Weekly Cyber Security News

For well over a decade our focus at ionCube has been on PHP security but recently with the release of ionCube24 we have been looking into different kinds of vulnerabilities. This post has a few of the interesting issues we have found this week.

A selection of this week’s more interesting vulnerability disclosures and cybersecurity news.

Authorities

The search is on for next-gen experts

• UK gov’t launches hackathon for next-gen cybersecurity specialists (ZDNet)

General

A large breach, but not the biggest by far, still has a long reaching impact

• Amedisys notifies nearly 7,000 individuals of potential breach (SC Magazine)

Shows how easy it is for social engineering drop through the holes.

• GoDaddy accounts vulnerable to social engineering and Photoshop

Amazed at the sheer audacity of it!

• Jailed Brit con phishes prison, gets bail (The Register)

How long has this one been there?

• Simple trick to delete any YouTube flick (The Register)

You couldn’t make this stuff up. Really.

• The bizarre origin story of ransomware: A Pynchon-esque tangle of AIDS, floppy disks, and Panamanian PO Boxes

IC24

And another hit to this plugin

• WordPress Plugin Revslider update captions CSS file critical vulnerability

An urgent update to a WordPress plugin

• WordPress Reflex Gallery 3.1.3 Shell Upload

Infrastructure

Someone has spotted a flaw in ASLR kernel support for a key means to randomise pages for thwarting attacks

• AMD Bulldozer Linux ASLR weakness: Reducing entropy by 87.5% (Reddit)

After the debarcle of a demonstrated SSL hijack the lessons have not been learnt

• CAs Still Accepting E-mail as Proof of Domain Ownership

Even Ebay can miss the obvious

• Ebay snuffs malware upload bug (The Register)

An attack on British Airways has kicked up a fuss

• Frayed British Airways plays down MEGA HACK ATTACK on frequent flyer accounts (The Register) –

A lock which isn’t…

• Making Smart Locks Smarter (aka. Hacking the August Smart Lock) (Reddit) –

This one has far reaching implications, certainly on a local lan but any external leaks from badly configured routers could cause concern

• mDNS VU#550620 –  Multicast DNS implementations may respond to unicast queries that originate from sources outside of the local link network.

After the exposure of the weak SSL down grading some proof of concepts are now out

• Noose around Internets TLS system tightens with 2 new decryption attacks (ArsTechnica)

An issue in SELinux which could be a problem

• SE Linux Troubleshooting Tool Contains Bug That Allows Local Root Escalation (Reddit)

That’s good of them

• Verizon: FINE OK, you can now rid your life of our stalker supercookies (The Register)

PHP

A few issues for the popular Drupal platform

• Bugtraq: [ MDVSA-2015:181 ] drupal – [ MDVSA-2015:181 ] drupal

Many vunerbalityies dissclosed in this Wiki application

• Bugtraq: [ MDVSA-2015:185 ] dokuwiki – [ MDVSA-2015:185 ] dokuwiki

A well known web application has been disclosed as vulnerable

• CVE-2014-2027 – eGroupware before 1.8.006.20140217

One to watch with so many file uploads going on

• CVE-2015-2348 (php) – The move_uploaded_file implementation in ext/standard/basic_functions.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 truncates a pathname upon encountering a x00 character

A loop hole in this application

• CVE-2015-2786 – Unspecified vulnerability in MyBB (aka MyBulletinBoard) before 1.8.4 has unknown attack vectors related to _Group join request notifications sent to wrong group leaders._

The start of their nightmare

• GitHub battles largest DDoS in sites history, targeted at anti-censorship tools (ArsTechnica)

A follow-up summary to the disclosures from last week

• [ MDVSA-2015:079 ] php

One to check as its used in many places…

• [ MDVSA-2015:097 ] php-ZendFramework

A vulnerability in another well known application

• [ MDVSA-2015:186 ] phpmyadmin

User Space

A curious loop hole in Safari

• Safari FILE: scheme security hole (Reddit)

Web Server

If you have older versions of Node.js then be sure to check your risk

• [ MDVSA-2015:142 ] nodejs

WordPress

A pretty nasty issue been identified

• CVE-2015-2791 – The _menu sync_ function in the WPML plugin before 3.1.9 for WordPress allows remote attackers to delete arbitrary posts, pages, and menus via a crafted request to sitepress-multilingual-cms/menu/menus-sync.php.

With another one too

• CVE-2015-2792 – The WPML plugin before 3.1.9 for WordPress does not properly handle multiple actions in a request, which allows remote attackers to bypass nonce checks and perform arbitrary actions via a request containing an action POST parameter, an action GET parameter, and a valid nonce for the action GET parameter.

Here we are again with yet another serious fault not long after the last one

• WordPress Plugin – Revslider update captions CSS file critical vulnerability (Reddit)