Threat Alert: WordPress Cross-Site Scripting

 
Overview   The WordPress content management system used by millions of websites is vulnerable to two newly discovered threats that allow attackers to take full control of the Web server. The attack code targets one of the latest versions of WordPress, making it a zero-day exploit that could set off a series of site hijackings throughout the Internet.   Both vulnerabilities are known as stored, or persistent, cross-site scripting (XSS) bugs. They allow an attacker to inject code into the HTML content received by the administrators who maintain the website. Both attacks embed malicious code into the comments section that appears at the bottom of a WordPress blog or ...

Stopping the Next Massive Cyberattack

 
Cybercriminals are quite pleased with themselves. Their recent handiwork has resulted in breaking news headlines, cover stories of major newspapers and banners flashing with details of the latest data breach. Unfortunately, the headlines displaying their successes leave their victims in a compromised, and often fiscal, mess. These cyber masterminds have become unpredictable in their methods and there is no telling who their next target is. Over the past few years, both large and small organizations, as well as, individuals have suffered drastic repercussions from data breaches. Witnessing these horrible losses has driven many organizations to implement new, stronger security measures to ...

Analyzing the Magento Vulnerability (Updated)

 
Check Point researchers recently discovered a critical RCE (remote code execution) vulnerability in the Magento web e-commerce platform that can lead to the complete compromise of any Magento-based store, including credit card information as well as other financial and personal data, affecting nearly two hundred thousand online shops.   Check Point privately disclosed the vulnerabilities together with a list of suggested fixes to eBay prior to public disclosure. A patch to address the flaws was released on February 9, 2015 (SUPEE-5344 available here). Store owners and administrators are urged to apply the patch immediately if they haven’t done so already. For a visual ...

Check Point Threat Alert – Simda

 
Overview   The Simda botnet is a network of computers infected with self-propagating malware which has compromised more than 770,000 computers worldwide.   Since 2009, cyber criminals have been targeting computers with unpatched software and compromising them with Simda malware. This malware may re-route a user’s Internet traffic to websites under criminal control or can be used to install additional malware.   The malicious actors control the network of compromised systems through backdoors, giving them remote access to carry out additional attacks or to "sell" control of the botnet to other criminals. The backdoors also morph their presence every few ...

Protecting Beyond the Point of Sale

 
The sad reality is that retail breaches are becoming too common. With over a billion credit cards in circulation in the US and over 7 billion worldwide, credit card data has become a prime target for cybercriminals. An alarming number of data and network security breaches happen each year in the payment card and retail industries, causing sensitive customer information to land in the wrong hands. Fraud in the retail sector has been growing quickly and cybercriminals have been targeting point of sale (PoS) terminals and hacking networks of retailers to steal millions of identity and credit card records.  The fact is, roughly one in three Americans will experience a PoS malware ...

Check Point Threat Alert: AAEH/Beebone

 
Overview   AAEH, also known as BeeBone, is a family of polymorphic downloaders created with the primary purpose of downloading other malware, including password stealers, rootkits, fake antivirus, and ransomware. AAEH is often propagated across networks, removable drives (USB/CD/DVD), and through ZIP and RAR archive files. Other aliases include VObfus, VBObfus, and Changeup. The polymorphic malware has the ability to change its form with every infection. Once installed, it morphs every few hours and rapidly spreads across the network. More than two million unique samples have been detected. AAEH/Beebone has been used to download other malware families, such as Zeus, ...

Mobile Security Market Grows, iOS Patched (AGAIN!), Encryption Has Hole – Mobile Security Weekly

 
Mobile Security Market Growing Rapidly Through 2019 A new report on the global mobile security market projects a 30.7% CAGR through 2019, to reach a market value of $5.75 billion (from around $1.5 billion in 2014). The growing demand for smartphones and other mobile devices, the ongoing integration of mobile devices into the workplace, and the need for mobile security strategies and solutions that will also cover cloud service requirements will drive market growth. The report predicts Asia-Pacific to experience the biggest growth over the forecast period, particularly in the mobile data protection and mobile application management segments. ...

The Curious Incident of the Phish in the Night-Time: a Forensic Case Study

 
Names have been changed to protect the privacy of the individuals involved.   On the morning of February 26, 2015, Laurie logged on to her Google account at work and discovered that overnight, someone had used her account as a stepping stone for a total, indiscriminate phishing campaign.   Laurie is the chief administrative assistant of a small venture capital firm. Every new employee, every new customer, every form and every invoice go through her. On that Thursday morning, instead of the usual paperwork, she was greeted with a barrage of replies sent by confused correspondents: “Is this really from you?”, “Should I open this?”, “What is ...

Segmentation is Great in Theory, but Who Has the Time?

 
Security is one of those, “pay a little now, or pay a lot later” concepts. Your data, your customer information, your intellectual property, your trade secrets, these are the lifeblood of your company. One bad hack could distract your team for months, set your product position back years or worse, put you out of business altogether. You need to protect your assets. In 2014 alone, we were overwhelmed with headlines as network breaches affected stores like Home Depot and Target, but what you might have missed is that they also hit Dairy Queen, Acme Grocery, Sally Beauty Supply, PF Chang’s, Michaels Craft Stores, Goodwill, Jimmy John’s, Neiman Marcus, and JP Morgan Chase – all in ...