Seventeen disclosures since last week, with three issues unfixed.
Other WordPress Security
- Defiant released a whitepaper earlier this week covering a new WordPress malware they’ve been tracking and have dubbed “BabaYaga”.
- Ryan Dewhurst (@ethicalhack3r and contributor to WPScan) released a report covering how many sites of the Alexa top 1 million have publicly accessible sql database dumps (Spoiler: at least five educational institutions).
- GuardiCore released a report on Operation Prowli, a new traffic manipulation and cryptocurrency mining campaign, that has compromised more than 40,000 machines. Approximately 3,200 are WordPress sites.
Other Security News
- MyHeritage, DNS testing service, disclosed the company website was compromised last year and login credentials to more than 92 million customers were stolen.
- New version of BlackArch Linux has been released.
Cisco’s Talos group released an update to their findings on VPNFilter, a malware framework that targets consumer-level network connected devices. This is the same malware behind the recent request from the FBI for owners of small office/home office routers to power cycle/reboot their device. The updated report from Talos includes additional routers that are being targeted by the malware, that the malware includes the ability to inject malicious code into the web traffic as it passes through the device, and the ability to brick the device. While rebooting the device helps disrupt the malware, it does not remove it, and there is no easy way to tell if a router has been infected. It’s important to note though that just because your router might be on Talos’ list that doesn’t mean your router is infected. It just means your router is capable of running the malware once infected. The actual infection has to happen through some other vulnerability, many of which have already been patched by the manufacturer. The problem lies in that most people don’t patch their home routers, and that detecting an infected router is difficult. If you have been religiously updating your router, then you are probably safe. For everyone else, or if you’re just paranoid, the only safe, reliable way to ensure you’re not affected is to factory reset the router and then apply all patches/upgrades.