This site uses cookies in accordance with our Privacy Policy.
Wordfence Weekly July 24 2019 – July 30 2019
A weekly report of noteworthy threat data by the Defiant threat intelligence team.
Security News
-
Capital One Data Theft Impacts 106M People
Federal prosecutors this week charged a Seattle woman with stealing data from more than 100 million credit applications made with Capital One Financial Corp.
Read More -
Marcus ‘MalwareTech’ Hutchins gets no prison time, one year supervised release
Marcus ‘MalwareTech’ Hutchins, the security researcher who helped stop the WannaCry ransomware outbreak, was sentenced in the US to time served and one year of supervised release.
Read More -
FTC Imposes $5 Billion Penalty and Sweeping New Privacy Restrictions on Facebook
Facebook, Inc. will pay a record-breaking $5 billion penalty, and submit to new restrictions and a modified corporate structure that will hold the company accountable for the decisions it makes about its users’ privacy, to settle Federal Trade Commission charges that the company violated a 2012 FTC order by deceiving users about their ability to control the privacy of their personal information.
Read More
Notable Vulnerabilities
Name: ND Shortcodes For Visual Composer <= 5.8 - Unauthenticated Arbitrary Options Update
Description: Vulnerable versions allow unauthenticated users to modify arbitrary WordPress options, potentially leading to privilege escalation.
Type: A5 – Broken Access Control
Description: Vulnerable versions allow unauthenticated users to modify arbitrary WordPress options, potentially leading to privilege escalation.
Type: A5 – Broken Access Control
Most Common New Infections
Malware samples identified on the greatest count of newly infected sites.
| MD5 | Signature | Description | Example File Names |
|---|---|---|---|
| C62180F0D626D92E29E83778605DD8BE | Suspicious:PHP/eval_exit.92 | Obfuscated PHP backdoor. | file.php, i.php, ihqxkhi.php, and others. |
| 048648D9755220E727E7E0178837F7BF | Backdoor:PHP/561C.110 | PHP script which generates and executes a malicious binary. | amp3.php, sib.php, wpfunck.php, and others. |
| 8C9E8184A1523C7286FC11E7DE2EAC55 | Backdoor:PHP/2842.103 | PHP script which generates and executes a malicious binary. | wp_form7.php |
| BF3A65A77DA363AC779A2C45FD2DA2FF | Suspicious:PHP/eval_exit.92 | Obfuscated PHP backdoor. | common_config.php |
| 446ABEFA504998F144A7AE906A173978 | Suspicious:PHP/rot13_of_eval.95 | Obfuscated, password-protected PHP backdoor. | b9448c1c.php |
IPs Attacking Most Sites
| Rank | Prev. | IP Address | ASN | Country |
|---|---|---|---|---|
| 1 | 1 | 160.153.245.87 | 26496 (GoDaddy.com, LLC) |  US |
| 2 | — | 35.226.172.28 | 15169 (Google LLC) | US |
| 3 | 3 | 5.8.47.2 | 50896 (Trusov Ilya Igorevych) |  PL |
| 4 | — | 173.236.197.34 | 26347 (New Dream Network, LLC) | US |
| 5 | — | 176.9.71.213 | 24940 (Hetzner Online GmbH) |  DE |
| 6 | — | 207.148.66.43 | 20473 (Choopa, LLC) |  SG |
| 7 | — | 162.13.127.58 | 15395 (Rackspace Ltd.) |  GB |
| 8 | — | 212.36.69.212 | 15699 (OGIC Informatica S.L.) |  ES |
| 9 | 9 | 51.77.53.229 | 16276 (OVH SAS) | PL |
| 10 | — | 222.186.46.59 | 23650 (AS Number for CHINANET jiangsu province backbone) |  CN |
New Tracked Domains
| Domain Name | Date Added | Current Status | Notes |
|---|---|---|---|
| thez8.com | 07/24/2019 | Up | Referenced in malicious spam files. |
| blufftonjaspervim.org | 07/24/2019 | Up | Associated with redirect campaign. |
| xn--google-analytcs-xpb.com | 07/25/2019 | Up | Punycode domain (decodes as google-analytîcs.com) associated with skimming campaign. |
| greatinstagrampage.com | 07/30/2019 | Up | Associated with redirect campaign. |