GoSecure Blog
Recent Discovery of a Targeted Spear Phishing Campaign
The GoSecure Titan Inbox Detection and Response (IDR) team recently discovered yet another targeted spear-phishing campaign. The campaign targeted over 150 organizations encompassing a varying array of industries from Financial, Automotive, Technology, and Defense Contractors.
Emails Disclosure on WordPress
Password brute force is one of the common most attack on Wordpress. Only a few hours after the deployment of a new blog, we can see login attempts to /xmlrpc.php or /wp-login.php endpoints. While not being sophisticated, they remain strong attacks as they put pressure on the limited complexity passwords and potential password reuse from users. In this article, we are going to explain how the public wordpress.com REST API makes it easier for brute-force attacks on millions of WordPress instances managed by wordpress.com or private instances with the Jetpack plugin installed.
CVE-2021-3271 Pressbooks Stored Cross Site Scripting Proof of Concept
A Pressbooks stored cross site scripting vulnerability was discovered in all version ≤5.17.3. The application is vulnerable to Stored Cross-Site Scripting (XSS) injections via description body. An attacker can thus trick a user into clicking on a malicious link or preview the document that contains the JavaScript code. Once triggered, the malicious JavaScript code is fed in the victim’s browser and executed.
BazarLoader Mocks Researchers in December 2020 Malspam Campaign
Our Inbox Detection and Response (IDR) team has observed a new BazarLoader campaign targeting the information technology, aeronautic and financial industries. The IDR team has successfully blocked over 550 thousand BazarLoader malspam emails throughout this campaign alone.
GoSecure researchers received a sample from the IDR team which was suspected of being BazarLoader, named Report Preview15-10.exe, on 2020-10-06. Shortly after, GoSecure researchers received yet another BazarLoader sample on 2020-10-08 named Document2-85.exe, which exhibited similar behavior.
Vera – Stored XSS & Improper Access Control
We discovered a stored cross site scripting (XSS) vulnerability on Vera, a platform for online proofing and custom workflows used in the printing industry. An authenticated user could leverage the last name field in the User module of the system to execute a stored cross site scripting vulnerability. Furthermore, an Improper Access Control vulnerability was discovered in the projects module where a user could view and download project related documents without the proper permissions. The vulnerable version is Vera – 4.9.1.26180.
