Wordpress (Page 5)

ATTACKERS CAPITALIZING ON UNPATCHED WORDPRESS SITES

On: February 8, 2017

Attackers didn’t wait long to capitalize on laggards slow in updating their WordPress sites to patch a critical content injection vulnerability addressed in WordPress 4.7.2. The update was made publicRead More →

Content Injection Vulnerability in WordPress 4.7.0 or 4.7.1

On: February 2, 2017

In: Vulnerabilities

As part of a vulnerability research project for our Sucuri Firewall (WAF), we have been auditing multiple open source projects looking for security issues. While working on WordPress, we discoveredRead More →

WORDPRESS 4.7.2 UPDATE FIXES XSS, SQL INJECTION BUGS

On: January 28, 2017

In: Vulnerabilities

Developers with WordPress fixed three security issues this week, including a cross-site scripting and a SQL injection vulnerability, with the latest version of the CMS. The update, 4.7.2, was pushedRead More →

WordPress 4.7.1 released, patches eight vulnerabilities and 62 bugs

On: January 14, 2017

In: Vulnerabilities

According to the release notes the latest version of WordPress 4.7.1 addresses eight security vulnerabilities and other 62 bugs. Wednesday the latest version of WordPress 4.7.1 was released by theRead More →

WordPress, Joomla, and Magento Continue to Be the Most Hacked CMSs

On: January 9, 2017

In: Incidents, Vulnerabilities

Based on statistical data gathered by Sucuri from 7,937 compromised websites, WordPress, Joomla, and Magento, in this order, continued to be the most hacked CMS platforms in the third quarterRead More →

Popular WordPress Plugin Comes With a Backdoor, Steals Site Admin Credentials

On: March 5, 2016

In: Important, Malware

Last summer we shared a story about the SweetCaptcha WordPress plugin injecting ads and causing malvertising problems for websites that leveraged the plugin. When this plugin was removed from the officialRead More →

WordPress Sites Leveraged in Layer 7 DDoS Campaigns

On: February 18, 2016

In: Incidents

We first disclosed that the WordPress pingback method was being misused to perform massive layer 7 Distributed Denial of Service (DDoS) attacks back in March 2014. The problem being that any WordPress website withRead More →

Web Reconnaissance Attack Infects 3,500 Websites, Possibly WordPress

On: January 23, 2016

In: Incidents

Attackers are adding unauthorized code at the top of infected websites, over 3,500 8sites already infected. Alarms are ringing in Symantec’s offices, as its research team has discovered a massiveRead More →

Active malware campaign uses thousands of WordPress sites to infect visitors

On: September 18, 2015

In: Malware

15-day-old campaign has spiked in past 48 hours, with >5,000 new infections daily. Attackers have hijacked thousands of websites running the WordPress content management system and are using them toRead More →

Hundreds million legit websites could serve Ransomware because of Script Injection compromise

On: September 8, 2015

In: Important

Heimdal Security published an interesting post on the increase in malicious scripts that are being injected into legit websites in order to serve ransomware. Heimdal Security recently published an interestingRead More →

Wordpress (Page 5)

ATTACKERS CAPITALIZING ON UNPATCHED WORDPRESS SITES

Content Injection Vulnerability in WordPress 4.7.0 or 4.7.1

WORDPRESS 4.7.2 UPDATE FIXES XSS, SQL INJECTION BUGS

WordPress 4.7.1 released, patches eight vulnerabilities and 62 bugs

WordPress, Joomla, and Magento Continue to Be the Most Hacked CMSs

Popular WordPress Plugin Comes With a Backdoor, Steals Site Admin Credentials

WordPress Sites Leveraged in Layer 7 DDoS Campaigns

Web Reconnaissance Attack Infects 3,500 Websites, Possibly WordPress

Active malware campaign uses thousands of WordPress sites to infect visitors

Hundreds million legit websites could serve Ransomware because of Script Injection compromise

TunnelCrack: Two serious vulnerabilities in VPNs discovered, had been dormant since 1996

How to easily hack TP-Link Archer AX21 Wi-Fi router

US Govt wants new label on secure IoT devices or wants to discourage use of Chinese IoT gadgets

24,649,096,027 (24.65 billion) account usernames and passwords have been leaked by cyber criminals till now in 2022

How Chinese APT hackers stole Lockheed Martin F-35 fighter plane to develop its own J-20 stealth fighter aircraft [VIDEO]

Compromising Cryptographic Key Security Through PuTTY: A Deep Dive into CVE-2024-31497

How to hack a LG Smart TV via vulnerabilities in LG WebOS?

How to Check if a Linux Distribution is Compromised by the XZ Utils Backdoor in 6 Steps

CVE-2023-5528: Kubernetes Flaw Jeopardizing Windows Node That Can’t Be Ignored

Hacking Debian, Ubuntu, Redhat& Fedora servers using a single vulnerability in 2024

The 11 Essential Falco Cloud Security Rules for Securing Containerized Applications at No Cost

Hack-Proof Your Cloud: The Step-by-Step Continuous Threat Exposure Management CTEM Strategy for AWS & AZURE

Web-Based PLC Malware: A New Technique to Hack Industrial Control Systems

The API Security Checklist: 10 strategies to keep API integrations secure

11 ways of hacking into ChatGpt like Generative AI systems

How to send spoof emails from domains that have SPF and DKIM protections?

Silent Email Attack CVE-2023-35628 : How to Hack Without an Email Click in Outlook

How to Bypass EDRs, AV with Ease using 8 New Process Injection Attacks

Is Your etcd an Open Door for Cyber Attacks? How to Secure Your Kubernetes Clusters & Nodes

CVSS 4.0 Explained: From Complexity to Clarity in Vulnerability Assessment

Major Python Infrastructure Breach – Over 170K Users Compromised. How Safe Is Your Code?

How to exploit Windows Defender Antivirus to infect a device with malware

Inside the Scam: How Ransomware Gangs Fool You with Data Deletion Lies!

How to Bypass EDRs, AV with Ease using 8 New Process Injection Attacks

How hrserver.dll stealthy webshell can mimic Google’s Web Traffic to hide and compromise networks

Cyber Security Channel

US Govt wants new label on secure IoT devices or wants to discourage use of Chinese IoT gadgets

24,649,096,027 (24.65 billion) account usernames and passwords have been leaked by cyber criminals till now in 2022

How Chinese APT hackers stole Lockheed Martin F-35 fighter plane to develop its own J-20 stealth fighter aircraft [VIDEO]