Resultados 1 a 3 de 3
  1. #1
    WHT-BR Top Member
    Data de Ingresso
    Dec 2010
    Posts
    18,573

    [EN] WordPress Bug Allows Hackers to Alter Website Content

    Karen Riccio
    February 7, 2017

    A WordPress bug called REST API Endpoint allowed more than 67,000 websites to be hacked over the past two weeks, but the company has since rolled out a new version of the content management software with a patch to fix the problem, according to bleepingcomputer.com. The bug enabled hackers to infiltrate back end systems and change or inject words within content.

    Although web security firm Sucuri informed WordPress back on Jan. 20 about the vulnerability to sites using 4.7 and 4.71 versions, the two companies decided to wait until last week to publicly announce the bug until it could successfully roll out a fix in WordPress 4.72, said Sucuri security researcher Marc-Alexandre Montpas in a blog post. If your website is one of the 27 percent of all sites that use WordPress–Data Center Knowledge being one–Sucuri highly recommends that you update to 4.7.2 as soon as possible.

    We have here, but not before a few headlines on Data Center Knowledge were altered to read “Hacked by (insert group name here)”. Sucuri also warned that version 4.7.2 may not automatically update even if that feature is turned on in WordPress.

    “Due to this type-juggling issue, it is then possible for an attacker to change the content of any post or page on a victim’s site,” Montpas wrote. “From there, they can add plugin-specific short codes to exploit vulnerabilities (that would otherwise be restricted to contributor roles), infect the site content with an SEO spam campaign, or inject ads, etc.”

    Although thousands of site were compromised, and until recently continued at the pace of 3,000 defacements a day, according to bleepingcomputer.com, it would have been even more widespread had the public been notified of the bug right away.

    “We believe transparency is in the public’s best interest,” WordPress Core Contributor Aaron Campbell wrote in a blog post. “It is our stance that security issues should always be disclosed. In this case, we intentionally delayed disclosing this issue by one week to ensure the safety of millions of additional WordPress sites.”

    http://www.datacenterknowledge.com/a...bsite-content/

  2. #2
    WHT-BR Top Member
    Data de Ingresso
    Dec 2010
    Posts
    18,573

    Faille critique WordPress 4.7.1: 150 000 sites piratés en une semaine



    Sucuri dévoile les adresses IP utilisées par le groupe de pirates w4l3XzY3 :

    • 176.9.36.102
    • 185.116.213.71
    • 134.213.54.163
    • 2A00: 1a48: 7808: 104: 9b57: dda6: eb3c: 61e1


    Quant aux trois autres campagnes lancées par Cyb3r-Shia, By+NeT.Defacer et By+Hawleri_hackequi, Sucuri a identifié les adresses IP ci-dessous :

    • 37.237.192.22
    • 144.217.81.160


    https://www.undernews.fr/hacking-hac...e-semaine.html

  3. #3
    WHT-BR Top Member
    Data de Ingresso
    Dec 2010
    Posts
    18,573

    A Feeding Frenzy to Deface WordPress Sites

    This vulnerability has resulted in a kind of feeding frenzy where attackers are competing with each other to deface vulnerable WordPress websites. During the past 48 hours we have seen over 800,000 attacks exploiting this specific vulnerability across the WordPress sites we monitor.


    Mark Maunder
    February 9, 2017

    In this report we share data on the ongoing flood of WordPress REST-API exploits we are seeing in the wild. We include data on 20 different site defacement campaigns we are currently tracking.

    We show how attackers have switched to the REST-API exploit and how it has increased their success rates. We have also seen an evolution in the attack method targeting the REST-API exploit and have evolved our rule-set accordingly. We also demonstrate how hackers are competing to deface sites using the REST-API exploit.


    ...

    Success Rates for REST-API Attack Campaigns

    To determine which campaigns have the highest success rate, we did a Google search for each campaign name in quotes. This gives us an indication of the approximate number of defaced pages per campaign. The actual numbers are in the table above in the far right column.




    ...


    Hackers Competing to Compromise Sites

    In some cases we are seeing hackers competing to deface sites. On the defaced page below you can see HolaKo has defaced the current page, and the link to the next page shows that the following page is defaced by ‘Imam’.




    ...





    ....




    https://www.wordfence.com/blog/2017/...rdpress-sites/
    Última edição por 5ms; 11-02-2017 às 19:58.

Permissões de Postagem

  • Você não pode iniciar novos tópicos
  • Você não pode enviar respostas
  • Você não pode enviar anexos
  • Você não pode editar suas mensagens
  •