From Security Weekly Wiki
Jump to navigationJump to search
762 bytes added ,  17:08, 7 May 2019
==Episode Audio==
<!-- <div align="center">
</div> -->
==Security News==
<center>{{#ev:youtube|TfQAFLsylGw}}</center>'''1) [ Google Paid Out $3.4 Million for Vulnerabilities Reported in 2018]''' - Google revealed that it paid out a total of $3.4 million for flaws reported in 2018 by researchers through its Vulnerability Reward Program (VRP). The $3.4 million was awarded for 1,319 reports submitted by 317 researchers from 78 countries. The largest single reward was $41,000 and $181,000 was donated to charity. Half of the awards, $1.7 million, were for flaws affecting Android and Chrome. In 2017, Google paid out a total of $2.9 million, roughly $2.2 million for Android and Chrome flaws.
'''2) [ Hackers Target WordPress Sites via WP Cost Estimation Plugin]''' - Malicious actors have been hacking WordPress websites by exploiting vulnerabilities in a fairly popular plugin called WP Cost Estimation & Payment Forms Builder. The plugin, developed by Loopus, allows WordPress website administrators to create cost calculators and payment forms. Malicious actors have been exploiting two vulnerabilities related to uploading and deleting files. The first flaw allows the upload of malicious PHP files with an apparently harmless extension. The second flaw allows attackers to delete arbitrary files. Both flaws were patched months ago, but since no security warning was issued, many users have not installed the updates and left their websites vulnerable to attacks.
'''3) [ Facebook paid $25,000 for CSRF exploit that leads to Account Takeover]''' - Facebook paid a $25,000 bounty for a critical cross-site request forgery (CSRF) vulnerability that could have been exploited to hijack accounts simply by tricking users into clicking on a link. The flaw resides in the endpoint. By adding the argument ?url=XXXX, a POST request, with the CSRF token fb_dtsg added the the request body, a hacker can bypass CSRF protections and trick them into clicking a malicious URL. The flaw was fixed by FaceBook on January 31, 2019 and the bounty was paid on February 12, 2019.
'''4) [ Mega-crackers back with nearly 100 million new stolen data records]''' - Last week we discussed that 620 million breached records from 16 sites were for sale on the dark web. But that was only phase 1. The hacker, whose identity isn’t known, released [ another 127 million records ] from 8 sites late last week and [ another 91 million records ] from another 8 sites over the weekend. To date, the hacker has revealed breaches at 30 companies, totaling about 841 million records. The common software in all 30 breaches is PostgreSQL, an open-source database project. PostgreSQL is "currently unaware of any patched or unpatched vulnerabilities” that could have caused the breaches.
'''5) [ Privilege Escalation Vulnerability Found in LG Device Manager]''' - A privilege escalation vulnerability that allows attackers to elevate permissions to SYSTEM has been found in the LG Device Manager application for its laptops. The security hole, tracked as CVE-2019-8372, allows an attacker who already has non-admin access to the targeted device to abuse the Device Manager app to escalate privileges to SYSTEM. The flaw is within the low-level hardware access (LHA) kernel-mode driver, which includes IOCTL dispatch functions that can be used to read and write to arbitrary physical memory. When it is loaded, the device created by the driver is accessible to non-administrative users which could allow them to leverage those functions to elevate privileges. The issue was reported to LG on November 18, 2018 and the patch was released on February 13, 2019.
'''6) [ PoC Exploit Code for recent container escape flaw in runc published online]''' - Last week we told you about the vulnerability, this week the exploit is available. The PoC exploit code for the container escape was published on GitHub, its execution requires root (uid 0) inside the container. The PoC code allows a malicious container to overwrite the host runc binary and gain root-level code execution on the host. This is why giving up root access to your containers is a horrible idea! Updates have been released or are being worked on across the container and cloud platform providers.
'''7) [ Kali Linux 2019.1 Released — Operating System For Hackers]''' - Great news for hackers and penetration testers. Offensive Security has just released Kali Linux 2019.1, the first 2019 version of its Swiss army knife for cybersecurity professionals. This new version comes with the latest version of Metasploit , which "includes database and automation APIs, new evasion capabilities, and usability improvements throughout," making it a more efficient platform for penetration testers.
<!-- <center>{{#ev:youtube|kcgvsi0Iqpk}}</center> -->


Navigation menu