WordPress is currently attacked by a new plugin bug, triggering an internet-wide hacking spree. On Friday, Sept. 4, Defiant, the company behind the Wordfence web firewall, said that millions of WordPress sites were attacked and probed this week.

Also Read: Cambridge Assessment Reported Flaws On Grading Algorithm Two Weeks Before “Unfair and Inconsistent” Results Are Released

Hackers discovered a zero-day vulnerability in “File Manager,” a popular WordPress plugin installed on more than 700,000 sites. They started exploiting it, leading to the sudden spike of malicious attacks.

Also Read: 11 Million Inmates’ Personal Convos With Their Families Leaked; Did Telmate Expose Its Data Online?

The cyber attackers used zero-day, an unauthenticated file upload vulnerability, to send malicious files on a site running an older version of the File Manager plugin. They started attacking the websites that have the plugin installed.

Once they successfully attacked the sites, they’ll upload a web shell, disguised inside an image file on the victim’s server, by exploiting the zero-day. They would then take over the victim’s site, trapping it inside a botnet, by accessing the web shell.

“Attacks against this vulnerability have risen dramatically over the last few days,” said the Ram Gall, a Defiant’s Threat Analyst.

On Friday, Sept. 4, Defiant recorded 1 million WordPress sites attacks, showing that the probes started slow but intensified throughout the week. Gall said that Defiant quickly addressed the issue, blocking malicious attacks against more than 1.7 million sites since Sept. 1.

The total number of breached sites is more than half of the number of WordPress sites using the WordFence web firewall. However, since WordPress is installed in hundreds of millions of sites, Gall concludes that the attacks’ true scale is even greater than what they’ve recorded.

Hackers could still be attacking and probing other WordPress websites. To prevent further breaches, the File Manager developer team developed and released a patch for the zero-day, the same day it discovered the attacks.

Some websites already downloaded the patch, while others are still lagging. Because of their slowness in patching, the WordPress developer team added an “auto-update” feature for WordPress plugins and themes. The site owners can configure plugins and themes in WordPress 5.5.

They can auto-update themselves every time a new update is released to make sure that their websites have the latest version of plugin or theme, that would help them prevent further attacks. 

Also Read: LAPD’s BMW i3s Sold For Less Than $18,000 After Mayor Garcetti Failed to go Green?

By clicking on ‘Submit’ button above, you confirm that you accept Tech Times Terms & Conditions

Source: https://www.techtimes.com/articles/252312/20200906/wordpress-faces-world-wide-hacking-spree-the-plugin-bug-uploads-malicious-files.htm

World news – GB – New Plugin Bug Attacks Millions of WordPress Sites

En s’appuyant sur ses expertises dans les domaines du digital, des technologies et des process , CSS Engineering vous accompagne dans vos chantiers de transformation les plus ambitieux et vous aide à faire émerger de nouvelles idées, de nouvelles offres, de nouveaux modes de collaboration, de nouvelles manières de produire et de vendre.

CSS Engineering s’implique dans les projets de chaque client comme si c’était les siens. Nous croyons qu’une société de conseil devrait être plus que d’un conseiller. Nous nous mettons à la place de nos clients, pour aligner nos incitations à leurs objectifs, et collaborer pour débloquer le plein potentiel de leur entreprise. Cela établit des relations profondes et agréables.

Nos services:

  1. Création des sites web professionnels
  2. Hébergement web haute performance et illimité
  3. Vente et installation des caméras de vidéo surveillance
  4. Vente et installation des système de sécurité et d’alarme
  5. E-Marketing

Toutes nos réalisations ici https://www.css-engineering.com/en/works/


Please enter your comment!
Please enter your name here