Posted by Adrián M . F . on May 27
# Title: SQLi vulnerabilities in WordPress plugin “GigPress”
# Author: Adrián M. F. – adrimf85[at]gmail[dot]com
# Date: 2015-05-25
# Vendor Homepage: https://wordpress.org/plugins/gigpress/
# Active installs: 20,000+
# Vulnerable version: 2.3.8
# Fixed version: 2.3.9
# CVE: CVE-2015-4066
Vulnerabilities (2)
=====================
(1) Authenticated SQLi [CWE-89]
——————————-
* CODE:
admin/handlers.php:87…
The reality is that ‘legitimate’ sites – such as those provided by hotels, airlines, schools, or any other ‘official’ organization – can be and very often are infected by various types of malicious software (AKA malware). The malware, once installed, enables cybercriminals to capture private information parked on or passing through the computer of the unsuspecting website visitor.
In addition to our own Avira Protection Lab findings, even Google reports that the vast majority of websites infected by malware are legitimate sites that have been hacked – often without the organization behind the site even being aware of it. This is why IT security firms like Avira frequently contact companies to let them know that their official websites have been compromised.
With legitimate sites a larger potential target, and people going to them doing so with false confidence in their level of safety, smart cybercriminals know that there is deception potential, even if an organization takes all necessary security measures to ensure that its website is secure. Sometimes the most-effective attacks are against the simplest of human errors – in this case, the typo, and thus mistyped URLs serve hackers as a simple enough distortion of a legitimate site.
This method taking advantage of misspelled URLs is known as ‘typosquatting’. Also called ‘fake URL’, ‘URL hijacking’, and ‘brandjacking’, the approach relies on the human tendency to make an error when typing a web address into a browser’s address bar, taking advantage of the most likely spelling variants (e.g. phonetic) and errors (e.g. letter transposition) to set a trap for the unsuspecting typist.
A hacker using the typosquatting technique with www.example.com would use variants such as www.example.org, www.exampel.com, www.ecsample.com, and so on. Once the person arrives on one of the incorrect sites, he/she has landed on an infected webpage (or gets redirected to one of several or many owned by a ‘cybersquatter’).
In some cases, the fake site will also look just like the original site – same messaging, same graphics, same logo. In a best-case scenario, the infected page contains only advertisements, but some of these can act as malware by opening one after another even if you try to exit the page – a technique known as ‘mousetrapping’.
Almost without exception, the motive is profit. In the case of ad-infected pages, hackers earn money by redirecting traffic to the ads, plus more when those ads are clicked (which is bound to happen, based on sheer numbers driven to them). In the case of malware-infected pages, hackers earn money by stealing private data that enables them access to bank accounts.
Avira security software blocks malware and adware from installing on the potential victim’s PC, therefore preventing the theft of the Avira customer’s private data. While Avira Free Antivirus provides baseline protection (a level that everyone, without exception, should have as a bare minimum), Avira premium versions offer additional security layers and maintenance utilities to also keep your PC running like new.
The post Typosquatting tries to make a victim of everyone appeared first on Avira Blog.
[SECURITY] [DSA 3273-1] tiff security update
Red Hat Enterprise Linux: The JBoss Fuse 6.1, JBoss A-MQ 6.1 Rollup 2 and 6.1 R2 P2 release for Openshift
26th May, 2015
A security issue affects these releases of Ubuntu and its
derivatives:
OpenLDAP could be made to crash if it received specially crafted network
traffic.
It was discovered that OpenLDAP incorrectly handled certain search queries
that returned empty attributes. A remote attacker could use this issue to
cause OpenLDAP to assert, resulting in a denial of service. This issue only
affected Ubuntu 12.04 LTS. (CVE-2012-1164)
Michael Vishchers discovered that OpenLDAP improperly counted references
when the rwm overlay was used. A remote attacker could use this issue to
cause OpenLDAP to crash, resulting in a denial of service. (CVE-2013-4449)
It was discovered that OpenLDAP incorrectly handled certain empty attribute
lists in search requests. A remote attacker could use this issue to cause
OpenLDAP to crash, resulting in a denial of service. (CVE-2015-1545)
The problem can be corrected by updating your system to the following
package version:
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.
PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
The IRS has admitted that for more than two months malicious hackers targeted its systems, and managed to gain access to information about more than 100,000 tax payers.
The post IRS hacker attack puts US tax payers at risk appeared first on We Live Security.
