Cyber security news for all

More

    Attacks on WordPress: Millions of Accounts Affected

    WordPress is currently threatened by threat actors who are trying to compromise the sites. Redirection to malware advertising (malvertising) is the main aim of these complications that are arising.

    Wordfence analysts have reported that this is not the first time these attacks on WordPress have happened. However, they show concern as this is the first time it has been in such frightening quantities and in such a short time.

    An Insight

    While most of the previously attacked vulnerabilities in the word press system have been fixed, it is easy to trace an apparent interest in these particular sites.

    Of all the various attacks on WordPress in more than a year, the payload they have been trying to inject is still the same. This has led the analysts to believe that the threats might all be coming from the same threat actor.

    This JavaScript they are trying to inject has long been redirecting unsuspecting users to malvertising. The threats have been in trying to create a PHP backdoor in the theme’s header file so they could install the JavaScript malware. The analysts have predicted similar attacks on vulnerabilities in other themes and plugins.

     A Possible Solution – How To Handle This.

    WordPress analysts have strongly recommended installing and running a web application firewall. Although they have great faith in their newest plugin versions.

    K2 Cyber Security emphasized that perimeter security tools like WAFs require a lot of tuning. This tuning is to present them effective at protecting applications. Besides, most companies don’t have the security resources needed to do a proper job.

    For most, the safest thing to do to secure themselves would be to keep plugins and themes up to date. Also to delete plugins that are no longer in use and those that have been removed from the WordPress plugin repository.

    With the indicators provided by Wordfence has provided to a compromised site, administrators can keep track in a relatively easy way of whether or not they have been attacked.

    Recent Articles

    TikTok has fixed a serious security gap issue

    TikTok accounts paid a researcher a reward of 4000 dollars after he reported two vulnerabilities as part of a disclosure. A combination of both...

    Passwords should be changed for Fortinet VPNs

    Administrators should change the access for Fortinet VPNs in use. Log-in information for almost 50,000 VPN networks has appeared in various cyber blogs. A security...

    Twitter confirmed to bring back account verification

    Twitter is bringing back verifications for the account verification in the beginning of 2021. Certain users will then be given a control mark again,...

    350,000 Spotify users were hacked

    At the beginning of July this year, security researchers discovered an unsecured database that contained access and other information from 350,000 Spotify users. Spotify...

    Europol sees artificial intelligence as a dangerous cyber threat

    Cyber criminals can use intelligence to carry out attacks more easily and thus cause more damage. Europol is warning of this in a joint...

    Related Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    Stay on op - Ge the daily news in your inbox