Cyber security news for all

More

    The WordPress theme OneTone endangers thousands of websites

    Hackers have begun to actively target WordPress sites running the OneTone theme in an effort to exploit a vulnerability that gives them the ability to read and write cookies as well as create backdoor admin accounts.

    With cross site scripting, an attacker can inject code into a website that has a harmful effect on the victims computer when the victim accesses the corresponding website. Themes are particularly popular here because it doesn’t matter which specific website the victim accesses, since the malicious code is usually embedded in elements that are displayed on every page under the entire domain.

    The vulnerabilities in OneTone were discovered last September. WordPress removed the theme from the official theme catalog of its website in October. Since the developer did not respond to attempts by various security companies to contact, the details of the attack have now been made public. All WordPress users who use this theme should switch to a different layout as soon as possible to protect their visitors. Even if every developer wants to minimize errors and use secure coding principles, security gaps will inevitably arise. The task is therefore to find ways to minimize the weak points.

    The Malicious Code Is Almost Always Executed

    Several security companies are now observing that attacks on websites with this theme have been increasing rapidly for a week. If you use a premium theme, you should definitely check whether there is an update. If you use a free theme, you will mostly only be able to hope for good news. Most of all, plugins are affected. The good thing is that plugins are usually reliably updated. This affects all the big plugins, of which several are also affected.

    Only Use Plugins That You Really Need

    Delete all plugins and themes that you don’t need. A simple deactivation is not enough for protection. The new themes come without plugins. Take advantage of this and do not try to add unnecessary functions through plugins.

    Recent Articles

    Unclear cyber attacks that target Covid-19 vaccine campaign

    Security researchers have discovered some cyber attacks that are targeted against the delivery of vaccine against COVID. The targeted attacks began in 2 months...

    New malware called Egregor is on the rise

    New malware is on the rise. The Egregor malware has only been in active for 2 months, but it is already becoming apparent that...

    Anyone with a smartphone can become a victim of cyber-mobbing

    Cyber-mobbing is becoming a huge risk in the current COVID crisis. According to a study, almost 20 percent of students in Germany are exposed...

    macOS Trojans: Traces lead to Vietnam

    Security researchers have discovered a new macOS Trojans. Behind this could be a well known hacker group that has spied on Vietnamese dissidents in...

    Court forces Tutanota to perform a surveillance function

    Tutanota email only stores its user mails in encrypted form and cannot read them itself. Tutanota is one of the few email providers that...

    Related Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    Stay on op - Ge the daily news in your inbox