Categories
Security

When Your Plugins Turn Against You

When Your Plugins Turn Against You

Every day we face countless cases of sites getting compromised and infected by an attacker. From there, the sites can be used for various operations like spam campaigns, malware spreading or simply to damage your SEO ranking among other events.

The threat may not always come from outside though. There are occasions where we are indirectly the ones responsible for the infection and may never find out until we get blacklisted by a search engine, or alerted of malicious code from our users.

Continue reading When Your Plugins Turn Against You at Sucuri Blog.

Categories
Security

WordPress REST API Vulnerability Abused in Defacement Campaigns

WordPress REST API Vulnerability Abused in Defacement Campaigns

WordPress 4.7.2 was released two weeks ago, including a fix for a severe vulnerability in the WordPress REST API. We have been monitoring our WAF network and honeypots closely to see how and when the attackers would try to exploit this issue the wild.

In less than 48 hours after the vulnerability was disclosed, we saw multiple public exploits being shared and posted online. With that information easily available, the internet-wide probing and exploit attempts began.

Continue reading WordPress REST API Vulnerability Abused in Defacement Campaigns at Sucuri Blog.

Categories
Security

WordPress Security – Fake TrafficAnalytics Website Infection

WordPress Security – Fake TrafficAnalytics Website Infection

Several months ago, our research team identified a fake analytics infection, known as RealStatistics. The malicious Javascript injection looks a lot like tracking code for a legitimate analytics service. RealStatistics even set up fake analytics websites designed to trick webmasters who took a few steps to investigate the unfamiliar script.

Recently, a new variation of this type of infection has emerged. The new campaign uses trafficanalytics[.]online as the source for the injected script.

Continue reading WordPress Security – Fake TrafficAnalytics Website Infection at Sucuri Blog.

Categories
Security

SEO Spam Campaign Exploiting WordPress REST API Vulnerability

SEO Spam Campaign Exploiting WordPress REST API Vulnerability

Just over a week ago, WordPress released version 4.7.3 to patch multiple security issues. Despite the automatic update feature provided by many hosting companies, there are still many WordPress websites that have not been updated. In fact, we are seeing quite a few sites that are still using versions 4.7 and 4.7.1, which are vulnerable to the WordPress REST API vulnerability patched in early February  (version 4.7.2). This more serious vulnerability allows attackers to create, delete, and modify posts on vulnerable websites without authorization.

Continue reading SEO Spam Campaign Exploiting WordPress REST API Vulnerability at Sucuri Blog.