Submission + - Attacks on WordPress Sites Intensify as Hackers Deface Over 1.5 Million Pages (bleepingcomputer.com)
An anonymous reader writes: Attacks on WordPress sites using a vulnerability in the REST API, patched in WordPress version 4.7.2, have intensified over the past two days, as attackers have now defaced over 1.5 million pages, spread across 39,000 unique domains.
Initial attacks using the WordPress REST API flaw were reported on Monday by web security firm Sucuri, who said four group of attackers defaced over 67,000 pages. The number grew to over 100,000 pages the next day, but according to a report from fellow web security firm WordFence, these numbers have skyrocketed today to over 1.5 million pages, as there are now 20 hacking groups involved in a defacement turf war.
Making matters worse, over the weekend, Google failed miserably when it warned website owners that registered WordPress sites in the Google Search Console. Google attempted to send security alerts to all WordPress 4.7.0 and 4.7.1 website owners (vulnerable to the REST API flaw), but some emails reached WordPress 4.7.2 owners, some of which misinterpreted the email and panicked, fearing their site might lose search engine ranking.
Initial attacks using the WordPress REST API flaw were reported on Monday by web security firm Sucuri, who said four group of attackers defaced over 67,000 pages. The number grew to over 100,000 pages the next day, but according to a report from fellow web security firm WordFence, these numbers have skyrocketed today to over 1.5 million pages, as there are now 20 hacking groups involved in a defacement turf war.
Making matters worse, over the weekend, Google failed miserably when it warned website owners that registered WordPress sites in the Google Search Console. Google attempted to send security alerts to all WordPress 4.7.0 and 4.7.1 website owners (vulnerable to the REST API flaw), but some emails reached WordPress 4.7.2 owners, some of which misinterpreted the email and panicked, fearing their site might lose search engine ranking.