PSA: December Zero Day’s Announced – MySQL, FreeSSH, Free FTPD

So it looks like we’re closing out the year in style in 2012. This weekend a number of new, very serious, zero-day vulnerabilities were released for a number of very popular applications – MySQL, FreeSSH, Free FTPD.

MySQL

FTPD

>FreeSSHD

Of the three, the most concerning is obviously MySQL. If you listen to any of our security presentations you know that your application is but one piece of the puzzle, and you environment is a critical component of that puzzle too.

MySQL is integral to any LAMP based application – LAMP = Linux, Apache, MySQL, PHP – this includes many open source content management systems (CMS) like WordPress, Joomla, Drupal, Magento, osCommerce and many more. This is exceptionally dangerous to those environments in which MySQL is being published (i.e., not bound to itself or it’s port open) to the world and applies to VPS and Shared environments alike.

Dreamhost Clients – Possible 500 Errors During Database Migration

This morning Dreamhost released an email to a number of clients notifying them that a database was being moved to a new server. If you’re one of our clients and you receive Website Disabled warnings its likely being generated from this temporary outage.

Please allow the the scanner to run again, once the database server is back up it should update the scanner on the next run.

Here is the message from Dreamshost:

Read More

WordPress Update – 3.3.3 and 3.4.1 Patches Released!!

Well it was only a few weeks ago, but today, two new patches were released: 3.3.3 and 3.4.1.

The good news is, as they are patches, the updates should be fairly straight forward and should not cause much, if any, issues. It is important to note though that this is a Maintenance and Security release. On their official post they highlight the following items:

  • Fixes an issue where a theme’s page templates were sometimes not detected.
  • Addresses problems with some category permalink structures.
  • Better handling for plugins or themes loading JavaScript incorrectly.
  • Adds early support for uploading images on iOS 6 devices.
  • Allows for a technique commonly used by plugins to detect a network-wide activation.
  • Better compatibility with servers running certain versions of PHP (5.2.4, 5.4) or with uncommon setups (safe mode, open_basedir), which had caused warnings or in some cases prevented emails from being sent.


Read More

Google Safe Browsing Program 5 Years Old – Been Blacklisted Lately?

Today Google released a nice post: Safe Browsing – Protecting Web Users for 5 Years and Counting. In it they provide a good summary of what they have been up to the past 5 years with their Safe Browsing program.

Here are some interesting data points:

  • 600 million users are protected
  • 9,500 new malicious websites are found every day
  • 12 – 14 million Google Search queries show malicious warnings
  • Provide warnings to about 300,000 downloads per day
  • Send thousands of notifications daily to webmasters
  • Sent thousands of notifications daily to Internet Service Providers (ISPs)


Read More

Official WordPress Plugin Directory – Forcing Plugin Updates

For some while we have wondered what happens when a plugin is removed from the official WordPress plugin directory for security reasons. Historically, we haven’t seen much of anything happen – no notification to users, no official blog post, nothing beyond the plugin disappearing from the repo. Sometimes when it did disappear, my understanding is updates were forced – certainly for the major vulnerabilities.

In an interesting move, it looks like some experimental changes have been made to help ensure users quickly learn there is a security problem.

Read More

New WooThemes Vulnerability Patched – Update Framework Now!

Yesterday a vulnerability on the WooThemes Framework was disclosed by Jason Gill on githumb:gist. The vulnerability allows a visitor to see and run the output of any shortcode configured on the WordPress site.

At this time this does not appear to be linked to the DDoS they experienced this week.

We are currently assessing the severity of this vulnerability in our labs. If in fact we find that something severely adverse can be performed with it, the next big concern will be that it can be exploited even if the theme is not active.
Read More

Ransomware Malware on the Web?

As the week comes to a close I wanted to take a minute to talk about something we haven’t yet – Ransomware Malware.

The idea came from a case this week where a client was defaced. Instead of engaging the host or malware professional she took it upon herself to to plead with the attacker via the provided email (you have to love egos). What was most amusing though was the attacker finally gave in and restored her site in an attempt to get her off his back.

Obviously not something we recommend, but an amusing story none the less. She turned his defacement and retaliated with a little something we like to call, “Begware.”

And so this got us thinking about something that has predominantly been isolated to the notebook and desktop environments – Ransomware malware.
Read More

Ask Sucuri: What should I know when engaging a Web Malware Company?

We work in a business in which it is always chaos. In most situations the client is often distraught, vulnerable, and is plagued with this feeling of being out of control. It is the business of web malware cleanup. The last thing any website owner wants is to delay the cleanup process because of silly things that could have been easily prevented.

In our mind, there are three things you must know before engaging with any web malware company:

  • Know Your Host
  • Know How to Access Your Server
  • Have a Backup

As simple as they may appear, they still remain allusive to many.
Read More

Web Malware Trends and the Mac Flashfake / Flashback Outbreak

This has been an interesting couple of weeks in the Anti-Virus world, specifically in the malware business for notebooks and desktops running the MAC OS.

Securelist put out a very interesting post yesterday talking to the anatomy of the Flashfake / Flashback outbreak. While we can’t objectively quantify their claims, we wanted to take a look to see if we saw anything that might present itself as a possible correlation.

Low and behold, I think it is safe to say that “yes” a correlation does appear to exist.
Read More

Better Engagement and Giving Back

Hi folks, we’re really excited about 2012, specifically because of our goal to give back more. This is in line with our core theme, to help the end-user better secure their environments. Things are not always perfect, but we strive to be there for you when everything else seems to be going wrong.

One of the new items we’ll be implementing this year will be quarterly management meetings. For those that don’t know, we are a virtually distributed team spanning across North and South America. The purpose of these meetings will be to continue to improve our services, address issues we see everyday, and look to the future.

Read More