Cyber security news for all

More

    The WordPress theme OneTone endangers thousands of websites

    Hackers have begun to actively target WordPress sites running the OneTone theme in an effort to exploit a vulnerability that gives them the ability to read and write cookies as well as create backdoor admin accounts.

    With cross site scripting, an attacker can inject code into a website that has a harmful effect on the victims computer when the victim accesses the corresponding website. Themes are particularly popular here because it doesn’t matter which specific website the victim accesses, since the malicious code is usually embedded in elements that are displayed on every page under the entire domain.

    The vulnerabilities in OneTone were discovered last September. WordPress removed the theme from the official theme catalog of its website in October. Since the developer did not respond to attempts by various security companies to contact, the details of the attack have now been made public. All WordPress users who use this theme should switch to a different layout as soon as possible to protect their visitors. Even if every developer wants to minimize errors and use secure coding principles, security gaps will inevitably arise. The task is therefore to find ways to minimize the weak points.

    The Malicious Code Is Almost Always Executed

    Several security companies are now observing that attacks on websites with this theme have been increasing rapidly for a week. If you use a premium theme, you should definitely check whether there is an update. If you use a free theme, you will mostly only be able to hope for good news. Most of all, plugins are affected. The good thing is that plugins are usually reliably updated. This affects all the big plugins, of which several are also affected.

    Only Use Plugins That You Really Need

    Delete all plugins and themes that you don’t need. A simple deactivation is not enough for protection. The new themes come without plugins. Take advantage of this and do not try to add unnecessary functions through plugins.

    Recent Articles

    Judge issues injunction against WeChat

    The US government wanted to take action against the app WeChat. A judge stood sideways. The app should disappear from the platforms in the...

    Mail provider Tutanota becomes target of cyber attacks

    Over the weekend, ongoing DDoS attacks and an infrastructure problem resulted in downtime for hundreds of users. While some were able to mitigate most...

    Amazon accounts are the new target of cyber criminals

    Amazon is a popular target for cyber criminals who want to exploit the trust and image of the company among its customers with emails....

    Hackers stole thousands of passport data in Argentina

    In response to millions of dollars ransom refused by the Argentine Immigration Service, a ransomware group released passport data from hundreds of thousands of...

    USA wants to improve cybersecurity of space systems

    CISA has published a table this week that summarizes Chinese activities against cybersecurity. Some attacks have succeeded and enabled hackers to gain a foothold...

    Related Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    Stay on op - Ge the daily news in your inbox