Monthly Archives: April 2015

US-CERT

Microsoft Releases April 2015 Security Bulletin

Original release date: April 14, 2015

Microsoft has released eleven updates to address vulnerabilities in Microsoft Windows. Some of these vulnerabilities could allow elevation of privilege, denial of service, remote code execution, information disclosure, or security feature bypass.

US-CERT encourages users and administrators to review Microsoft Security Bulletins MS15-032 – MS15-042 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Security

DigiCert Offers Continuous Monitoring of Digital Certificates to Defeat Fraud

It’s an interesting time for certificate authorities. On the one hand, interest has never been higher in Web encryption, privacy and transport security, thanks to Edward Snowden. But on the other hand, the last few years has seen a steady stream of compromises of CAs, mis-issued certificates and other problems. CAs hold the security and […]

NVD

CVE-2014-9145 (fiyo_cms)

Multiple SQL injection vulnerabilities in Fiyo CMS 2.0.1.8 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an edit action to dapur/index.php; (2) cat, (3) user, or (4) level parameter to dapur/apps/app_article/controller/article_list.php; or (5) email parameter in an email action or (6) username parameter in a user action to dapur/apps/app_user/controller/check_user.php.

NVD

CVE-2014-9146 (fiyo_cms)

Multiple cross-site scripting (XSS) vulnerabilities in Fiyo CMS 2.0.1.8 allow remote attackers to inject arbitrary web script or HTML via the (1) view, (2) id, (3) page, or (4) app parameter to the default URI or the (5) act parameter to dapur/index.php.

NVD

CVE-2014-9311 (shareaholic)

Cross-site scripting (XSS) vulnerability in admin.php in the Shareaholic plugin before 7.6.1.0 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the location[id] parameter in a shareaholic_add_location action to wp-admin/admin-ajax.php.

NVD

CVE-2015-2223 (traps)

Multiple cross-site scripting (XSS) vulnerabilities in Palo Alto Networks Traps (formerly Cyvera Endpoint Protection) 3.1.2.1546 allow remote attackers to inject arbitrary web script or HTML via the (1) Arguments, (2) FileName, or (3) URL parameter in a SOAP request.

NVD

CVE-2015-2926 (phptraffica)

Cross-site scripting (XSS) vulnerability in Php/stats/statsRecent.inc.php in phpTrafficA 2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the HTTP User-Agent header to index.php.

Panda Security

The Pirate Bay has grown clones loaded with malware. Beware!

A few weeks ago, a court in Madrid issued a statement to block access to the home page of ‘The Pirate Bay’ and all associated domains. The court based on the premise of the Spanish “Ley Sinde” to provide torrent downloads stopping in Spain, as it has in 13 other countries.

the pirate bay

So much for the theory; but the practice is a bit different. Although the judges established a 48 hour limit for all operators to veto these webs to its users, some have still to execute the warrant.

But the issue won’t be solved when they proceed. For years, members of ‘The Pirate Bay‘ have ensured its continuity through mirror pages, exact copies of the original site.

Any one of them gives you access to a server where you can find a copy of the torrents available for downloading movies, music and other files. So, you can keep downloading through The Pirate Bay just using alternative paths.

At the beginning there were a few dozen of these clones, but now this number is exorbitant. IsoHunt, another platform for sharing documents, is the one to blame. After the end of last year, when the Swedish police arrested some members of The Pirate Bay and led to the system crashing, the responsibles of this other web sympathized with them.

pirate flag

The result of their effort to keep up the torrent (pirate) flagship is the project called: The Open Bay, a fully editable open source version of the original site. Using this template, anyone with a basic knowledge of web design and programming can develop a site that indexes the contents of The Pirate Bay, IsoHunt and KickAss Torrents.

Now that ‘The Pirate Bay’ is operational again and banned in most countries, some people use the tool The Open Bay with even less lawful purposes than just sharing files without respecting a license. Cybercriminals insert parts of the content of an alleged mirror page (via iframe) on other websites that use the WordPress content management system.

the pirate bay code

So far it seems that there is no bigger problem, if it wasn’t because the address (which we are not going to tell you for your own safety) doesn’t lead to download site. When someone clicks on the link, a malware infects their computer and records the owner’s information, as bank details or passwords, sending them later to the criminals.

Why WordPress? This tool is not insecure on its own; cybercriminals based their attack on the outdated versions of some plugins, which have vulnerabilities, allowing the criminals insert the iframe with the malicious link.

The number of infected sites is still unknown, but the only way to avoid this code straining in our software is to keep WordPress and all its plugins up-to-date. Internet users that want to keep enjoying The Pirate Bay’s services, do it at their own risk.  We just advise them to be cautious and vigilant.

The post The Pirate Bay has grown clones loaded with malware. Beware! appeared first on MediaCenter Panda Security.