Patchman, best known for patching application vulnerabilities and helping hosts stop abuse before it begins, is expanding its product offering for the first time since being acquired by SiteLock in July 2017. Patchman, which is based in the Netherlands, was founded in 2015 with the goal of securing CMS applications from the hosting provider level to protect customers who did not update their applications in a timely manner. Up until now, Patchman has focused on the “Big Three” of open source content management systems – WordPress, Joomla!, and Drupal – covering core application vulnerability patches. Now, for the first time, Patchman is expanding their offerings into both ecommerce and plugins – offering patches for Magento core vulnerabilities and WooCommerce vulnerabilities.
Category: Shell / Information Disclosure
Trend Identified: 4/20/2017
CVE ID: N/A
Trend Name: Trend Tusayan
Vector: Application Vulnerability, Multiple
LOW: The vectors used to infect websites appear to be well-documented vulnerabilities in older versions of website platforms.
HIGH: This infection provides complete control of the target website, including credential disclosure and database contents.
HIGH: This infection provides the adversary administrator-level access to impacted website applications, making total data loss a possibility.
The SiteLock team has discovered a dangerous malware trend that not only provides website administrator level access to the bad actors involved, but exposes sensitive website credentials publicly over the internet.