June 7, 2023

Certificate Transparency (CT) system are abused by attackers to compromise new WordPress sites before Content Management System is been configured

CT is a web security standard for monitoring and auditing SSL/TLS certificates, which are issued by certificate authorities (CAs) to validate websites identity.

The hackers are monitoring these logs in order to detect new WordPress domains and configure the CMS themselves after web admins upload the WordPress files, but before they manage to secure the website with a password.

Advertisements

Domain owners report the appearance of a malicious file (/wp-includes/.query.php) and sites being press-ganged into joining DDoS attacks.

If the attacker is polling CT logs directly they would see new certificate entries faster, giving them a larger time window in which to pull off the attack. Scanning crt.sh, a certificate search domain, might also work, but it takes longer for new certificates to propagate from CT.

All publicly trusted CAs are required to submit certificates to CT logs without delay after they are issued. The responsibility for protecting new WordPress sites ultimately lies with domain owners and hosting providers.

Tags:

Leave a Reply

You may have missed

Synk Platform Enhancements

Synk Platform Enhancements

June 7, 2023
Microsoft to comply with LinkedIn GDPR Violation

Microsoft to comply with LinkedIn GDPR Violation

June 7, 2023
Google Fixes Third Chrome Zeroday

Google Fixes Third Chrome Zeroday

June 6, 2023
Moveit Attributed to Lace Tempest

Moveit Attributed to Lace Tempest

June 6, 2023
Byte Code Bites PYPI

Byte Code Bites PYPI

June 5, 2023
Enzo Biochem Suffers a Data Breach

Enzo Biochem Suffers a Data Breach

June 5, 2023
%d bloggers like this: