XSS and SQL Injection Plague Several NMSes

A slew of cross-site scripting (XSS) and SQL injection (SQLi) vulnerabilities that affect several network management system (NMS) products has been uncovered.

Security firm Rapid7 has released details on six flaws in products from vendors Spiceworks, Ispswitch, Castle Rock Computing and Opsview, some of which have already been patched, as can be seen in this real-time chart.

“NMSes present a valuable target for an internal attacker; by subverting these systems, and attackers can often pull an immense amount of valuable intelligence about the internal infrastructure,” explained Tod Beardsley, principal security research manager at Rapid7, in an email. “The fact that many of these protocols are delivered over SNMP is also very interesting; too often, designers of management software which is intended for internal use don’t consider the insider threat.”

Continue reading

Anonymous hack crusade against whaling downs nearly 100 sites in Japan

567685a1c36188ff708b45d4

The hacktivist group Anonymous has attacked at least 97 websites in Japan since September, the country’s police has revealed. The attacks are meant to protest controversial whaling practices in the East Asian country.

The websites of government offices, groups involved in dolphin and whale hunting, aquariums, news organizations and airports have been targeted, Japanese national broadcaster NHK reported. Among the highest-profile cases was the downing of the personal website of Prime Minister Shinzo Abe last week.

Continue reading

Hackers actively exploit critical vulnerability in sites running Joomla

Attackers are actively exploiting a critical remote command-execution vulnerability that has plagued the Joomla content management system for almost eight years, security researchers said.

A patch for the vulnerability, which affects versions 1.5 through 3.4.5, was released Monday morning. It was too late: the bug was already being exploited in the wild, researchers from security firm Sucuri warned in a blog post. The attacks started on Saturday from a handful of IP addresses and by Sunday included hundreds of exploit attempts to sites monitored by Sucuri.

“Today (Dec 14th), the wave of attacks is even bigger, with basically every site and honeypot we have being attacked,” the blog post reported. “That means that probably every other Joomla site out there is being targeted as well.”

The researchers went on to advise people who administer Joomla sites to search logs for the IP addresses 146.0.72.83, 74.3.170.33, or 194.28.174.106, since those were the first ones observed carrying out the attacks. Sucuri also recommended admins search logs for events that use “JDatabaseDriverMysqli” and “O:” in the user agent. Systems that test positive for any of the strings should be presumed compromised and undergo a thorough scan and clean-up regimen.

Joomla 1.5 was released in January 2008, making the bug almost eight years old. Version 3.4 was released earlier this year. It’s not yet clear exactly what happens to vulnerable systems that are exploited. This post will be updated if those details become available later.

 

SOURCE: Dan Goodin | Ars Technica

Web Scripting Languages Fail OWASP Top 10

Some 80% of applications written in PHP, Classic ASP and ColdFusion failed at least one of the OWASP Top 10, according to new research conducted by Veracode.

The app security firm released a supplement to its State of Software Security: Focus on Application Development report, covering automated assessments for 208,670 separate apps over the past 18 months.

It found that applications written in web scripting languages are much more likely to contain vulnerabilities than those written in .NET or Java.

In fact, 64% of apps written in Classic ASP, 62% of those written in ColdFusion, and 56% of PHP apps were found to have at least one SQL injection vulnerability, compared to just 29% of .NET applications and 21% of Java apps. Continue reading