February 17, SecurityWeek – (International) Flaw allowed attackers to bypass FireEye detection engine. FireEye released patches fixing an evasion technique vulnerability in its Virtual Execution Engine (VXE), Network Security (NX), Email Security (EX), File Content Security (FX), and Malware Analysis (AX) products after researchers from Blue Frost Security discovered that attackers could bypass the company’s detection engine and temporarily whitelist malware by copying the system engine’s binary into a virtual machine with the name “malware.exe” and rename the file to its original filename, which would avoid detection due to the lack of sanitization within the original filename. Once the file is labeled as non-malicious, its MD5 hash is added to a list of binaries that attackers can later use to attack the system with an arbitrary file name. Source
February 17, Softpedia – (International) 26,000 WordPress sites leveraged in layer 7 DDoS attack. A security researcher from Sucuri released instructions on how to prevent a new Layer 7 distributed denial-of-service (DDoS) attack on 26,000 WordPress websites that previously allowed attackers to abuse the WordPress WML-RPC service to throttle pingback requests to the victim’s website while sending the pingback requests via Hypertext Transfer Protocol (HTTP), which forced the central processing unit (CPU) to go into overdrive as it handled multiple encrypted connections. Source