Wordfence Weekly June 19 2019 – June 25 2019

A weekly report of noteworthy threat data by the Defiant threat intelligence team.

Security News

  • Chrome extension caught hijacking users’ search engine results

    Google has removed a Chrome extension from the official Web Store yesterday for secretly hijacking search engine queries and redirecting users to ad-infested search results.
    Read More

  • BGP super-blunder: How Verizon today sparked a ‘cascading catastrophic failure’ that knackered Cloudflare, Amazon, etc

    Verizon sent a big chunk of the internet down a black hole this morning – and caused outages at Cloudflare, Facebook, Amazon, and others – after it wrongly accepted a network misconfiguration from a small ISP in Pennsylvania, USA.
    Read More

  • Global Telecom Carriers Attacked by Suspected Chinese Hackers

    Hackers believed to be backed by China’s government have infiltrated the cellular networks of at least 10 global carriers, swiping users’ whereabouts, text-messaging records and call logs, according to a new report, amid growing scrutiny of Beijing’s cyberoffensives.
    Read More

New Vulnerabilities

Name: ConvertPlus <= 3.4.4 - Multiple Issues
Description: Certain configurations allow users to be created with the broken user role of “None”.
Type: A5 – Broken Access Control

Most Common New Infections

Malware samples identified on the greatest count of newly infected sites.

MD5 Signature Description File Names
C62180F0D626D92E29E83778605DD8BE Suspicious:PHP/eval_exit.92 Obfuscated PHP backdoor. Various .php names like sq.php and wp-cache.php
048648D9755220E727E7E0178837F7BF Backdoor:PHP/561C.110 Obfuscated PHP backdoor amp3.php, sib.php, wpfunck.php
1FDB3383EE4D2217C480EDFF309CCA38 Backdoor:PHP/WSOShell.255 Slightly customized WSO webshell. index.php, e2.php, e8.php
8C9E8184A1523C7286FC11E7DE2EAC55 Backdoor:PHP/LD_PRELOAD.4426 PHP script which generates and executes a malicious binary. wp_form7.php
C2CC3D90B67A9D6C7DF738A8CD8661C7 Suspicious:PHP/eval_exit.92 Obfuscated PHP backdoor. Generated names consisting of words and 3-digit numerals like 416.conflicts.php, processor.501.php, accepted.client.php, etc.

IPs Attacking Most Sites

Rank Prev. IP Address ASN Country
1 3 16276 (OVH SAS) France FR
2 2 16276 (OVH SAS) France FR
3 4 16276 (OVH SAS) France FR
4 5 59019 (Beijing Kingsoft Cloud Internet Technology Co., Ltd) China CN
5 50896 (Trusov Ilya Igorevych) Poland PL
6 200313 (Internet It Company Inc) Netherlands NL
7 46606 (Unified Layer) United States US
8 16276 (OVH SAS) France FR
9 16276 (OVH SAS) Australia AU
10 8 39798 (MivoCloud SRL) Romania RO

Subscribe To The Wordfence Weekly

Did you enjoy this post? Share it!

Recent Issues