Wire Transfer Fraud Think Like a Hacker Ep 100

2021.01.15

Episode 100: How to Lose 6 Figures the Easy Way

The recent SolarWinds attack was incredibly sophisticated. What happens when that level of sophistication targets a homebuyer during one of the largest transactions of their lifetime? On this episode, we tell the story of an extremely difficult-to-detect spearphishing attack that almost cost a homebuyer a significant amount. We review the warning signs seen in this attack and discuss steps you can take to protect against real estate wire transfer fraud.

Think Like a Hacker Episode 99 Podcast

2020.12.18

Episode 99: SolarWinds Supply Chain Attack Affects Government and Fortune 500 Businesses

Earlier this week, we learned that SolarWinds, the largest provider of network management tools for government and enterprise organizations fell victim to a supply chain attack. This attack affected their Orion network management system. Reportedly, 18,000 enterprise and government customers installed malware that was digitally signed by a valid certificate as part of an update from SolarWinds’ servers. Microsoft took control of one of the primary command-and-control domains, and a security researcher stated that he alerted the company in 2019 that anyone could access SolarWinds’ update server by using the password “solarwinds123.”

We also talk about a vulnerability in the PageLayer plugin and a wormable zero-click XSS bug found in the Jabber client.

Think Like a Hacker Episode 98

2020.12.11

Episode 98: How Application Passwords Work in WordPress 5.6

WordPress 5.6 was released this week with a new feature called application passwords. In this episode we talk about how application passwords work, where to find them in your WordPress installation, and why Wordfence decided to turn these off by default in version 7.4.14. We also talk about a new Magecart attack that places card skimmers inside of CSS files, MailPoet joining WooCommerce and what this means for eCommerce on WordPress sites.

FireEye, one of the largest security firms, reported they were hacked by a nation state APT group. And a wormable zero-click vulnerability was found in Microsoft Teams.

Get notified by email when there is a new episode of Think Like a Hacker.

Think Like a Hacker Episode 97

2020.12.04

Episode 97: The Future of WordPress with PHP 8 and WordPress 5.6

With WordPress 5.6’s imminent release and the recent release of PHP 8, we talk about the rapid changes affecting the future of WordPress with new security features and new functionality available to both WordPress users and developers.

We also review a recent vulnerability found by Google Project Zero researchers in iPhones. A social engineering attack on GoDaddy targeted numerous cryptocurrency exchange sites, and what we can learn from these types of attacks.

Think Like a Hacker Episode 96

2020.11.20

Episode 96: Hosting Provider Failures and Incident Response Preparedness

Two hosting providers experienced outages this week. GoDaddy had a brief outage affecting numerous systems on Tuesday, November 17. Managed.com had an extensive outage due to ransomware that affected all systems. We discuss what types of incident response preparations site owners should consider when events beyond their control occur.

We also discuss a large-scale attack targeting themes using the Epsilon Framework, the new head of security at Twitter, and an Android chat app exposing private messages.

Think Like a Hacker Episode 95

2020.11.13

Episode 95: Critical Privilege Escalation Vulnerabilities Affect Over 100K WordPress Sites

Three critical privilege escalation vulnerabilities in the Ultimate Member plugin put over 100,000 sites at risk. We also talk about the Page Experience metric to be added as a ranking signal for Google search in May 2021 and what this means for WordPress sites using page builders or Gutenberg.

Microsoft warns against using telephone/SMS-based multi-factor authentication, and two zero-day vulnerabilities were patched in Google Chrome. Microsoft Windows patches over 111 vulnerabilities as a part of November’s Patch Tuesday.

Think Like a Hacker Ep 94

2020.11.06

Episode 94: Hosting Provider Exposed 63 Million Customer Records

A hosting provider exposed over 63 million customer records via an open elastic search database containing verbose logs with plain-text username/password credentials for numerous WordPress, Magento and other sites. We also talk about the security updates in WordPress 5.5.2/5.5.3 and the accidental 5.5.3-alpha autoupdate.

We talk about object injection vulnerabilities like the one discovered in the Welcart e-Commerce plugin and how POP chain attacks work.

And Google’s Project Zero finds a high-severity vulnerability in GitHub Actions not fixed within the 90-day disclosure grace period.

Think Like a Hacker Episode 93

2020.10.31

Episode 93: Nitro Documents on the Dark Web and Botnets Targeting Older Vulnerabilities

We cover a couple of breaking stories this week, including the emergency release of WordPress 5.5.3 on Friday, October 30. In preparation for this, a number of sites autoupdated to version 5.5.3-alpha. We also look at the the defacement of the Trump Campaign website, and how 2-Factor Authentication could have prevented this. We also look at the implications of a massive Nitro database impacting numerous large organizations. A botnet is targeting a number of content management systems, including WordPress sites. And AdWare found on the Google Play Store is targeting kids.

Think Like a Hacker Episode 92

2020.10.23

Episode 92: WordPress Forced Security Autoupdate Protects Sites from Loginizer Vulnerability

An easily exploitable SQL injection vulnerability was discovered in the Loginizer plugin installed on over one million WordPress sites, causing the WordPress team to force an update to sites using the vulnerable version.

The Justice Department is filing antitrust suit against Google for allegedly monopolizing search and search advertising markets. Google Chrome gets an update to fix an actively exploited zero-day vulnerability. And a new feature in Jetpack allows users to post Tweetstorms through WordPress.

Episode 91 Think Like a Hacker

2020.10.17

Episode 91: How Hackers Can Use CSRF Vulnerabilities and Spearphishing to Wreak Havoc on WordPress

On this week’s episode of Think Like a Hacker, we chat about the cross-site request forgery (CSRF) vulnerability found in the Child Theme Creator by Orbisius and how attackers could use a vulnerability like this with spearphishing to wreak havoc, much like the phishing campaigns now being found on the Canva design platform.

With WordPress adding application passwords for REST API authentication, we discuss the benefits coming with this capability in WordPress version 5.6.

We also consider the ramifications of the critical, wormable RCE bug patched by Microsoft, and how attackers are actively attacking the recent zerologon vulnerability that was patched in August.

Episode 90 Think Like a Hacker

2020.10.09

Episode 90: WPBakery Plugin Vulnerability Exposes Over 4 Million Sites

A vulnerability discovered by the Wordfence Threat Intelligence team in the WPBakery plugin exposes over 4 million sites. High severity vulnerabilities were discovered in the Post Grid and Team Showcase plugins.

The online avatar service Gravatar, has been exposed to a user enumeration technique, which could be abused to collect data on its users’ profiles, and a card skimmer was found on Boom! Mobile’s web site, putting customer card data at risk.

Think Like a Hacker Episode 89

2020.10.02

Episode 89: Shopify Rogue Employees, Medium and Twitter Vulnerabilities, and Hackers Hiding Out in Corporate Networks

Shopify reports that two rogue employees stole data from 200 merchants on their platform. A security researcher found a vulnerability in the Medium Partner Program could have allowed an attacker to steal writers’ earnings. Symantec reports that a state-sponsored hacking group has been hiding out in company networks as a part of an information-stealing campaign. And Twitter reports that an API bug exposed app keys and tokens via a caching issue.

Think Like a Hacker Episode 88

2020.09.25

Episode 88: XCloner Vulnerabilities, LokiBot Malware, & a 14 Year Old Nets a $25K Bug Bounty

Our Threat Intelligence team discovered several vulnerabilities present in XCloner Backup and Restore, a WordPress plugin installed on over 30,000 sites. These vulnerabilities could have allowed an attacker to modify arbitrary files, including PHP files.

The US government Cybersecurity and Infrastructure Security Agency is warning of detected persistent malicious activity traced back to LokiBot infections.

An upcoming API change will break Facebook and Instagram oEmbed links across the web beginning October 24. Google has launched the Web Stories for WordPress plugin with a drag-and-drop, WYSIWYG interface for making full-screen, tappable content.

Drupal patches a critical reflected XSS vulnerability. And a critical stored XSS vulnerability in Instagram’s Spark AR Studio nets a 14-year-old researcher $25,000.

Episode 87 Think Like a Hacker

2020.09.18

Episode 87: Vulnerabilities Affect Discount Rules for WooCommerce Plugin, ModSecurity & Windows

Vulnerabilities were recently patched in the Discount Rules for WooCommerce plugin installed on over 40,000 WordPress sites. Developers from OWASP Core Rule Set said ModSecurity v3 is exposed to denial of service exploits, though the maintainers of ModSecurity reject that claim.

A severe vulnerability called Zerologon in Windows Netlogon was patched in August; this bug could be exploited to attack enterprise servers. And a security researcher also discovered that the Windows TCPIP Finger command can also function as a file downloader and a makeshift command and control server.

Last weekend, nearly 2,000 Magento stores were compromised in the largest hacking campaign since 2015.

Think Like a Hacker Episode 86

2020.09.11

Episode 86: War of the Hackers

Millions of attacks have been targeting the recent File Manager plugin zero-day vulnerability discovered last week. Two attackers are vying for control over sites compromised through the vulnerability.

A security researcher has revealed that specially crafted Windows 10 themes can be used to perform Pass-the-Hash attacks.

A database belonging to the Digital Point webmaster forum leaked records of over 800,000 web professionals that are members of the forum. Visa is warning of a new Baka Javascript credit card skimmer that removes itself from memory after exfiltrating stolen data, making it difficult to detect.

Think Like a Hacker Episode 85

2020.09.04

Episode 85: 0Day in File Manager Plugin and WordPress 5.5.1 Fixes Broken Sites

Over 700,000 WordPress users were affected by a zero-day vulnerability in the File Manager plugin, and the WordPress 5.5.1 release fixed millions of sites affected by deprecation of jQuery Migrate. SendGrid is under siege from spammers using hacked accounts, and Apple approves a notorious malware variant to run on Macs.

Think Like a Hacker Episode 84

2020.08.28

Episode 84: Google Chrome Plans to Implement Insecure Form Warnings

The Google Chrome web browser has a high-severity vulnerability that could be used to execute arbitrary code, which has been fixed in Chrome version 85. Google also announced that Chrome 86 will alert users if a form submission is using the insecure HTTP protocol, making it a good time to audit older sites that may have migrated to HTTPS, but still have forms submitting via HTTP.

A security researcher found a flaw in Apple’s Safari browser that could allow an attacker to access files on a Mac or iOS device.

The FBI and CISA have issued a joint alert to warn about the growing threat from vishing attacks targeting companies.

Think Like a Hacker Episode 83

2020.08.21

Episode 83: 100,000 Sites Impacted by Vulnerabilities in Advanced Access Manager

The Wordfence Threat Intelligence team discovered vulnerabilities in the Advanced Access Manager plugin installed on over 100,000 WordPress sites. A high severity authorization bypass could lead to privilege escalation and site takeover. Critical vulnerabilities found in the Quiz and Survey Master plugin could also lead to site takeover on the 30,000 WP sites using the vulnerable version of this plugin.

Thousands of sites broke after updating to WordPress 5.5 due to deprecated support for jQuery Migrate, and the release of the Enable jQuery Migrate Helper plugin reached 10,000 active installations to help fix these sites using older themes or plugins.

As cryptocurrency values rise, we’re seeing a wave of new scams and hacking campaigns with cryptocurrency as a driving force, such as the recent Twitter hack and a botnet campaign called Fritzfrog that is breaching SSH servers to mine Monero.

Think Like a Hacker Episode 82

2020.08.14

Episode 82: Important Changes in the WordPress 5.5 Update

WordPress 5.5 was released on August 11 with a number of important updates, including a new feature allowing auto-updates of themes and plugins as well as changes to the block editor. The popular Astra theme was suspended from the repository for having affiliate links in the code.

A vulnerability found in Google Chromium browsers could allow attackers to bypass content security policy in order to steal data and execute rogue code, this vulnerability affects billions of users. The Wall Street Journal reported that government tracking software is embedded in over 500 mobile apps.

episode 81 think like a hacker

2020.08.07

Episode 81: Critical Vulnerability Exposes over 700,000 Sites Using Divi, Extra, and Divi Builder

Our Threat Intelligence team disclosed numerous vulnerabilities this week, including a critical vulnerability in the Divi and Extra themes as well as the Divi Builder plugin. In total, this vulnerability affected over 700,000 sites. A vulnerability found in The Official Facebook Chat Plugin created a vector for social engineering attacks as it allowed an attacker to pose as a site owner via chat. Object Injection vulnerabilities discovered in the Newsletter plugin affected over 300,000 sites. We also look at the charges brought against 3 people in connection with the recent Twitter hack. The WordCamp US organizing team made the difficult decision to cancel WCUS this year amid online event fatigue.