It was discovered in early September by cybersecurity companies responsible for providing security solutions for WordPress that attacks were suffered by SITES linked to the CMS through zero-day vulnerabilities. His attacks are believed to be the work of two groups of hackers.
This article may also interest you: The famous hacking forum, XakFor, closed by the Belarusian police
They used one of these "zero day" vulnerabilities to change the configuration of sites to create administrator accounts for malicious purposes. They created backdoors that were used to divert trafficking from the victim sites. Regarding the second security flaw, it would allow, according to computer security experts, to take control of the targeted sites. Its impact was felt mainly "on the Social Warfare plugin."
The WordPress team was forced to remove some plugin data temporarily while waiting for security patches. The first "zero day" vulnerability was a plugin that was exploited before a patch was implemented, the WordPress Easy WP SMTP plugin. This plugin accounts for a total of 300 thousand active installations. One of the features of this plugin, and allow publishers to set up emails coming out of the server of their site.
it should be noted that this security flaw has been discovered since March 15, 2019. It's the cybersecurity firm NinTechNet, the company that is The Supplier of WorldPress's Firewall, " Ninja." On March 17, a security fix was proposed under the v184.108.40.206." However, it did not change anything at all. The attacks continued they even intensified because the hackers wanted take the maximum number of sites under their control before publishers apply the security fix to the entire system as a whole.
the question how it is done that hackers continue to renew their attack while the security package has been Defiant, publisher of Wordference WordPress, one of the firewalls site: "Attacks exploit a feature export/import of parameters that has been added to the Easy WP plugin SMTP in version 1.3.9. (…) They found in this new import/export functionality an option to change settings generals of a site, and not just those related to the plugin. ». The company cybersecurity notified that hackers are currently searching for sites who make use of this plugin. Once these are detected. they're using this same plugin to modify the configurations that will allow the collection of data on users of their victims' sites.
for this reason that WordPress invites all the publishers of Websites to are related to updating this plugin. The security patch is already ready all that is missing is the diligent application.
As for the two groups of pirates, there may be similarities in their attacks. "Both campaigns launch their initial attacks in the same way, using a detailed operating PoC in the original disclosure of NinTechNet's vulnerability. These attacks correspond exactly to the PoC, right down to the checksum. notified Defiant.
Now access an unlimited number of passwords: