulnerable to remote takeover attacks

      According to Henry Huang, a Taiwanese security researcher, there are still hundreds of thousands of QNAP NAS systems that have yet to be patched for no less than three bugs. This allow an attacker to exploit the three bugs to take full control over QNAP devices.
      These bugs was found last year and Henry Huang reported it to QNAP last June. QNAP issues a patch in November last year to fix these bugs and still, 6 months later there are hundreds of thousands of unpatched units online.  These bugs are:
      CVE-2019-7192 (CVSS 9.8) (Photo Station bug) CVE-2019-7194 (CVSS 9.8) (Photo Station bug) CVE-2019-7195 (CVSS 9.8) (Photo Station) The bugs that are connected to the Photo Station app are in themselves not a big issue. It is when chained together they can bypass authentication (bug #1), insert malicious code in the Photo Station app PHP session (bug #2), and then install a web shell on unpatched QNAP devices (bug #3).
      Henry Huang have written detailed information regarding the bugs in an article on Medium. He also strongly advice users to patch their QNAP NAS as soon as possible. If that is not possible then he suggest that you take it off the Internet as it can be used for malicious purposes or you could attract a ransomware gang.
      This is of course the official recommendation from QNAP as well.

      Microsoft Teams Impersonation Attacks flood inboxes to Phish for Credentials

      In the wake of Covid-19 and the increased need for communication for people working from home it comes as no surprise that Microsoft Teams are targeted by malicious people. This week we see both CISA and Abnormal security reporting on targeted phishing campaigns that have affected more than 50.000 users so far.
      With so many starting to work from home due to the Covid-19 situation invites to different Microsoft Teams are very common. This is something that malicious people have started to take advantage of. Since many organizations are still a bit new to the situation of many employees working from home, this also mean that security is not always up to par with the situation.
      The tactic is rather simple, but sadly also effective. One example is that a mail that seems legit are sent out with a link to a document on a Microsoft Team. If the link is clicked the user is asked to login and if that button is clicked, they’re taken to a malicious page which convincingly impersonates the Microsoft Office login page in order to steal their credentials
      Another example include an email link that points to a YouTube page.  From there the users are redirected twice to finally land on another Microsoft Office login phishing site which convincingly impersonates the Microsoft Office login page.
      This is even more effective on mobile according to the articles. This is because the images take up most of the space and because domain links are more difficult to see and therefore identify.  These phishing attempts are however very convincing even on desktop, which makes it more likely that someone will get caught in the phishers net.
      As Microsoft Teams are integrated with Office 365 single sign on it means that if compromised the phisher will have access to other, possibly much more damaging, areas.  This is not the only issues facing office 365 users however and Sway got a bit of heat earlier this week as well.
      Microsoft is not being idle however and this week they patched a nasty subdomain takeover vulnerability in Teams that could have allowed an inside attacker to weaponize a single GIF image and use it to pilfer data from targeted systems and take over all of an organization’s Teams accounts.
      As always, be careful with email links and make sure you vet the urls carefully before submitting any user information online.

      Chrome will start blocking TLS - TLS 1.0 and TLS 1.1 will be blocked as unsecure

      Last year the team behind Chromium announced that support for the transport protocols 1.0 and 1.1 would no longer be supported in a future update. Since January this year unsecured sites have seen warnings and now in March all sites secured using the 1.0 and 1.1 versions of TLS will see a full page interstitial warning.
      The fact that TLS (Transport Layer Security) 1.0 and 1.1 are insecure has been known for a while and it makes sense to remove support for them. Despite that TLS 1.2 was released 10 years ago there are still around 0.5% of all sites still using the now 20 year old 1.0 and 1.1 protocols. I assume this might be more troublesome than it sounds as I still see people using the old transport protocols in their infrastructure in a way that makes it almost impossible to upgrade.
      If you have a commercial website of any kind, then having Chrome block your site because the server uses an old transport protocol will be bad. Very bad. Your visitors will most likely leave and your Trust values will plummet. So make sure you have checked this before the last step is taken by Chromium. If your site have issues then you should see a SSL warning if you use Chrome 79 or higher.
      Source: https://blog.chromium.org/2019/10/chrome-ui-for-deprecating-legacy-tls.html
  • Create New...