Skip to main content
SiteGround security incident | What happened?
If you like what I do in hacking and want to support, I invite you to visit our store to buy cheap and exclusive nfts: https://mintable.app/u/cha0smagick
🔥 Pros & cons of Siteground: https://ift.tt/eIdaV7v ✅ Save up to 80% from the most secure hosting: https://ift.tt/8ZLpMV2 🚨 A potentially catastrophic vulnerability found in a Wordpress plugin with over 400,000 installs? But first, let’s put it into perspective! How did this happen? Is SiteGround still one of the best hosting providers? SiteGround is one of the biggest hosting providers in the industry. Often praised for their useful, custom build security plugin - SiteGround security. Seeing as its available with every new website, you’d expect it to heighten your websites security, at the very least! 👉 Though, to go back to where it all began, we’ve got to jump to March 10th. When the reviewing and analyzing of SiteGround Security plugin led to a discovery of two Authentication Bypass Vulnerabilities. At this point, full disclosure details were sent to SiteGround in accordance with their responsible disclosure policy. 👉 How did this bypass work? As I said, SiteGround allows you to set up two-factor Authentication. Though, to fully activate this, every user needs to log back into their site to "complete" the 2FA setup. And the most alarming part, the plugin had a vulnerability, where the hijackers could just skip the first step that requires a login and password for that user… no username or password required? Jeeze! 👉 Fast forward to March 11th - SiteGround informed us that it has researched the problem and released a patch for all of its hosting users. So a transparent move on their part…Though, unfortunately it didn’t end here. 👉 The second vulnerability was in how SiteGround stored 2FA backup data. Basically, there were no checks to validate that a user was authorized to use a backup code to perform the second factor of authentication that would log them in. So anyone using brute force or SQL injection could potentially "pose" as an editor or administrator. 👉 We end March 11th with the release of version 1.2.3. Of SiteGrounds Security Plugin... 👉 April 6th - Only now, around 25 days AFTER these vulnerabilities were detected, did SiteGround release version 1.2.6. Fixing the issue for all users. 👉 Okay, the aftermath of such a vulnerability? A.k.a How many websites were destroyed? To our best knowledge luckily not a single one. That’s something we shouldn’t forget, it was a vulnerability that had the potential to cause a lot of damage, but thankfully, there was none! But I wanted to talk about it since THERE WAS a huge vulnerability for nearly a month on a security plugin that is meant to do the opposite. 💣 Siteground: still the best hosting option?💣 ➡️ There is and never will be one security tool or feature that you can just "turn on" and be safe forever and ever and ever… Malicious actors improve their exploit game every day and will find a way to use every angle available. SiteGround, is for sure a reputable option still. They were transparent in this situation, they reacted, and thankfully no websites actually got compromised. I’d always recommend doing your research, and making sure the provider has great security practises. ✅ Very fast page load times ✅ Servers in 4 continents ✅ Innovative speed boosting tech ✅ Free daily backups ✅ Strong in-house security tools -------------------------------------------------------------------------------- Read more on secure hosting: https://ift.tt/rLfMg8X -------------------------------------------------------------------------------- Wordfence discovery: https://ift.tt/3RNog1A -------------------------------------------------------------------------------- About us: our dedicated team of security researchers and investigative journalists regularly delves into previously unexplored depths of online security and privacy in order to shed light on stories that often have an unseen influence on the online world at large. A number of our investigations and reports have been featured by industry-related publications and global news leaders like Forbes, PC mag, Techradar. 👍 Slam the subscribe button for weekly content! 👍 -------------------------------------------------------------------------------- 0:00 Vulnerability found in Wordpress plugin 0:26 How did this all begin? 2:05 Sitegrounds first move 3:01 March 16th: bypassing the problem 3:46 25 days after the discovery 4:00 The damage? 5:15 Is Siteground still a legit choice? -------------------------------------------------------------------------------- Keep up to date with the latest news: ➡️ Visit our site https://cybernews.com/ ➡️ Facebook https://ift.tt/Lk89UpM ➡️ Twitter https://twitter.com/cybernews ➡️ #cybernews #Cybernewsexplained #wordpresssecurity #siteground #wordpress #2fa #sitegroundsecurity #hosting
For more hacking info and tutorials visit: https://sectemple.blogspot.com/
Hello and welcome to the temple of cybersecurity. If you are looking for tutorials and all the news about the world of hacking and computer security, you have come to the right place. We invite you to subscribe to our newsletter in the box at the top and to follow us on our social networks:
Twitter: https://twitter.com/freakbizarro
Facebook: https://web.facebook.com/sectempleblogspotcom/
Discord: https://discord.gg/5SmaP39rdM
We also invite you to visit the other blogs in our network, where you can find something for every taste.
https://elantroposofista.blogspot.com/
https://gamingspeedrun.blogspot.com/
https://skatemutante.blogspot.com/
https://budoyartesmarciales.blogspot.com/
https://elrinconparanormal.blogspot.com/
https://freaktvseries.blogspot.com/
#hacking, #infosec, #tutorial, #bugbounty, #threathunting, #opensource, #pentest, #pentesting, >
Comments
Post a Comment