WordPress is currently attacked by a new plugin bug, triggering an internet-wide hacking spree. On Friday, Sept. 4, Defiant, the company behind the Wordfence web firewall, said that millions of WordPress sites were attacked and probed this week.

Also Read: Cambridge Assessment Reported Flaws On Grading Algorithm Two Weeks BeforeUnfair and InconsistentResults Are Released

Hackers discovered a zero-day vulnerability inFile Manager,” a popular WordPress plugin installed on more than 700,000 sites. They started exploiting it, leading to the sudden spike of malicious attacks.

Also Read: 11 Million InmatesPersonal Convos With Their Families Leaked; Did Telmate Expose Its Data Online?

The cyber attackers used zero-day, an unauthenticated file upload vulnerability, to send malicious files on a site running an older version of the File Manager plugin. They started attacking the websites that have the plugin installed.

Once they successfully attacked the sites, they’ll upload a web shell, disguised inside an image file on the victim’s server, by exploiting the zero-day. They would then take over the victim’s site, trapping it inside a botnet, by accessing the web shell.

Attacks against this vulnerability have risen dramatically over the last few days,” said the Ram Gall, a Defiant’s Threat Analyst.

On Friday, Sept. 4, Defiant recorded 1 million WordPress sites attacks, showing that the probes started slow but intensified throughout the week. Gall said that Defiant quickly addressed the issue, blocking malicious attacks against more than 1.7 million sites since Sept. 1.

The total number of breached sites is more than half of the number of WordPress sites using the WordFence web firewall. However, since WordPress is installed in hundreds of millions of sites, Gall concludes that the attackstrue scale is even greater than what they’ve recorded.

Hackers could still be attacking and probing other WordPress websites. To prevent further breaches, the File Manager developer team developed and released a patch for the zero-day, the same day it discovered the attacks.

Some websites already downloaded the patch, while others are still lagging. Because of their slowness in patching, the WordPress developer team added anauto-updatefeature for WordPress plugins and themes. The site owners can configure plugins and themes in WordPress 5.5.

They can auto-update themselves every time a new update is released to make sure that their websites have the latest version of plugin or theme, that would help them prevent further attacks.

Also Read: LAPD’s BMW i3s Sold For Less Than $18,000 After Mayor Garcetti Failed to go Green?

By clicking on ‘Submit’ button above, you confirm that you accept Tech Times Terms & Conditions

Source: https://www.techtimes.com/articles/252312/20200906/wordpress-faces-world-wide-hacking-spree-the-plugin-bug-uploads-malicious-files.htm

World news – GB – New Plugin Bug Attacks Millions of WordPress Sites

Building on its expertise in the areas of digital, technologies and processes , CSS Engineering you in your most ambitious transformation projects and helps you bring out new ideas, new offers, new modes of collaboration, new ways of producing and selling.

CSS Engineering is involved in projects each customer as if it were his own. We believe a consulting company should be more than an advisor. We put ourselves in the place of our customers, to align we incentives to their goals, and collaborate to unlock the full potential their business. This establishes deep relationships and enjoyable.

Our services:

  1. Create professional websites
  2. Hosting high performance and unlimited
  3. Sale and video surveillance cameras installation
  4. Sale and Installation of security system and alarm
  5. E-Marketing

All our achievements here https://www.css-engineering.com/en/works/


Please enter your comment!
Please enter your name here