Cyber security news for all

More

    Attacks on WordPress: Millions of Accounts Affected

    WordPress is currently threatened by threat actors who are trying to compromise the sites. Redirection to malware advertising (malvertising) is the main aim of these complications that are arising.

    Wordfence analysts have reported that this is not the first time these attacks on WordPress have happened. However, they show concern as this is the first time it has been in such frightening quantities and in such a short time.

    An Insight

    While most of the previously attacked vulnerabilities in the word press system have been fixed, it is easy to trace an apparent interest in these particular sites.

    Of all the various attacks on WordPress in more than a year, the payload they have been trying to inject is still the same. This has led the analysts to believe that the threats might all be coming from the same threat actor.

    This JavaScript they are trying to inject has long been redirecting unsuspecting users to malvertising. The threats have been in trying to create a PHP backdoor in the theme’s header file so they could install the JavaScript malware. The analysts have predicted similar attacks on vulnerabilities in other themes and plugins.

     A Possible Solution – How To Handle This.

    WordPress analysts have strongly recommended installing and running a web application firewall. Although they have great faith in their newest plugin versions.

    K2 Cyber Security emphasized that perimeter security tools like WAFs require a lot of tuning. This tuning is to present them effective at protecting applications. Besides, most companies don’t have the security resources needed to do a proper job.

    For most, the safest thing to do to secure themselves would be to keep plugins and themes up to date. Also to delete plugins that are no longer in use and those that have been removed from the WordPress plugin repository.

    With the indicators provided by Wordfence has provided to a compromised site, administrators can keep track in a relatively easy way of whether or not they have been attacked.

    Recent Articles

    The warning sent to employees about Tiktok app was a mistake says Amazon

    On Friday morning, Amazon sent out a memo to its employees, asking them to uninstall the popular social media app TikTok off their phone....

    Other Android phones sold in the US contains pre-installed malware

    There’s a discovery of Pre-installed malware on another phone by researchers from Malwarebytes; through the lifeline Assistance program for sale in the United States....

    About 15 billion stolen passwords and usernames sold on the dark web.

    A recent finding has shown that about 15 billion passwords and usernames are distributed on the dark web. This compromise will bring about credential...

    Hundreds of multinational companies aimed by Russian BEC Gang

    According to the security firm Agari, there has been a discovery of a newly uncovered Russia-based business email compromise gang; BEC gang that scams...

    The slamming of undeletable Adware on Android users

    Researchers have discovered that about 14.8% of users of android phones that were targeted with mobile adware or malware the previous year have undeletable...

    Related Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    Stay on op - Ge the daily news in your inbox