plugin – Page 3 – WindowsTechs.com

Newsletter WordPress Plugin Opens Door to Site Takeover

Posted on August 4, 2020 by Tara Seals

An XSS bug and a PHP object-injection vulnerability are present in a plugin used by hundreds of thousands of websites. Continue reading Newsletter WordPress Plugin Opens Door to Site Takeover→

Attackers tried to grab WordPress configuration files from over a million sites

Posted on June 5, 2020 by Zeljka Zorz

A threat actor that attempted to insert a backdoor into nearly a million WordPress-based sites in early May (and continued to try throughout the month), tried to grab WordPress configuration files of 1.3 million sites at the end on the same month. In b… Continue reading Attackers tried to grab WordPress configuration files from over a million sites→

Attackers Target 1M+ WordPress Sites To Harvest Database Credentials

Posted on June 3, 2020 by Lindsey O'Donnell

An attack over the weekend unsuccessfully targeted 1.3 million WordPress websites, in attempts to download their configuration files and harvest database credentials. Continue reading Attackers Target 1M+ WordPress Sites To Harvest Database Credentials→

FBI warns hackers are planting card skimmers on online stores running a vulnerable Magento plugin

Posted on May 19, 2020 by Graham Cluley

The FBI has issued a “flash alert” warning that hackers are planting Magecart-style credit card-skimming code on Magento-powered online stores running an out-of-date plugin.
Continue reading FBI warns hackers are planting card skimmers on online stores running a vulnerable Magento plugin→

Thunderbolt Flaws, WordPress Plugin Vulnerabilities, Patriot Act Vote

Posted on May 18, 2020 by Tom Eston

In episode 121 for May 18th 2020: A new Thunderbolt flaw could let hackers steal your data in under five minutes, new vulnerabilities in a popular WordPress plugin, and details on why the US Senate just rejected a plan to require a warrant to obtain Am… Continue reading Thunderbolt Flaws, WordPress Plugin Vulnerabilities, Patriot Act Vote→

WordPress Page Builder Plugin Bugs Threaten 1 Million Sites with Full Takeover

Posted on May 12, 2020 by Tara Seals

Severe CSRF to XSS bugs open the door to code execution and complete website compromise. Continue reading WordPress Page Builder Plugin Bugs Threaten 1 Million Sites with Full Takeover→

Nearly a million WordPress sites targeted in extensive attacks

Posted on May 6, 2020 by Zeljka Zorz

A threat actor is actively trying to insert a backdoor into and compromise WordPress-based sites to redirect visitors to malvertising. “While our records show that this threat actor may have sent out a smaller volume of attacks in the past, it’s … Continue reading Nearly a million WordPress sites targeted in extensive attacks→

TrickBot Trojan Adds RDP Brute-Forcing to Its Arsenal

Posted on March 18, 2020 by Tara Seals

A fresh module aims to compromise remote desktop accounts to access corporate resources. Continue reading TrickBot Trojan Adds RDP Brute-Forcing to Its Arsenal→

New Sonatype Scan Gradle Plugin

Posted on February 28, 2020 by Guillermo Varela

Sonatype has an ongoing commitment to the Open Source community to keep software developers aware of the components in their applications (Bill of Materials/BOM) and any known vulnerabilities they may contain. We are constantly developing and rele… Continue reading New Sonatype Scan Gradle Plugin→

Free trojanized WordPress themes lead to widespread compromise of web servers

Posted on February 19, 2020 by Zeljka Zorz

Over 20,000 web servers (and who knows how many websites) have been compromised via trojanized WordPress themes to deliver malware through malicious ads, Prevailion researchers have discovered. The compromised servers are located across the globe and m… Continue reading Free trojanized WordPress themes lead to widespread compromise of web servers→