Security researchers accidentally leaked zero-day exploit code for a new Windows bug, now called PrintNightmare, while easily exploitable vulnerabilities in the ProfilePress plugin, previously called WP User Avatar, were patched quickly. An unprotected cloud database containing over 814 million DreamHost… Continue Reading →
A security fix for an information leak vulnerability was pushed out to WordPress sites using Jetpack that bypassed local settings preventing autoupdates. A ransomware attack on JBS that shut down meat processing operations in the United States has been attributed… Continue Reading →
A ransomware attack on Colonial Pipeline affected fuel availability in 17 southeastern US states, and Bloomberg reported that Colonial Pipeline paid $5 million to DarkSide, a Russian ransomware service provider. The Biden Administration issued an executive order to increase US… Continue Reading →
Attacks on unpatched SolarWinds systems continue. We’re now learning of a supply chain attack that started in late January 2021 affecting 29,000 customers of Codecov, as well as a zero-day under active attack affecting customers of PulseSecure VPN. Customers of… Continue Reading →
The self-hosted Git repository for PHP was compromised, with attackers adding a backdoor to a development version of PHP 8.1. The intrusion was detected by the PHP community quickly, and no production environments were affected. Ubiquiti experienced an intrusion in… Continue Reading →
An attack shows how a SMS enablement service was used to bypass SMS 2FA for $16. We discuss the recently patched vulnerabilities in Elementor affecting over 7 million WordPress sites and how easily these cross-site scripting vulnerabilities can be exploited…. Continue Reading →
An analysis of WordPress-related search trends found that interest in WooCommerce related results dominated during 2020. We discuss recent vulnerabilities discovered by our threat intelligence team in Ninja Forms, affecting over 1 million sites. WordPress issues a statement that pirated… Continue Reading →
Wordfence opens the K-12 site audit and site cleaning service for publicly funded state schools worldwide. Machine learning is now a big part of our malware identification process, which will speed new malware signatures to deployment for WordPress sites protected… Continue Reading →
After a disruptive year in 2020, there are new challenges in 2021, but also immense opportunities in numerous fields. In a deep and wide-ranging conversation, Mark Maunder and Kathy Zant discuss artificial intelligence, whether or not we’re living in simulation,… Continue Reading →
The recent SolarWinds attack was incredibly sophisticated. What happens when that level of sophistication targets a homebuyer during one of the largest transactions of their lifetime? On this episode, we tell the story of an extremely difficult-to-detect spearphishing attack that… Continue Reading →
Earlier this week, we learned that SolarWinds, the largest provider of network management tools for government and enterprise organizations fell victim to a supply chain attack. This attack affected their Orion network management system. Reportedly, 18,000 enterprise and government customers… Continue Reading →
With WordPress 5.6’s imminent release and the recent release of PHP 8, we talk about the rapid changes affecting the future of WordPress with new security features and new functionality available to both WordPress users and developers. We also review… Continue Reading →
Three critical privilege escalation vulnerabilities in the Ultimate Member plugin put over 100,000 sites at risk. We also talk about the Page Experience metric to be added as a ranking signal for Google search in May 2021 and what this… Continue Reading →
We cover a couple of breaking stories this week, including the emergency release of WordPress 5.5.3 on Friday, October 30. In preparation for this, a number of sites autoupdated to version 5.5.3-alpha. We also look at the the defacement of… Continue Reading →
On this week’s episode of Think Like a Hacker, we chat about the cross-site request forgery (CSRF) vulnerability found in the Child Theme Creator by Orbisius and how attackers could use a vulnerability like this with spearphishing to wreak havoc,… Continue Reading →
A number of high profile Twitter accounts including those of Elon Musk, Apple, Uber, Bill Gates, Joe Biden and others were compromised as a part of a coordinated bitcoin scam attack. The attack lasted a few hours and netted the… Continue Reading →
This week, we look at some targeted phishing attacks that are bypassing Microsoft Outlook’s protective filters, and phishing campaigns using calendar invitations to target unsuspecting recipients. We also look at some successful bitcoin scams and a new record for a… Continue Reading →
This week, we look at the WP 5.4.2 release and a ransomware bitcoin scam targeting site owners with a “You’ve Been Hacked” email. We also look at an FBI warning about online banking app malware, the Verizon data breach report… Continue Reading →
On this week’s Think Like a Hacker podcast, we cover an active attack campaign targeting WordPress sites and numerous plugin vulnerabilities. This active attack campaign has been ongoing and has outpaced all other attacks on WordPress vulnerabilities. Our threat intelligence… Continue Reading →
The Wordfence Threat Intelligence team unpacked the security updates in WordPress 5.4.1, and they published quite a few blog posts about vulnerabilities in popular plugins like Ninja Forms, LearnPress, and the Real-Time Find and Replace plugin. These plugin vulnerabilities affected… Continue Reading →
Stories this week about targeted attacks using 0days in iPhone and iPad devices and a sophisticated phone scam targeting a security professional that ended with a $9,800 wire transfer underscore what we all know: malicious attacks are becoming increasingly sophisticated…. Continue Reading →
The FTC is reporting numerous scams targeting fears and uncertainty, with over $12 million lost to Coronavirus-related scams. We also cover BBB warnings against oversharing on social media, over 500,000 Zoom credentials found on the dark web, Google’s removal of… Continue Reading →
This week, we look at the WordPress 5.4 release which includes turning distraction free editing on by default. We also look at new plugin vulnerabilities discovered by the Wordfence Threat Intelligence team, including those found in Rank Math and a… Continue Reading →
With many of us under either lockdown or shelter-in-place orders due to the COVID-19/Corona virus, fear and stress are rampant. This additional stress lowers our critical thinking capabilities and increases our vulnerability. Hackers targeting these human vulnerabilities are using the… Continue Reading →
We chat with Jon Bius, a web developer at Biz Tools One, an agency in Fayetteville, NC, about how they use customer education to build relationships and differentiate their business. Jon has been helping customers build websites for over two… Continue Reading →
On February 26, WordPress page building platform Elementor announced that they had received $15 million in venture funding. After topping 4 million installations of their plugin in January, it appears that Elementor is on a path to do some big… Continue Reading →
This week, we review numerous plugin vulnerabilities in popular WordPress plugins and the attacks that are targeting them. We also review the Duplicator vulnerability affecting over 1 million sites, and Chloe Chamberland’s discovery of multiple vulnerabilities in the Pricing Table… Continue Reading →
Almost every week, a new vulnerability is discovered in a popular WordPress plugin or theme, leaving developers scrambling to fix it before it’s widely exploited. Surprisingly, almost all critical vulnerabilities boil down to a few common mistakes. In this talk… Continue Reading →
It has been a busy week in WordPress security with active attacks on a number of plugins including ThemeRex Addons and Theme Grill Demo Importer plugins. In this week’s Think Like a Hacker, we look at what’s happening, review what… Continue Reading →
WordCamp Asia was cancelled this week due to concerns of COVID-19/coronavirus in the region. This week, Wordfence CEO Mark Maunder talks about the decision to offer the WordCamp Asia Cancellation Fee Assistance Package to attendees, volunteers, organizers, and speakers that… Continue Reading →
© 2024 WP News Desk — Powered by WordPress and WP RSS Aggregator | Hosted by WP Engine