A critical vulnerability disclosed last week by the WordPress developers was already exploited and thousands of websites are already hacked, the security firm Sucuri warned on Monday.
At the end of last month, WordPress 4.7.2 was released.The developers of the popular content management system (CMS) informed that the latest version has patched three vulnerabilities, including cross-site scripting (XSS), SQL injection and access control issues.
Just roughly one week later, the developers admitted that the version 4.7.2 patched yet another flaw, described as the unauthenticated privilege escalation and the content injection vulnerability affecting REST API. This security hole allows a hacker to modify the content of any post or page on the targeted site.
This flaw, identified by the researchers at Sucuri, was already disclosedone week after the release of WordPress 4.7.2 just to give users enough time to patch their latest installations. However, according to Sucuri, many of the WordPress websites still have not updated.
Sucuri has tracked four different defacement campaigns. They started seeing the first attacks leveraging this vulnerability in less than 48 hours after the official disclosure.
In one of these campaigns, the attackers replaced the content of more than 60,000 web pages with their “Hacked by” messages. In the other three operations, two of which are sharing a single IP address, have each targeted nearly 500 pages.
The SecurityWeek has noticed that some of the compromised websites have also been re-defaced by a fifth actor. Fortunately, some of the affected sites have already been cleaned up and updated to WordPress 4.7.2.
“There’s already a few exploit attempts that try to add spam images and content to a post. Due to the monetization possibilities, this will likely be the #1 route to abuse this vulnerability,” explained Daniel Cid, CTO and founder of Sucuri.
The company’s WAF network has seen an increasing number of exploit attempts, reaching nearly 3,000 on Monday.
1.5M Unpatched WordPress Sites Hacked
.
Experts say that the attackers have taken a liking to content-injection vulnerability that is disclosed last week which is patched in WordPress 4.7.2. It has been exploited to used to deface 1.5M sites so far.
This issue has evolved into “one of the known worst WordPress related vulnerabilities to come up in some time,” researchers at WordFence, a Seattle-based firm that makes WordPress security plugins, said on Thursday.
WordPress has silently patched this issue. An unauthenticated privilege escalation vulnerability in the REST API endpoint, which is when it pushed version 4.7.2 on Jan. 26. A core developer with in the CMS said the following week that they waited to disclose this vulnerability to ensure that millions of more sites could deploy this update. WordPress has a feature which automatically updates the CMS on the majority number of sites, but some users choose not to use it and test updates before applying them.
Mark Maunder, the WordFence’s Chief Executive Officer, said that researchers have seen the biggest spike in attacks on this Tuesday when the company has blocked roughly 13,000 attacks from campaigns which are 20 and different.
The reason for the influx, Maunder said, is because at the beginning of the week attackers refined their attacks to bypass a rule that WordFence and other companies had implemented. While WordFence was quick to engineer a new rule to prevent the bypass, attackers were still able to succeed in infecting a slew of sites–more than 800,000 over a 48-hour period from Tuesday to Wednesday–he said.
In some instances, hackers are competing to compromise sites that haven’t yet applied the fix. WordFence researchers claim they’ve come across some sites where multiple hackers attempt to take credit on multiple pages for hacking them. The defacing and re-defacing will likely continue until those sites apply the 4.7.2 fix, Maunder says.
0 comments:
Post a Comment
Please Post Se Related comment Karen.Shukria