Researchers from Imperva released a report about the KashmirBlack botnet, which has grown significantly over the last six months and is now capable of attacking thousands of websites per day. The botnet targets websites running unpatched Content Management Systems (CMS) including WordPress, Joomla and Drupal, Magento and vBulletin—taking control of those sites by exploiting known vulnerabilities to install crypto-mining malware and redirect website visitors to malicious URLs or advertising. Some of the vulnerabilities exploited include WordPress xmlrpc.php login brute-force attack, Magento local file inclusion (CVE-2015-2067), vBulletin Widget RCE (CVE-2019-16759). Some of the vulnerabilities are many years old, and all have patches available to mitigate them. The problem is that so many websites are set up and then abandoned or never patched again.
12 Essentials for a Successful SOC Partnership
As cyber threats continue to impact businesses of all sizes, the need for round-the-clock security