We are introducing a new public security digest so that you can stay informed of trending threats and security best practices. This blog post series will share security findings so that you can use your Linodes with peace of mind. We want you all to be safe from malicious actors, so let’s dive in!
WooCommerce Booster Plugin (5.4.3) – Authentication Bypass
Many of you use our WordPress images to deploy your own website. Read here to find out how to deploy a WordPress image on a Linode. One plugin that’s available to WordPress users is the WooCommerce Booster plugin. The 5.4.3 version of this plugin is vulnerable to an authentication bypass exploit. Since there is even a proof of concept available for this vulnerability online, we highly suggest everyone update this plugin to the latest version.
Honeypots have recently detected Capoea malware (short for Сканирование, a Russian word for “scanning”) set up by security researchers. This UPX-packed crypto-miner malware exploits multiple known vulnerabilities and initiates brute-force attacks to gain access to the systems. It can hide itself by naming the executables it creates similarly to the ones that are already on the system. It can also set up a reverse shell on the system, allowing an attacker to run instructions on the infected system using an interactive shell session.
Following some common security best practices can offer a good deal of protection against this malware. Using strong passwords and enabling SSH public key authentication on your Linodes will protect against brute force attacks. Regularly patching or setting up automatic upgrades for the packages on your Linode will protect you from known vulnerabilities. Our server hardening guide includes step-by-step instructions to add robust security controls to your Linode. You can also secure your new server automatically with our one-click app.
Current Vulnerabilities Abused by Ransomware
The post in this link includes several known CVEs (Common Vulnerabilities and Exposures) that malicious actors are currently exploiting to install ransomware on targeted devices. The post lists these CVEs by vendor to make it easier to see which ones may apply to your infrastructure. If you identify any vulnerabilities that may apply to your infrastructure, you can search the CVE List for more details. Patching your infrastructure on a proactive basis is one of the best ways to protect yourself from these vulnerabilities.
Our Backup Service automatically creates regular backups of your Linode, so you can easily restore to a previous state in the unfortunate event that your Linode is compromised. You can enroll a Linode in the Backup Service with a single click in your Account Settings.
At Linode, we stay methodically paranoid about protecting our assets and keeping our customers’ speedy servers always available. Feel free to leave a comment down below about our newest blog post series! We’d love to hear your feedback.