WordPress
Security researchers sinkholed EITest infection chain
Security researchers have managed to neutralize “EITest,” one of the oldest infection chains and thus preventing as many as two million potential malicious …
Thousands of WP, Joomla and SquareSpace sites serving malicious updates
Thousands of compromised WordPress, Joomla and SquareSpace-based sites are actively pushing malware disguised as Firefox, Chrome and Flash Player updates to visitors. This …
The Wild West of drive-by cryptocurrency mining
As more and more Coinhive clones continue popping up, chances of users’ CPU power being hijacked for cryptocurrency mining are rising. According to Malwarebytes’ …
WordPress site admins: Update immediately!
If you’re running your website on WordPress and you haven’t yet upgraded to version 4.8.3, you should do so without delay. The advice comes from the WordPress …
EV ransomware is targeting WordPress sites
WordPress security outfit Wordfence has flagged several attempts by attackers to upload ransomware that provides them with the ability to encrypt a WordPress website’s files. …
Telecoms don’t protect users from government overreach
The data stored on our mobile phones, laptops, and especially our online services can, when aggregated, paint a detailed picture of our lives—where we go, who we see, what we …
WordPress announces bug bounty program
WordPress Foundation is the latest organization to publicly announce a bug bounty program set up on the HackerOne platform. What’s in scope of the WordPress bug bounty …
WordPress admins, take note: RCE and password reset vulnerabilities revealed
Independent security researcher Dawid Golunski has released a proof-of-concept exploit code for an unauthenticated remote code execution vulnerability in WordPress 4.6 …
20,000-bots-strong Sathurbot botnet grows by compromising WordPress sites
A 20,000-bots-strong botnet is probing WordPress sites, trying to compromise them and spread a backdoor downloader Trojan called Sathurbot as far and as wide as possible. …
Fake SEO plugin backdoors WordPress installations
Administrators of WordPress sites, beware! A fake SEO plugin is being used by attackers to compromise WP installations. The plugin in question is named WP-Base-SEO, and is a …
Organizations still vulnerable to brute force attacks
While increases in malware are clearly a major threat to both enterprises and service providers, network complexity is creating its own vulnerability, according to Ixia. The …
Tens of thousands WordPress sites defaced, SEO spam to follow
Attackers are actively exploiting the recently patched unauthenticated privilege escalation vulnerability in WordPress’ REST API to deface websites. Sucuri, the company …