Tuesday, March 2, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Hackers are actively exploiting zero-days in several WordPress plugins

March 2, 2020
in Internet Security
WordPress sites under attack as hacker group tries to create rogue admin accounts
587
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

WordPress is, by far, the most widely used website building technology on the internet. According to the most recent statistics, more than 35% of all internet websites run on versions of the WordPress CMS (content management system).

Due to its huge number of active installations, WordPress is a massive attack surface. Attempts to hack into WordPress sites are like a constant hum in the background of all internet traffic, going on at any given time.

You might also like

Scientists have built this ultrafast laser-powered random number generator

SolarWinds security fiasco may have started with simple password blunders

Singapore eyes more cameras, technology to boost law enforcement

Over the past few months, this hum of WordPress hacking attempts has been at lower levels, compared to what we saw last year.

After a busy 2019, 2020 started on a quiet note. The reason for this downtime could be the winter holidays, which, as we’ve seen in previous years, often results in a global slowdown in malware and hacking activities, as hackers, also take a break.

Hackers return from the holidays with new exploits

During the past two weeks, we’ve seen a resurgence in attacks against WordPress sites, signaling an end to the period of relative calm we’ve seen in December and January.

Several cybersecurity firms specialized in WordPress security products — such as Wordfence, WebARX, and NinTechNet — have reported on an ever-increasing number of attacks on WordPress sites.

All the new attacks spotted last month focused on exploiting bugs in WordPress plugins, rather than exploiting WordPress itself.

Many of the attacks targeted recently patched plugin bugs, with the hackers hoping to hijack sites before site administrators had a chance to apply security patches.

However, some of the attacks were also a little bit more sophisticated. Some attackers also discovered and started exploiting zero-days — a term used to describe vulnerabilities that are unknown to the plugin authors.

Below is a summary of all the WordPress hacking campaigns that have happened in February and which targeted new WordPress plugin flaws.

Website administrators are advised to update all the WordPress plugins listed below as they’re very likely to be exploited all throughout 2020, and possibly, beyond.

Duplicator

Per a Wordfence report, since around mid-February, hackers have exploited a bug in Duplicator, a plugin that lets site administrators export the content of their sites.

The bug, fixed in 1.3.28, allows attackers to export a copy of the site, from where they can extract database credentials, and then hijack a WordPress site’s underlying MySQL server.

Making matters worse, Duplicator is one of the most popular plugins on the WordPress portal, with more than one million installs at the time the attacks began, circa February 10. Duplicator Pro, the plugin’s commercial version, installed on an additional 170,000 sites, was also impacted.

Profile Builder Plugin

There’s also another major bug in the free and pro versions of the Profile Builder plugin. The bug can allow hackers to register unauthorized admin accounts on WordPress sites.

The bug was patched on February 10, but attacks began on February 24, on the same day that proof-of-concept code was published online. At least two hacker groups are believed to be exploiting this bug, according to a report.

More than 65,000 sites (50,000 using the free version and 15,000 using the commercial version) are vulnerable to attacks unless they update the plugin to the latest version.

ThemeGrill Demo Importer

The same two groups who are exploiting the plugin above are also believed to target a bug in the ThemeGrill Demo Importer, a plugin that ships with themes sold by ThemeGrill, a vendor of commercial WordPress themes.

The plugin is installed on more than 200,000 sites, and the bug allows users to wipe sites running a vulnerable version, and then, if some conditions are met, take over the “admin” account.

Attacks, have been confirmed by Wordfence, WebARX, and independent researchers on Twitter. Proof-of-concept code is also available online. Updating to v1.6.3 is advised as soon as possible.

There’s currently a severe vuln in a wordpress plugin called “themegrill demo importer” that resetss the whole database. https://t.co/tT4xiqjna5 It seems attacks are starting: Some of the affected webpages show a wordpress “hello world”-post. /cc @webarx_security

— hanno (@hanno) February 18, 2020

ThemeREX Addons

Attacks were also spotted targeting ThemeREX Addons, a WordPress plugin that ships pre-installed with all ThemeREX commercial themes.

Per a Wordfence report, attacks began on February 18, when hackers found a zero-day vulnerability in the plugin and began exploiting it to create rogue admin accounts on vulnerable sites.

Despite ongoing attacks, a patch was never made available and site administrators are advised to remove the plugin from their sites as soon as possible.

Flexible Checkout Fields for WooCommerce

Attacks also targeted sites running the Flexible Checkout Fields for WooCommerce plugin, installed on more than 20,000 WordPress-based e-commerce sites.

Hackers used a (now-patched) zero-day vulnerability to inject XSS payloads that can be triggered in the dashboard of a logged-in administrator. The XSS payloads allowed hackers to create admin accounts on vulnerable sites.

Attacks have been ongoing since February 26 [1, 2].

Async JavaScript, 10Web Map Builder for Google Maps, Modern Events Calendar Lite

Three similar zero-days were also discovered in the Async JavaScript, 10Web Map Builder for Google Maps, Modern Events Calendar Lite plugins. These plugins are used on 100,000, 20,000, and 40,000 sites, respectively.

The three zero-days were all stored XSS bugs like the one described above. All three received patches, but attacks began before the patches were available, meaning some sites were most likely compromised. Wordfence has more on this campaign.


Credit: Zdnet

Previous Post

Data Tanks for Incremental Training of Machine Learning Models

Next Post

3 ways for businesses to embrace AI and not lose the human touch

Related Posts

Scientists have built this ultrafast laser-powered random number generator
Internet Security

Scientists have built this ultrafast laser-powered random number generator

March 2, 2021
SolarWinds security fiasco may have started with simple password blunders
Internet Security

SolarWinds security fiasco may have started with simple password blunders

March 2, 2021
Singapore eyes more cameras, technology to boost law enforcement
Internet Security

Singapore eyes more cameras, technology to boost law enforcement

March 2, 2021
Free cybersecurity tool aims to help smaller businesses stay safer online
Internet Security

Free cybersecurity tool aims to help smaller businesses stay safer online

March 2, 2021
Judge approves $650m settlement for Facebook users in privacy, biometrics lawsuit
Internet Security

Judge approves $650m settlement for Facebook users in privacy, biometrics lawsuit

March 1, 2021
Next Post
3 ways for businesses to embrace AI and not lose the human touch

3 ways for businesses to embrace AI and not lose the human touch

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Scientists have built this ultrafast laser-powered random number generator
Internet Security

Scientists have built this ultrafast laser-powered random number generator

March 2, 2021
Companies in the Global Data Science Platforms Resorting to Product Innovation to Stay Ahead in the Game
Data Science

Companies in the Global Data Science Platforms Resorting to Product Innovation to Stay Ahead in the Game

March 2, 2021
Aries becomes next Hyperledger project graduating to active status
Blockchain

Aries becomes next Hyperledger project graduating to active status

March 2, 2021
Government trialling machine learning tech to detect pests at shipping ports
Machine Learning

Government trialling machine learning tech to detect pests at shipping ports

March 2, 2021
Data Annotation Service: a Potential and Problematic Industry Behind AI | by ByteBridge
Neural Networks

Data Annotation Service: a Potential and Problematic Industry Behind AI | by ByteBridge

March 2, 2021
SolarWinds security fiasco may have started with simple password blunders
Internet Security

SolarWinds security fiasco may have started with simple password blunders

March 2, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Scientists have built this ultrafast laser-powered random number generator March 2, 2021
  • Companies in the Global Data Science Platforms Resorting to Product Innovation to Stay Ahead in the Game March 2, 2021
  • Aries becomes next Hyperledger project graduating to active status March 2, 2021
  • Government trialling machine learning tech to detect pests at shipping ports March 2, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates