{"id":3164,"date":"2024-12-18T04:43:13","date_gmt":"2024-12-18T04:43:13","guid":{"rendered":"https:\/\/tastycounter.net\/index.php\/2024\/12\/18\/390-000-tai-khoan-wordpress-bi-danh-cap-trong-mot-cuoc-tan-cong-quy-mo-lon\/"},"modified":"2024-12-18T04:43:13","modified_gmt":"2024-12-18T04:43:13","slug":"390-000-tai-khoan-wordpress-bi-danh-cap-trong-mot-cuoc-tan-cong-quy-mo-lon","status":"publish","type":"post","link":"https:\/\/tastycounter.net\/index.php\/2024\/12\/18\/390-000-tai-khoan-wordpress-bi-danh-cap-trong-mot-cuoc-tan-cong-quy-mo-lon\/","title":{"rendered":"390.000 t\u00e0i kho\u1ea3n WordPress b\u1ecb \u0111\u00e1nh c\u1eafp trong m\u1ed9t cu\u1ed9c t\u1ea5n c\u00f4ng quy m\u00f4 l\u1edbn"},"content":{"rendered":"<\/p>\n<div class=\"content-detail textview\">\n<div class=\"audio\"><audio controls><\/audio><\/div>\n<p>M\u1ed9t t\u00e1c nh\u00e2n \u0111e d\u1ecda \u0111\u01b0\u1ee3c theo d\u00f5i v\u1edbi m\u00e3 \u0111\u1ecbnh danh MUT-1244 \u0111\u00e3 \u0111\u00e1nh c\u1eafp h\u01a1n 390.000 th\u00f4ng tin \u0111\u0103ng nh\u1eadp WordPress trong m\u1ed9t chi\u1ebfn d\u1ecbch t\u1ea5n c\u00f4ng ng\u1ea7m k\u00e9o d\u00e0i t\u1edbi 12 th\u00e1ng. \u0110\u00e2y l\u00e0 m\u1ed9t cu\u1ed9c t\u1ea5n c\u00f4ng quy m\u00f4 l\u1edbn l\u1ea1m d\u1ee5ng tr\u00ecnh ki\u1ec3m tra th\u00f4ng tin \u0111\u0103ng nh\u1eadp WordPress b\u1ecb trojan h\u00f3a.<\/p>\n<p>C\u00e1c nh\u00e0 nghi\u00ean c\u1ee9u t\u1ea1i Datadog Security Labs, b\u00ean \u0111\u1ea7u ti\u00ean ph\u00e1t hi\u1ec7n ra c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng, cho bi\u1ebft kh\u00f3a ri\u00eang t\u01b0 SSH v\u00e0 kh\u00f3a truy c\u1eadp AWS c\u0169ng \u0111\u00e3 b\u1ecb \u0111\u00e1nh c\u1eafp t\u1eeb c\u00e1c h\u1ec7 th\u1ed1ng b\u1ecb x\u00e2m ph\u1ea1m c\u1ee7a h\u00e0ng tr\u0103m n\u1ea1n nh\u00e2n kh\u00e1c nhau, \u0111\u01b0\u1ee3c cho l\u00e0 bao g\u1ed3m c\u1ea3 c\u00e1c nh\u00f3m qu\u1ea3n tr\u1ecb, ng\u01b0\u1eddi ki\u1ec3m tra x\u00e2m nh\u1eadp, nh\u00e0 nghi\u00ean c\u1ee9u b\u1ea3o m\u1eadt c\u0169ng nh\u01b0 c\u00e1c t\u00e1c nh\u00e2n \u0111\u1ed9c h\u1ea1i.<\/p>\n<p>C\u00e1c n\u1ea1n nh\u00e2n \u0111\u00e3 b\u1ecb nhi\u1ec5m b\u1eb1ng c\u00f9ng m\u1ed9t payload giai \u0111o\u1ea1n th\u1ee9 hai \u0111\u01b0\u1ee3c \u0111\u1ea9y qua h\u00e0ng ch\u1ee5c kho l\u01b0u tr\u1eef GitHub b\u1ecb trojan h\u00f3a, cung c\u1ea5p c\u00e1c quy tr\u00ecnh proof-of-concept (PoC) \u0111\u1ed9c h\u1ea1i nh\u1eafm v\u00e0o nh\u1eefng l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt \u0111\u00e3 bi\u1ebft, c\u00f9ng v\u1edbi m\u1ed9t chi\u1ebfn d\u1ecbch l\u1eeba \u0111\u1ea3o th\u00fac \u0111\u1ea9y m\u1ee5c ti\u00eau c\u00e0i \u0111\u1eb7t b\u1ea3n n\u00e2ng c\u1ea5p h\u1ea1t nh\u00e2n gi\u1ea3 \u0111\u01b0\u1ee3c ng\u1ee5y trang d\u01b0\u1edbi d\u1ea1ng b\u1ea3n c\u1eadp nh\u1eadt vi m\u00e3 CPU.<\/p>\n<p>Trong qu\u00e1 kh\u1ee9, k\u1ebb t\u1ea5n c\u00f4ng \u0111\u00e3 s\u1eed d\u1ee5ng c\u00e1c quy tr\u00ecnh proof-of-concept gi\u1ea3 m\u1ea1o \u0111\u1ec3 nh\u1eafm v\u00e0o c\u00e1c nh\u00e0 nghi\u00ean c\u1ee9u, v\u1edbi hy v\u1ecdng \u0111\u00e1nh c\u1eafp nh\u1eefng t\u00e0i li\u1ec7u c\u00f3 gi\u00e1 tr\u1ecb ho\u1eb7c truy c\u1eadp v\u00e0o h\u1ec7 th\u1ed1ng m\u1ea1ng n\u1ed9i b\u1ed9 c\u1ee7a c\u00e1c c\u00f4ng ty an ninh m\u1ea1ng.<\/p>\n<blockquote>\n<p>Do c\u00e1ch \u0111\u1eb7t t\u00ean d\u1ec5 g\u00e2y hi\u1ec3u l\u1ea7m, m\u1ed9t s\u1ed1 kho l\u01b0u tr\u1eef n\u00e0y s\u1ebd t\u1ef1 \u0111\u1ed9ng \u0111\u01b0\u1ee3c \u0111\u01b0a v\u00e0o c\u00e1c ngu\u1ed3n h\u1ee3p ph\u00e1p, ch\u1eb3ng h\u1ea1n nh\u01b0 Feedly Threat Intelligence ho\u1eb7c Vulnmon, d\u01b0\u1edbi d\u1ea1ng kho l\u01b0u tr\u1eef PoC cho c\u00e1c l\u1ed7 h\u1ed5ng t\u01b0\u01a1ng \u1ee9ng. \u0110i\u1ec1u n\u00e0y l\u00e0m t\u0103ng t\u00ednh h\u1ee3p ph\u00e1p c\u1ee7a ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i v\u00e0 kh\u1ea3 n\u0103ng thu h\u00fat n\u1ea1n nh\u00e2n kh\u1edfi ch\u1ea1y.<\/p>\n<\/blockquote>\n<p>Ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i \u0111\u00e3 \u0111\u01b0\u1ee3c th\u1ea3 qua kho l\u01b0u tr\u1eef GitHub b\u1eb1ng nhi\u1ec1u ph\u01b0\u01a1ng ph\u00e1p, bao g\u1ed3m c\u00e1c t\u1ec7p bi\u00ean d\u1ecbch c\u1ea5u h\u00ecnh c\u00f3 backdoor, t\u1ec7p PDF \u0111\u1ed9c h\u1ea1i, tr\u00ecnh th\u1ea3 Python v\u00e0 c\u00e1c g\u00f3i npm \u0111\u1ed9c h\u1ea1i c\u00f3 trong c\u00e1c ph\u1ea7n ph\u1ee5 thu\u1ed9c c\u1ee7a d\u1ef1 \u00e1n.<\/p>\n<div id=\"articleads\" class=\"adbox adsense in-article\"><ins class=\"adsbygoogle\" style=\"text-align:center\" data-ad-format=\"fluid\" data-ad-layout=\"in-article\" data-ad-client=\"ca-pub-9275417305531302\" data-ad-slot=\"2079243249\"><\/ins><\/div>\n<p>Theo ph\u00e1t hi\u1ec7n c\u1ee7a Datadog Security Labs, chi\u1ebfn d\u1ecbch n\u00e0y tr\u00f9ng l\u1eb7p v\u1edbi m\u1ed9t chi\u1ebfn d\u1ecbch \u0111\u01b0\u1ee3c n\u00eau trong b\u00e1o c\u00e1o Checkmarkx v\u00e0o th\u00e1ng 11 v\u1ec1 cu\u1ed9c t\u1ea5n c\u00f4ng chu\u1ed7i cung \u1ee9ng k\u00e9o d\u00e0i su\u1ed1t m\u1ed9t n\u0103m, trong \u0111\u00f3 d\u1ef1 \u00e1n GitHub &#8220;hpc20235\/yawp&#8221; \u0111\u00e3 b\u1ecb trojan h\u00f3a b\u1eb1ng m\u00e3 \u0111\u1ed9c trong g\u00f3i npm &#8220;0xengine\/xmlrpc&#8221; \u0111\u1ec3 \u0111\u00e1nh c\u1eafp d\u1eef li\u1ec7u v\u00e0 khai th\u00e1c ti\u1ec1n \u0111i\u1ec7n t\u1eed Monero.<\/p>\n<p>Ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i \u0111\u01b0\u1ee3c tri\u1ec3n khai trong c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng n\u00e0y bao g\u1ed3m m\u1ed9t tr\u00ecnh khai th\u00e1c ti\u1ec1n \u0111i\u1ec7n t\u1eed v\u00e0 m\u1ed9t backdoor gi\u00fap MUT-1244 thu th\u1eadp v\u00e0 \u0111\u00e1nh c\u1eafp c\u00e1c kh\u00f3a SSH ri\u00eang t\u01b0, th\u00f4ng tin x\u00e1c th\u1ef1c AWS, bi\u1ebfn m\u00f4i tr\u01b0\u1eddng v\u00e0 n\u1ed9i dung th\u01b0 m\u1ee5c kh\u00f3a nh\u01b0 &#8220;~\/.aws&#8221;.<\/p>\n<p>&#8220;MUT-1244 \u0111\u00e3 c\u00f3 th\u1ec3 truy c\u1eadp v\u00e0o h\u01a1n 390.000 th\u00f4ng tin \u0111\u0103ng nh\u1eadp, \u0111\u01b0\u1ee3c cho l\u00e0 th\u00f4ng tin \u0111\u0103ng nh\u1eadp WordPress. Ch\u00fang t\u00f4i \u0111\u00e1nh gi\u00e1 v\u1edbi \u0111\u1ed9 tin c\u1eady cao r\u1eb1ng tr\u01b0\u1edbc khi nh\u1eefng th\u00f4ng tin \u0111\u0103ng nh\u1eadp n\u00e0y \u0111\u01b0\u1ee3c \u0111\u01b0a v\u00e0o Dropbox, ch\u00fang \u0111\u00e3 n\u1eb1m trong tay nh\u1eefng k\u1ebb t\u1ea5n c\u00f4ng, nhi\u1ec1u kh\u1ea3 n\u0103ng \u0111\u00e3 \u0111\u00e1nh c\u1eafp \u0111\u01b0\u1ee3c th\u00f4ng qua nh\u1eefng ph\u01b0\u01a1ng ti\u1ec7n b\u1ea5t h\u1ee3p ph\u00e1p&#8221;, c\u00e1c nh\u00e0 nghi\u00ean c\u1ee9u c\u1ee7a Datadog Security Labs cho bi\u1ebft.<\/p>\n<figure><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/st.quantrimang.com\/photos\/image\/holder.png\" width=\"1600\" height=\"953\" class=\"lazy\" data-src=\"https:\/\/st.quantrimang.com\/photos\/image\/2024\/12\/16\/390-000-tai-khoan-wordpress-bi-danh-cap1-Copy.jpg\"><\/figure>\n<blockquote>\n<p>Nh\u1eefng t\u00e1c nh\u00e2n n\u00e0y sau \u0111\u00f3 \u0111\u00e3 b\u1ecb x\u00e2m ph\u1ea1m th\u00f4ng qua c\u00f4ng c\u1ee5 yawpp m\u00e0 ch\u00fang s\u1eed d\u1ee5ng \u0111\u1ec3 ki\u1ec3m tra t\u00ednh h\u1ee3p l\u1ec7 c\u1ee7a c\u00e1c th\u00f4ng tin x\u00e1c th\u1ef1c n\u00e0y. V\u00ec MUT-1244 qu\u1ea3ng c\u00e1o yawpp l\u00e0 &#8220;tr\u00ecnh ki\u1ec3m tra th\u00f4ng tin x\u00e1c th\u1ef1c&#8221; cho WordPress, n\u00ean kh\u00f4ng c\u00f3 g\u00ec ng\u1ea1c nhi\u00ean khi k\u1ebb t\u1ea5n c\u00f4ng c\u00f3 m\u1ed9t b\u1ed9 th\u00f4ng tin x\u00e1c th\u1ef1c b\u1ecb \u0111\u00e1nh c\u1eafp (th\u01b0\u1eddng \u0111\u01b0\u1ee3c mua t\u1eeb c\u00e1c th\u1ecb tr\u01b0\u1eddng ng\u1ea7m nh\u01b0 m\u1ed9t c\u00e1ch \u0111\u1ec3 \u0111\u1ea9y nhanh ho\u1ea1t \u0111\u1ed9ng \u0111\u1ed9c h\u1ea1i) s\u1ebd s\u1eed d\u1ee5ng yawpp \u0111\u1ec3 x\u00e1c th\u1ef1c ch\u00fang.<\/p>\n<\/blockquote>\n<p>Nh\u1eefng k\u1ebb t\u1ea5n c\u00f4ng \u0111\u00e3 th\u00e0nh c\u00f4ng trong vi\u1ec7c khai th\u00e1c l\u00f2ng tin trong c\u1ed9ng \u0111\u1ed3ng an ninh m\u1ea1ng \u0111\u1ec3 x\u00e2m ph\u1ea1m h\u00e0ng ch\u1ee5c m\u00e1y t\u00ednh thu\u1ed9c s\u1edf h\u1eefu c\u1ee7a c\u1ea3 c\u1ed9ng \u0111\u1ed3ng hacker m\u0169 tr\u1eafng v\u00e0 m\u0169 \u0111en, ch\u1ee7 y\u1ebfu l\u00e0 do c\u00e1c hacker v\u00f4 t\u00ecnh th\u1ef1c thi ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i c\u1ee7a t\u00e1c nh\u00e2n \u0111e d\u1ecda, d\u1eabn \u0111\u1ebfn vi\u1ec7c \u0111\u00e1nh c\u1eafp d\u1eef li\u1ec7u bao g\u1ed3m kh\u00f3a SSH, m\u00e3 th\u00f4ng b\u00e1o truy c\u1eadp AWS v\u00e0 l\u1ecbch s\u1eed l\u1ec7nh.<\/p>\n<p>Datadog Security Labs \u01b0\u1edbc t\u00ednh r\u1eb1ng h\u00e0ng tr\u0103m h\u1ec7 th\u1ed1ng v\u1eabn b\u1ecb x\u00e2m ph\u1ea1m v\u00e0 nhi\u1ec1u h\u1ec7 th\u1ed1ng kh\u00e1c v\u1eabn \u0111ang b\u1ecb nhi\u1ec5m nh\u01b0 m\u1ed9t ph\u1ea7n c\u1ee7a chi\u1ebfn d\u1ecbch \u0111ang di\u1ec5n ra n\u00e0y.<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>M\u1ed9t t\u00e1c nh\u00e2n \u0111e d\u1ecda \u0111\u01b0\u1ee3c theo d\u00f5i v\u1edbi m\u00e3 \u0111\u1ecbnh danh MUT-1244 \u0111\u00e3 \u0111\u00e1nh c\u1eafp h\u01a1n 390.000 th\u00f4ng tin \u0111\u0103ng nh\u1eadp WordPress trong m\u1ed9t chi\u1ebfn d\u1ecbch t\u1ea5n c\u00f4ng ng\u1ea7m k\u00e9o d\u00e0i t\u1edbi 12 th\u00e1ng. \u0110\u00e2y l\u00e0 m\u1ed9t cu\u1ed9c t\u1ea5n c\u00f4ng quy m\u00f4 l\u1edbn l\u1ea1m d\u1ee5ng tr\u00ecnh ki\u1ec3m tra th\u00f4ng tin \u0111\u0103ng nh\u1eadp WordPress b\u1ecb [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-3164","post","type-post","status-publish","format-standard","hentry","category-khong-phan-loai"],"_links":{"self":[{"href":"https:\/\/tastycounter.net\/index.php\/wp-json\/wp\/v2\/posts\/3164","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/tastycounter.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/tastycounter.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/tastycounter.net\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/tastycounter.net\/index.php\/wp-json\/wp\/v2\/comments?post=3164"}],"version-history":[{"count":0,"href":"https:\/\/tastycounter.net\/index.php\/wp-json\/wp\/v2\/posts\/3164\/revisions"}],"wp:attachment":[{"href":"https:\/\/tastycounter.net\/index.php\/wp-json\/wp\/v2\/media?parent=3164"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/tastycounter.net\/index.php\/wp-json\/wp\/v2\/categories?post=3164"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/tastycounter.net\/index.php\/wp-json\/wp\/v2\/tags?post=3164"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}