Hackers actively targeting WordPress sites running unpatched Tatsu plugin

Hackers actively targeting WordPress sites running unpatched Tatsu plugin

Posted on

Hackers are reported to be actively targeting WordPress sites with unpatched versions of the Tatsu no-code page builder plugin installed.

Detailed by Ram Gall at Wordfence, the large-scale attack is targeting a Remote Code Execution vulnerability in Tatsu that was publicly disclosed in March. While an updated version of the plugin has since been released, as is often typical with software or, in this case, a WordPress plugin, not all users have installed the latest version, opening the door to hackers.

The exact number of sites running unpatched versions of Tatsu is unknown – the number could be as high as 50,000. What isn’t hard to track is the number of attacks – Wordfence saw a peak of 5.9 million attacks against 1.4 million sites on May 14.

The attack volume has since declined, but the attacks are still ongoing. Most of the attacks are described as probing attacks to determine the presence of the vulnerable plugin.

If a WordPress install is running an unpatched copy of Tatsu, the most common payload deployed is a dropped that is then used to place additional malware in a randomly-named subfolder.

The obvious solution to the problem is for Tatsu users to update the plugin to the latest version, currently 3.3.13.  It’s warned that an earlier update – 3.3.12, only contained a partial patch that did not fully address all issues.

“When it comes to cybersecurity, most organizations give little thought to their websites,” Chris Olson, chief executive officer of digital safety provider The Media Trust, told SiliconANGLE. “The Tatsu vulnerability shows us why this is a mistake: websites – which play a key role in marketing and revenue generation – are increasingly targeted by hackers, making them a source of risk to customers and casual visitors.”

Olson noted that as a precaution, anyone managing an organization’s website should be performing regularly scheduled maintenance that includes updates for plugins and security patches.”This is all the more true if it runs WordPress or another open-source CMS that depends heavily on third-party code, as these are chief drivers of risk,” Olson added.

Image: Wordfence

Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *