OH CRAPPY, CRAPPY DAY. A hacking spree has seen tonnes and tonnes of Wordpress blogs defaced, and probably caused a lot of people to try and remember their password so that they can log in and check whether they have been affected.
Security firm Sucuri has raised the panic flag over the exploit, twice now. In its latest blurt it says that a remote code execution feature has been added to the package.
"We are starting to see remote command execution (RCE) attempts trying to exploit the latest WordPress REST API Vulnerability," said the firm's Daniel Cid.
These RCE attempts started today after a few days of attackers (mostly defacers) rushing to vandalize as many pages as they could. The RCE attempts we are seeing in the wild do not affect every WordPress sites, only the ones using plugins that allow for PHP execution from within posts and pages."
That should narrow things down. According to a report on the BBC, there are millions of pages that have already been defaced thanks to the vulnerability. The report adds that Wordpress released a fix the first time that Sucuri came knocking. Indeed it did.
"On January 20th, Sucuri alerted us to a vulnerability discovered by one of their security researchers. The security team began assessing the issue and working on solutions. While a first iteration of a fix was created early on, the team felt that more testing was needed," it said.
"On Thursday, January 26, we released WordPress 4.7.2 to the world. We'd like to thank Sucuri for their responsible disclosure, as well as working with us to delay disclosure until we were confident that as many WordPress sites were updated to 4.7.2 as possible."
Shit that was ages ago now. This should all be history by now. Except we know what it is not.
Sucuri has what looks like a quick and efficient fix. That is to take the plugins and unplug them.
"First of all, if you have any of these plugins, we recommend disabling them. We believe that PHP code should be run within a plugin or theme. It should not be run directly from the posts," added Cid.
"Second, it seems attackers are starting to think of ways to monetize this vulnerability. Defacements don't offer economic returns, so that will likely die soon. What will remain are attempts to execute commands (RCE) as it gives the attackers full control of a site - and offers multiple ways to monetize - and SPAM SEO / affiliate link / ad injections.
"We are starting to see them being attempted on a few sites, and that will likely be the direction this vulnerability will be misused in the coming days, weeks and possibly months."
Unplug people, unplug. µ
We don't have enough faces or palms
You'll find it in the App Store under 'hipster'
Firm's OLED plant is working at 'less than 50 per cent capacity'