Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
  • Similar Content

    • By ©Jimi Wikman
      A critical bug in the popular Wordpress plugin wpDiscuz allow users to upload and execute code remotely. This is because of a bug in the file mime type detection that allowed any file type to be uploaded. This open up the server to remote code execution (RCE) that could result in the entire server being compromised. 
      The vulnerability was reported to wpDiscuz's developers by Wordfence's Threat Intelligence team on June 19 and was fully patched with the release of version 7.0.5 on July 23. Since then 25.000 users have downloaded this update, leaving at least 45.000 sites still vulnerable from this bug.
      According to Wordfence threat analyst Chloe Chamberland, the security flaw is rated as critical severity with a CVSS base score of 10/10.
      Disclosure Timeline
      June 18, 2020 – Initial discovery of vulnerability. We verify the Wordfence firewall provides protection against exploit attempts and we make our initial contact attempt with the plugin’s team.
      June 19, 2020 – Plugin team confirms inbox for handling disclosure. We send full disclosure details.
      June 20, 2020 – The plugin’s team let us know that a patch will be released in version 7.0.4.
      July 6, 2020 – Follow-up as no patch has been released.
      July 10, 2020 – They respond to let us know a patch is coming in 1-2 days.
      July 13, 2020 – Follow-up as no patch has been released.
      July 15, 2020 – They respond saying a patch will be released by the end of week.
      July 20, 2020 – A patch has been released. We check the patch and see that vulnerability is still exploitable and inform them.
      July 23, 2020 – A sufficient patch has been released in version 7.0.5
       
      If you are using wpDiscuz you should upgrade emediately to avoid having your server compromised.
    • By ©Jimi Wikman
      On January 14, 2020, Microsoft released software fixes to address 49 vulnerabilities as part of their monthly Patch Tuesday announcement. Among the vulnerabilities patched were critical weaknesses in Windows CryptoAPI, Windows Remote Desktop Gateway (RD Gateway), and Windows Remote Desktop Client. An attacker could remotely exploit these vulnerabilities to decrypt, modify, or inject data on user connections:
      The updates fixes a serious flaw in the core cryptographic component of widely used Windows 10, Server 2016 and 2019 editions that was discovered and reported to the company by the National Security Agency (NSA) of the United States
      The flaw, dubbed 'NSACrypt' and tracked as CVE-2020-0601, resides in the Crypt32.dll module that contains various 'Certificate and Cryptographic Messaging functions' used by the Windows Crypto API for handling encryption and decryption of data.
      A cyber attacker could exploit CVE-2020-0601 to obtain sensitive information, such as financial information, or run malware on a targeted system; for example:
      A maliciously crafted certificate could appear to be issued for a hostname that did not authorize it, preventing a browser that relies on Windows CryptoAPI from validating its authenticity and issuing warnings. If the certificate impersonates a user’s bank website, their financial information could be exposed. Signed malware can bypass protections (e.g., antivirus) that only run applications with valid signatures. Malicious files, emails, and executables can appear legitimate to unpatched users.  
       
       
       
      Besides Windows CryptoAPI spoofing vulnerability that has been rated 'important' in severity, Microsoft has also patched 48 other vulnerabilities, 8 of which are critical and rest all 40 are important.
      It is strongly suggested that you patch this as soon as possible by heading on to your Windows Settings → Update & Security → Windows Update → clicking 'Check for updates on your PC.
    • By ©Jimi Wikman
      Time to update if you have not already.
×
×
  • Create New...