Rewterz

Rewterz Threat Advisory – CVE-2020-8174 – Node.js buffer overflow Vulnerability

June 3, 2020
Rewterz

Rewterz Threat Advisory – Multiple Google Chrome Security Vulnerabilities

June 4, 2020

Rewterz Threat Alert – Large Scale Attack Campaign Targets WordPress Database Credentials

Severity

Medium

Analysis Summary

Researchers report indicating that over 1.3 million sites were part of an attack campaign that generated over 130 million attempts to harvest credentials for WordPress databases. This campaign represented over seventy-five percent of all attempted exploits against WordPress systems for the days specified (May 29 through May 31). Researchers indicated those carrying out this campaign were probably the same as those who’d carried out a previous campaign attempting to exploit XSS vulnerabilities. The previous XSS campaign utilized over twenty thousand different IP addresses in its attack. These IPs were also used in the current campaign. The target of this campaign was the file wp-config.php, which contains database credentials as well as connection information, authentication unique keys, and salts. With this information, an attacker could gain full control over the site’s database.

Impact

  • Credential theft
  • Exposure of sensitive data

Indicators of Compromise

IP

  • 200[.]25[.]60[.]53
  • 51[.]255[.]79[.]47
  • 194[.]60[.]254[.]42
  • 31[.]131[.]251[.]113
  • 194[.]58[.]123[.]231
  • 107[.]170[.]19[.]251
  • 188[.]165[.]195[.]184
  • 151[.]80[.]22[.]75
  • 192[.]254[.]68[.]134
  • 93[.]190[.]140[.]8

Remediation

Block all threat indicators at your respective controls.
Search for IOCs in your respective environments.

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.