Hello, welcome to the Friday, June 15th, 2018 edition of the Santernet Storm Center's Stormcast.

My name is Johannes Ulrich and the time recording from Jacksonville, Florida.

Xavier today took a look at a compromised WordPress site.

This is a site that a reader gave us access to after it was compromised.

Looks like the adhack actually took advantage of the WordPress XMLRPC interface and most likely prudeforced password.

Once compromised, the attacker essentially turned the WordPress site into a spam site in particular to target

Japanese search engines in this particular case. There was also a web shell left behind in order

to provide the attacker with future access. In addition to the attacker also installed a malicious plugin that gave the attacker remote access

to the system.

WordPress remains the top target as far as web applications go.

A lot of the attacks that I'm seeing are really just trying to prude for passwords,

not necessarily so much going for vulnerabilities.

I've also seen a couple cases where they're looking for some of these back doors that

other attackers may have installed in the past. And if you have been looking at crowdfunding sites recently, you probably saw some of these

smart padlocks being advertised.

These locks promise to be more secure than some of their mechanical counterparts, and they also

offer the convenience of being opened via an app.

Typically the price of these locks is around $100 so that's in line with some of the high-end

mechanical locks.

Some of the initial attacks against these locks focused on essentially poor mechanical construction. This one particular

lock was very easily broken by essentially just twisting off the back cover. Now this

vulnerability apparently has been fixed now with a spring-loaded pin that

...