Your WordPress News Dashboard

Episode 124: PrintNightmare 0Day Exploit Accidentally Leaked Online - Wordfence Blog

Security researchers accidentally leaked zero-day exploit code for a new Windows bug, now called PrintNightmare, while easily exploitable vulnerabilities in the ProfilePress plugin, previously called WP User Avatar, were patched quickly. An unprotected cloud database containing over 814 million DreamHost… Continue Reading →

Episode 120: Jetpack Autoupdate Security Patch Bypasses Local Settings - Wordfence Blog

A security fix for an information leak vulnerability was pushed out to WordPress sites using Jetpack that bypassed local settings preventing autoupdates. A ransomware attack on JBS that shut down meat processing operations in the United States has been attributed… Continue Reading →

Podcast 117: Cyber Attack on Colonial Pipeline Affects Fuel Availability in 17 States - Wordfence Blog

A ransomware attack on Colonial Pipeline affected fuel availability in 17 southeastern US states, and Bloomberg reported that Colonial Pipeline paid $5 million to DarkSide, a Russian ransomware service provider. The Biden Administration issued an executive order to increase US… Continue Reading →

Episode 114: Trifecta of Compromises Affect Enterprise Systems - Wordfence Blog

Attacks on unpatched SolarWinds systems continue. We’re now learning of a supply chain attack that started in late January 2021 affecting 29,000 customers of Codecov, as well as a zero-day under active attack affecting customers of PulseSecure VPN. Customers of… Continue Reading →

Episode 111: PHP Git Repository Compromised - Wordfence Blog

The self-hosted Git repository for PHP was compromised, with attackers adding a backdoor to a development version of PHP 8.1. The intrusion was detected by the PHP community quickly, and no production environments were affected. Ubiquiti experienced an intrusion in… Continue Reading →

Episode 109: This Attack Will Make You Want to Stop Using SMS 2FA - Wordfence Blog

An attack shows how a SMS enablement service was used to bypass SMS 2FA for $16. We discuss the recently patched vulnerabilities in Elementor affecting over 7 million WordPress sites and how easily these cross-site scripting vulnerabilities can be exploited…. Continue Reading →

Episode 105: The Hottest Trend in WordPress - Wordfence Blog

An analysis of WordPress-related search trends found that interest in WooCommerce related results dominated during 2020. We discuss recent vulnerabilities discovered by our threat intelligence team in Ninja Forms, affecting over 1 million sites. WordPress issues a statement that pirated… Continue Reading →

Episode 103: Wordfence Innovates with Machine Learning and Security for Schools - Wordfence Blog

Wordfence opens the K-12 site audit and site cleaning service for publicly funded state schools worldwide. Machine learning is now a big part of our malware identification process, which will speed new malware signatures to deployment for WordPress sites protected… Continue Reading →

Episode 102: Disruption Presents Opportunity - Wordfence Blog

After a disruptive year in 2020, there are new challenges in 2021, but also immense opportunities in numerous fields. In a deep and wide-ranging conversation, Mark Maunder and Kathy Zant discuss artificial intelligence, whether or not we’re living in simulation,… Continue Reading →

Episode 100: How to Lose 6 Figures the Easy Way - Wordfence Blog

The recent SolarWinds attack was incredibly sophisticated. What happens when that level of sophistication targets a homebuyer during one of the largest transactions of their lifetime? On this episode, we tell the story of an extremely difficult-to-detect spearphishing attack that… Continue Reading →

Episode 99: SolarWinds Supply Chain Attack Affects Government and Fortune 500 Businesses - Wordfence Blog

Earlier this week, we learned that SolarWinds, the largest provider of network management tools for government and enterprise organizations fell victim to a supply chain attack. This attack affected their Orion network management system. Reportedly, 18,000 enterprise and government customers… Continue Reading →

Episode 97: The Future of WordPress with PHP 8 and WordPress 5.6 - Wordfence Blog

With WordPress 5.6’s imminent release and the recent release of PHP 8, we talk about the rapid changes affecting the future of WordPress with new security features and new functionality available to both WordPress users and developers. We also review… Continue Reading →

Episode 95: Critical Privilege Escalation Vulnerabilities Affect Over 100K WordPress Sites - Wordfence Blog

Three critical privilege escalation vulnerabilities in the Ultimate Member plugin put over 100,000 sites at risk. We also talk about the Page Experience metric to be added as a ranking signal for Google search in May 2021 and what this… Continue Reading →

Episode 93: Nitro Documents on the Dark Web and Botnets Targeting Older Vulnerabilities - Wordfence Blog

We cover a couple of breaking stories this week, including the emergency release of WordPress 5.5.3 on Friday, October 30. In preparation for this, a number of sites autoupdated to version 5.5.3-alpha. We also look at the the defacement of… Continue Reading →

Episode 91: How Hackers Can Use CSRF Vulnerabilities and Spearphishing to Wreak Havoc on WordPress - Wordfence Blog

On this week’s episode of Think Like a Hacker, we chat about the cross-site request forgery (CSRF) vulnerability found in the Child Theme Creator by Orbisius and how attackers could use a vulnerability like this with spearphishing to wreak havoc,… Continue Reading →

Episode 79: High Profile Twitter Accounts Compromised in Coordinated Attack - Wordfence Blog

A number of high profile Twitter accounts including those of Elon Musk, Apple, Uber, Bill Gates, Joe Biden and others were compromised as a part of a coordinated bitcoin scam attack. The attack lasted a few hours and netted the… Continue Reading →

Episode 78: Targeted Phishing Bypassing Security Checks and a new DDoS Record - Wordfence Blog

This week, we look at some targeted phishing attacks that are bypassing Microsoft Outlook’s protective filters, and phishing campaigns using calendar invitations to target unsuspecting recipients. We also look at some successful bitcoin scams and a new record for a… Continue Reading →

Episode 77: WordPress 5.4.2 Released, Fake Ransomware Bitcoin Scams - Wordfence Blog

This week, we look at the WP 5.4.2 release and a ransomware bitcoin scam targeting site owners with a “You’ve Been Hacked” email. We also look at an FBI warning about online banking app malware, the Verizon data breach report… Continue Reading →

Episode 76: Ongoing Attacks on WP Growing in Volume Plus Numerous Plugin Vulnerabilities - Wordfence Blog

On this week’s Think Like a Hacker podcast, we cover an active attack campaign targeting WordPress sites and numerous plugin vulnerabilities. This active attack campaign has been ongoing and has outpaced all other attacks on WordPress vulnerabilities. Our threat intelligence… Continue Reading →

Episode 75: The WordPress 5.4.1 Security Release & More Plugin Vulnerabilities - Wordfence Blog

The Wordfence Threat Intelligence team unpacked the security updates in WordPress 5.4.1, and they published quite a few blog posts about vulnerabilities in popular plugins like Ninja Forms, LearnPress, and the Real-Time Find and Replace plugin. These plugin vulnerabilities affected… Continue Reading →

Episode 74: Staying Safe When Hackers Use Sophisticated Attacks - Wordfence Blog

Stories this week about targeted attacks using 0days in iPhone and iPad devices and a sophisticated phone scam targeting a security professional that ended with a $9,800 wire transfer underscore what we all know: malicious attacks are becoming increasingly sophisticated…. Continue Reading →

Episode 73: Security News and Success through Processes with Adam Silver - Wordfence Blog

The FTC is reporting numerous scams targeting fears and uncertainty, with over $12 million lost to Coronavirus-related scams. We also cover BBB warnings against oversharing on social media, over 500,000 Zoom credentials found on the dark web, Google’s removal of… Continue Reading →

Episode 72: WordPress 5.4 Released, Zoom Conferencing Safety & Security - Wordfence Blog

This week, we look at the WordPress 5.4 release which includes turning distraction free editing on by default. We also look at new plugin vulnerabilities discovered by the Wordfence Threat Intelligence team, including those found in Rank Math and a… Continue Reading →

Episode 71: Hackers Targeting COVID-19 Fears - Wordfence Blog

With many of us under either lockdown or shelter-in-place orders due to the COVID-19/Corona virus, fear and stress are rampant. This additional stress lowers our critical thinking capabilities and increases our vulnerability. Hackers targeting these human vulnerabilities are using the… Continue Reading →

Episode 70: Customer Education and Agency Resiliency with Jon Bius - Wordfence Blog

We chat with Jon Bius, a web developer at Biz Tools One, an agency in Fayetteville, NC, about how they use customer education to build relationships and differentiate their business. Jon has been helping customers build websites for over two… Continue Reading →

Episode 69: The Meteoric Growth of Elementor with Kfir Bitton - Wordfence Blog

On February 26, WordPress page building platform Elementor announced that they had received $15 million in venture funding. After topping 4 million installations of their plugin in January, it appears that Elementor is on a path to do some big… Continue Reading →

Episode 68: More Plugin Vulnerabilities and Active Attack Campaigns - Wordfence Blog

This week, we review numerous plugin vulnerabilities in popular WordPress plugins and the attacks that are targeting them. We also review the Duplicator vulnerability affecting over 1 million sites, and Chloe Chamberland’s discovery of multiple vulnerabilities in the Pricing Table… Continue Reading →

Episode 67: Avoiding Common Vulnerabilities When Developing WordPress Plugins - Wordfence Blog

Almost every week, a new vulnerability is discovered in a popular WordPress plugin or theme, leaving developers scrambling to fix it before it’s widely exploited. Surprisingly, almost all critical vulnerabilities boil down to a few common mistakes. In this talk… Continue Reading →

Episode 66: New Plugin Vulnerabilities & Succeeding as a Digital Nomad with Chloe at WCPHX - Wordfence Blog

It has been a busy week in WordPress security with active attacks on a number of plugins including ThemeRex Addons and Theme Grill Demo Importer plugins. In this week’s Think Like a Hacker, we look at what’s happening, review what… Continue Reading →

Episode 65: WordCamp Asia Cancellation Prompts Community Support - Wordfence Blog

WordCamp Asia was cancelled this week due to concerns of COVID-19/coronavirus in the region. This week, Wordfence CEO Mark Maunder talks about the decision to offer the WordCamp Asia Cancellation Fee Assistance Package to attendees, volunteers, organizers, and speakers that… Continue Reading →

« Older posts

© 2021 WP News Desk — Powered by WordPress and WP RSS Aggregator | Hosted by WP Engine

Up ↑