A weekly report of noteworthy threat data by the Defiant threat intelligence team.
The prevalence of attacks from US-based host QuadraNet continues in this edition of Wordfence Weekly. Additionally, a few new noteworthy vulnerabilities have popped up, which are each seeing their own attacks. In particular, we've begun tracking some new domains associated with malicious redirects.
This week, the list of the top IPs attacking WordPress sees a sudden appearance of seven addresses from the US-based hosting provider QuadraNet Enterprises LLC. In the tracked domains, we've added some illegitimate download sites referenced in malicious samples discovered by our site cleaning team.
July's final Wordfence Weekly sees some news items regarding Marcus Hutchins' sentencing and a data breach from Capital One. Under the week's new tracked domains, we list xn--google-analytcs-xpb[.]com, a punycode domain masquerading as a Google Analytics domain when decoded. Malware trends and common attacking IPs remain stable, though OVH SAS's longtime domination of the attacking IP rankings continues to wane.
This week saw an uptick in malicious network activity from Chinese hosts, while IPs associated with OVH SAS have begun to pull back. We've begun tracking new domains associated with malvertising campaigns, while familiar backdoor scripts remain the top new infections of the week. In the news, an Instagram access control flaw could have allowed hackers to take over any account, and Apple put its foot down by removing hidden, vulnerable webservers from Zoom clients.
This week, a new XSS flaw in Yoast was disclosed. Updating the plugin will resolve the issue, which could allow Editors in multisite environments to attack other sites in the network. In the news, YouTube catches flak for banning instructional hacking videos, and IBM officially acquires Red Hat. In our threat intel, we share a newly tracked domain used by infected sites to deploy new malicious content.
In this Wordfence Weekly we've got a batch of repeat offenders occupying the malware rankings, but some newcomers have entered the top attacking IP addresses. In the news, check out Cloudflare's response following an outage that affected many internet users this week.
In this week's Wordfence Weekly, we've tweaked the scope of our most common malware rankings. Previously these were ranked by which malware was identified on the most unique sites. However, this led to disproportionate representation of sites which neglected to clean old malware. Starting this week, we're ranking only malware found in new infections, which should provide more reliably actionable data.
In this edition of the Wordfence Weekly, the top 5 list of malware hashes remains unchanged from last week, while French and Chinese hosts remain the largest source of blocked attacks on our network.
In this edition of Wordfence Weekly, we see continued trends in malicious IPs from OVH SAS. On the malware side, familiar backdoors populate the top five but a script generating malicious binaries makes an appearance.