Offline
This seems to be an issue with a library that's called PHP-FPM which is causing a vulnerability on NGINX server.
PHP-FPM "is an alternative to PHP Fast CGI implementation that offers advanced and highly efficient processing for scripts written in PHP programming"
this vulnerability was pretty rough in the fact that it allowed for execution of code on the vulnerable web server, which is really bad.
The vulnerability was spotted by Andrew Danau during a Google CTF competition and they actually used and weaponized this vulnerability during the competition.
"Using a carefully chosen length of URL and Query string they attacker could use path_info to introduce byte's into the memory of the web server.
using this method the team was able to create a fake PHP_VALUE fcgi (not 100% what that is) variable and then use a chain of carefully chosen config values to get code execution"
The vulnerability was tracked and labeled as CVE-2019-11043
Why I dont use PHP (jk):
Last edited by Gloat (10/28/2019 10:16 am)
Offline
Hackers now E-Skimming online carts to gather credit card information and sell. People who buy things online are now being targeted with holidays coming up with a new type of attack. This new attack is coming from Europe. The attackers are buying online goods with stolen credit card information and sending it to Eastern Europe to sell for profit.
Offline
Ransomware's mounting toll: Delayed surgeries and school closures
This is a general, not-techie article about Ransomewares' affect on services like healthcare. Ransomware has impacted at least 621 entities this year through September. The targets include hospitals, health care centers, school districts and cities. The total cost so far this year could be about $186 million, based on the publicly disclosed costs of ransomware attacks
-Kayla Rich
Offline
Offline
New iPhone Hack Shock As China Blamed For Devastating Attack
Apple users are still reeling from the shocking disclosure by Google's Project Zero team. Project Zero is a team of security analysts employed by Google tasked with finding zero-day vulnerabilities, the secret hackable bugs that are exploited by criminals. Hacked websites have been used to attack iPhones for two years. And every single up-to-date iPhone has been vulnerable. Now, two days later, those same 1 billion users face further damning revelations. The new iphone with IOS 13 is already experiencing project zero and the small hacks that comes along with it.
Devin Fry
Offline
The Pirate Bay was recently hit by a DDoS attack. According to this article The Pirate Bay was attacked by an unknown entity which brought down the site for over a week, resulting in cloud flare messages mentioning a "Bad Gateway" message and the site itself saying it was down for "database maintenance" and to "check back in 10 minutes." According to Pirate Bay administrators the site was flooded with "searches that break the Sphinx search daemon." Sphinx is an open source piece of software, and since the attack, The Pirate Bay has updated to a new version, fixing the issue.
Lesson of the day: Keep your software up to date.
Last edited by Lehi Herrera (10/29/2019 10:38 am)
Offline
FBI offers warning to all Medium and Small businesses that use credit card payments online.
The FBI say the cause is called "E-Skimming". E-Skimming is when a hacker inserts a spyware program into a website's Point Of Sale System. They were using the spyware to scan credit card credentials. FBI say that majority of the time, the spyware is given access to a system by using PHISHING ATTACKS via emails.
Moral of the Story.... dont open email thats not from someone you know LOL.
Offline