Interactive Investigations | Coder Radio 373

Wes Payne — Mon, 02 Sep 2019 19:10:06 +0000

Crystal Clear | Coder Radio 372

Wes Payne — Mon, 26 Aug 2019 20:43:16 +0000

chris — Tue, 21 Feb 2017 21:41:43 +0000

We covered the WordPress bug in TechSNAP 306
See also [Security Firm Trend Micro’s Blog Falls Victim To Content Spoofing Attack]https://www.silicon.co.uk/security/trendmicro-blog-security-205197
and WordPress Quietly Fixes Zero-Day Flaw Tom
WordPress was alerted to the flaw on 20 January
WordPress officially released WordPress 4.7.2 to the world on Thursday 26 January.
- “The release went out over our autoupdate system and, over a couple of hours, millions of WordPress 4.7.x users were protected without knowing about the issue or taking any action at all.”
Dan confirms the above upgrade timeline; his WordPress sites were updated on 26 January, between 2:30 and 3:30 EST
Researcher’s Feb 1 blog post with details
WordPress’ Feb 1 10:59 AM blog post
NOTE: Virally growing attacks on unpatched WordPress sites affect ~2m pages
Attacks on websites running an outdated version of WordPress are increasing at a viral rate. Almost 2 million pages have been defaced since a serious vulnerability in the content management system came to light nine days ago. The figure represents a 26 percent spike in the past 24 hours
Google trend chart

Real information in the blog post
Suggestions: put such devices on their own VLAN, but I’m not sure how their connections work
Large-scale ~= 70 organisations
Most of the targets are located in the Ukraine, but there are also targets in Russia and a smaller number of targets in Saudi Arabia and Austria. Many targets are located in the self-declared separatist states of Donetsk and Luhansk, which have been classified as terrorist organizations by the Ukrainian government.