At a glance.
- Hackers exploit WordPress vulnerability.
- Ghosts in Webex.
- AWS APIs found to share vulnerabilities.
- Blackbaud breach affects charter school network.
- Email hack at Iowa medical center.
WordPress vulnerability targeted by hackers.
Wordfence, creator of a security plugin for leading website publishing software WordPress, reports they have observed a wave of over 7.5 million attacks exploiting a vulnerability in WordPress’s Epsilon Framework, which is installed on approximately 1.5 million websites. Though the Function Injection vulnerability was patched a few months ago, it appears the attackers have been launching probing attacks to determine which sites have not yet installed the patch. If the vulnerability is present, the attackers could achieve remote code execution (RCE) to conduct a full takeover of the victim’s site. Wordfence provides a list of the site themes that are susceptible to the vulnerability and recommends that any users running those themes patch their sites as soon as possible.
Ameet Naik, security evangelist at PerimeterX, sent us some thoughts on WordPress: “The security flaws on WordPress websites in themes using the Epsilon Framework are just another example of this contact management system’s inherent security risks. Shadow Code introduced via third-party plugins and frameworks vastly expands the attack surface for websites. Website owners need to be vigilant about third-party plugins and framework and stay on top of security updates. Consumers must continue to be vigilant while shopping online, use multi-factor authentication where allowed and continue to monitor their credit reports for signs of identity theft.”
Haunted Webex.
IBM researchers have found and disclosed a vulnerability in Cisco’s widely used Webex videoconferencing service. (IBM says it's a major user of Webex itself, which is why it looked into the code). The vulnerability amounts to the potential for haunting. Someone could join a meeting as a “ghost,” unseen among the participants, but with “full access to audio, video, chat and screen-sharing capabilities.” The ghost could remain in the form of an audio connection even after being detected and expelled. And the ghost could collect information on meeting attendees—”full names, email addresses and IP addresses”—without even being admitted to the conference. Cisco has patched the vulnerability, and users should apply the fix.
Buggy AWS APIs.
Palo Alto Networks has identified a class of Amazon Web Services APIs that are susceptible to leaking “AWS Identity and Access Management (IAM) users and roles in arbitrary accounts.” The researchers say the risk of the vulnerability can be mitigated by following sound IAM practices. They may be familiar, but they’re nonetheless worth a quick review:
- “Remove inactive users and roles to reduce the attack surface.”
- “Add random strings to usernames and role names to make them more difficult to guess.”
- “Log in with identity provider and federation, so that no additional users are created in the AWS account.”
- “Log and monitor all the identity authentication activities.”
- “Enable two-factor authentication (2FA) for every user and IAM role.”
US charter schools involved in Blackbaud breach.
Blackbaud, the gift that keeps on giving, claims yet another victim. Great Hearts Academies, operator of dozens of charter schools in the US states of Arizona and Texas, has added its name to the ever-growing list of entities compromised in the Blackbaud attack this past spring, reports the Arizona Mirror. Though Great Hearts Academies have been working with Blackbaud since the summer to investigate the incident, Great Hearts notified the impacted individuals just this week. The names and contact information of students and parents were compromised, but it does not appear that any highly sensitive info like credit card or social security numbers were involved. Great Hearts has not disclosed how many individuals were impacted, stating that interested parties should contact Blackbaud directly for further information. As the CyberWire reported earlier this month, the Blackbaud breach has thus far impacted over two hundred and fifty organizations from the US, Canada, the UK, and the Netherlands.
Iowa hospital email hacked.
More than 60,000 residents of the US state of Iowa have been potentially compromised by a data breach that occurred at Mercy Iowa City Hospital, reports the Iowa City Press-Citizen. Mercy released a statement explaining that sometime in May or June of this year a cybercriminal infiltrated a hospital employee’s email account, which the criminal then used to conduct a spam operation. It was only after the hospital investigated the spam messages that they realized the hospital’s systems had been hijacked by an unauthorized party. The account had access to personal data including medical documents, social security numbers, and driver’s license info. In response, the hospital is working to improve its data management protocols and is extending free security assistance to the affected individuals.