If your website runs on WordPress v4.5.3 website, attackers can now bring down your site through a Denial of Service attack. This is possible through two vulnerabilities that were disclosed on 22nd Aug:
- CVE-2016-6897 – This is a Cross Site Request Forgery vulnerability by which an attacker can take over an authenticated user’s session (privilege escalation) using a forged HTML page.
- CVE-2016-6896 – This is a Directory Traversal vulnerability which can be used by an attacker to crash the web server.
Hot on the heals of the Linux 64bit kernel exploit, Microsoft has announced a vulnerability in its ASP.Net framework on Server 2003 and 2008.
All major distributions have already released updates to their kernels which you can easily update using the corresponding package management system of your distribution. More about the fix and workaround after the jump.
Many hackers prefer to design and use their own tools to search for and attack vulnerable sites, but a majority of them use various exploitation “kits“. Some of the most common ones are
Zeus, Neosploit, Eleonore and Justexploit. The developers of these kits constantly include 0-day vulnerabilities in the latest versions of their malware. Since most of these kits are open-source, users can also modify the code to include vulnerabilities known to them. Exploitation kits have been available for many years, and millions of users have suffered. However a study by recently established security company TEHTRI-Security suggest that the malware “kits” themselves have vulnerabilities!