Cyber security news for all

More

    Attacks on WordPress: Millions of Accounts Affected

    WordPress is currently threatened by threat actors who are trying to compromise the sites. Redirection to malware advertising (malvertising) is the main aim of these complications that are arising.

    Wordfence analysts have reported that this is not the first time these attacks on WordPress have happened. However, they show concern as this is the first time it has been in such frightening quantities and in such a short time.

    An Insight

    While most of the previously attacked vulnerabilities in the word press system have been fixed, it is easy to trace an apparent interest in these particular sites.

    Of all the various attacks on WordPress in more than a year, the payload they have been trying to inject is still the same. This has led the analysts to believe that the threats might all be coming from the same threat actor.

    This JavaScript they are trying to inject has long been redirecting unsuspecting users to malvertising. The threats have been in trying to create a PHP backdoor in the theme’s header file so they could install the JavaScript malware. The analysts have predicted similar attacks on vulnerabilities in other themes and plugins.

     A Possible Solution – How To Handle This.

    WordPress analysts have strongly recommended installing and running a web application firewall. Although they have great faith in their newest plugin versions.

    K2 Cyber Security emphasized that perimeter security tools like WAFs require a lot of tuning. This tuning is to present them effective at protecting applications. Besides, most companies don’t have the security resources needed to do a proper job.

    For most, the safest thing to do to secure themselves would be to keep plugins and themes up to date. Also to delete plugins that are no longer in use and those that have been removed from the WordPress plugin repository.

    With the indicators provided by Wordfence has provided to a compromised site, administrators can keep track in a relatively easy way of whether or not they have been attacked.

    Recent Articles

    Amazon accounts are the new target of cyber criminals

    Amazon is a popular target for cyber criminals who want to exploit the trust and image of the company among its customers with emails....

    Hackers stole thousands of passport data in Argentina

    In response to millions of dollars ransom refused by the Argentine Immigration Service, a ransomware group released passport data from hundreds of thousands of...

    USA wants to improve cybersecurity of space systems

    CISA has published a table this week that summarizes Chinese activities against cybersecurity. Some attacks have succeeded and enabled hackers to gain a foothold...

    Unknown attackers had access to personal data of Warner Music

    Warner Music Group has admitted a security incident in which customers card details were stolen in some of the company's online stores. Warner Music...

    Donald Trump wants to force a sale of TikTok to Microsoft

    It was recently announced that President Donald Trump plans to prohibit business with the owners of TikTok by decree. The American head of state...

    Related Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    Stay on op - Ge the daily news in your inbox