Showing posts with label website hack. Show all posts
Showing posts with label website hack. Show all posts

Friday, February 22, 2013

NBC Website Safe to Visit Again, Said to Have Been Infected for 24hrs

NBC.com HomeNBC.com appears to be cleared of the malicious code performing drive-by-download attacks on unsuspecting visitors, but users should still make sure their antivirus programs are up-to-date and web filtering is enabled.

A NBC Universal spokeswoman told Reuters late Thursday that “a problem was identified and has been fixed,” but didn’t offer any details on what exactly happened.

The NBC spokeswoman did say that no NBC.com account information had been compromised, but could not confirm whether any users had been infected as a result of the hacking.

Although there have been reports that the site was compromised for only a few hours, antivirus firm ESET began receiving reports that the site had been infected as early as February 20th at 17:00 CET (8:00 AM PST).

There was a long period of inactivity until 12:00 PM CET on February 21st (3:00AM PST), which is when reports started flooding in. The cause of the gap is unclear, but it’s possible that the malicious iframe could have been pointing to a dead link.

The malicious iframes loaded compromised third-party websites housing the RedKit and Styx exploit kits, which would attempt to exploit Java and PDF vulnerabilities to drop a variety of malware.

ESET identified one of the dropped payloads as Win32/TrojanDownloader.Vespula.AY, a Trojan that downloads additional malware and another as Trojan.JS/Exploit.Agent.NCX. The Citadel banking Trojan & ZeroAccess were said to be some of the other pieces of malware dropped in the attack as well.

ESET users that attempted to visit NBC.com during the attack would be denied access by the antivirus to prevent infection. This block has since been lifted from the main NBC website since it has been cleaned up, but ESET warns that several other related sites may still be infected.

Keep Your PC Safe When Surfing the Web


As you can see, you don’t have to visit a “shady” website in order to have your PC infected with malware. Help keep your computer safe while surfing the web by:

  • Always running antivirus/anti-malware software and keep the virus definitions current. (And pay attention to blocked site warnings!)

  • Keeping your operating system and installed third-party software fully patched and up-to-date.

  • Removing or disabling Java browser plugins if they're not needed - Java vulnerabilities are often targeted in cyberattacks.

  • Exercising caution when clicking shortened or suspicious links and always do a little research before following them.

  • Not downloading or openings  files from unknown or untrusted websites (or emails, for that matter).


Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+
Posted by at No comments:
Labels: , , , , , , ,

Thursday, February 7, 2013

Is The PICA Photo Gallery Plugin for WordPress Leaving Your Website Vulnerable?

PhotosIt seems as though our post warning users about the old TimThumb vulnerability caught a lot of attention as we noticed an uptick in the number of site scans.

Now, this could simply mean that the scripts used to automatically scan for TimThumb files have a difficult time distinguishing a URL path mentioned in a blog from an actual file. However, there was one Russian-based IP that seemed to try harder than others to find a vulnerability to exploit, and one file path in particular happened to catch my eye:
/wp-content/plugins/pica-photo-gallery/picaPhotosResize.php

As you can see, the attacker was looking for a file by the name of picaPhotoResize.php, which is associated with the PICA Photo Gallery Plugin for WordPress. (Not installed)

It turns out that the PICA Photo Gallery Plugin for WordPress suffers from not one, but two vulnerabilities that can be exploited to disclose sensitive information or upload malicious files.

These security flaws were discovered back in June of 2012, and there’s no indication that they were ever fixed - a disappointment considering this is a $50 plugin!

From Secunia Advisory SA49467:
1)  Input passed to the "imgname" parameter in wp-content/plugins/pica-photo-gallery/picadownload.php is not properly verified before being used to download files. This can be exploited to disclose the contents of arbitrary files via directory traversal attacks.

2) An error due to the wp-content/plugins/pica-photo-gallery/picaPhotosResize.php script allowing the upload of files with arbitrary extensions to a folder inside the webroot can be exploited to execute arbitrary PHP code by uploading a malicious PHP script.

The above vulnerabilities were confirmed in PICA Photo Gallery version 1.0, but later versions may be affected. The latest version is 1.3 at the time of writing.

Solutions


To protect their site, PICA Photo Gallery users are advised to:

  • Edit the source code for picadownload.php to ensure that input is properly verified.

  • Restrict access to the wp-content/plugins/pica-photo-gallery/picaPhotosResize.php script (e.g. via .htaccess).


Or just remove the plugin altogether.

I’ve reached out to the developers of this plugin to find out if these vulnerabilities were ever addressed, and when users can expect a patch if not. I’ll update this post when I hear back. Until then, watch out for hack attempts!

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+
Posted by at No comments:
Labels: , , , , ,

Tuesday, November 27, 2012

Piwik.org Hacked to Serve Trojanized Version of Piwik Software

PiwikAn unknown attacker hacked the Piwik.org website on Monday morning and added a piece of malicious code into the Piwik 1.9.2 Zip file that will reportedly open a backdoor on systems it is installed on.

The Trojanized file remained available for public download for roughly eight hours until the breach was discovered and the file replaced with a clean copy by the Piwik team.

Piwik stated that their website runs on the popular WordPress platform and the hacker was able to gain partial access to the website server by exploiting a vulnerability within an unnamed WordPress plugin.

No personal or sensitive user data was said to be stolen in the breach, and the Piwik team is not aware of any security holes within the actual Piwik software.

Instructions on how to check if you downloaded an infected copy of Piwik along with the necessary steps to remove the malicious code can be found on the Piwik blog.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+
Posted by at No comments:
Labels: , , , , , ,
Subscribe to: Posts (Atom)