EC-Council you never fail to disappoint... website infected with Angler exploit kit
Their website was discovered to be infected with the Angler exploit kit.
https://twitter.com/ydklijnsma/status/712623731319943168
You would think they could put some of those yearly fees into keeping their website secure
https://twitter.com/ydklijnsma/status/712623731319943168
You would think they could put some of those yearly fees into keeping their website secure
2019: GPEN | GCFE | GXPN | GICSP | CySA+
2020: GCIP | GCIA
2021: GRID | GDSA | Pentest+
2022: GMON | GDAT
2023: GREM | GSE | GCFA
WGU BS IT-NA | SANS Grad Cert: PT&EH | SANS Grad Cert: ICS Security | SANS Grad Cert: Cyber Defense Ops | SANS Grad Cert: Incident Response
2020: GCIP | GCIA
2021: GRID | GDSA | Pentest+
2022: GMON | GDAT
2023: GREM | GSE | GCFA
WGU BS IT-NA | SANS Grad Cert: PT&EH | SANS Grad Cert: ICS Security | SANS Grad Cert: Cyber Defense Ops | SANS Grad Cert: Incident Response
Comments
-
danny069 Member Posts: 1,025 ■■■■□□□□□□Hmm...seems like they need a CEHI am a Jack of all trades, Master of None
-
TechGuru80 Member Posts: 1,539 ■■■■■■□□□□
-
renacido Member Posts: 387 ■■■■□□□□□□I'm sure they outsource hosting of their public website. But this is no excuse.
A lot of companies don't hold service providers accountable - require SOC-2 reports, audits, etc. EC-Council should know better. Could be the hosting provider aren't on top of their game.
One of the downsides of outsourcing - the provider never cares as much about your stuff as you do (or should). -
iBrokeIT Member Posts: 1,318 ■■■■■■■■■□This isn't the first time they've been pwned, or second time....2019: GPEN | GCFE | GXPN | GICSP | CySA+
2020: GCIP | GCIA
2021: GRID | GDSA | Pentest+
2022: GMON | GDAT
2023: GREM | GSE | GCFA
WGU BS IT-NA | SANS Grad Cert: PT&EH | SANS Grad Cert: ICS Security | SANS Grad Cert: Cyber Defense Ops | SANS Grad Cert: Incident Response -
OctalDump Member Posts: 1,722I imagine they would be a popular target. I guess I'll wait for a notification that my PII has been compromised.2017 Goals - Something Cisco, Something Linux, Agile PM
-
gespenstern Member Posts: 1,243 ■■■■■■■■□□Well, it's not that bad, considering that Angler EK delivered TeslaCrypt as of recently through advertisement on major websites including forbes.com and the likes.
-
JockVSJock Member Posts: 1,118I'm sure they outsource hosting of their public website. But this is no excuse.
The SLA should state that all employees must have C|EH...oh wait, that would probably increase EC-Council's cost.EC-Council should know better.
From what others have said on this site and my interactions with them, EC-Council and professionalism doesn't go hand-in-hand.***Freedom of Speech, Just Watch What You Say*** Example, Beware of CompTIA Certs (Deleted From Google Cached)
"Its easier to deceive the masses then to convince the masses that they have been deceived."
-unknown -
YFZblu Member Posts: 1,462 ■■■■■■■■□□gespenstern wrote: »Well, it's not that bad, considering that Angler EK delivered TeslaCrypt as of recently through advertisement on major websites including forbes.com and the likes.
Did you actually look at the tweet the OP linked to? This wasn't some ad-rotator - the Wordpress instance eccouncil hosts their web content on was compromised. -
Mike7 Member Posts: 1,112 ■■■■□□□□□□Yup. WordPress 4.2.2 on Windows Server 2012 R2 (IIS 8.5) and PHP 7.0.
Info can be seen from any browser built-in developer tool or via https://sitecheck.sucuri.net/results/iclass.eccouncil.org
Probably infected via either WordPress or plugin vulnerability.
EC Council should update their WordPress and related plugins. Version 4.2.2 was released May last year, the latest version is 4.4.2 (with 4.5 coming soon), and there were a couple of critical security patches since 4.2.2.
FWIW, WordPress versions since 3.7 will automatically update to newer versions. Guess the web design company or whoever maintain the site disabled the auto update feature. -
Iristheangel Mod Posts: 4,133 ModOuch.
I definitely don't regret letting those EC-Council certs expire in February. I would have never gotten them in the first place if it wasn't part of my degree at WGU. What a trainwreck... -
JockVSJock Member Posts: 1,118Iristheangel wrote: »
I definitely don't regret letting those EC-Council certs expire in February. I would have never gotten them in the first place if it wasn't part of my degree at WGU. What a trainwreck...
Wow...With this much brouhaha surrounding C|EH and EC-Council and their professionalism, I'm beginning to doubt my endeavor and allocation of time and energy towards this cert.***Freedom of Speech, Just Watch What You Say*** Example, Beware of CompTIA Certs (Deleted From Google Cached)
"Its easier to deceive the masses then to convince the masses that they have been deceived."
-unknown -
Danielm7 Member Posts: 2,310 ■■■■■■■■□□Ugh, wordpress, come on! And they wonder why they get such a bad rap.
-
LinuxRacr Member Posts: 653 ■■■■□□□□□□And I actually have been considering getting the C|EH en route to getting the OSPC and the CISSP.....My WGU B.S. IT - Security Progress : Transferred In|Remaining|In Progress|Completed
AGC1, CLC1, GAC1, INC1, CTV1, INT1, BVC1, TBP1, TCP1, QLT1, HHT1, QBT1, BBC1 (39 CUs), (0 CUs) (0 CUs)
WFV1, BNC1, EAV1, EBV1, COV1 | MGC1, IWC1 | CQV1, CNV1, IWT1, RIT1 | DRV1, DSV1, TPV1, CVV1 | EUP1, EUC1, DHV1| CUV1, C173 | BOV1, CJV1, TXP1, TXC1 | TYP1, TYC1, SBT1, RGT1 (84 CUs) DONE! -
EngRob Member Posts: 247 ■■■□□□□□□□636-555-3226 wrote: »Wordpress compromised... Who would of thought.....
That's never happened before.... -
cyberguypr Mod Posts: 6,928 ModThe way I see the problem is not the mere fact that they have been compromised. To me the issue is the sum of all the little things here and there that have gone wrong with them: security, over-priced product, spelling, lousy support, pushing AMFs just because they can, etc.
Great to go past the HR goon in an organization that doesn't know better, but that's it. -
dustervoice Member Posts: 877 ■■■■□□□□□□I'm sure the hacker was just practicing for CEH with some old tools.
-
Mike7 Member Posts: 1,112 ■■■■□□□□□□Ugh, wordpress, come on! And they wonder why they get such a bad rap.
Not dissimilar to how most of us on Windows apply patches regularly and have anti-virus software installed.
This is something else.... -
tpatt100 Member Posts: 2,991 ■■■■■■■■■□Stuff happens but the lack of response when an issue is reported is a big problem in my eyes.
-
chopsticks Member Posts: 389Major security certification group ignored private warnings for more than 3 days
For the past four days, including during the hour that this post was being prepared on Thursday morning, a major security certification organization has been spreading TeslaCrypt malware—despite repeated warnings from outside researchers.
EC-Council, the Albuquerque, New Mexico-based professional organization that administers the Certified Ethical Hacker program, started spreading the scourge on Monday. Shortly afterward, researchers from security firm Fox IT notified EC-Council officials that one of their subdomains—which just happens to provide online training for computer security students—had come under the spell of Angler, a toolkit sold online that provides powerful Web drive-by exploits. On Thursday, after receiving no reply and still detecting that the site was infected, Fox IT published this blog post, apparently under the reasonable belief that when attempts to privately inform the company fail, it's reasonable to go public.
Like so many drive-by attack campaigns, the one hitting the EC-Council is designed to be vexingly hard for researchers to replicate. It targets only visitors using Internet Explorer and then only when they come to the site from Google, Bing, or another search engine. Even when these conditions are met, people from certain IP addresses—say those in certain geographic locales—are also spared. The EC-Council pages of those who aren't spared then receive embedded code that redirects the browser to a chain of malicious domains that host the Angler exploits.
More details and reading -->
Certified Ethical Hacker website caught spreading crypto ransomware | Ars Technica -
Mike7 Member Posts: 1,112 ■■■■□□□□□□
-
thomas_ Member Posts: 1,012 ■■■■■■■■□□Kind of reminds me of the time when I was searching for Mike Meyers' website in google, to see that his website's meta tags had been maliciously changed. I sent them an email about it. Apparently their site had been hacked recently.
-
bigdogz Member Posts: 881 ■■■■■■■■□□Thanks for not disappointing, EC Council. Just when we thought you might have your act together we are proven wrong again and again.
There should be a certification to find all of the exploits in their infrastructure. It might be a better certification path. -
markulous Member Posts: 2,394 ■■■■■■■■□□cyberguypr wrote: »The way I see the problem is not the mere fact that they have been compromised. To me the issue is the sum of all the little things here and there that have gone wrong with them: security, over-priced product, spelling, lousy support, pushing AMFs just because they can, etc.
Great to go past the HR goon in an organization that doesn't know better, but that's it.
Agreed. If it weren't for the fact that I get away from Taskstream, I wouldn't be quite as thrilled about taking the CEH and CHFI. Even with all these issues, EC Council is still the lesser of those two evils IMO. -
TechGromit Member Posts: 2,156 ■■■■■■■■■□To be fair, quite a number of web sites are on WordPress and we do not read about their sites being compromised.
Yes, but this is a cyber security related company, you would think they be on top of there game, everyone get compromised time to time, but usually it's caught within hours, and doesn't drag on for days. It's kinda like the fire department house buring to the ground or the police station getting robbed.Still searching for the corner in a round room. -
cyberguypr Mod Posts: 6,928 ModBack to my point about the sum of all parts. This is not an isolated event.
Errata: Charlatan - EC-Council (ECC) -
[Deleted User] Senior Member Posts: 0 ■■□□□□□□□□Remember though, nobody can detect 100% of anything. Even if you look at the vulnerability database https://nvd.nist.gov/ it would be impossible to stop it all as things are updated every minute with new vulnerabilities. Not all threats can be stopped. If there was a 100% security protection solution then there would be no need for security professionals and most of us here wouldn't have jobs. I'm even willing to bet that this site is vulnerable to some form of XSS or CSRF and this is a forum for IT pros and IT certifications. Even look at OSCP certification they even offer a bounty program for finding vulnerabilities on their site and they are top of the line for pen testing certs: https://www.offensive-security.com/bug-bounty-program/ That is my 2 cents on this at least.
-
tpatt100 Member Posts: 2,991 ■■■■■■■■■□I think how a company reacts to a security incident is the most important thing. My opinion of EC dropped a lot initially because a few years ago their website was full of broken links. If it wasn't for WGU I wouldn't of ever taken any of their tests because it's a bad sign when you are trying to sell me on taking a cert of yours and your links to more information are all broken.
-
wayne_wonder Member Posts: 215 ■■■□□□□□□□You can bash them but they kee getting people to take their exams regardless and job postings around the world want Ceh or chfi so they can't be doing too bad.