30-08-2022 Onderzoekers vinden op 25.000 WordPress-sites malafide plug-ins Voor het onderzoek werden van 2012 tot en met 2020 WordPress-sites op meer dan vierhonderdduizend webservers geanalyseerd. Het gaat om webservers van back-upprovider CodeGuard die aan het onderzoek meewerkte. WordPress biedt gebruikers een groot aantal plug-ins en themes voor de ontwikkeling van hun website. Er is een hele industrie ontstaan van t... Lees meer 30-08-2022 Hackers Use ModernLoader to Infect Systems with Stealers and Cryptominers Infection chains discovered by the cybersecurity firm involve attempts to compromise vulnerable web applications like WordPress and CPanel to distribute the malware by means of files that masquerade as fake Amazon gift cards. The malicious implant in question, ModernLoader, is designed to provide attackers with remote control over the victim's mac... Lees meer 25-08-2022 Hackers Using Fake DDoS Protection Pages to Distribute Malware WordPress sites are being hacked to display fraudulent Cloudflare DDoS protection pages that lead to the delivery of malware such as NetSupport RAT and Raccoon Stealer. "A recent surge in JavaScript injections targeting WordPress sites has resulted in fake DDoS prevent prompts which lead victims to download remote access trojan malware," Sucuri's ... Lees meer 18-08-2022 Onderzoekers: 25.000 websites besmet met "FakeUpdates" malware Onderzoekers hebben dit jaar al 25.000 websites gevonden die besmet bleken te zijn met de "FakeUpdates" malware, die criminelen gebruiken om toegang tot organisaties te krijgen om vervolgens bijvoorbeeld ransomware uit te rollen. "Deze SocGholish-infecties herinneren ons aan de verantwoordelijkheid van webmasters om hun omgeving schoon te houden,... Lees meer 08-08-2022 Vulnerability Found In WordPress Gutenberg Plugin? The United States government’s National Vulnerability Database published a notification of a vulnerability discovered in the official WordPress Gutenberg plugin. But according to the person who found it, WordPress is said to have not acknowledged it’s a vulnerability. Is It Really A Vulnerability? The researcher reported the vulnerabi... Lees meer 07-08-2022 Stored XSS in post_title parameter in WordPress Plugin "Testimonial Slider and Showcase" WordPress Plugin "Testimonial Slider and Showcase" is prone to a cross-site scripting (XSS) vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal coo... Lees meer 04-08-2022 Cross-Site Request Forgery Vulnerability Patched in Ecwid Ecommerce Shopping Cart Plugin On June 24, 2022, the Wordfence Threat Intelligence team initiated the responsible disclosure process for a Cross-Site Request Forgery vulnerability we discovered in Ecwid Ecommerce Shopping Cart, a WordPress plugin installed on over 30,000 sites. This vulnerability made it possible for attackers to modify some of the plugin’s more advanced s... Lees meer 26-07-2022 Hackers Increasingly Using WebAssembly Coded Cryptominers to Evade Detection As many as 207 websites have been infected with malicious code designed to launch a cryptocurrency miner by leveraging WebAssembly (Wasm) on the browser. Web security company Sucuri, which published details of the campaign, said it launched an investigation after one of its clients had their computer slowed down significantly every time upon navig... Lees meer 18-07-2022 Experts Notice Sudden Surge in Exploitation of WordPress Page Builder Plugin Vulnerability Researchers from Wordfence have sounded the alarm about a "sudden" spike in cyber attacks attempting to exploit an unpatched flaw in a WordPress plugin called Kaswara Modern WPBakery Page Builder Addons. Tracked as CVE-2021-24284, the issue is rated 10.0 on the CVSS vulnerability scoring system and relates to an unauthenticated arbitrary file uplo... Lees meer 18-07-2022 Grootschalige aanval op WordPress-sites met kwetsbare plug-in Criminelen hebben de afgelopen dagen een grootschalige aanval op WordPress-sites uitgevoerd waarbij werd geprobeerd om die via een kwetsbare plug-in over te nemen en een update voor het beveiligingslek is niet beschikbaar. De aanvallers maken misbruik van een kwetsbaarheid in de Kaswara Modern WPBakery Page Builder add-on. De uitbreiding moet het e... Lees meer 1 2 3 4 5 6 7 8 9 archief
