SECURITY WARNINGS & Notices - Please post them here

[Be Secure]

Hundreds of GoDaddy Accounts Used for "Miracle" Product Scams
https://www.bleepingcomputer.com/news/security/hundreds-of-godaddy-accounts-used-for-miracle-product-scams/

[Be Secure]

Vulnerable Confluence Servers Get Infected with Ransomware, Trojans
https://www.bleepingcomputer.com/news/security/vulnerable-confluence-servers-get-infected-with-ransomware-trojans/

GitHub-Hosted Magecart Card Skimmer Found on Hundreds of Stores
https://www.bleepingcomputer.com/news/security/github-hosted-magecart-card-skimmer-found-on-hundreds-of-stores/

[Be Secure]

Docker Hub Database Hack Exposes Sensitive Data of 190K Users
https://www.bleepingcomputer.com/news/security/docker-hub-database-hack-exposes-sensitive-data-of-190k-users/

[polonus]

I have been going on in the virus and worms on the insecurity of Word Press CMS based on php.
Especially how vulnerable plug-ins of the website software can be exploited by malcreants.

A new one, in a series of some 243 attacks over the latter years, Multi-Vector Attack in Server Logs,
read: https://labs.sucuri.net/?note=2019-03-25

Just too many results for this one, just 11 exploitables reported:
dork query //websites/GET+%2Fwp-admin%2Fadmin-post.php%3Fswp_debug%3Dload_options%26swp_url%3D/
detected -https://www.prensafutbol.cl/ -> Outdated software detected:
https://sitecheck.sucuri.net/results/https/www.prensafutbol.cl
= a high risk site with vulnerable mixed content!

polonus (volunteer 3rd party cold reconnaisance website security analyst and website error-hunter)

Read about the issue from Johanbnes Pille and others here: https://wordpress.stackexchange.com/questions/69549/define-wp-debug-conditionally-for-admins-only-log-errors-append-query-arg-f/69552

polonus

[Be Secure]

Europeans Hit with Multi-Stage Malware Loader via Signed Malspam
https://www.bleepingcomputer.com/news/security/europeans-hit-with-multi-stage-malware-loader-via-signed-malspam/

[polonus]

Urgent request to 60.000 vulnerable Word Press webshops to update plug-in
and disble a specific non-patched plug-in for the time being: 

Immediately install: https://wordpress.org/support/topic/upgrade-to-4-3/

The plug-in involved that should be upgraded:
https://wordpress.org/plugins/woocommerce-checkout-manager/

Read on that particular attack campaign: https://labs.sucuri.net/?note=2019-03-25

Word Press kernel software, unless fully patched and not outdated is rather secure,
and comes checked by developers that maintain the code.

When configuring mind to set user enumeration to disabled as well as directory listing to disabled,
and see to it all your links are Google Safebrowsing OK-ed.

Word Press plug-ins should also be treated with extra care, keep them fully updated,
and remove the risky ones and certainly those left by developers,
as they won't get updates and in due time will form a grave risk
to website owners/admins, hosting parties and end-users alike.

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)

Update. From 13.30 hrs. to-day CET the developer came up with a new updated version 4.3,

Damian

[Pondus]

The inception bar: a new phishing method

https://jameshfisher.com/2019/04/27/the-inception-bar-a-new-phishing-method/

https://9to5google.com/2019/04/28/chrome-android-exploit-fake-address-bar/

[Be Secure]

$1.75 Million Stolen by Crooks in Church BEC Attack
https://www.bleepingcomputer.com/news/security/175-million-stolen-by-crooks-in-church-bec-attack/

[Asyn]

Report: Unknown Data Breach Exposes 80 Million US Households
https://www.vpnmentor.com/blog/report-millions-homes-exposed/

[Be Secure]

New Sodinokibi Ransomware Delivered via Oracle WebLogic Flaw
https://www.securityweek.com/new-sodinokibi-ransomware-delivered-oracle-weblogic-flaw

[polonus]

Oracle WebLogic-servers under attack from ransomeware since 25th of April.
Patch available from April 26th henceon,

Re: https://blog.talosintelligence.com/2019/04/sodinokibi-ransomware-exploits-weblogic.html

Patch and upgrade a.s.a.p.

polonus

[polonus]

Burger King leaked 38.000 customer data through unprotected publicly available Elasticsearch database:
Read: https://securitydiscovery.com/burger-kings-online-shop-for-kids-exposed-data/  (source Bob Diachenko).

Example of a resource that has adequate protection:
http://156.235.224.95/ met Protected Elastiscearch with password protection on log-in
or protected through Kibana. See: https://www.elastic.co/guide/en/x-pack/current/elasticsearch-security.html

That is the least Burger King customers should expect there to be.

No there are handy little specific searchscripts to be used on Shodan: like LeakLooker
to find unprotected open MongoDB, CouchDB and Elasticsearch databases.

However a website may contain unprotected open resources,
intruders cannot visit such unprotected to access Elastisearch databases,
that is illegal and punishable conduct.

"When you see some veranda doors open at the porch, this does not mean it is an invitation to enter".
Good Bob Diachenko disclosed this situation.

On the other hand it is a shame for Burger King to have such unprotected open databases in the first place.
The database has now been adequately protected.

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)

[Be Secure]

Local Authorities in Texas and Maryland Hit by Ransomware
https://www.bleepingcomputer.com/news/security/local-authorities-in-texas-and-maryland-hit-by-ransomware/

[Be Secure]

Dharma Ransomware Uses Legit Antivirus Tool To Distract Victims
https://www.bleepingcomputer.com/news/security/dharma-ransomware-uses-legit-antivirus-tool-to-distract-victims/

[polonus]

Thousands of webshops leak customer data:
https://publicwww.com/websites/%22assets.pcrl.co%22/

polonus