Cyber security news for all

More

    The WordPress theme OneTone endangers thousands of websites

    Hackers have begun to actively target WordPress sites running the OneTone theme in an effort to exploit a vulnerability that gives them the ability to read and write cookies as well as create backdoor admin accounts.

    With cross site scripting, an attacker can inject code into a website that has a harmful effect on the victims computer when the victim accesses the corresponding website. Themes are particularly popular here because it doesn’t matter which specific website the victim accesses, since the malicious code is usually embedded in elements that are displayed on every page under the entire domain.

    The vulnerabilities in OneTone were discovered last September. WordPress removed the theme from the official theme catalog of its website in October. Since the developer did not respond to attempts by various security companies to contact, the details of the attack have now been made public. All WordPress users who use this theme should switch to a different layout as soon as possible to protect their visitors. Even if every developer wants to minimize errors and use secure coding principles, security gaps will inevitably arise. The task is therefore to find ways to minimize the weak points.

    The Malicious Code Is Almost Always Executed

    Several security companies are now observing that attacks on websites with this theme have been increasing rapidly for a week. If you use a premium theme, you should definitely check whether there is an update. If you use a free theme, you will mostly only be able to hope for good news. Most of all, plugins are affected. The good thing is that plugins are usually reliably updated. This affects all the big plugins, of which several are also affected.

    Only Use Plugins That You Really Need

    Delete all plugins and themes that you don’t need. A simple deactivation is not enough for protection. The new themes come without plugins. Take advantage of this and do not try to add unnecessary functions through plugins.

    Recent Articles

    Russian Cybercriminal Behind “Cardplanet” Site Sentenced

    According to the United States Department of Justice, a Russian cybercriminal, Aleksey Burkov, 30—who operated Cardplanet site: a site that trafficked stolen card details—has...

    Hackers Used Malicious Docker Images to Mine Monero

    Researchers found malicious images on Docker Hub used for crypto mining. Palo Alto Networks' Unit  42, unraveled a crypto mining scheme which uses malicious Docker...

    NSA outlines requirements for secure collaboration services for US government telework

    The new National Security Agency (NSA) guidelines are a window of security for users. Everyone has been trying to return to their lives since...

    Cybercriminals threaten to sell off “scandalous” files swiped from Mariah Carey, Nicki Minaj, Puff Daddy’s legal eagles

    There's no escaping these cybercriminals. In a recent case of "cyber-extortion," threat actors known as REvil, are threatening to expose celebrity "dirt." These threat actors...

    Twitter apologises for exposed customers data

    In what is described as a "data security incident," sensitive details of Twitter's customers were exposed. Unlike other cases of a breach which are...

    Related Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    Stay on op - Ge the daily news in your inbox