WP: Backdoor-Sicherheitslücke: ein XSS-Report vom 5. Mai

[say_hello]

hallo und guten Tag,


wollte das mit Euch teilen - einen Artikel über eine Backdoor-Sicherheitslücke - ein XSS-Report den ich soeben gelesen habe:
ggf. ist dies ja schon bekannt - ich dachte ich nenns dennoch - denn es ist ein relativ aktueller Artikel.

vgl.: Massive campaign targets 900,000 WordPress sites in a week

Hackers have launched a massive attack against more than 900,000 WordPress sites seeking to redirect visitors to malvertising sites or plant a backdoor if an administrator is logged in.

Based on the payload, the attacks seem to be the work of a single threat actor, who used at least 24,000 IP‌ addresses over the past month to send malicious requests to more than 900,000 sites.

XSS, malvertising, backdoor
Compromise attempts increased after April 28. WordPress security company Defiant, makers of Wordfence security plugin, detected on May 3 over 20 million attacks against more than half a million websites.

Ram Gall, senior QA at Defiant, said that the attackers focused mostly on exploiting cross-site scripting (XSS) vulnerabilities in plugins that received a fix months or years ago and had been targeted in other attacks.

Redirecting visitors to malvertising is one effect of a successful compromise. If the JavaScript is executed by the browser of an administrator that is logged in, the code tries to inject a PHP backdoor in the theme’s header file along with another JavaScript.

mehr hier
Massive campaign targets 900,000 WordPress sites in a week

womöglich seid ihr darüber schon informiert - ich dachte ich leit es dennoch weiter - ist vom 5.5. 20