March 10, Softpedia – (International) Exploit code published for Elasticsearch remote code execution flaw. Security researchers at Xiphos Research created an exploit for a glitch in Elasticsearch versions earlier than 1.3.8 and 1.4.3 that allows server-side code execution by passing Groovy code in a search query and executing it in the sandbox. The glitch was patched in updates released February 11. Source
March 10, Threatpost – (International) Yahoo patches critical eCommerce, small business vulnerabilities. Yahoo recently patched vulnerabilities discovered by security researchers that could have allowed attackers to gain complete access to any user-run eCommerce Web site hosted on Yahoo’s eCommerce platform, Yahoo Small Business, including all site administration privileges, access to personally identifiable information, and control over prices of items in any Yahoo store. Source
March 9, Softpedia – (International) Row Hammer DRAM bug exploited, unlocks access to physical memory. Security researchers from Google’s Project Zero leveraged a known vulnerability, dubbed Row Hammer, in some dynamic random-access memory (DRAM) chips to identify one exploit that runs as a Native Client program and escalates privilege to call the host system SYSCALLs directly, and another that runs as a normal process on Linux and escalates privilege and allows access to data in the entire physical memory. Source
March 9, NBC News – (International) FBI investigates possible ISIS supporters’ hack of Western sites. The FBI is investigating after hackers claiming to be affiliated with the Islamic State of Iraq and Syria (ISIS) placed black flags attributed with the group, the words “hacked by ISIS, we are everywhere,” an invalid Facebook address, and an Adobe Flash audio plugin that played a song in Arabic on several U.S. Web sites over the weekend of March 7. Some of the businesses targeted during the attack include a speedway in Ohio, a Goodwill store and digital agency in Missouri, a historic condominium complex in New York, a zoo in California, and restaurants in , and Ohio. Source