October 2017 Summaries
8 posts from Detectify
Filter
Month:
Year:
Post Summaries
Back to Blog
Detectify has introduced 21 new security modules designed to identify vulnerabilities in websites, including several specific to WordPress and the ROCA vulnerability associated with RSA key generation. The highlighted vulnerability, CVE-2017-15361, stems from Infineon Technologies AG's software library used in cryptography hardware, potentially affecting HTTPS certificate holders if their keys were generated with this hardware. If a site is found vulnerable to ROCA, it's advised to contact the certificate issuer to revoke and replace the affected certificates to prevent misuse by attackers. Users can test their keys independently using third-party services like keychest.net and keytester.cryptosense.com. The update also covers various WordPress vulnerabilities, including authenticated XSS, SQL injection, and CSRF, underscoring the importance of regular security checks to mitigate potential risks.
Oct 19, 2017
384 words in the original blog post.
September marked a highly productive month for Detectify Crowdsource, with over 1200 hits generated by submissions, making it the second-best month in terms of activity. The platform saw significant contributions, particularly in identifying new vulnerabilities affecting WordPress, including both core and plugins, with many submissions coming from 17-year-old UK-based security researcher Yasin Soliman, who was named Hacker of the Month after submitting over 25 valid modules. The platform introduced a new "fixed bounty" system to incentivize high-quality submissions, even if they do not generate many hits, based on feedback from a survey sent to community members. Additionally, an open redirect affecting the latest version of WordPress was identified as the top finding of the month. The blog also featured a guest post by Peter Jaric, discussing potential security risks associated with Selenium Grid.
Oct 17, 2017
327 words in the original blog post.
A security flaw in the WPA2 protocol, used to secure modern Wi-Fi networks, was disclosed by Belgian researchers on October 16, 2017, exposing millions of devices to potential eavesdropping and attacks. This vulnerability stems from a combination of weaknesses in the WPA2 specification and its implementation, allowing attackers to intercept and potentially inject data into wireless network traffic across various operating systems, including Linux, Windows, iOS, Android, and BSD. The flaw facilitates three types of attacks: compromising broadcast messages, targeting client devices, and exploiting access points, with the latter two enabling attackers to listen to and manipulate data traffic. Users are advised to protect themselves by installing security patches, using wired connections when possible, disabling certain features like 802.11r, and employing application-level security such as HTTPS and VPNs. The attack requires proximity to the targeted Wi-Fi network, and while mobile devices are particularly at risk due to their automatic connection to different networks, companies should ensure devices are patched or have Wi-Fi disabled until a fix is applied.
Oct 16, 2017
647 words in the original blog post.
Ethical hackers Linus Särud and Fredrik Almroth provide insights into Magento security, guiding website owners on how to protect their sites from potential attacks. The seminar, featuring a step-by-step explanation of how hackers analyze e-commerce pages, is aimed at enhancing understanding of common security issues and effective countermeasures. Almroth, known for his hacking expertise and notable achievements such as breaching Google production servers, and Särud, who began his IT security career at 13 and has identified significant vulnerabilities in Google’s systems, share their experiences to help Magento site owners keep pace with black-hat hackers.
Oct 11, 2017
230 words in the original blog post.
A study of 30,000 Magento stores revealed that many remain vulnerable to three publicly available security flaws, despite patches being available for over a year. These vulnerabilities include the exposure of sensitive configuration files, an unprotected API for order history, and an easily accessible admin panel, with the study finding that 500 stores had publicly accessible configuration files, 1,500 vulnerable order history APIs, and 7,000 with exposed admin panels. Additionally, over half of the stores lacked default HTTPS, posing a significant risk to customer data. The findings highlight the importance of regular updates and adherence to security best practices for Magento and other content management systems, as many vulnerabilities persist due to ignored security warnings and a lack of auto-update features. The research underscores the need for proactive measures like enabling auto-updates or using security services to prevent data breaches.
Oct 10, 2017
996 words in the original blog post.
Magento, a popular e-commerce platform handling over $100 billion annually, is increasingly targeted by hackers due to its widespread use and the sensitive payment information it processes. A study of the world's largest Magento stores revealed that 23% are making significant security mistakes, such as not using HTTPS by default and exposing admin panels, which leaves them vulnerable to attacks. Experts from agencies like Divante and Vaimo emphasize the importance of keeping platforms updated, securing admin panels, and being cautious with third-party applications, which are often not security-tested. As consumers grow more aware of online security risks, it's vital for retailers to maintain trust by implementing robust security measures. This includes educating internal teams on security practices and adopting a proactive, long-term strategy that aligns with regulations like GDPR, as security is an ongoing challenge requiring continuous monitoring and improvement.
Oct 10, 2017
1,258 words in the original blog post.
Detectify's latest update includes new checks for multiple WordPress plugin vulnerabilities and two Magento security tests. The additions cover a range of WordPress issues, such as authenticated open redirects, SQL injection, authentication bypass, cross-site scripting (XSS), and cross-site request forgery (CSRF) vulnerabilities across various plugins like gallery-album, theme-my-login, simple-membership, my-wp-translate, duplicate-page, my-tickets, wp-members, megamenu, and caldera-forms. Additionally, the update introduces Magento security checks for SUPEE-6285 (APPSEC-996) related to orders disclosure and SUPEE-5994 (APPSEC-977) concerning admin path disclosure.
Oct 04, 2017
81 words in the original blog post.
Yasin Soliman, a UK-based bug bounty hunter and prominent member of the Detectify Crowdsource community, has been passionate about IT security from a young age, diving into security research and bug bounty programs around late 2015. Initially struggling to secure his first submission, Soliman persisted and eventually developed expertise in different vulnerability classes, which led to his successful participation in platforms like HackerOne and Bugcrowd. His first reported bug involved discovering unauthorized access points in a HackerOne public program, which was swiftly addressed. Soliman credits the supportive bug bounty community for motivating his research and skill development, and he frequently follows prominent researchers like Frans Rosén and Masato Kinugawa for inspiration. With a preference for the innovative model of Crowdsource, Soliman emphasizes the platform’s ability to turn vulnerabilities into scanner modules and reward researchers based on the severity of detected bugs, providing both a competitive and collaborative environment for security experts.
Oct 03, 2017
714 words in the original blog post.