A weekly report of noteworthy threat data by the Defiant threat intelligence team.
This week saw an uptick in malicious network activity from Chinese hosts, while IPs associated with OVH SAS have begun to pull back. We've begun tracking new domains associated with malvertising campaigns, while familiar backdoor scripts remain the top new infections of the week. In the news, an Instagram access control flaw could have allowed hackers to take over any account, and Apple put its foot down by removing hidden, vulnerable webservers from Zoom clients.
In this Wordfence Weekly we've got a batch of repeat offenders occupying the malware rankings, but some newcomers have entered the top attacking IP addresses. In the news, check out Cloudflare's response following an outage that affected many internet users this week.
In this week's Wordfence Weekly, we've tweaked the scope of our most common malware rankings. Previously these were ranked by which malware was identified on the most unique sites. However, this led to disproportionate representation of sites which neglected to clean old malware. Starting this week, we're ranking only malware found in new infections, which should provide more reliably actionable data.
In this edition of the Wordfence Weekly, the top 5 list of malware hashes remains unchanged from last week, while French and Chinese hosts remain the largest source of blocked attacks on our network.
In this edition of Wordfence Weekly, we see continued trends in malicious IPs from OVH SAS. On the malware side, familiar backdoors populate the top five but a script generating malicious binaries makes an appearance.