Monthly Archives: October, 2014

  1. Drupal Vulnerability: Mass Scans & Targeted Exploitation

    Yesterday (October 15, 2014), a critical SQL injection vulnerability in version 7 of the popular open source content management system (CMS) Drupal was disclosed by Stefan Horst and detailed in SA-CORE-2014-005. The description of the vulnerability is rather harrowing: Drupal 7 includes a database abstraction API to ensure that queries executed against the database are sanitized to prevent SQL injection attacks. A vulnerability in this API allows an attacker to send specially crafted requests resulting in arbitrary SQL execution. Depending on the content of the requests this can lead to privilege escalation, arbitrary PHP execution, or other attacks. This vulnerability can be exploited by anonymous users. If you think this sounds pretty bad, you are spot on. Along with the advisory, a patch was released to fix the security issue. Unfortunately, patches are also often leveraged to identify exactly how to exploit such vulnerabilities. In this case, it was only […]

  2. Democracy in Hong Kong Under Attack

    Over the last few months, Volexity has been tracking a particularly remarkable advanced persistent threat (APT) operation involving strategic web compromises of websites in Hong Kong and Japan. In both countries, the compromised websites have been particularly notable for their relevance to current events and the high profile nature of the organizations involved. In particular the Hong Kong compromises appear to come on the heels of the Occupy Central Campaign shifting into high gear. These compromises were discovered following the identification of malicious JavaScript that had been added to legitimate code on the impacted websites. This code meant that visitors were potentially subjected to exploit and malicious Java Applets designed to install malware on their systems. While investigating these cases, Volexity also discovered additional APT attack campaigns involving multiple other pro-democratic websites in Hong Kong. These attempts at exploitation, compromise, and digital surveillance are detailed throughout this post. Compromised Pro-Democratic […]