An old, highly exploitable DoS attack makes a comeback

A six-year-old DoS vulnerability affecting WordPress and Drupal made an appearance on a list of top 10 network attacks by volume in Q2. This vulnerability is particularly severe because it affects every unpatched Drupal and WordPress installation and creates DoS scenarios in which bad actors can cause CPU and memory exhaustion on underlying hardware.

Despite the high volume of these attacks, they were hyper-focused on a few dozen networks primarily in Germany. Since DoS scenarios require sustained traffic to victim networks, this means there’s a strong likelihood that attackers were selecting their targets intentionally.

Source: https://www.helpnetsecurity.com/2020/09/25/malware-detections-q2-2020/

Critical Vulnerabilities Patched in XCloner Backup and Restore Plugin

The WordFence team found this set of vulnerabilities in mid August and initially reached out to the plugin’s team on August 17, 2020, providing full disclosure details on August 18, 2020. The plugin’s team quickly released an initial patch on August 19, 2020 to resolve the most severe problem, and they released an additional patch on September 8, 2020 to resolve the remaining issues.

This is considered a critical security issue that could lead to remote code execution on a vulnerable site’s server. If you haven’t already updated, we highly recommend updating to the fully patched version, 4.2.153, immediately.

No clients of ProtectYourWP.com are affected by this vulnerability.

Sucuri: Malware Disables Security Plugins to Avoid Detection

An alarm or monitoring system is a great tool that can be used to improve the security of a home or website, but what if an attacker can easily disable it?

Sucuri recently described an exploit in which hackers gain access to the site and then immediately disable any of a list of well known security plugins which are installed. If you security plugins are turned off, they’re not going to scan your site for malware and they’re not going to email you a warning.

“If a user tries to reactivate one of the disabled security plugins, it will momentarily appear to activate only for the malware to immediately disable it again. This behavior will prevail until the malware is fully removed from the compromised environment, making it more difficult to detect malicious behavior on the website.”

Ideally your sites are locked down well enough that the hackers can’t gain access in the first place. But keep an eye on your site and if you see any behavior similar to what’s described, contact us and we’ll clean it up.

https://blog.sucuri.net/2020/09/wordpress-malware-disables-security-to-avoid-detection.html

How to Keep Your Stuff Safe While You’re at College (or anywhere, really)

There’s a well written article by iFixIt.com aimed at college students, but really it’s applicable to everyone who ever does anything in public space. Granted, that’s not happening as much with Covid19 precautions, but these suggestions should be part of your regular routine anyway.

Of particular note is the section on USB chargers and thumb drives. Many are not aware of the potential dangers, and some good tips are given on how to protect yourself.

See the article at https://www.ifixit.com/News/43770/how-to-keep-your-stuff-safe-while-youre-at-college

Definition: Ransomware

Ransomware is a form of malware that encrypts a victim’s files. The attacker then demands a ransom from the victim to restore access to the data upon payment. 

Users are shown instructions for how to pay a fee to get the decryption key. The costs can range from a few hundred dollars to thousands, typically payable to cybercriminals in hard to trace cryptocurrency such as Bitcoin.

Why do we back up?

A perfect example from my security focused Twitter feed today:

well <explitive> my server colocation facility just burned down

“halon is great for when equipment is on fire, but not as useful when the whole entire west coast is on fire”

This of course is during the raging wildfires on the US west coast.

Frequent offsite backups are also a critical method of fighting Ransomware attacks.

FYI, we keep backup copies of all sites in several locations, using several different backup methods.

Google Chrome Bug Could Let Hackers Bypass CSP Protection; Update Web Browsers

If you haven’t recently updated your Chrome, Opera, or Edge web browser to the latest available version, it would be an excellent idea to do so as quickly as possible.

Cybersecurity researchers on Monday disclosed details about a zero-day flaw in Chromium-based web browsers for Windows, Mac and Android that could have allowed attackers to entirely bypass Content Security Policy (CSP) rules since Chrome 73.

Full article: https://thehackernews.com/2020/08/chrome-csp-bypass.html

Microsoft Defender can ironically be used to download malware

A recent update to Windows 10’s Microsoft Defender antivirus solution ironically allows it to download malware and other files to a Windows computer.

In a recent Microsoft Defender update, the command-line MpCmdRun.exe tool has been updated to include the ability to download files from a remote location, which could be abused by attackers.

With this new feature, Microsoft Defender is now part of the long list of Windows programs that can be abused by local attackers.

Full story at https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-can-ironically-be-used-to-download-malware/