All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of June 20, 2022. I’ve also…
Tag: wordpress
Uncategorized
NinjaForms WordPress plugin, actively exploited in wild, receives forced security update
by Graham Cluley •
A critical vulnerability in a WordPress plugin used on over one million websites has been patched, after evidence emerged that malicious hackers were actively exploited in the wild.
Malware Indicators (IoCs), Vulnerabilities
Researcher Discloses A WordPress CSP Bypass Publicly After Not Hearing From the Publishers
by Abeerah Hashim •
A security researcher has shared two CSP bypass scenarios affecting WordPress websites. Both methods involve…
Researcher Discloses A WordPress CSP Bypass Publicly After Not Hearing From the Publishers on Latest Hacking News.
Europe, Global Security News, North America
The cost of a WordPress website security breach
by Mark Grima •
A security breach can be expensive. Many studies and statistics put the average of a security breach in the millions of dollars. This figure, however, does not mean much without context. Indeed, it can be complicated to derive an average cost for a sec…
Global Security News, North America
Account pre-hijacking attacks possible on many online services
by Zeljka Zorz •
Online accounts getting hijacked and misused is an everyday occurrence, but did you know that account pre-hijacking attacks are also possible? Inspired by previous research on preemptive account hijacking by way of single sign-on (SSO) technology, rese…
Malware Indicators (IoCs), Vulnerabilities
Multiple Vulnerabilities Found In Jupiter WordPress Theme
by Abeerah Hashim •
Researchers discovered multiple security vulnerabilities in the Jupiter WordPress theme. While vendors have patched the…
Multiple Vulnerabilities Found In Jupiter WordPress Theme on Latest Hacking News.
Global Security News, North America
Secure your CMS-based websites against pervasive attacks
by Help Net Security •
Sucuri Security’s 2021 Website Threat Research Report has revealed that payment card skimmers are becoming more common in exploit kits affecting WordPress websites, and that attackers are spending more time customizing them to avoid detection. Th…
Global Security News, North America
CMS-based sites under attack: The latest threats and trends
by Zeljka Zorz •
Payment card skimmers are becoming more common in exploit kits affecting WordPress websites and attackers are spending more time customizing them to avoid detection, Sucuri’s latest research report has revealed. “Unlike most compromises we …
Global Security News, North America
CMS-based sites under attack: The latest threats and trends
by Zeljka Zorz •
Payment card skimmers are becoming more common in exploit kits affecting WordPress websites and attackers are spending more time customizing them to avoid detection, Sucuri’s latest research report has revealed. “Unlike most compromises we …
Exploits, Global Security News
Hundreds of GoDaddy’s Managed WordPress Sites Infected With Same Backdoor Payload
by GURUBARAN S •
The Wordfence Incident Response team has recently discovered that hundreds of websites that are hosted on GoDaddy’s managed WordPress service are infected with the same backdoor payload. For the occurrence of this incident, several popular intern…
Security Vendor News
S3 Ep71: VMware escapes, PHP holes, WP plugin woes, and scary scams [Podcast + Transcript]
by Paul Ducklin •
Latest episode – listen now!
Security Vendor News
WordPress backup plugin maker Updraft says “You should update”…
by Paul Ducklin •
A straight-talking bug report written in plain English by an actual expert – there’s a teachable moment in this cybersecurity story!
Malware Indicators (IoCs), Vulnerabilities
Vulnerability In UpdraftPlus WordPress Plugin Could Expose Backups
by Abeerah Hashim •
A severe vulnerability in the UpdraftPlus WordPress plugin could expose backups to subscribers. Thankfully, the…
Vulnerability In UpdraftPlus WordPress Plugin Could Expose Backups on Latest Hacking News.
Malware Indicators (IoCs), Vulnerabilities
Critical Code Execution Bugs Found In PHP Everywhere WordPress Plugin
by Abeerah Hashim •
Researchers discovered a number of severe security bugs leading to code execution in the WordPress…
Critical Code Execution Bugs Found In PHP Everywhere WordPress Plugin on Latest Hacking News.
Global IT News
Critical security updates for SAP, Siemens, Schneider Electric and a WordPress plugin
by Howard Solomon •
Security patches for products from four major companies were released this week, with calls for the updates to be installed as soon as possible. SAP said patches are needed to fix three critical memory corruption vulnerabilities that have affected the Internet Communication Manager (ICM); Siemens said its SIMATIC firmware contains three vulnerabilities that could allow […]
The post Critical security updates for SAP, Siemens, Schneider Electric and a WordPress plugin first appeared on IT World Canada.
Europe, Global Security News, North America, Vulnerabilities
WordPress Supply Chain Attack—93 Add-Ons Infected for Months
by Richi Jennings •
A popular maker of WordPress plugins and themes was hacked—93 of AccessPress’s offerings were modified to give the hackers “full access” to users’ sites.
The post WordPress Supply Chain Attack—93 Add-Ons Infected for Months appeared first on Security …
Global IT News
Over 90 WordPress themes and plugins from AccessPress hacked, says report
by Howard Solomon •
Backdoors were installed in many AccessPress themes and plugins months ago, says report
The post Over 90 WordPress themes and plugins from AccessPress hacked, says report first appeared on IT World Canada.
Global IT News
Vulnerabilities in WordPress plugins more than doubled in 2021: Report
by Howard Solomon •
Security vendor says WP administrators should take a risk-based approach to patching plugin vulnerabilities
The post Vulnerabilities in WordPress plugins more than doubled in 2021: Report first appeared on IT World Canada.
Malware Indicators (IoCs)
Hackers Attacked 1.6 Million WordPress Sites Via Four Different Vulnerable Plugins
by Abeerah Hashim •
In a recent wave of attacks, hackers targeted 1.6 million WordPress sites by exploiting unpatched…
Hackers Attacked 1.6 Million WordPress Sites Via Four Different Vulnerable Plugins on Latest Hacking News.
Malware Indicators (IoCs)
Multiple Vulnerabilities Spotted In Hide My WP WordPress Plugin
by Abeerah Hashim •
Numerous vulnerabilities in Hide My WP plugin WordPress plugin could pose serious security risks to…
Multiple Vulnerabilities Spotted In Hide My WP WordPress Plugin on Latest Hacking News.
Global Security News, North America
Small businesses urged to protect their customers from card skimming
by Zeljka Zorz •
With Black Friday and Cyber Monday quickly approaching, the UK National Cyber Security Centre (NCSC) is urging small online shops to protect their customers from card skimming cyber criminals. As part of NCSC’s Active Cyber Defence programme, the organ…
Global Security News, North America
GoDaddy breach: SSL keys, sFTP, database passwords of WordPress customers exposed
by Zeljka Zorz •
GoDaddy, the popular internet domain registrar and web hosting company, has suffered a data breach that affected over a million of their Managed WordPress customers. What happened? “On November 17, 2021, we discovered unauthorized third-party acc…
Uncategorized
GoDaddy hack exposes accounts of 1.2 million customers
by Graham Cluley •
Web-hosting firm and domain registrar GoDaddy has revealed that it has suffered cyber attack which saw a hacker gain access to details of over one million customers.
Read more in my article on the Hot for Security blog.
Malware Indicators (IoCs)
Starter Templates Plugin Flaw Affected 1M+ WordPress Sites
by Abeerah Hashim •
A major security flaw in Starter Templates Plugin could allow underprivileged authenticated users to import…
Starter Templates Plugin Flaw Affected 1M+ WordPress Sites on Latest Hacking News.
Malware Indicators (IoCs)
WP Reset PRO Plugin Bug Could Allow Wiping Site Databases
by Abeerah Hashim •
A serious security bug in the WP Reset PRO plugin could prove devastating for the…
WP Reset PRO Plugin Bug Could Allow Wiping Site Databases on Latest Hacking News.
Malware Indicators (IoCs)
HashThemes Demo Importer Plugin Bug Could Allow Wiping WordPress Sites
by Abeerah Hashim •
WordPress admins have to deal with another vulnerable WordPress plugin that poses a highly severe…
HashThemes Demo Importer Plugin Bug Could Allow Wiping WordPress Sites on Latest Hacking News.
Malware Indicators (IoCs)
Cross-Site Scripting Vulnerability Riddled NextScripts WordPress Plugin
by Abeerah Hashim •
Heads up, WordPress admins! The NextScripts WordPress plugin had a serious cross-site scripting vulnerability that…
Cross-Site Scripting Vulnerability Riddled NextScripts WordPress Plugin on Latest Hacking News.
Malware Indicators (IoCs)
OptinMonster Plugin Bug Potentially Risked Over A Million WordPress Websites
by Abeerah Hashim •
A serious information disclosure bug existed in the WordPress plugin OptinMonster. Exploiting the vulnerability could…
OptinMonster Plugin Bug Potentially Risked Over A Million WordPress Websites on Latest Hacking News.
Malware Indicators (IoCs)
Critical Vulnerabilities Discovered in Fastest Cache Plugin For WordPress
by Abeerah Hashim •
Heads up, WordPress admins! Make sure to update your websites with the latest WP Fastest…
Critical Vulnerabilities Discovered in Fastest Cache Plugin For WordPress on Latest Hacking News.
Malware Indicators (IoCs)
Gutenberg Template Library Plugin Bugs Affected 1+ Million WordPress Sites
by Abeerah Hashim •
Researchers spotted numerous security bugs in the Gutenberg Template Library & Redux Framework plugin that…
Gutenberg Template Library Plugin Bugs Affected 1+ Million WordPress Sites on Latest Hacking News.