Security expert re: 600,000 WordPress sites attacked due to critical vulnerability (RCE flaw)

Expert(s): Security Experts September 11, 2020

More than 600,000 WordPress sites running vulnerable File Manager plugin versions are being attacked due to a critical remote code execution flaw, and the attackers have also been seen protecting the sites they compromised from other bad actors’ attacks.

Experts Comments

Dot Your Expert Comments

Timothy Chiu

September 11, 2020

Vice President of Marketing

K2 Cyber Security

The site is compromised, and the attacker was successful exploiting a flaw that has a released fix.

This latest critical vulnerability in a WordPress plugin, a remote code execution flaw, is one of the most dangerous vulnerabilities because it gives the attacker the ability to run almost any code on the hacked site. While it's interesting that attackers have taken this one step further, protecting their malicious files they've written to the compromised sites, the end result is still the same: the site is compromised, and the attacker was successful exploiting a flaw that has a released fix. .....Read More

Dot Your Expert Comments

Only for registered and approved experts. Please register before providing comments. Register here

Your Comments Headline (max 150 Char)

Your Comments:

Your Email:

* By using this form you agree with the storage and handling of your data by this web site.

Submit

Baber Amin, COO, Veridium

"If access was obtained via a stolen credential, that will make it a bit more challenging to track. "

~200K US Military Vets’ Medical Records Leaked by 3rd Pty – Cyber Experts’ Perspectives

Tom Garrubba, Senior Director and CISO, Shared Assessments

"It is possible that a ransomware incident and the exposed databases are related. "

~200K US Military Vets’ Medical Records Leaked by 3rd Pty – Cyber Experts’ Perspectives

Dr. Chenxi Wang, General Partner, Rain Capital

"Instead of encrypting data and ask for a ransom, more ransomware attacks have been threatening to expose data instead. "

~200K US Military Vets’ Medical Records Leaked by 3rd Pty – Cyber Experts’ Perspectives

Saryu Nayyar, CEO, Gurucul

"All in all, this is a troublesome discovery, especially given the sensitivity of the data. "

~200K US Military Vets’ Medical Records Leaked by 3rd Pty – Cyber Experts’ Perspectives

Sam Curry, Chief Security Officer, Cybereason

"Asymmetry in cyber conflict is more and more favouring attackers as they hone their skills and tools. "

Experts Responses on Verizon DBiR Findings

Dan Conrad, Field Strategist, One Identity

"\"85 percent of breaches involved a human element” – again, Identity is the security perimeter. "

Experts Responses on Verizon DBiR Findings

Eoin Keary, CEO and Cofounder, Edgescan

"It is ever more important for the cybersecurity industry to come together and join forces to fight the challenges facing organisations today. "

Experts Responses on Verizon DBiR Findings

Adam Enterkin, SVP, EMEA, BlackBerry

"Humans and tech must work hand in hand. "

Experts Insight On US Pipeline Shut After Cyberattack

Christine Gadsby, VP of Product Security, BlackBerry

"The only way to keep the enemy out is to ensure you have good cyber hygiene practices in place. "

Experts Insight On US Pipeline Shut After Cyberattack

Terry Olaes, Technical Director, Skybox Security

"Hackers now see critical infrastructure as low-hanging fruit. "

Experts Insight On US Pipeline Shut After Cyberattack

Jake Moore, Cybersecurity Specialist, ESET

"The effort undertaken to attack the new AirTag was intensive and impressive, but tracking people must not be taken lightly. "

Expert Reaction On Researcher Proves AirTags Can Be Hacked

Matt Trushinski, Technical Director, Arctic Wolf

"This situation illustrates a growing security crisis. "

Experts Insight On US Pipeline Shut After Cyberattack

Miles Tappin, Vice President, EMEA, ThreatConnect

"Critical infrastructure cybersecurity must adopt a risk-led security strategy. "

Experts Insight On US Pipeline Shut After Cyberattack

Baber Amin, COO, Veridium

"Ransomware gangs have caught on to this naïve approach and are happy to exploit it. "

Babuk Ransomware Gang Again Threatens DC Police Data Release

Saryu Nayyar, CEO, Gurucul

"The societal pressures are too great and the impact may literally be life threatening. "

Babuk Ransomware Gang Again Threatens DC Police Data Release

Security expert re: 600,000 WordPress sites attacked due to critical vulnerability (RCE flaw)

Experts Comments

Dot Your Expert Comments

You may also like