Monday, February 13, 2017
1.5M Unpatched WordPress Sites Hacked
Experts
say that the attackers have taken a liking to content-injection vulnerability
that is disclosed last week which is patched in WordPress 4.7.2. It has been
exploited to used to deface 1.5M sites so far.
This issue has evolved into “one of the known worst
WordPress related vulnerabilities to come up in some time,” researchers
at WordFence, a Seattle-based firm that makes WordPress security plugins, said
on Thursday.
WordPress has silently patched this issue.
An unauthenticated privilege escalation vulnerability in the REST API endpoint,
which is when it pushed version 4.7.2 on Jan. 26. A core developer with in
the CMS said the following week that they waited to disclose this vulnerability
to ensure that millions of more sites could deploy this update. WordPress has a
feature which automatically updates the CMS on the majority number of sites,
but some users choose not to use it and test updates before applying them.
Mark
Maunder, the WordFence’s Chief Executive Officer, said that researchers have
seen the biggest spike in attacks on this Tuesday when the company has blocked
roughly 13,000 attacks from campaigns which are 20 and different.
The reason for the influx,
Maunder said, is because at the beginning of the week attackers refined their
attacks to bypass a rule that WordFence and other companies had implemented.
While WordFence was quick to engineer a new rule to prevent the bypass,
attackers were still able to succeed in infecting a slew of sites–more
than 800,000 over a 48-hour period from Tuesday to Wednesday–he said.
In some instances, hackers
are competing to compromise sites that haven’t yet applied the fix. WordFence
researchers claim they’ve come across some sites where multiple hackers attempt
to take credit on multiple pages for hacking them. The defacing and re-defacing
will likely continue until those sites apply the 4.7.2 fix, Maunder says.
Subscribe to:
Post Comments
(
Atom
)
No comments :
Post a Comment