Think Like a Hacker Episode 115

2021.04.30

Episode 115: Update Your Mac: Gatekeeper Bypass Vulnerability Exploited in the Wild

Apple patches a gatekeeper bypass vulnerability that has been exploited in the wild on MacOS. Though this vulnerability requires some social engineering to exploit, it is believed to have been actively exploited since January 9, 2021. Some Digital Ocean customers were affected by a data breach exposing personally identifiable information. A WordPress trac conversation considers blocking Federated Learning of Cohorts as a security release, and Creative Commons Search is coming to WordPress.org in a few weeks. Google Chrome has yet another remote code execution bug requiring an update to patch. Celebrated Security Researcher Dan Kaminski passes away.

Think Like a Hacker Ep 114

2021.04.23

Episode 114: Trifecta of Compromises Affect Enterprise Systems

Attacks on unpatched SolarWinds systems continue. We’re now learning of a supply chain attack that started in late January 2021 affecting 29,000 customers of Codecov, as well as a zero-day under active attack affecting customers of PulseSecure VPN. Customers of these three services are well known enterprise and government organizations. In the WordPress space, there are two add-on plugins experiencing active attacks: Kaswara Modern WPBakery Page Builder Addons and The Plus Addons for Elementor. Vulnerabilities discovered by our threat intel team in Redirection for Contact Form 7 were patched. We also take a look at updates coming in WordPress 5.8 to prepare the way for WordPress full-site editing.

Think Like a Hacker 113

2021.04.16

Episode 113: An Unprecedented FBI Operation Removes Webshells from Infected Exchange Servers

An FBI initiative began remotely removing webshells from infected Microsoft Exchange servers. WordPress 5.7.1 was released with a few security patches. Over 15 Elementor add on plugins were found to have vulnerabilities similar to those found in the main Elementor plugin; these additional plugin vulnerabilities affected over 3.5 million sites with over 100 vulnerable endpoints. Google Chrome was found to have two 0-day vulnerabilities. The US and UK blame Russian intelligence service hackers for the ongoing attack campaign against SolarWinds.

Get notified by email when there is a new episode of Think Like a Hacker.

Think Like A Hacker Episode 112

2021.04.09

Episode 112: Wix Takes Aim at WordPress With New Ad Campaign

A new Wix ad campaign targets WordPress but ends up being tone deaf in both content and strategy. New details emerge about the PHP compromise, but the full story remains unclear. Facebook user data from 2019 ends up on the dark web, and Have I Been Pwned adds a phone number check to help users determine if they’ve been affected. GitHub Actions are being used by cryptojackers, Gigaset Android phones have been infected with malware in a supply chain attack, and new phishing methods emerge using Telegram.

Wordfence think like a hacker 111

2021.04.02

Episode 111: PHP Git Repository Compromised

The self-hosted Git repository for PHP was compromised, with attackers adding a backdoor to a development version of PHP 8.1. The intrusion was detected by the PHP community quickly, and no production environments were affected. Ubiquiti experienced an intrusion in January that was far worse than originally reported; attackers gained access to nearly all of the AWS assets for the company who has shipped 85 million IoT devices. Some OpenSSL vulnerabilities were recently patched, and two new vulnerabilities in Linux-based operating systems could let attackers circumvent Spectre mitigations to obtain sensitive information from kernel memory.

Think Like a Hacker Episode 110

2021.03.26

Episode 110: Active Exploitation Continues on Unpatched Thrive Themes

An active exploitation of recently patched vulnerabilities in Thrive Themes continues, and new attackers are unsuccessfully attempting the same exploit chain. Two vulnerabilities are patched in the Facebook for WordPress plugin installed on over half a million sites. Google Chrome version 90 will use HTTPS by default, bringing significant improvements to speed and security. A ransomware insurance provider experiences a breach that could affect customers, and Slack’s new “Slack Connect” feature has some security concerns.

Episode 109: Stop using sms 2fa

2021.03.19

Episode 109: This Attack Will Make You Want to Stop Using SMS 2FA

An attack shows how a SMS enablement service was used to bypass SMS 2FA for $16. We discuss the recently patched vulnerabilities in Elementor affecting over 7 million WordPress sites and how easily these cross-site scripting vulnerabilities can be exploited. We also talk about the SQL Injection vulnerabilities in Tutor LMS. The data center fire at OVH in France that took 3.5 million sites offline also took down some advanced persistent threat (APT) actors. And there’s yet another Chrome use-after-free zero-day vulnerability being actively exploited.

Think Like a Hacker Episode 108

2021.03.19

Episode 108: Hack Exposes 150,000 Security Cameras at Tesla, Cloudflare and Others

A data breach exposes 150,000 security cameras used by organizations around the world, including Tesla and Cloudflare. State-sponsored hacking groups exploit Microsoft Exchange vulnerabilities. A fire in a French data center belonging to hosting company OVH affects millions of websites, including some prominent WordPress services like Imagify and WP Rocket. WordPress 5.7 was released this week with many new features.  A zero-day vulnerability was listed for sale in a new way, as an NFT on the OpenSea NFT marketplace.

Think Like a Hacker Episode 107

2021.03.19

Episode 107: Two Plugin Vulnerabilities Target File Upload Capabilities

The Wordfence Threat intelligence team finds vulnerabilities in two plugins, the User Profile Picture plugin and the WooCommerce Upload Files plugin. WordPress 5.7 is set to release on Tuesday, March 9 with numerous enhancements for the block editor, a new robots.txt API, and a stay of execution on jQuery-migrate. A zero day affecting Microsoft Exchange Server allows attackers to steal emails. And Brave buys a search engine to add to their growing privacy-oriented portfolio.

Think Like a Hacker 106

2021.02.26

Episode 106: Admin Password Resets, Blockchain Botnets and a Central Management RCE

WordPress 5.7 is due to be released on March 9, and it will allow administrators to send password reset emails to users. A botnet is abusing the Bitcoin blockchain for command and control, while VMWare fixes a critical remote code execution bug in all default vCenter installations. Android users now have an easy way to check password security. We talk about the ramifications of vulnerability disclosures and how last year’s File Manager vulnerability did not have long lasting effects on plugin installation base or growth. We also discuss how investor data breach fatigue has reduced the stock price impact of cybersecurity failures.

Think Like a Hacker Episode 105

2021.02.22

Episode 105: The Hottest Trend in WordPress

An analysis of WordPress-related search trends found that interest in WooCommerce related results dominated during 2020. We discuss recent vulnerabilities discovered by our threat intelligence team in Ninja Forms, affecting over 1 million sites. WordPress issues a statement that pirated themes and plugins are prohibited on the repository. And a supply chain attack affects users of the once-legitimate Barcode Scanner Android app. We also discuss some career opportunities on the Wordfence team.

Think Like a Hacker Episode 104 Feature Image

2021.02.15

Episode 104: Cryptography Demystified

This week, the Wordfence team discusses cryptography in depth, including the basics, a brief history, hashing, and the Crypto Wars. We also go over current news, including 2 new findings by the Wordfence Threat Intelligence team, a new milestone for WordPress, and a recent attack on a Florida Town’s water supply.

2021.02.05

Episode 103: Wordfence Innovates with Machine Learning and Security for Schools

Wordfence opens the K-12 site audit and site cleaning service for publicly funded state schools worldwide. Machine learning is now a big part of our malware identification process, which will speed new malware signatures to deployment for WordPress sites protected by Wordfence. A bug in Sudo can let attackers with access to a local system to elevate their access to a root-level account, which has implications for WordPress sites, Mac users, and many Internet of Things devices. WordPress 5.7, the next major release, will make it much easier for users to migrate their sites from HTTP to HTTPS.

Think Like a Hacker episode 102

2021.01.29

Episode 102: Disruption Presents Opportunity

After a disruptive year in 2020, there are new challenges in 2021, but also immense opportunities in numerous fields. In a deep and wide-ranging conversation, Mark Maunder and Kathy Zant discuss artificial intelligence, whether or not we’re living in simulation, cryptocurrencies and the opportunities of blockchain technology, open source communities and publishing, avoiding scams and FOMO, as well as what fields are most promising for the next 10 years.

Think Like a Hacker Episode 101

2021.01.22

Episode 101: Supporting Remote Students with Free Site Audits & Cleanings

Wordfence announces a new program offering free site cleaning and site audits to public schools in the United States. We talk about why we’re offering this program and how to help schools take advantage of it. We also talk about the growing prevalence of WordPress as a content management system and how the incoming administration is using WordPress. We also talk about two unpatched Windows 10 denial of service vulnerabilities, a breach affecting over 1.9 million Pixlr users, and phishing kits exposing stolen passwords via Google search.

Wire Transfer Fraud Think Like a Hacker Ep 100

2021.01.15

Episode 100: How to Lose 6 Figures the Easy Way

The recent SolarWinds attack was incredibly sophisticated. What happens when that level of sophistication targets a homebuyer during one of the largest transactions of their lifetime? On this episode, we tell the story of an extremely difficult-to-detect spearphishing attack that almost cost a homebuyer a significant amount. We review the warning signs seen in this attack and discuss steps you can take to protect against real estate wire transfer fraud.

Think Like a Hacker Episode 99 Podcast

2020.12.18

Episode 99: SolarWinds Supply Chain Attack Affects Government and Fortune 500 Businesses

Earlier this week, we learned that SolarWinds, the largest provider of network management tools for government and enterprise organizations fell victim to a supply chain attack. This attack affected their Orion network management system. Reportedly, 18,000 enterprise and government customers installed malware that was digitally signed by a valid certificate as part of an update from SolarWinds’ servers. Microsoft took control of one of the primary command-and-control domains, and a security researcher stated that he alerted the company in 2019 that anyone could access SolarWinds’ update server by using the password “solarwinds123.”

We also talk about a vulnerability in the PageLayer plugin and a wormable zero-click XSS bug found in the Jabber client.

Think Like a Hacker Episode 98

2020.12.11

Episode 98: How Application Passwords Work in WordPress 5.6

WordPress 5.6 was released this week with a new feature called application passwords. In this episode we talk about how application passwords work, where to find them in your WordPress installation, and why Wordfence decided to turn these off by default in version 7.4.14. We also talk about a new Magecart attack that places card skimmers inside of CSS files, MailPoet joining WooCommerce and what this means for eCommerce on WordPress sites.

FireEye, one of the largest security firms, reported they were hacked by a nation state APT group. And a wormable zero-click vulnerability was found in Microsoft Teams.

Think Like a Hacker Episode 97

2020.12.04

Episode 97: The Future of WordPress with PHP 8 and WordPress 5.6

With WordPress 5.6’s imminent release and the recent release of PHP 8, we talk about the rapid changes affecting the future of WordPress with new security features and new functionality available to both WordPress users and developers.

We also review a recent vulnerability found by Google Project Zero researchers in iPhones. A social engineering attack on GoDaddy targeted numerous cryptocurrency exchange sites, and what we can learn from these types of attacks.

Think Like a Hacker Episode 96

2020.11.20

Episode 96: Hosting Provider Failures and Incident Response Preparedness

Two hosting providers experienced outages this week. GoDaddy had a brief outage affecting numerous systems on Tuesday, November 17. Managed.com had an extensive outage due to ransomware that affected all systems. We discuss what types of incident response preparations site owners should consider when events beyond their control occur.

We also discuss a large-scale attack targeting themes using the Epsilon Framework, the new head of security at Twitter, and an Android chat app exposing private messages.