On Monday (30th of October), Oracle announced a critical flaw that makes hijacking Oracle Identity Manager possible. By exploiting this vulnerability cyber criminals can take control over Oracle systems remotely and without any authentication. Oracle itself published Security Advisory issue about this flaw and dubbed it CVE-2017-10151. “This vulnerability has a CVSS v3 base score of 10.0, and can result in complete compromise of Oracle Identity Manager via an unauthenticated network attack. The Patch Availability Document referenced below provides a full workaround for this vulnerability, and will be updated when patches in addition to the workaround are available.”. Oracle Identity Manager is a component of Oracle Fusion Middleware which allows to automatically manage users privileges and verify identity. Luckily, Oracle already released a patch to fix this vulnerability, thus if you are using this system, it would be wise to update the software to the newest version ASAP. More at: Oracle.com.
On Tuesday (31st of October), we informed our users that Matrix crypto-malware is on the rise again. Back in April, 2017, when this ransomware was originally discovered, it was almost ignored by cyber security online community due to relatively low volume of infections. However, it looks like Matrix is still alive and making some moves once again – this time spam campaign is bigger and the number of possible infections rises, thus this virus can’t go unnoticed any longer. Sophisticated legal language is used in order to scare users and trick them into paying the ransomware. Back in April Matrix virus was distributed as an attachment to spam emails and this method turned out to be not so effective. This time cyber criminals behind matrix are using RIG exploit kit and malicious ads to reach bigger audiences, thus you can get infected by simply browsing the Internet and clicking on a wrong advertisement. More at: Matrix virus.
On Wednesday (1st of November), once again, community of WordPress, leading blogging platform on the Planet, heard some uplifting news about security regarding this CMS. WordPress 4.8.2 and older versions featured SQL infection bug which allowed crooks to inject unique SQL code into websites remotely and takeover the system or cause other significant damage. As stated on WordPress.or publication, “WordPress versions 4.8.2 and earlier are affected by an issue where
$wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi). WordPress core is not directly vulnerable to this issue, but we’ve added hardening to prevent plugins and themes from accidentally causing a vulnerability. WordPress 4.8.3 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.”. All website owners should update WordPress to version 4.8.3 as this security update is highly important. More at: Wordpress.org.
On Thursday (2nd of November), 2-viruses.com issued a short update on the possible threats on Facebook. As the leading social network has millions and millions of active users, it is obvious that various threats can be met on the platform. Surprisingly, Facebook is not doing a really good job in trying to prevent them. We have covered an issue discovered by Barak Tawily – anyone can post links on Facebook to dangerous and suspicious websites by simply manipulating Meta and URL tags. More at: 2-viruses.com.
On Friday (3rd of November), we discovered that anonymity of Tor Browser is not that high as they are telling us, as a critical Tor Browser vulnerability can result in a leaked IP addresses of users. Italian cyber security expert Filippo Cavallarin discovered a vulnerability dubber TorMoil, which is only effective for users using Linux and macOS. This vulnerability is caused by Firefox issue in “handling file://URLs.” As you might already know, Tor browser was built on a base of Firefox Internet browser, therefore this feature is more of a problem for Tor browser, leaving Firefox aside. More at: Wearesegment.com.