Online Credit Card Theft – A Brief Overview of Online Fraud and Abuse – Part 1
Many clients that we work with host and operate ecommerce websites which are frequent targets of attackers. The goal of these attacks is to steal credit card details from unsuspecting victims and sell them on the black market for a profit. The online ecommerce...
WordPress Vulnerability Report: June 2021, Part 4
Vulnerable plugins and themes are the #1 reason WordPress websites get hacked. The weekly WordPress Vulnerability Report powered by WPScan covers recent WordPress plugin, theme, and core vulnerabilities, and what to do if you run one of the vulnerable...
WordPress 5.8 Beta 3
WordPress 5.8 Beta 3 is now available for testing! This software is still in development, so it is not recommended to run this version on a production site. Consider setting up a test site to play with it. You can test the WordPress 5.8 Beta 3 in three ways:...WP Briefing: Episode 11: WordCamp Europe 2021 in Review
In this episode, Josepha Haden Chomphosy does a mini deep dive into WordCamp Europe 2021, specifically the conversation between the project’s co-founder, Matt Mullenweg, and Brian Krogsgard formerly of PostStatus. Tune in to hear her take and for this episode’s small...WordPress Vulnerabilities 2021 week 24 via Patchstack
Vulnerabilities discovered in plugins, themes and WordPress Core from june 2021, 14th to 20th Stay updated! Thanks to Patchstack.com Source: Security FeedEpisode 122: Largest Password Dump in History Fuels Credential Stuffing Extravaganza
Sites running Jetpack are being infected via compromised WordPress.com credentials. The largest password dump ever with 8.4 billion passwords is used in credential stuffing attacks. Wordfence Threat Intelligence discloses new plugin vulnerabilities as well as a...
Malicious Redirects Through Bogus Plugin
Recently we have been seeing a rash of WordPress website compromises with attackers abusing the plugin upload functionality in the wp-admin dashboard to redirect visitors and website owners to malicious websites. The payload is the following bogus plugin located here:...