Hello, welcome to the Thursday, October 18th, 2018 edition of the Sansonet Storm Center's Stormcast.

My name is Johannes Ulrich, and I'm recording from McLean, Virginia.

Today we've got yet another example why it's so important to watch for any code that you are including from third party sites in

your website.

The latest example here comes from new share counts.

New share counts was sort of a Twitter plugin button that you could display on your webpage

in order to display the number of likes and follows and the like.

Well, it turns out that back in July, this service actually ceased to exist.

And more recently, the service was apparently taken over and abused in order to redirect users to malicious websites.

In order to include this counter on your website, all you needed to do was add the Newshare

Count JavaScript to your site, which was loaded from the Newsharecount.com website. So this

wasn't JavaScript that you downloaded and installed on your server.

So once the domain changed hands, apparently the new owner or whoever is control of that site now

swapped out the JavaScript and it will now redirect users to scams.

Overall, the script doesn't seem to be super popular, something like 800 plus sites, according

to Sukuri, but it's probably just one of many similar scripts that people are including

in their sites without due diligence and monitoring these scripts for any changes.

Now, you can use sub-resource integrity SRI in order to protect yourself somewhat.

Of course, that requires that you are actually being notified by the legitimate owner off the site you're loading scripts from whenever you need to update this particular feature.

And Polish researcher, Pl Dumchick released three different vulnerabilities affecting, I believe,

about eight different models of D-Link routers.

The first one is a simple directory traversal.

...