WP Security: 30 scary happenings worth reading from February 2019

WP Security: 30 scary happenings worth reading from February 2019

WP Security: 30 scary happenings worth reading from February 2019



  • GCP App Engine URL Redirection – Decoys

  • Spoofing search results and infecting browser extensions
    • Researchers have found a malicious browser extension they call Razy. It spreads through adware and tries to steal cryptocurrency. Razy in search of cryptocurrency

  • Protect Your Organization from Phishing Attacks
    • The latest State of the Phish report is out showing big increases in phishing attacks during the last year. Vishing and smishing efforts also increased. Baby boomers outperformed all other age groups in fundamental phishing and ransomware knowledge. 2019 State of the Phish Report

  • The Japanese government wants to secure IoT devices before the Tokyo 2020 Olympics
    • Japan amended its laws to allow government agents to access and survey IoT devices by using their default password settings. The idea is to collect all insecure devices — in both homes and in businesses — to alert the appropriate authorities to try to secure them. The Japanese government plans to hack into citizens’ IoT devices

  • Dailymotion announces being subject to a large-scale computer attack
    • Video sharing site Dailymotion announced that it had been the subject of a large-scale dictionary-based credential stuffing attack. Since the company is based in Paris, French authorities have been notified. All users’ passwords have been reset. Dailymotion subject to a computer attack

  • Vulnerabilities being exploited by malicious actors to gain WP administrative access

  • Securonix Threat Research: Moanacroner, XBash, and Others

 

Our only security is our ability to change. ~ John Lilly


  • Action was taken against cyber criminals linked to four million attacks
    • UK’s National Crime Agency is working with partners in more than a dozen countries to arrest hundreds of DDoS attackers that once used Webstressor services. This website has been taken down last year and could be responsible for launching more than 4M attacks during its tenure. Users of illegal websites targeted in joint law-enforcement activity

  • Hakai and Yowai can easily be abused by cybercriminals to breach web servers and attack websites



  • SQLite module is used to parse the databases in order to steal data
    • Researchers have found new malware samples written in the Go programming language. One is a variant of Zebrocy info stealer, another is a simple Trojan. Both appeared to be targeting SQL data files. Analyzing a new stealer written in Golang

  • Yet another phishing campaign poses as a reputable payments processor Nets.eu


 

Protect your WordPress: BEFORE IT’S TOO LATE! You will also protect your customers, your reputation and your online business!


  • BankBot Anubis (popular mobile banking trojan) targets hundreds of unique mobile applications from organizations worldwide


  • The attack targets worldwide servers including AWS hosted machines
    • Researchers have found a new Linux-based Trojan that creates backdoors. Called SpeakUp, it affects six different Linux OS versions, including AWS, hosted machines. It uses command injection techniques for uploading a PHP shell that serves and executes a Perl backdoor. This is used to deploy Monero hidden crypto mining tools. A New Undetected Backdoor Linux Trojan

  • CRYPTO CRIME REPORT
    • Two criminal gangs are responsible for stealing 60% of all exchange-based cryptocurrencies, according to a new report. The total is close to the equivalent of $1B, and the gangs are adept at routing their ill-gotten gains through thousands of downstream accounts. Decoding Hacks, Darknet Markets, and Scams

  • Highly sophisticated campaign – Orcus Remote Access Trojan
    • Researchers have seen a new variant of the Orcus remote access Trojan. It can steal browser cookies and stored passwords and launch DDoS campaigns. The new version also contains multiple evasion techniques. NEW CAMPAIGN DELIVERS ORCUS RAT

  • Anatova can become a serious threat since the code is prepared for modular extension
    • Researchers have seen a new ransomware family they call Anatova. It has hit numerous targets in the US and Europe, including many in Belgium and Germany. What makes this attack notable is that it uses a modular code and looks like a gaming app. The list of the countries that Anatova doesn’t affect are all CIS countries (Armenia, Azerbaijan, Belarus, Georgia, Kazakhstan, Kyrgyzstan, Moldova, Russian Federation, Tajikistan, Turkmenistan, Ukraine, and Uzbekistan), Syria, Egypt, Morocco, Iraq, India – Happy New Year 2019! Anatova is here!


  • Russia’s internet contingency plan gets closer to reality.
    • Russia is planning a massive exercise to completely disconnect from the Internet sometime this spring. This is to isolate the country from a potential cyber attack. All ISPs have to peer traffic through new government-approved peering points. A date for the test has not been revealed, but it’s supposed to take place before April 1, the deadline for submitting amendments to the law –known as the Digital Economy National Program. Russia to disconnect from the internet as part of a planned test

 

Get Healthy, Stay Healthy: A healthier online business starts today and it begins with you!


  • Allows non-admin users to modify WordPress installation options

  • Funds traced and being recovered, depositors’ funds untouched
    • The Maltese Bank of Valletta, the country’s largest, had to shut down its computer networks after hackers stole the equivalent of nearly €13M. The bank detected the attack within minutes and is trying to get its funds returned. BOV hackers’ €13m in transactions ‘being reversed’

  • Is Your Website Hackable? 70% are!
    • A report of the most popular attack methods includes XSS, JScript and WordPress exploits. Each was found on a third of malware samples measured by Acunetix. The good news is that SQL injection attacks are finally dropping. Is Your Website Hackable? 70% are!

  • The vulnerability remained uncovered in the WordPress core for over 6 years.
    • Now this WP Security issue is totally unexpected. WordPress v5.0.0 has a remote code execution vulnerability. Unlike previous WP-related problems, this one has been discovered in its core code and been there for the past six years. It has yet to be patched, even though v5.0.3 has been released. WordPress 5.0.0 Remote Code Execution

  • Separ’s living-off-the-land approach bypasses many antimalware providers.

 

At the end of the day, the goals are simple: safety and security. ~ Jodi Rell

Do you have any concerns with WordPress Security?
Leave your thoughts in the comments below!

Related Posts

Leave a comment