WordPress Sites Under Attack as Hacker Group tries to Create Rogue Admin Accounts":
The attacks are an escalation part of a hacking campaign that started last month. During previous attacks, the hackers exploited vulnerabilities in the same plugins to plant malicious code on the hacked sites. This code was meant to show popup ads or to redirect incoming visitors to other websites.
However, two weeks ago, the group behind these attacks changed its tactics. Mikey Veenstra, a threat analyst with cybersecurity firm Defiant, told ZDNet today that starting with August 20, the hacker group modified the malicious code planted on hacked sites.
Instead of just inserting pop-ups and redirects, the malicious code also ran a function in order to test if the site visitor had the ability to create user accounts on the site, a feature only available for WordPress admin accounts.
Basically, this malicious code waited for the site owner to access their own websites. When they did, the malicious code created a new admin account named wpservices, using the email address of wpservices@yandex.com, and password of w0rdpr3ss.
According to Veenstra, these recent attacks are targeting older vulnerabilities in the following plugins.
Follow the provided links to access up-to-date versions and then check to make sure you have no rogue admin-level accounts.
(Score: 1) by fustakrakich on Saturday August 31 2019, @05:26PM (7 children)
Make the internet read only
La politica e i criminali sono la stessa cosa..
(Score: 2) by takyon on Saturday August 31 2019, @05:40PM
Let's read some Twitter... Argghhhh! [nytimes.com]
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 0) by Anonymous Coward on Saturday August 31 2019, @06:35PM (5 children)
hey, cool idea.
we would then only need one error code (and it would be the WHOLE internet):
"ERROR 1: you don't have permission to modify the ERROR 1 page"
(Score: 0) by Anonymous Coward on Saturday August 31 2019, @06:41PM (4 children)
also someone tell "https://slashdot.org/~StopBanningMeFFS" that there's something in red and it's GOOD!
(Score: 0) by Anonymous Coward on Saturday August 31 2019, @07:27PM (1 child)
also: OTPR (one-time-pad-rly): https://postimg.cc/6T5D1BQ6 [postimg.cc]
(Score: 0) by Anonymous Coward on Sunday September 01 2019, @02:35AM
What's with the scorpion?
(Score: 2) by NateMich on Sunday September 01 2019, @12:18AM (1 child)
Wow, that guy spent the entire month of August posting the same crap on slashdot, where (almost) nobody will ever see it.
I wonder if he thinks that accomplished something?
If only he didn't insist on doing exactly what the scammers are doing, he might not have such a bad time.
(Score: 2) by takyon on Sunday September 01 2019, @04:16AM
That message would probably be upmodded to +5 if it was posted on the right discussion here. His delivery was off.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]