The WPSetup Attack: New Campaign Targets Fresh WordPress Installs
Read: https://www.wordfence.com/blog/2017/07/wpsetup-attack/
The best method for “wizzard”-like setups for webapplications is to have the set-up done locally at home, and when the set up is what you like it to be, then you are to rsync it to the webserver, together with the right permissions, security and unnecessary files being deleted.
Even better stil is using git and make sure through a .gitignore that no vulnerable files land onto your live server.
Whenever you do not need an interactive site really, in that case you should make use of a static site generator! (When you need comments on posts you could do that using Disqus - https://gohugo.io/extras/comments/)
For starters there is Hugo, giving the least problems for beginners; http://gohugo.io/
(Info credits go to Soeperees and Neb Poorten, thanks folks)
polonus (volunteer website secruity analyst and website error hunter)
ehmen
5382
polonus
5384
Retire QuickTime for Windows for good, uninstall!
Read why? Re: https://www.us-cert.gov/ncas/bulletins/SB17-191
polonus (volunteer website security analyst and website error-hunter)
polonus
5385
Researchers find up serious holes in Web Ex: https://bugs.chromium.org/p/project-zero/issues/detail?id=1324
11 holes in Radius found in DHCP and RADIUS packet parsers via fuzzing: https://guidovranken.wordpress.com/2017/07/17/11-remote-vulnerabilities-inc-2x-rce-in-freeradius-packet-parsers/
polonus (volunteer website security analyst and website error-hunter)
Advice: always fully patch, upgrade and backup 
D.
A n o t h e r B i g O n e like Wannacry, and again it is with SMB, called SMBloris!
Re: vulnerability affects every version of the SMB protocol and every Windows version dating back to Windows 2000.
It is a a IBM legacy, as SMB v 1 is IBM code.
With this you can bring down a bold Windows-server and crash it just using a Raspberry Pi-computer via a very simple attack!
Insecurity coming to a server near you!
Re: https://www.defcon.org/html/defcon-25/dc-25-speakers.html#Dillon
Re: https://threatpost.com/windows-smb-zero-day-to-be-disclosed-during-def-con/126927/
Not clear yet Windows is ever gonna patch this gaping hole. They said they would not.
MS reacted: For enterprise customers who may be concerned,
we recommend they consider blocking access from the internet to SMBv1.
But also a reversed engineered variant was involved:
Barry Feigenbaum originally designed SMB at IBM with the aim of turning DOS “Interrupt 33” (21h) local file access into a networked file system.[11] Microsoft has made considerable modifications to the most commonly used version. Microsoft merged the SMB protocol with the LAN Manager product which it had started developing for OS/2 with 3Com around 1990, and continued to add features to the protocol in Windows for Workgroups (c.?1992) and in later versions of Windows.
When SMB2 was introduced it brought a number of benefits over SMB1 for third party implementers of SMB protocols. SMB1, originally designed by IBM, was reverse engineered, and later became part of a wide variety of non-Windows operating systems such as Xenix, OS/2 and VMS (Pathworks).
source:
https://en.wikipedia.org/wiki/Server_Message_Block :
polonus
bob3160
5392
One should never pay ransom. :o
DavidR
5393
I’m surprised anyone pays - are you going to trust the crooks that did this - there is no guarantee that even after payment that the encryption can be decrypted/reversed (bad code).
Ransomware surely must be a wakeup call to have a robust backup (off-line) and recovery strategy (hard drive imaging) before anything serious happens and not necessarily ransomware.
By now, you would think that’s the case. I’m always surprised while talking to folks at a presentation, that most people don’t start a recovery and backup strategy till after a disaster of some type has happened. Many think that an infection or a hardware failure only happens to the other person.
That also holds true for secure passwords and the use of 2 factor ID. Most can’t be bothered with the little bit of extra precautions to keep them safe.
Cyber Security Awareness Month is coming up in October. For me it’s a packed month with remote presentations scheduled all over the USA.
Asyn
5395
Pondus
5396
polonus
5397
Incomplete Word Press intsllations, especially on shared hosting, come under attack to be compromised:
https://www.wordfence.com/blog/2017/07/wpsetup-attack/
Best way to generate a non-interactive-site for n00bs: http://gohugo.io/
polonus
