Friday, February 26, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

WordPress sites under attack as hacker group tries to create rogue admin accounts

August 31, 2019
in Internet Security
WordPress sites under attack as hacker group tries to create rogue admin accounts
586
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

A hacker group is exploiting vulnerabilities in more than ten WordPress plugins to create rogue admin accounts on WordPress sites across the internet.

The attacks are an escalation part of a hacking campaign that started last month. During previous attacks, the hackers exploited vulnerabilities in the same plugins to plant malicious code on the hacked sites. This code was meant to show popup ads or to redirect incoming visitors to other websites.

You might also like

Spy agency: Artificial intelligence is already a vital part of our missions

Chinese cyberspies targeted Tibetans with a malicious Firefox add-on

SolarWinds cybersecurity spending tops $3 million in Q4, sees $20 million to $25 million in 2021

However, two weeks ago, the group behind these attacks changed its tactics. Mikey Veenstra, a threat analyst with cybersecurity firm Defiant, told ZDNet today that starting with August 20, the hacker group modified the malicious code planted on hacked sites.

Instead of just inserting pop-ups and redirects, the malicious code also ran a function in order to test if the site visitor had the ability to create user accounts on the site, a feature only available for WordPress admin accounts.

Basically, this malicious code waited for the site owner to access their own websites. When they did, the malicious code created a new admin account named wpservices, using the email address of wpservices@yandex.com, and password of w0rdpr3ss.

By creating these accounts, the hacker group behind this campaign changed tactics from exploiting sites for monetary profits, to also adding backdoors for future use, and for a more persistence foothold.

According to Veenstra, these recent attacks are targeting older vulnerabilities in the following plugins.

The plugins are linked to their respective vulnerabilities, so readers can determine the version to which they need to update, to prevent attacks, in case they’re using one of the plugins.

After updating the following plugins, site owners are also advised to check admin usernames registered on their sites. Removing these accounts is imperative, as their sole purpose was to create a way back into websites after users updated the vulnerable plugins.

Cleaning infected WordPress sites can be quite complicated, as site owners will also have to scan their websites with WordPress security plugins in search for various other backdoor mechanisms the hackers might have left behind. Non-technical users are advised to seek professional help.

Credit: Zdnet

Previous Post

Drive Better Outcomes by Combining the Strengths of Data and CX

Next Post

Revolutionising Supply Chain Logistics With IoT And Machine Learning

Related Posts

Spy agency: Artificial intelligence is already a vital part of our missions
Internet Security

Spy agency: Artificial intelligence is already a vital part of our missions

February 26, 2021
Chinese cyberspies targeted Tibetans with a malicious Firefox add-on
Internet Security

Chinese cyberspies targeted Tibetans with a malicious Firefox add-on

February 26, 2021
SolarWinds cybersecurity spending tops $3 million in Q4, sees $20 million to $25 million in 2021
Internet Security

SolarWinds cybersecurity spending tops $3 million in Q4, sees $20 million to $25 million in 2021

February 26, 2021
Facebook bans Myanmar military-controlled accounts from its platforms
Internet Security

Facebook bans Myanmar military-controlled accounts from its platforms

February 25, 2021
Cloud, data amongst APAC digital skills most needed
Internet Security

Cloud, data amongst APAC digital skills most needed

February 25, 2021
Next Post
Revolutionising Supply Chain Logistics With IoT And Machine Learning

Revolutionising Supply Chain Logistics With IoT And Machine Learning

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Spy agency: Artificial intelligence is already a vital part of our missions
Internet Security

Spy agency: Artificial intelligence is already a vital part of our missions

February 26, 2021
Blockchain lags behind other technologies in finance adoption for now, says Broadridge
Blockchain

Blockchain lags behind other technologies in finance adoption for now, says Broadridge

February 26, 2021
Supercomputer-Powered Machine Learning Supports Fusion Energy Reactor Design
Machine Learning

Supercomputer-Powered Machine Learning Supports Fusion Energy Reactor Design

February 26, 2021
How 3D Cuboid Annotation Service is better than free Tool? | by ANOLYTICS
Neural Networks

How 3D Cuboid Annotation Service is better than free Tool? | by ANOLYTICS

February 26, 2021
21 Must-Know Instagram Facts for 2021
Marketing Technology

21 Must-Know Instagram Facts for 2021

February 26, 2021
Chinese cyberspies targeted Tibetans with a malicious Firefox add-on
Internet Security

Chinese cyberspies targeted Tibetans with a malicious Firefox add-on

February 26, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Spy agency: Artificial intelligence is already a vital part of our missions February 26, 2021
  • Blockchain lags behind other technologies in finance adoption for now, says Broadridge February 26, 2021
  • Supercomputer-Powered Machine Learning Supports Fusion Energy Reactor Design February 26, 2021
  • How 3D Cuboid Annotation Service is better than free Tool? | by ANOLYTICS February 26, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates