1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Millions of WordPress sites are being scanned for potential attac

    From TechnologyDaily@1337:1/100 to All on Fri Jul 15 14:30:04 2022
    Millions of WordPress sites are being scanned for potential attacks

    Date:
    Fri, 15 Jul 2022 13:26:42 +0000

    Description:
    Hackers hunt for a vulnerable WordPress plugin abandoned by its developers that could offer a security backdoor.

    FULL STORY ======================================================================

    Cybercriminals have spotted an abandoned WordPress plugin that is vulnerable to a high-severity flaw, and are now on the hunt for any websites using it.

    Security firm Wordfence found that since July 4, cybercriminals have scanned almost 1.6 million WordPress site in search of the vulnerable plugin.

    Luckily, only a small portion of websites are running the plugin, significantly reducing the potential threat landscape. Half a million attacks a day

    The plugin in question is called Kaswara Modern WPBakery Page Builder. Allegedly, its been abandoned by its authors, and is no longer receiving updates. As such, it is vulnerable to CVE-2021-24284.

    This vulnerability allows threat actors to upload and download files to and from vulnerable WordPress websites, which could mean complete site takeover.

    Defiant, the company behind Wordfence, says their customers are getting
    almost half a million attack attempts a day. The attacks are coming from more than 10,000 unique IP addresses, although the volume between them varies.
    Some IP addresses are generating millions of requests, it was added.

    The researchers are suggesting admins to remove the Kasware Modern WPBakery Page Builder Addons plugin from their websites immediately, and for those
    that dont use it - they should still block the attackers IP addresses.

    The details can be found on the Wordfence blog here . Read more

    WordPress 6.0 makes building a website easier than ever


    Elementors latest acquisition suggests WordPress users are in for a treat


    Here's our list of the best WordPress themes right now

    WordPress is the worlds number one website builder , accounting for a significant portion of all the websites in the world. As such, it is a major target for cybercriminals. But WordPress as a platform is relatively safe,
    and only a few basis points of vulnerabilities are found directly on the platform.

    The majority is found in WordPress plugins, which are almost exclusively third-party. Some of them are commercial, and have experienced teams contributing regular updates. Others, however, are free-to-use and often dont get nearly as many updates as needed, leaving users at risk of identity
    theft, data theft, website defacement, and numerous other cyberattacks.
    Here's what we think are the best firewalls right now

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/millions-of-wordpress-sites-are-being-scanned-f or-potential-attacks/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)