SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
#WordPress
17 Jul 2017

Attackers using automated scans to takeover WordPress installs

Attackers have been setting their sights on freshly installed WordPress deployments, taking advantage of users who fail to follow through when it comes to configuring their server’s settings.

Researchers at the WordPress security plugin WordFence said Tuesday they observed a significant spike in attacks targeting WordPress accounts from the end of May to mid-June. The biggest increase in scans – roughly 7,500 a day – came on May 30. According to Mark Maunder, the company’s CEO and founder, attackers mounted thousands of scans each day for a URL that new WordPress installations use to setup new sites. 

Read more
Tags:
WordPress information leaks
Source:
Threatpost
1482
9 Feb 2017

Thousands of WordPress sites hacked using recently disclosed vulnerability

Last week, we reported about a critical zero-day flaw in WordPress that was silently patched by the company before hackers have had their hands on the nasty bug to exploit millions of WordPress websites.

To ensure the security of millions of websites and its users, WordPress delayed the vulnerability disclosure for over a week and worked closely with security companies and hosts to install the patch, ensuring that the issue was dealt with in short order before it became public. But even after the company's effort to protect its customers, thousands of admins did not bother to update their websites, which are still vulnerable to the critical bug.

Read more
Tags:
WordPress information leaks
Source:
The Hacker News
1769
2 Feb 2017

Wordpress 0-day content injection vulnerability

Today news broke of a particularly nasty zero day vulnerability in the Wordpress REST API. The vulnerability in this case would allow for content injection as well as privilege escalation. This vulnerability would an unauthenticated interloper to modified basically any content that they would see fit. Posts, pages, all fair game.

This is anything but a small issue and from what I’ve read thus far, trivial to exploit by an attacker. The issue in this case was discovered by a security researcher at Sucuri. For the uninitiated, Wordpress is an open source CMS platform that was first introduced to the world in May 2003.

Read more
Tags:
information leaks WordPress
Source:
CSO Online
1691
19 Oct 2016

WordPress sites under attack via security flaw in unmaintained plugin

Webmasters still using the deprecated WP Marketplace WordPress plugin should update to a new e-commerce utility as soon as possible, and remove the plugin from their sites in order to avoid having their servers compromised.

The reason for this warning is a security flaw that affects the plugin. The issue allows an attacker to upload arbitrary files on websites where this plugin is installed. Depending on the attacker's skills, the proper files and exploits, a third-party can potentially take over a site's underlying server. Security researchers from White Fir Design discovered this flaw, which is an arbitrary file upload vulnerability.

Read more
Tags:
WordPress information leaks
Source:
Softpedia
1850
25 Jul 2016

WooCommerce WordPress stores affected by image-based XSS vulnerability

Automattic, the company that supervises WordPress and WooCommerce development, has patched a persistent XSS vulnerability in the WooCommerce e-commerce plugin for WordPress.

This bugfix is crucial because it has the potential to affect over one million WordPress-powered stores, according to the most recent statistics from the WP Plugin Directory. Security researcher has discovered the vulnerability as part of the Summer of Pwnage event. It is a unique event that gathers security researchers from around the globe, and this year, they have set their sights on discovering and reporting security bugs in the WordPress platform.

Read more
Tags:
information leaks WordPress
Source:
Softpedia
1942
4 Feb 2016

WordPress under attack by whack-a-mole ad-scam malware

Sucuri threat researcher says a "massive" advertising scam campaign is affecting users visiting WordPress sites, injecting backdoors and constantly re-infecting sites.

The prolific virus-destroyer says writers are injecting code into all JavaScript files on a targeted WordPress sites. First time visitors will cop a cookie that generates fraudulent advertising income for VXers. This past weekend experts registered a spike in WordPress infections where hackers injected encrypted code at the end of all legitimate .js files. This malware uploads multiple backdoors into various locations on the web server and frequently updates the injected code.

Read more
Tags:
WordPress hackers information leaks
Source:
The Register
2277
28 Dec 2015

Botnet of Aethra routers used for Brute-Forcing WordPress sites

Italian security researchers from VoidSec have come across a botnet structure that was using vulnerable Aethra Internet routers and modems to launch brute-force attacks on WordPress websites.

This particular incident was uncovered after one of the VoidSec researchers was sifting through his WordPress log file and found a brute-force attack coming from the same IP range. After further investigation, all the IPs came from six Internet Service Providers: Fastweb, Albacom, Clouditalia, Qcom, WIND, and BSI Assurance UK, four of which are from Italy. What all these networks had in common were Aethra routers.

Read more
Tags:
information leaks brute force WordPress
Source:
Softpedia
2080
21 Sep 2015

Thousands of hacked WordPress sites abused to infect millions of visitors

A Large number of WordPress websites were compromised in last two weeks with a new malware campaign spotted in the wild. WordPress has been once again targeted by hackers at large scale.

Researchers have detected a “Malware Campaign” with an aim of getting access to as many devices they can by making innumerable WordPress websites as its prey. The Security researchers call this malware attack as “VisitorTracker”. This new campaign seems to be utilizing the Nuclear Exploit Kit and uses a combination of hacked WordPress sites, hidden iframes and number of known and unknown Browser exploits.

Read more
Tags:
hackers WordPress
Source:
The Hackers News
1848
5 May 2015

Just-released WordPress 0day makes it easy to hijack millions of websites

The WordPress content management system used by millions of websites is vulnerable to two newly discovered threats that allow attackers to take full control of the Web server.

Attack code has been released that targets one of the latest versions of WordPress, making it a zero-day exploit that could touch off a series of site hijackings throughout the Internet. Both vulnerabilities are known as stored, or persistent, cross-site scripting bugs. They allow an attacker to inject code into the HTML content received by administrators who maintain the website. Both attacks work by embedding malicious code into the comments section.

Read more
Tags:
WordPress information leaks
Source:
Ars Technica
Author:
Dan Goodin
1974
9 Apr 2015

FBI warns of ISIL defacement attacks on WordPress sites

The US FBI just released a public service announcement to the public about a large number of websites being exploited and compromised through WordPress plugin vulnerabilities.

The defacements have affected Web site operations and the communication platforms and a variety of other domestic and international Web sites. Although the defacements demonstrate low-level hacking sophistication, they are disruptive and often costly in terms of lost business revenue and expenditures on technical services to repair infected computer systems. The FBI explained what happens when a site gets compromised.

Read more
Tags:
FBI WordPress USA DDoS hackers
Source:
Sucuri Blog
2425
SafeUM NEWS
27 Apr 2017 safeum news imgage Encrypted Group Chat
4 Apr 2017 safeum news imgage Each SafeUM user gets free anonymous phone number
10 Mar 2017 safeum news imgage SafeUM useful features to help you feel safe
28 Sep 2016 safeum news imgage Secure Messenger SafeUM
21 Jul 2015 safeum news imgage New secured zone of Google Play: secure messenger SafeUM for Android. Download, Install, Communicate
3 Apr 2015 safeum news imgage We are beginning to test SafeUM for Windows Phone
25 Feb 2015 safeum news imgage SafeUM messenger is available for public testing
20 Feb 2015 safeum news imgage Algorithms and encryption schemes used for secure messenger SafeUM
30 Jan 2015 safeum news imgage New "TOP Security!" app is on the App Store
22 Jan 2015 safeum news imgage Free "TOP Security!" app is available on Google Play
28 Oct 2014 safeum news imgage How are security keys generated in SafeUM?
19 Jun 2014 safeum news imgage SafeUM is the best messenger for data protection and information security
16 Jun 2014 safeum news imgage Become a SafeUM tester and get free PREMIUM subscription for a year
12 May 2014 safeum news imgage Why Premium secure messenger SafeUM cannot be free
25 Apr 2014 safeum news imgage Encrypted secure messaging for every mobile device
All news
First page Previous
1 2
Next Last page
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015