Oh! Yeah, I made it this week!
This week security review is mostly about research in computer security.
It was fun reading and curating these links, and I know you'll have fun reading them.
Who does not use Linux? No one. You might be thinking: I use a Mac or I use a PC, well, I'll take it you go online every day (like right now) and do you know the operating system running the server software of your favorite website? There is 90% chance that it is Linux.
This is a solid reason for you to read this article. But to aid you, here is an excerpt from the article with the key take-away in bold:
Facefish goes through a multi-stage infection process, which commences with a command injection against CWP to retrieve a dropper ("sshins") from a remote server, which then releases a rootkit that ultimately takes charge of collecting and transmitting sensitive information back to the server, in addition to awaiting further instructions issued by the command-and-control (C2) server.
Yeah, I know, yet another research. You should forgive me, but I do love research and enjoy reading about it.
These attacks are dubbed "Evil Annotation and Sneaky Signature attacks". The name of the attacks should send shivers down your spine, if not, then I am sure the excerpt below will do the trick (key take-away in bold).
The Evil Annotation Attack (EAA works by modifying a certiﬁed document that's provisioned to insert annotations to include an annotation containing malicious code, which is then sent to the victim.
On the other hand, the idea behind the Sneaky Signature attack (SSA) is to manipulate the appearance by adding overlaying signature elements to a document that allows filling out form fields.
Pardon me, it's another research 😇.
It all revolves around Protected Folders.
Here is an excerpt to get you started (emphasis mine):
Shortcomings in malware mitigation software could not just permit unauthorized code to turn off their protection features, design flaws in Protected Folders solution provided by antivirus vendors could be abused by, say, ransomware to change the contents of files using an app that's provisioned write access to the folder and encrypt user data, or a wipeware to irrevocably destroy personal files of victims.
You read that right. If you (or anyone else) use WordPress, read this article or send it to them.
Which plugin is affected by the bug? Fancy Product Designer.
Excerpt from the article:
Attackers who successfully exploit the Fancy Product Designer bug can bypass built-in checks blocking malicious files uploading to deploy executable PHP files on sites where the plugin is installed.
This allows the threat actors to completely take over vulnerable sites following remote code execution attacks.
The title says it all, but still, you should read the article.
Here is an excerpt (emphasis mine):
A new set of critical vulnerabilities has been disclosed in the Realtek RTL8170C Wi-Fi module that an adversary could abuse to gain elevated privileges on a device and hijack wireless communications.
Successful exploitation would lead to complete control of the Wi-Fi module and potential root access on the OS (such as Linux or Android) of the embedded device that uses this module.
Sometimes you have to step in and do the job yourself, and that is exactly what WordPress did in this scenario.
It's security, you do not take it for granted.
Excerpt from the article:
The vulnerability was found in the Carousel feature and its option to display comments for each image, with nguyenhg_vcs being the one credited for responsibly disclosing the security bug.
It's a fun research into users password usage. Trust me, it's worthy of your time.
⚠️ Spoiler alert: People still use
123456 as their passwords.
Cover photo by Debby Hudson on Unsplash.
That's it for this week, I'll see you next Friday.