Sunday, April 17, 2016

CMS vulnerabilities and the Panama Papers compromise

If you've followed the Panama Papers leaks, you know that the leaks were a big deal.  They caused the Prime Minister of Iceland to step down.  Calls for officials in other countries to step down have been echoed as well.  This is a certifiable "big deal."

But it could have been prevented with good patching of the CMS.  It appears that the law firm Mossack Fonseca's Wordpress installation was significantly out of date.  The firm was also running a known vulnerable Wordpress plugin called Revolution Slider.

Mossack Fonseca's Drupal "secure client portal" was running a version known to be vulnerable in 2014.  Not patching this critical vulnerability on an Internet facing server for more than a year is beyond negligent.  Calling that same server the "secure client portal" is criminal.

It will be interesting to see whether these vulnerabilities directly contributed to the Panama Papers leaks.  At Rendition Infosec, we see a large number of compromises from unpatched CMS applications.  Some attackers just want to use the platform to send spam or exploit site visitors, while others upload a web shell and pivot into the internal network.  A CMS system can be a great way to deploy your web site, but they require constant patching and maintenance.  Once a vulnerability is announced, you're racing the attackers to get the patch out there for your Internet facing website.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.