Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Website Hacking. Show all posts

WordPress Vulnerabilities, Exploiting LiteSpeed Cache and Email Subscribers Plugins

 

In recent cybersecurity developments, hackers have been leveraging a critical vulnerability within the LiteSpeed Cache plugin for WordPress to exploit websites running outdated versions. LiteSpeed Cache, a popular caching plugin utilized by over five million WordPress sites, is designed to enhance page load times, improve user experience, and boost search engine rankings. 

However, security experts at Automattic's security team, WPScan, have observed a significant increase in malicious activities targeting WordPress sites with versions of the LiteSpeed Cache plugin older than 5.7.0.1. The vulnerability in question, tracked as CVE-2023-40000, is a high-severity unauthenticated cross-site scripting flaw. 

Attackers are taking advantage of this vulnerability to inject malicious JavaScript code into critical WordPress files or the database of vulnerable websites. By doing so, they are able to create administrator-level user accounts with specific names like 'wpsupp-user' or 'wp-configuser.' Additionally, the presence of certain strings, such as "eval(atob(Strings.fromCharCode," within the database, serves as an indicator of an ongoing compromise. 

Despite efforts by many LiteSpeed Cache users to update to newer, non-vulnerable versions, an alarming number of sites—up to 1,835,000—still operate on outdated releases, leaving them susceptible to exploitation. In a separate incident, hackers have turned their attention to another WordPress plugin called "Email Subscribers," exploiting a critical SQL injection vulnerability, CVE-2024-2876. 

This vulnerability, affecting plugin versions 5.7.14 and older, allows attackers to execute unauthorized queries on databases, thereby creating new administrator accounts on vulnerable WordPress sites. Although "Email Subscribers" boasts a significantly lower number of active installations compared to LiteSpeed Cache, with approximately 90,000, the observed attacks highlight the opportunistic nature of cybercriminals. 

To address these threats effectively, WordPress site administrators are urged to promptly update plugins to the latest versions, remove unnecessary components, and remain vigilant for signs of suspicious activity, such as the sudden creation of new admin accounts. In the event of a confirmed breach, comprehensive cleanup measures are essential, including the deletion of rogue accounts, password resets for all existing accounts, and the restoration of clean backups for both the database and site files. By staying proactive and implementing robust security practices, website owners can minimize the risk of falling victim to such malicious activities and safeguard their online assets effectively.

Threat Actors Deploy Linux Backdoor on Hacked E-Stores with Software Skimmer

 

Cybersecurity researchers have uncovered a new hacking strategy that deploys a Linux backdoor on hacked e-commerce servers and exfiltrates customers' personal information, including credit card details. 

According to Sansec researchers, the hackers started automated e-commerce attack probes, testing for dozens of vulnerabilities in e-commerce websites. As soon as one is spotted, the attackers use PHP-coded web skimmer to download and insert fake payment forms into the checkout pages that the hacked online business displays to clients. 

“We found that the attacker started with automated eCommerce attack probes, testing for dozens of weaknesses in common online store platforms. After a day and a half, the attacker found a file upload vulnerability in one of the store’s plugins. S/he then uploaded a web shell and modified the server code to intercept customer data,” the Sansec threat research team stated. 

The Golang-based malware, which was unearthed on the same site by Dutch cyber-security firm Sansec, was downloaded and executed on infiltrated servers as a linux_avp executable. Once deployed, it immediately removes itself from the disk and disguises itself as a "ps -ef" process that would be used to retrieve a list of presently active processes.

While examining the linux_avp backdoor, the researchers discovered that it waits for commands from a Beijing server on Alibaba’s network. Additionally, the malware can gain persistence by inserting a new crontab entry that would redownload the malicious payload from its command-and-control server and reinstall the backdoor if detected and removed or the server restarts. 

Unfortunately, this backdoor remains undetected by anti-malware engines on VirusTotal even though a sample was first uploaded more than one month ago, on October 8th. The uploader might be the linux_avp designer since it was submitted one day after researchers discovered it while examining the e-commerce site breach.

 “Curiously, one individual had submitted the same malware to Virustotal on Oct 8th with the comment test. This was just one day after the successful breach of our customer’s store. The person uploading the malware could very well be the malware author, who wanted to assert that common antivirus engines will not detect their creation,” said researchers.

Here's A Quick Look Into Some Interesting Facts About Website Hacking

 

How many websites are hacked every day? How frequently do hackers attack? Are there any solutions to fix the vulnerabilities? Which are the most hacked websites? These are some basic questions that arise in the reader’s mind. So, in this article, you will get to know the latest statistics regarding website hacking.

Sadly, cyber-attacks are the harsh reality of today’s world and have become so rampant that it’s impossible to count the number of attacks. It requires thorough research, manpower, time, equipment’s and money to conduct a global study that reaches out to millions of people and organizations.

 Number of websites hacked in a year

You will be surprised to know that nearly 1.2 billion sites are running across the globe. It is such a large web that it is impossible to keep watch over. Google’s Safe Browsing tries to alert users about malicious websites and it currently conveys nearly 3 million warnings per day. Out of 1.2 billion sites, between 1-2% have some Indicator of Compromise (IoC) that indicates a website attack.

According to a recent study, nearly 66% of the organizations are not equipped to handle cyber-attacks nor with the financial or reputation damage of a security breach. Threat actors install the malware in sites and such websites get excludes by firms like Google every day.

Different methods of hacking the websites 

Threat actor generally uses 3 methods to hack the website: 

• Access control 

• Software vulnerabilities

• Third-party integrations

Access control indicates particularly the process of authentication and authorization, in simple terms how you log in. Login not only refers to your website’s login, but it also refers to the number of interconnected logins tied together behind the scenes. Threat actors generally use brute force attacks by guessing the possible username and password combinations to log in as the user. 

Software vulnerability, the most reliable method for hackers to breach security. Threat actors use Remote Code Execution (RCE) to hack the website and discover vulnerabilities in the website application code, web development framework, and operating system.

Threat actors also hack the website via third-party integration techniques. Threat actors exploit the vulnerability in the servers of third-party and use it as a doorway to exploit to gain access to your website. These can involve services that you use particularly with your website and its hosting. 

3 simple techniques to protect your website 

• Keep track of frequently compromised vulnerabilities. Every security patch will make it harder for hackers to target your website. 

• Use Web Application Firewall for limiting the exploitation of software vulnerabilities. This firewall also acts as a shield between web traffic and web patches.

• Take the guidance of certified security professionals who manages regular security audits.