1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Another major WordPress security flaw is putting thousands of web

    From TechnologyDaily@1337:1/100 to All on Thu Oct 12 15:30:04 2023
    Another major WordPress security flaw is putting thousands of websites at risk

    Date:
    Thu, 12 Oct 2023 15:09:50 +0000

    Description:
    Researchers found a fake optimization plugin that grants backdoor WordPress access to attackers.

    FULL STORY ======================================================================

    Cybersecurity researchers from Defiant recently spotted a new malware strain targeting WordPress by impersonating an optimization plugin.

    The goal of the malware , it was said, was to grant the attackers administrative access to the WordPress website.

    While cleaning a website over the summer of 2022, the researchers discovered
    a plugin with a professional-looking opening comment about how its a caching tool helping reduce the strain on the server and cut down on page loading times. This choice, the researchers further explained, was deliberate, to
    make sure web admins dont suspect much on manual inspection. Furthermore, the plugin is set to exclude itself from the list of active plugins, for the same purpose. Monetizing compromised websites

    The malware is capable of doing a number of things, including creating a superadmin account with a hard-coded password; detecting bot traffic to serve them spam content (sometimes erroneously, causing a spike in spam reports
    from genuine users); replacing content on the site and inserting spam links
    or buttons (to everyone except site admins so that they dont realize whats going on); controlling plugins (remotely activating or deactivating plugins, wiping any traces of its existence, etc.); and remotely activating different malicious functions.

    "Taken together, these features provide attackers with everything they need
    to remotely control and monetize a victim site, at the expense of the sites own SEO rankings and user privacy," the researchers explained their findings.

    Defiant did not name the threat actor currently distributing the malware, nor the estimated number of infected websites. We also dont know exactly how the malware is being distributed, but the researchers speculate the attackers are either brute-forcing their way into WP websites and installing the plugin, or using login credentials stolen elsewhere, in earlier attacks. Then, there is always the possibility of other vulnerable plugins being abused to gain access.

    Via BleepingComputer More from TechRadar Pro Thousands of WordPress sites have been hit by another major plugin flaw - find out if you're at risk
    Here's a list of the best firewalls today These are the best ransomware protection tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/another-major-wordpress-security-flaw-i s-putting-thousands-of-websites-at-risk


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)