roby3493
Long-Tail Strategist
LEVEL 1
400 XP
Attackers exploit old XSS vulnerabilities in non-updated plugins and themes
Cybercriminals launched a new large-scale malicious campaign against sites running WordPress. Attackers exploit old cross-site scripting (XSS) vulnerabilities in non-updated plugins and steal site configuration files (wp-config.php) that contain logins and passwords for accessing databases, connection information, unique authentication keys, and salt.
According to a Wordfence blog, the scale of the new operation far exceeds the scale of typical cyber attacks observed by researchers on a daily basis. At the height of the campaign on May 30, it accounted for 75% of all attempts to exploit vulnerabilities in plugins and themes throughout the WordPress ecosystem.
On May 29-31, Wordfence blocked more than 130 million attempts to exploit vulnerabilities on 1.3 million sites. However, the actual scale of the attacks can be much higher, since the company only takes into account attempts blocked by its Wordfence Firewall security solution.
According to the researchers, behind the new campaign are cybercriminals who in the past have already carried out similar operations on the mass exploitation of old XSS vulnerabilities. They used 20 thousand different IP addresses, which are also used in the new campaign. However, now the attackers have added to their list of victims another million sites that have not been attacked before.
Edited by Artjkee510188, 15 June 2020 - 04:41 PM.
Cybercriminals launched a new large-scale malicious campaign against sites running WordPress. Attackers exploit old cross-site scripting (XSS) vulnerabilities in non-updated plugins and steal site configuration files (wp-config.php) that contain logins and passwords for accessing databases, connection information, unique authentication keys, and salt.
According to a Wordfence blog, the scale of the new operation far exceeds the scale of typical cyber attacks observed by researchers on a daily basis. At the height of the campaign on May 30, it accounted for 75% of all attempts to exploit vulnerabilities in plugins and themes throughout the WordPress ecosystem.
On May 29-31, Wordfence blocked more than 130 million attempts to exploit vulnerabilities on 1.3 million sites. However, the actual scale of the attacks can be much higher, since the company only takes into account attempts blocked by its Wordfence Firewall security solution.
According to the researchers, behind the new campaign are cybercriminals who in the past have already carried out similar operations on the mass exploitation of old XSS vulnerabilities. They used 20 thousand different IP addresses, which are also used in the new campaign. However, now the attackers have added to their list of victims another million sites that have not been attacked before.
Edited by Artjkee510188, 15 June 2020 - 04:41 PM.