Return-Path: Delivered-To: mail@dorianvasco.de Received: from localhost (localhost [127.0.0.1]) by v22014122474822114.stilfilm.com (Postfix) with ESMTP id 0BF72D1F40 for ; Fri, 10 Feb 2017 01:24:59 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at v22014122474822114.yourvserver.net X-Spam-Flag: YES X-Spam-Score: 2.693 X-Spam-Level: ** X-Spam-Status: Yes, score=2.693 required=2 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_IMAGE_RATIO_06=0.001, HTML_MESSAGE=0.001, PYZOR_CHECK=1.392, RCVD_IN_SORBS_SPAM=0.5, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no Received: from v22014122474822114.stilfilm.com ([127.0.0.1]) by localhost (v22014122474822114.yourvserver.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id b_l1LvrEDsm3 for ; Fri, 10 Feb 2017 01:24:57 +0100 (CET) Received: from o2.mail2.shared.hubspot.com (o2.mail2.shared.hubspot.com [50.31.57.57]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by v22014122474822114.stilfilm.com (Postfix) with ESMTPS id F3B45D1F30 for ; Fri, 10 Feb 2017 01:24:56 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=mail2.shared.hubspot.com; h=from:reply-to:to:subject:mime-version:content-type:list-unsubscribe; s=smtpapi; bh=6cE7e7U6tHNXt1w3zDr5O+84/Nc=; b=HqYoLvv34X1r2xKIf/ GF7CuVvUbMpliAifvSKdTDruxBFph86IckcN+ZzvFuEq7ha8Vm85H/rPbsjhuKyv 5+3prMugneHagx46JrzqQQmYANVsWdQ4CXeEn/vUEUQEoCCkLZj/i8G/CPxVx3da iw3uBIVPkAeB/7CtMse6O8SLw= From: Sucuri Blog Reply-To: info@sucuri.net To: mail@dorianvasco.de Message-ID: <1486686111152.5142ab76-07a9-4406-b62a-5bd9f6a1ce95@smtp.hubapi.com> Subject: ***SPAM*** RCE Attempts Against the Latest WordPress REST API Vulnerability MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_154978_590515982.1486686295409" List-Unsubscribe: , X-Report-Abuse-To: abuse@hubspot.com (see https://www.hubspot.com/abuse-complaints) X-HubSpot-MID: CiQ1MTQyYWI3Ni0wN2E5LTQ0MDYtYjYyYS01YmQ5ZjZhMWNlO TUQ4rMeGLqyASAAKMDZmBQw+vIVOhNtYWlsQGRvcmlhbnZhc2NvLmRlQ LCLl6uiK0jkAlogOTlhOGVhZGJiNDZlNjk2MmVjNTY2YzZmZTZmZGNkZ TZlAAB8QnDz4cwYgAEAigEkMzdhZDAwY2EtZTE4Ny0zZGFjLWFmYTEtY zdiNmY1ODJhZjU1oAEAqAECsAEAyAEB0gEPaW5mb0BzdWN1cmkubmV04 gEOZG9yaWFudmFzY28uZGU= Date: Fri, 10 Feb 2017 00:24:55 +0000 (UTC) X-SG-EID: 7giigzkRv5byIVQi8QoJMf6K/3KfEkjMb81l2x8+gr83FDMWDpPX0UtljVLZgcQgj93mHRIjqBqCZT BID8YOomFTHLZrks3+oqoFdYJxzOSdaw3aRTyoRu48ZNLWP0yNYZ9exxHwRV59X8vXTtwcF//UWPAO P+xc+NJiHxSpaf/NVa+hh6TpQgGSSOsLvZ2iRJk+mRMXSU6fkumZ11AoBw== X-SG-ID: BaKDar+VrkG/S9kwb9JXA9YVkCvGNYAgkzsmXa7fh0c1yChfBEKhLTVuc1Og+vuVoc5TTDwn9fKen1 FKUgpDLVBierDcP1WH9HIs9rdAlnanfgQeZS4Gjm6sPES1YFbd4kf2/gHApX73+5jrICZG3FWwnRCx 3+d/6iKmCAl5pMx9LHPZ82JSTTDhU+6yJa/FIFxp4W7iCnAu6VoVmUsH4/loKkdl8DGeHk0RA1uMYz ixZq+cjNZ+6JjgW0knGK5HpCYthMeerN6/AchgHIvOUoUTCbKgZsNaJ9j1+6or1Yhrb68X3uQKltW0 hAYA+pohxTn0iGmguXql6tfs7cKemHNUNr1LnZ2SAS40X2ztC1z8Sjgn7MXOwSniNi7K+HHMLj2fA4 mf9YEESK4GhD/52MP+AZuNd973s331GDw7XB0= ------=_Part_154978_590515982.1486686295409 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable We have released a new article on our blog. Real People. Real Security. Real People. Real Security. (https://blog.sucuri.net/?utm_campaign=3DBlog+R= SS&utm_source=3Dhs_email&utm_medium=3Demail&utm_content=3D42347712&_hsenc= =3Dp2ANqtz-9-MVdou5F4OFdIjA-e5CBrMngqW8-S3Xn6ibxJU0XWi6ObPZUSEwKInlhFpFwZYD= 86XaG3q2E8FD-RzvE-wrLx8SKl0g&_hsmi=3D42347712) RCE Attempts Against the Latest WordPress REST API Vulnerability (https://b= log.sucuri.net/2017/02/rce-attempts-against-the-latest-wordpress-rest-api-v= ulnerability.html?utm_campaign=3DBlog+RSS&utm_source=3Dhs_email&utm_medium= =3Demail&utm_content=3D42347712&_hsenc=3Dp2ANqtz--G2gZmp0Goyqj716faDMVMwp00= 3Dt7OW8qPVrazL3Br1XeGngviZFalzIFdj45PTIaAOQiEJp0Q-zZvDSEBQNXD33rgw&_hsmi=3D= 42347712) By Daniel Cid, Thursday, February 9, 2017 3:43 PM RCE Attempts Against the Latest WordPress REST API Vulnerability (https://b= log.sucuri.net/2017/02/rce-attempts-against-the-latest-wordpress-rest-api-v= ulnerability.html?utm_campaign=3DBlog+RSS&utm_source=3Dhs_email&utm_medium= =3Demail&utm_content=3D42347712&_hsenc=3Dp2ANqtz-88p-GhRmxV7Uc407qlqassJnG2= WFWdhm8EjKL5GvB4J8SiANXkrWT6RMh76H_C8COut5fRsCNxt7qfdR4iPfWmxYV7IQ&_hsmi=3D= 42347712) We are starting to see remote command execution (RCE) attempts trying to ex= ploit the latest WordPress REST API Vulnerability. These RCE attempts started today after a few days of attackers (mostly defa= cers) rushing to vandalize as many pages as they could. The RCE attempts we= are seeing in the wild do not affect every WordPress sites, only the ones = using plugins that allow for PHP execution from within posts and pages. Continue reading RCE Attempts Against the Latest WordPress REST API Vulnera= bility at Sucuri Blog. (https://blog.sucuri.net/2017/02/rce-attempts-agains= t-the-latest-wordpress-rest-api-vulnerability.html?utm_campaign=3DBlog+RSS&= utm_source=3Dhs_email&utm_medium=3Demail&utm_content=3D42347712&_hsenc=3Dp2= ANqtz-83zsxcYC8N3vxa8dl-MURZamDkCNVXhmzDFsBcFYXzT_pvbsgd9TefbxAK4755Net-Klz= pgnDS5XpJ048rV583r31eow&_hsmi=3D42347712) Visit Our Blog (https://cta-image-cms2.hubspot.com/ctas/v2/public/cs/ci/?pg= =3Db9176485-2b2e-4293-bb1d-3b7b9c75cb22&pid=3D498146&ecid=3DACsprvsRcPM1cM2= VKy6Mctzt5ttzPq6ll1mZm3xSFkv-sbtSLP-mUGgIwaqUcYAtXWRGrGtn8h83&utm_rewrite= =3DREWRITE_BARE&utm_campaign=3DBlog+RSS&utm_source=3Dhs_email&utm_medium=3D= email&utm_content=3D42347712&_hsenc=3Dp2ANqtz-_USJfHjbmNUiQZLVZN0UsFHckTZID= NzW1rKhELcJJfmj_k1f1xa4en9qKT98JUObU4EdL2Zz7sxSsXUR1LNZoEN4nqSA&_hsmi=3D423= 47712) Secured_Website.png (https://sucuri.net/lp/email/em-website-security?utm_ca= mpaign=3DBlog+RSS&utm_source=3Dhs_email&utm_medium=3Demail&utm_content=3D42= 347712&_hsenc=3Dp2ANqtz-9DifDxftvwpvXI3n5fC4ECkTxo6AEubz8OlNmw4RY8y1o41FxCQ= xRr3yu44KytTy6fkgxbLTGeUIoTV9nR5YdIxpDeHA&_hsmi=3D42347712) Secure Your Web= site Today (https://sucuri.net/lp/email/em-website-security?utm_campaign=3D= Blog+RSS&utm_source=3Dhs_email&utm_medium=3Demail&utm_content=3D42347712&_h= senc=3Dp2ANqtz--lO_8LjQgRA2Z1dJBUxvI3j_S8_PrxM6qBKMjaodP0OFiWtOu1sTZUU1k_qN= s53qHKJhhFVINSviUb7bzpfagoswsZYQ&_hsmi=3D42347712) Share on Facebook (http://www.facebook.com/share.php?u=3Dhttps%3A%2F%2Fblog= .sucuri.net%2F2017%2F02%2Frce-attempts-against-the-latest-wordpress-rest-ap= i-vulnerability.html%3Futm_medium%3Dsocial%26utm_source%3Dfacebook&utm_camp= aign=3DBlog+RSS&utm_source=3Dhs_email&utm_medium=3Demail&utm_content=3D4234= 7712&_hsenc=3Dp2ANqtz-_Xn4I9OXrrgiuwYxLBwColDoM-w8QnijTRZookuB2bMwMV3a_OVVt= -YJBO1B0yDZ0gM8ch1rrZqWqX2fHONAtnGXqO3Q&_hsmi=3D42347712) Share on LinkedI= n (http://www.linkedin.com/shareArticle?mini=3Dtrue&url=3Dhttps%3A%2F%2Fblo= g.sucuri.net%2F2017%2F02%2Frce-attempts-against-the-latest-wordpress-rest-a= pi-vulnerability.html%3Futm_medium%3Dsocial%26utm_source%3Dlinkedin&utm_cam= paign=3DBlog+RSS&utm_source=3Dhs_email&utm_medium=3Demail&utm_content=3D423= 47712&_hsenc=3Dp2ANqtz-8ByjmXNuYTEmxjZB85Cemfs1wxlQrQOFHM4FwXMFpbMJYpzPkhcW= 8bjlOsyc4uaKb5gXM84SA7M3Z2PUAvgpFeXn6AsQ&_hsmi=3D42347712) Share on Twitte= r (https://twitter.com/intent/tweet?original_referer=3Dhttps%3A%2F%2Fblog.s= ucuri.net%2F2017%2F02%2Frce-attempts-against-the-latest-wordpress-rest-api-= vulnerability.html%3Futm_medium%3Dsocial%26utm_source%3Dtwitter&url=3Dhttps= %3A%2F%2Fblog.sucuri.net%2F2017%2F02%2Frce-attempts-against-the-latest-word= press-rest-api-vulnerability.html%3Futm_medium%3Dsocial%26utm_source%3Dtwit= ter&source=3Dtweetbutton&text=3DRCE+Attempts+Against+the+Latest+WordPress+R= EST+API+Vulnerability&utm_campaign=3DBlog+RSS&utm_source=3Dhs_email&utm_med= ium=3Demail&utm_content=3D42347712&_hsenc=3Dp2ANqtz-9cph2dblMRfAicJ6MyuR0mp= ywevYOxRMQnmoiZufVDYUPVuSpca3YrDxwQ68p4v3dFlLWNoVq6tCkKU9ClHHfiqTRB5A&_hsmi= =3D42347712) Share on Email (mailto:?subject=3DCheck out https%3A%2F%2Fblo= g.sucuri.net%2F2017%2F02%2Frce-attempts-against-the-latest-wordpress-rest-a= pi-vulnerability.html%3Futm_medium%3Dsocial%26utm_source%3Demail &body=3DCh= eck out https%3A%2F%2Fblog.sucuri.net%2F2017%2F02%2Frce-attempts-against-th= e-latest-wordpress-rest-api-vulnerability.html%3Futm_medium%3Dsocial%26utm_= source%3Demail) Sucuri Security 30141 Antelope RD Menifee, CA 92584 You received this email because you are subscribed to Sucuri Information fr= om Sucuri Security. Update your email preferences (http://sucuri.hs-sites.com/hs/manage-prefere= nces/unsubscribe?v=3D1&d=3DeyJlYSI6Im1haWxAZG9yaWFudmFzY28uZGUiLCJlYyI6NDIz= NDc3MTIsInN1YnNjcmlwdGlvbklkIjozNTg3NzgsImV0IjoxNDg2Njg2MTExMTUyLCJldSI6IjU= xNDJhYjc2LTA3YTktNDQwNi1iNjJhLTViZDlmNmExY2U5NSJ9&utm_campaign=3DBlog+RSS&u= tm_source=3Dhs_email&utm_medium=3Demail&utm_content=3D42347712&_hsenc=3Dp2A= Nqtz-9MCnQ81ushgxZst6qrSII-MevOb3o8EW1bR6wnEVzCmv65u46LhtDPsJnf0rlrdYpbQGgH= 1siimZWyZbl0V_u2s2NZYQ&_hsmi=3D42347712) to choose the types of emails you = receive. Unsubscribe from all future emails (http://sucuri.hs-sites.com/hs/manage-pr= eferences/unsubscribe-all?v=3D1&d=3DeyJlYSI6Im1haWxAZG9yaWFudmFzY28uZGUiLCJ= lYyI6NDIzNDc3MTIsInN1YnNjcmlwdGlvbklkIjozNTg3NzgsImV0IjoxNDg2Njg2MTExMTUyLC= JldSI6IjUxNDJhYjc2LTA3YTktNDQwNi1iNjJhLTViZDlmNmExY2U5NSJ9&utm_campaign=3DB= log+RSS&utm_source=3Dhs_email&utm_medium=3Demail&utm_content=3D42347712&_hs= enc=3Dp2ANqtz-9ajwYH4WVR7gcYRH5xtsz4fNOsidsOD67cqzUs6IKt65TljZUEJ2_n14985v-= t3GzMaNrdjhjSFDivSrwFizQRzVoBew&_hsmi=3D42347712)= ------=_Part_154978_590515982.1486686295409 Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: quoted-printable RCE Attempts Against the Latest WordPress REST API Vulnerabi= lity =20=20=20=20=20=20=20=20
We have released a new article on our blog. Real People. Real S= ecurity.
=20=20
3D"Real
=20 =20 =20 =20 =20
=20
=20

 

=20

RCE Attempts Against the Latest WordPress REST API= Vulnerability

=20

By Daniel Cid, Thursday, Febr= uary 9, 2017 3:43 PM

=20
=20 3D"RCE=20

We are starting to see remote command executio= n (RCE) attempts trying to exploit the latest WordPress REST API V= ulnerability.

=20

These RCE attempts started today after a few days of a= ttackers (mostly defacers) rushing to vandalize as many pages as they could= . The RCE attempts we are seeing in the wild do not affect every WordPress = sites, only the ones using plugins that allow for PHP execution from within= posts and pages.

=20

Continue reading RCE Attempts Against the Latest W= ordPress REST API Vulnerability at Sucuri Blog.

=20
=20
 =20
=20
=20 3D"Visit =20
 
3D"Share 3D"Share 3D"Share 3D"Share

Sucuri Security   30141 Antelope RD    Menifee,  CA   92584   

You received this email because you are subscribed to Sucuri Information fr= om Sucuri Security.

Update your email preferences to choo= se the types of emails you receive.

 Unsubscribe from all future emails&= nbsp;

=20=20=20=20 3D""
= ------=_Part_154978_590515982.1486686295409--