Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Wordpress kept Zero-day vulnerability a secret for a week, which was used by hackers.
#1
Thousands of Unpatched WordPress Sites Hacked via Exposed Vulnerability
That zero-day vulnerability WordPress kept a secret for a week is being used by hackers on unpatched sites

That critical WordPress vulnerability that got everyone talking last week has already been exploited by thousands of hackers.

According to security firm Sucuri, thousands of websites have been hacked solely because the admins did not bother to make an update to their WordPress, as advised by the company.


If you’ll remember, it was two weeks ago that WordPress came out and said that it had rolled out a security update for three vulnerabilities. The blog post was pretty short and didn’t reveal much; it just left everyone wondering why there was an update so soon after the previous one.

One week later, WordPress came clean and explained that there had been a huge vulnerability implemented along with that previous security update which allowed hackers remote unauthorized access to edit or delete WordPress pages.

The vulnerability had been spotted by Sucuri and reported back to WordPress. The week of silence on the issue was supposed to allow everyone to accept the update on their systems if the automated updating feature was shut down. That wasn’t the case, however, as Sucuri points out, as the attacks started pouring in less than 48 hours after the disclosure.

Defacing and spamming

The company revealed that they are currently tracking four different hacking groups doing mass scans and exploits attempts across the Internet. One of the defacers has already compromised over 66,000 pages, and the number will likely increase. There are several IP addresses used for the job, and the group behind the attack seems to be w4l3XzY3. The security firm recommends blocking four IP addresses or investigating their activity via logs - 176.9.36.102, 185.116.213.71, 134.213.54.163,  2a00:1a48:7808:104:9b57:dda6:eb3c:61e1.

A second campaign has hit about 500 pages so far, but it only started out recently. The IP address behind the defacer is 37.237.192.22 so you might want to block that one too if you haven’t updated yet. The group behind it is Cyb3r-Shia.

A third campaign has compromised over 500 pages thus far. Behind the 144.217.81.160 IP address, there are two defacers – By+NeT.Defacer and By+Hawleri_hacker.

While the defacing campaigns are likely to drop in the days to come, there are still some ways in which this security problem could be troublesome. Sucuri points out that they expect there’s going to be a lot more SEO spam. A few exploits are already trying to add spam images and content to posts which could result in monetization opportunities for the hackers.

[Image: 3bLKdQAl.jpg]

Source: http://news.softpedia.com/news/thousands...2691.shtml
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  WordPress Websites Attacked via File Manager Plugin Vulnerability mrtrout 0 964 09-03-2020 , 09:49 PM
Last Post: mrtrout
  Hackers are targeting other hackers by infecting their tools with malware dhruv2193 0 1,852 03-12-2020 , 12:16 PM
Last Post: dhruv2193
  Hackers are targeting other hackers by infecting their tools with malware sidemoon 0 2,528 03-10-2020 , 03:55 PM
Last Post: sidemoon
  Critical Bugs in WordPress Plugins Let Hackers Take Over Sites tarekma7 0 1,413 02-29-2020 , 07:22 PM
Last Post: tarekma7
  Infected WordPress Sites Are Attacking Other WordPress Sites Mohammad.Poorya 0 1,786 12-08-2018 , 06:00 PM
Last Post: Mohammad.Poorya



Users browsing this thread: 2 Guest(s)