WordPress Vulnerability Caused The Independent Blog Page Hack

The blog page of The Independent, one of the top media websites in the United Kingdom, has been compromised and found redirecting users to a page that loads an exploit kit. This discovery was made while Trend Micro threat researchers were monitoring Angler Exploit Kit activities on November 21 onwards.

[Read: “The Independent” Blog Hacked, Leads to Ransomware]

The blog is reported to be running on an old version of WordPress (2.9.2). If a redirected user does not have an updated version of Adobe Flash Player, the system will be infected with ransomware.

The Angler Exploit Kit is the most active exploit kit that leverages on Adobe Flash zero-day vulnerabilities. Through this small window, threat actors were able to compromise the blog and potentially infect its readers. While the blog remains infected, the rest of The Independent’s website is clear of any other risks.

As a favoured platform by bloggers, WordPress is a big target for threat actors. Earlier this year, the platform was at risk from a zero-day vulnerability that allowed an attacker to launch stored cross-site scripting (XSS) attacks through comments, forums, discussions, and other avenues. This allows the attacker to execute JavaScript code in the website’s administrator window and gain administrator privileges.

[Read: WordPress Vulnerability Puts Millions of Sites at Risk]

WordPress has since released updates to patch critical security vulnerabilities in their platform. However, The Independent’s blog remained outdated and vulnerable. Trend Micro strongly urges site administrators to upgrade their versions of WordPress to the latest version (4.3.1) to patch previous vulnerabilities.