WordPress malware causes Psuedo-Darkleech Infection
FYI...
WordPress malware causes Psuedo-Darkleech Infection
- http://blog.sucuri.net/2015/03/pseud...infection.html
March 26, 2015 - "Darkleech* is a nasty malware infection that infects web servers at the root level. It uses malicious Apache modules to add hidden iFrames to certain responses. It’s difficult to detect because the malware is only active when both server and site admins are -not- logged in, and the iFrame is only injected once-a-day (or once a week in some versions) per IP address. This means that the infection symptoms are not easy to reproduce. Since it’s a server-level infection, even the most thorough website-level scans won’t reveal anything. And even when the culprit is identified, website owners may not be able to resolve the issue without help of a server administrator. Despite the detection difficulties, it was quite easy to tell that the server was infected with Darkleech when we saw the malicious code — it has followed the same recognizable pattern since 2012:
- Declaration of a CSS class with a random name and random negative absolute position
- A div of that class
- A malicious iFrame with random dimensions inside that div ..."
(More detail at the sucuri URL above.)
* http://blog.sucuri.net/2014/02/darkl...tatistics.html
> https://wordpress.org/plugins/sucuri-scanner/
WordPress Security plugin - Version 1.7.8
Last Updated: 2015-3-29
Active Installs: 100,000+
___
Current WordPress version 4.1.1
- https://wordpress.org/news/2015/02/wordpress-4-1-1/
Feb 18, 2015
:fear::fear:
Thunderbird 31.6 released
FYI...
Thunderbird 31.6 released
- https://www.mozilla.org/en-US/thunde.../releasenotes/
March 31, 2015
- https://www.mozilla.org/en-US/securi...hunderbird31.6
Fixed in Thunderbird 31.6
2015-40 Same-origin bypass through anchor navigation
2015-37 CORS requests should not follow 30x redirections after preflight
2015-33 resource:// documents can load privileged pages
2015-31 Use-after-free when using the Fluendo MP3 GStreamer plugin
2015-30 Miscellaneous memory safety hazards (rv:37.0 / rv:31.6)
Automated Updates: https://support.mozilla.org/en-US/kb...ng-thunderbird
Manual check: Go to >Help >About Thunderbird
Download: https://www.mozilla.org/en-US/thunderbird/all.html
___
- http://www.securitytracker.com/id/1032000
CVE Reference: CVE-2015-0801, CVE-2015-0807, CVE-2015-0813, CVE-2015-0814, CVE-2015-0815, CVE-2015-0816
Apr 1 2015
Impact: Execution of arbitrary code via network, Modification of user information, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 31.6...
:fear:
Adblock Plus 2.6.9 for Firefox
FYI...
Adblock Plus 2.6.9 for Firefox released
- https://adblockplus.org/releases/adb...refox-released
2015-03-31 - "This is another quality and stability release:
• Slightly optimized performance, domain-specific filters will no longer affect overall performance (issue 2177).
• Added extensions.adblockplus.suppress_first_run_page preference to allow administrators disable the first-run page if Adblock Plus is installed globally (issue 206). Note that additional changes are required to make this preference usable.
• Fixed: $elemhide filter option doesn’t consider website signatures correctly (issue 2151)..."
In Firefox: >Tools >Addons >Check for updates
:fear:
Apple Security Update 2015-004, Safari 8.0.5-7.1.5-6.2.5, iOS 8.3, Apple TV 7.2...
FYI...
Security Update 2015-004 - OS X Yosemite v10.10.3
- https://support.apple.com/en-us/HT204659
Apr 8, 2015
> https://lists.apple.com/archives/sec.../msg00001.html
- http://www.securitytracker.com/id/1032048
CVE Reference: CVE-2015-1088, CVE-2015-1089, CVE-2015-1091, CVE-2015-1093, CVE-2015-1095, CVE-2015-1096, CVE-2015-1098, CVE-2015-1099, CVE-2015-1100, CVE-2015-1101, CVE-2015-1102, CVE-2015-1103, CVE-2015-1104, CVE-2015-1105, CVE-2015-1117, CVE-2015-1118, CVE-2015-1130, CVE-2015-1131, CVE-2015-1132, CVE-2015-1133, CVE-2015-1134, CVE-2015-1135, CVE-2015-1136, CVE-2015-1137, CVE-2015-1138, CVE-2015-1139, CVE-2015-1140, CVE-2015-1141, CVE-2015-1142, CVE-2015-1143, CVE-2015-1144, CVE-2015-1145, CVE-2015-1146, CVE-2015-1147, CVE-2015-1148
Apr 8 2015
Safari 8.0.5, 7.1.5, 6.2.5
- https://support.apple.com/en-us/HT204658
Apr 8, 2015 - "Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10.2..."
> https://lists.apple.com/archives/sec.../msg00000.html
- http://www.securitytracker.com/id/1032047
CVE Reference: CVE-2015-1112, CVE-2015-1119, CVE-2015-1120, CVE-2015-1121, CVE-2015-1122, CVE-2015-1124, CVE-2015-1126, CVE-2015-1127, CVE-2015-1128, CVE-2015-1129
Apr 8 2015
iOS 8.3
- https://support.apple.com/en-us/HT204661
Apr 8, 2015 - "Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later..."
> https://lists.apple.com/archives/sec.../msg00002.html
- http://www.securitytracker.com/id/1032050
CVE Reference: CVE-2015-1085, CVE-2015-1086, CVE-2015-1087, CVE-2015-1090, CVE-2015-1092, CVE-2015-1094, CVE-2015-1097, CVE-2015-1106, CVE-2015-1107, CVE-2015-1108, CVE-2015-1109, CVE-2015-1110, CVE-2015-1111, CVE-2015-1113, CVE-2015-1114, CVE-2015-1115, CVE-2015-1116, CVE-2015-1123, CVE-2015-1125
Apr 9 2015
Apple TV 7.2
- https://support.apple.com/en-us/HT204662
Apr 8, 2015
> https://lists.apple.com/archives/sec.../msg00003.html
Xcode 6.3
- https://support.apple.com/kb/HT204663
Apr 8, 2015 - "Available for: OS X Mavericks v10.9.4 or later..."
> https://lists.apple.com/archives/sec.../msg00004.html
- http://www.securitytracker.com/id/1032049
CVE Reference: CVE-2015-1149
Apr 9 2015
- https://support.apple.com/en-us/HT201222
___
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2015-1118
Last revised: 04/10/2015 - "... Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service (memory corruption and application crash) via a crafted configuration profile..."
> http://www.theregister.co.uk/2015/04...ttack_ios_fix/
10 Apr 2015
:fear::fear:
APPLE-SA-2015-04-21-1 OS X: Flash Player...
FYI...
APPLE-SA-2015-04-21-1 OS X: Flash Player plug-in blocked
- https://lists.apple.com/archives/sec.../msg00005.html
21 Apr 2015 - "Due to security issues in older versions, Apple has updated the web plug-in blocking mechanism to disable all versions prior to Flash Player 17.0.0.169 and 13.0.0.281.
Information on blocked web plug-ins will be posted to:
- http://support.apple.com/en-us/HT202681 "
:fear:
WordPress 4.2.1 - Security Release
FYI...
WordPress 4.2.1 - Security Release
- https://wordpress.org/news/
April 27, 2015 - "WordPress 4.2.1 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately... the WordPress team was made aware of a cross-site scripting vulnerability, which could enable commenters to compromise a site...
WordPress 4.2.1 has begun to roll out as an automatic background update, for sites that support those.
For more information, see the release notes* or consult the list of changes**..."
* https://codex.wordpress.org/Version_4.2.1
** https://core.trac.wordpress.org/log/...stop_rev=32300
Download
- https://wordpress.org/download/
___
- https://www.us-cert.gov/ncas/current...ecurity-Update
April 27, 2015
- http://arstechnica.com/security/2015...s-of-websites/
Apr 27, 2015
- http://blog.trendmicro.com/trendlabs...ons-available/
April 29, 2015 - "... We urge site administrators to upgrade their versions of WordPress to the latest version (4.2.1), which fixes these vulnerabilities. This can usually be easily done via the WordPress dashboard..."
:fear::fear:
WordPress 4.2.2 Security and Maintenance Release
FYI...
WordPress 4.2.2 Security and Maintenance Release
- https://wordpress.org/news/2015/05/wordpress-4-2-2/
May 7, 2015 - "WordPress 4.2.2 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately.
Version 4.2.2 addresses two security issues:
> The Genericons icon font package, which is used in a number of popular themes and plugins, contained an HTML file vulnerable to a cross-site scripting attack. All affected themes and plugins hosted on WordPress.org (including the Twenty Fifteen default theme) have been updated today by the WordPress security team to address this issue by removing this nonessential file. To help protect other Genericons usage, WordPress 4.2.2 proactively scans the wp-content directory for this HTML file and removes it...
> WordPress versions 4.2 and earlier are affected by a -critical- cross-site scripting vulnerability, which could enable anonymous users to compromise a site. WordPress 4.2.2 includes a comprehensive fix for this issue...
The release also includes hardening for a potential cross-site scripting vulnerability when using the visual editor... WordPress 4.2.2 also contains fixes for -13- bugs from 4.2...
Release notes:
- https://codex.wordpress.org/Version_4.2.2
Download:
- https://wordpress.org/download/
... or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.2.2.
___
- https://www.us-cert.gov/ncas/current...enance-Release
May 07, 2015
___
- http://www.theinquirer.net/inquirer/...-hackers-again
May 8 2015 - "... The two culprits are JetPack, a customisation and performance tool with one million active installations, and TwentyFifteen, a theme designed to enable infinite scrolling that is installed into new WordPress sites as a default. A Document Object Model (DOM)-based cross-site scripting (XSS) flaw has made the plugins vulnerable to hackers, and could affect millions of WordPress users. The attack payload is executed as a result of modifying the DOM environment in a victim's browser used by the original client side script, so that the client side code runs in an unexpected way. Security firm Securi* found that the flaw in the two plugins is the result of an insecure file included with genericons, which are vector icons embedded in a web font..."
* https://blog.sucuri.net/2015/05/jetp...#disqus_thread
May 6, 2015
:fear::fear: