freyonsecurity - Cybersecurity explained

Cybersecurity Explained

Attack prototypes already present

jQuery below 3.5.0 vulnerable to cross-site scripting

All jQuery versions below 3.5.0 are vulnerable to cross-site scripting (XSS) attacks. If exploited successfully, an attacker can trick the user’s browser to render a malicious page or hijack a user session. It is even possible to execute remote code. It is recommended to update to jQuery >= 3.5.0

Most dangerous vulnerabilities, always up to date

Latest Cyber Threats and Vulnerabilities

The new Latest Cyber Threats section on freyonsecurity.com lists the most dangerous and impacting threats currently known. We use multiple CVE sources to create the list, which we then consolidate and categorize. Our algorithm searches for threats with high risk and impact so that only the really relevant vulnerabilities are shown.

AppLocker cannot stop administrative users

How to break Windows 10 AppLocker

Recently I followed the tracks of an attacker who had exploited administrator rights on an unpatched Windows 10 System. Further attacks on other internal systems were initially stopped by Windows 10 AppLocker. The execution of powershell/cmd where also forbidden by AppLocker. Minutes later, the hacker had overcome this security measure and continued his attack. AppLocker obviously had to have a vulnerability.

GitHub, Bitbucket and GitLab affected, repositories seem to be wiped

Hacker compromised hundreds of git accounts

On the morning of 3 May 2019, unknown hacker launched a coordinated attack against GitHub, Bitbucket and GitLab. The repositories of hundreds accounts appear to have been completely wiped. The hacker claims to have downloaded the entire code and demands a Bitcoin payment for returning the code. We found out how the hack was done and how to protect against it.

How hackers attack WordPress sites and how to protect against it

Wordpress under attack - Part 1

As of May 2019, WordPress is used by 33.8% of all websites. This equals to 60.6% of all websites with known CMS versions. Over 50% of these sites use outdated and insecure versions of WordPress. In this series, we are going to examine how hackers attack WordPress and how WordPress can be protected from these attacks.

Several dangerous attacks possible

jQuery below 3.4.0 vulnerable to prototype pollution

All jQuery versions below 3.4.0 are affected by a new hacking technique called prototype pollution. Successful exploitation could allow an attacker to modify existing object properties, including security properties such as cookies or tokens. Privilege escalation, content manipulation, application hijacking and even remote code execution is possible.

Drop rules can impact network performance

Drop vs Reject

Many administrators configure their firewalls to block any network communication using DROP rules for unused ports. This is also recommended on many websites. However, this is not the best approach and often leads to unnecessary losses in network performance and higher CPU load. Here’s why.