Nov 13

Threat Intelligence: WordPress Zero-day

A zero-day vulnerability has been discovered affecting WP GDPR Compliance. WP GDPR Compliance is a WordPress plugin that aids website owners become GDPR compliant. The plugin is one of the more popular GDRP plugins available with over 100,000 active installations.

First seen roughly three weeks ago, the vulnerability used to gain access to WordPress sites and install backdoors. The plugin was removed earlier last week, however it was reinstated on November 7th after the release of version 1.4.3, which contained a patch for the vulnerability.

Attackers are actively exploiting the vulnerability for anyone running version 1.4.2 and older. According to researchers, “attackers are targeting a WP GDPR Compliance bug that allows them to make a call to one of the plugin's internal functions and change settings for both the plugin, but also for the entire WordPress CMS.” At the time of writing this article, there are two techniques using the vulnerability.

In the first, the attacker uses the vulnerability to open the website’s registration system and will reset the default role for new accounts to administrator. The attacker will then create a new account that has usually been seen as “t2trollherten” and set back default user role for new accounts to subscriber. Public registration is then disabled and the attacker logs into their new account to install a backdoor on the site titled “wp-cache.php.” The backdoor contains a file manager, PHP eval() runner, and a terminal emulator.

The second technique is quieter and involves using the GDPR compliance vulnerability. It’s used to add a new task to WP-Cron, which is the built-in task scheduler. The attacker will download and install the plugin, which is later used to upload another backdoor on the site. This backdoor is also named wp-cahe.php, but is different than the previous one. Even though the second scenario is supposed to be quieter, it actually caused the zero-day to be discovered. This is because on some sites, the attacker’s exploitation routine failed to delete the plugin and site owners saw that a new plugin appeared.

read more →
Nov 09

Threat Intelligence: Cisco Mistakenly Adds Dirty Cow Exploit Code to its Own Software

 

During a security brief on Wednesday, read more →
Oct 15

Binary Defense and Ingram Micro Announce Strategic Distribution Relationship

Binary Defense™—a leader in Managed Endpoint Detection and Response (EDR) now with built-in Endpoint Platform Protection (EPP)—today announced it has entered into a distribution relationship with Ingram Micro Inc., a global force in technology solutions, mobility, cloud, and supply chain services. The relationship will add significant value to customers by more easily addressing specific regional markets around the world.

read more →
Oct 06

Why We Love DerbyCon

There's a lot to recommend about DerbyCon, the homegrown computer security conference based in Louisville, Kentucky. The buzz in the air during and leading up to the conference is palatable and unlike any other InfoSec conference you may have attended.

read more →
Sep 28

Binary Defense Launches Security Executive Network (S.E.N.) Program

Our newly formed Security Executive Network (S.E.N.)is a traveling event to connect with security leaders everywhere to share insights and best practices. 

read more →
Aug 23

Vision EDR Platform Disrupts Another Phishing Attack, Sorry Bad Guys

Binary Defense Vision EDR can easily detect macro malware leveraging Windows PowerShell and, in this case, helped a customer defend against the Emotet downloader Trojan.

read more →
Aug 22

Announcing Vision 4.0 Platform – Managed EDR Combined with EPP

Introducing Vision 4.0 Platform Managed Endpoint Detection and Response (EDR) with built-in Endpoint Platform Protection (EPP) by Binary Defense.

read more →
Aug 03

Social Engineering Attacks and Mitigations Part VII: Whaling

Phishing is the most common type of social engineering attack that has targeted companies for years. Phishing attacks get sent out to a mass amount of people, however, company executives may get hit with something more specifically targeting them—a special type of phishing called whaling.

read more →
Jul 30

PowerGhost Fileless Cryptocurrency Miner is Actively Targeting Corporate Networks

A fileless cryptocurrency miner dubbed PowerGhost is compromising workstations and servers by utilizing the EternalBlue exploit and Mimikatz. The threat compromises a single computer on a targeted network and may spread to other systems and servers across an organization. The PowerGhost threat was first seen compromising organizations in India, Columbia, Turkey, Europe, and the US.

read more →
Jul 27

Social Engineering Attacks and Mitigations Part VI: Vishing

A type of social engineering attack that is closely related to phishing is vishing. Vishing is the act of phishing over the telephone and has gained popularity recently.

read more →