Black Basta Ransomware: A New Social Engineering Threat
The Black Basta ransomware group has recently launched an aggressive social engineering campaign targeting businesses. Originating from the remnants of the disbanded Conti group, Black…
WordPress Websites Targeted: Hackers Exploit LiteSpeed Cache Flaw
WordPress website owners and administrators should be aware of a recent surge in attacks exploiting a security vulnerability in older versions of the popular LiteSpeed Cache plugin. This plugin is a powerful performance optimisation tool used by millions of websites to speed up page loads. However, neglecting to update it can leave your site open to attack.
Understanding the Threat
The vulnerability (CVE-2023-40000) exists in LiteSpeed Cache versions older than 5.7.0.1. Attackers can exploit this flaw to inject malicious JavaScript code into a website. This code often performs the following actions:
- Creates Rogue Admin Accounts: New administrator accounts with names like ‘wpsupp-user’ or ‘wp-configuser’ are secretly created, giving attackers complete control over the website.
- Modifies Website Content: Attackers can change your website’s content, install malicious plugins, or redirect visitors to dangerous external sites.
- Distributes Malware: The compromised website could be used to spread malware or launch phishing attacks.
How to Protect Yourself
The most effective defence against this threat is to take these immediate steps:
- Update LiteSpeed Cache: If you use LiteSpeed Cache, update it to the latest version as soon as possible. Check the plugin’s settings page within your WordPress dashboard to see which version you currently have.
- Review Plugins and Themes: Consider removing any unused plugins or themes as these can also introduce security vulnerabilities. Ensure those you keep are up-to-date.
- Monitor for Rogue Admins: Regularly check your WordPress user list for any suspicious administrator accounts and delete them immediately.
- Enforce Strong Passwords: Use complex passwords or passphrases for all WordPress user accounts.
If You Suspect a Breach
If you find signs of compromise, such as the “wpsupp-user” account or suspicious JavaScript code, immediately perform a complete site cleanup:
- Delete Rogue Accounts: Remove any unauthorised administrator accounts.
- Reset Passwords: Change the passwords of all existing user accounts.
- Restore from Backup: Restore your database and website files from a backup created before the compromise.
- Setup 2-Factor-Authentication: for all site admins.
Prevention is Key
Proactive security measures help minimise the risk of your site falling victim. By updating plugins, staying vigilant, and keeping clean backups, you significantly increase your WordPress website’s security.
This vulnerability highlights the dangers of outdated software on websites. Hackers often target known vulnerabilities within popular plugins.
Additional Resources
- LiteSpeed Cache official website: https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration
- WPScan Vulnerability Database: https://wpscan.com/
Related articles
New Chrome Zero-Day Vulnerability CVE-2024-4761: What You Need to Know and How to Stay Safe
Overview Google has released an emergency update to address a new zero-day vulnerability in its Chrome browser. This high-severity flaw, identified as CVE-2024-4761, is actively…
Microsoft’s May Patch Tuesday: Qakbot Zero-Day Demands Urgent Action, But Don’t Overlook Other Critical Fixes
Microsoft’s latest security update cycle, known as Patch Tuesday, arrived in May 2024 with fixes for 61 vulnerabilities. Among these, the exploitation of the zero-day…