fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Hackers Actively Exploiting Severe Bug In Over 300K WordPress Sites

Hackers Actively Exploiting Severe Bug In Over 300K WordPress Sites

Hackers actively exploiting severe bug in over 300K WordPress sites

Hackers are actively exploiting a critical remote code execution vulnerability allowing unauthenticated attackers to upload scripts and execute arbitrary code on WordPress sites running vulnerable File Manager plugin versions.

On the morning of September 1st, Seravo’s on-call security officer Ville Korhonen was the first to discover the flaw and the fact that threat actors were already attempting to exploit it in attacks designed to upload malicious PHP files onto vulnerable websites.

Within hours after Korhonen spotted the attacks and reported the vulnerability to the plugin’s developer, File Manager‘s devs patched the severe flaw with the release of versions 6.9.

The File Manager plugin is currently installed on more than 700,000 WordPress sites and the vulnerability impacts all versions between 6.0 and 6.8.

450,000 sites already probed

Wordfence researchers were also informed of this ongoing attack on the morning of September 1st by Arsys’s Gonzalo Cruz, who provided them with a working proof of concept, allowing them to look into how to block the attacks.

The WordPress security company later said that the Wordfence Web Application Firewall was able to block out over 450,000 exploit attempts during the last several days.

Wordfence said that the hackers are trying to upload PHP files with webshells concealed within images to the wp-content/plugins/wp-file-manager/lib/files/ folder.

They were also seen first probing potentially vulnerable sites with empty files and, only if the attack is successful, trying to inject the malicious scripts.

NinTechNet, who also reported the exploit attempts, said the attackers are attempting to upload a malicious hardfork.php script which allows them to inject malicious code within the WordPress sites’ /wp-admin/admin-ajax.php and /wp-includes/user.php scripts.

What makes the attacks even more interesting is that the hackers will also immediately try to prevent others from compromising an already infected site by password protecting the files exposed to writing by the File Manager vulnerability.

Blocking further exploitation
Blocking further exploitation (NinTechNet)

Also read: 10 Tips For Drafting Key Terms In A Service Agreement

Over 300,000 sites still vulnerable to attacks

“A file manager plugin like this would make it possible for an attacker to manipulate or upload any files of their choosing directly from the WordPress dashboard, potentially allowing them to escalate privileges once in the site’s admin area,” Chloe Chamberland, Wordfence’s Director of Information Security explained.

“For example, an attacker could gain access to the admin area of the site using a compromised password, then access this plugin and upload a webshell to do further enumeration of the server and potentially escalate their attack using another exploit.”

File Manager’s dev team addressed the actively exploited critical vulnerability with the release of File Manager 6.9 yesterday morning.

However, the plugin has only been downloaded just over 126,000 times — including both updates and new installs — within the last two days based on historic download data available on the WordPress plugin portal, leaving 574,000 WordPress sites potentially exposed.

Luckily, only 51,5% of all sites with active File Manager plugin installation (amounting to more than 300,000 websites) are running a vulnerable version that could allow the attackers to execute arbitrary code after successful exploitation.

File Manager users are recommended to immediately update the plugin to version 6.9 as soon as possible to block the ongoing attacks.

Update: Attributed the discovery of the zero-day to Seravo’s Ville Korhonen who reported the flaw and ongoing attacks to the plugin’s authors.

Also read: How To Make A PDPC Complaint: With Its Importance And Impact

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us