api.wordpress.org a potential single-source of failure

Wordfence has posted an important article revealing how WordPress’ automatic update system is vulnerable to compromise. It’s thick reading, but well worth understanding.

Automatic updates is by default “on” with all installations of WordPress.

Hacking 27% of the Web via WordPress Auto-Update

Ivan has been very bad recently

Wordfence has been studying this IP address that is located in St. Petersburg, Russia. They report that it is by far the source of the most attacks on WordPress powered web sites in the past week.

Here is their article about it. It includes some interesting data about the themes and plugins that have been attacked.

https://www.wordfence.com/blog/2016/08/profile-russian-attack-ip/

Mossack Fonseca Breach – WordPress Revolution Slider Plugin Possible Cause

Wordfence has a theory on how the Mossack Fonseca Breach (Panama Papers) occurred. Here is their article that discusses what their analysis has revealed — how one outdated and vulnerable plugin led to the release of 11.5 million documents. The data breach has so far brought down the Prime Minister of Iceland and surrounded Russian President Putin and British Prime Minister David Cameron with controversy, among other famous public figures.

Here is the link to the Wordfence article: https://www.wordfence.com/blog/2016/04/mossack-fonseca-breach-vulnerable-slider-revolution/

 

See how a two line script creates a powerful attack platform

Wordfence posts an article that walks you through how an attack platform works and the scripts and capabilities that it provides.

Wordfence reports:

“During a recent investigation of a very large infection we found a trove of attack tools that all pointed back to a single ‘meta’ script. This script was only two lines long but provided an attacker with a powerful capability. Once it fully installs itself it provides what we are referring to as an ‘attack platform’.”

https://www.wordfence.com/blog/2016/02/wordpress-security-attack-platform/