Zero‑day in popular WordPress plugin exploited to take over websites

Websites using Fancy Product Designer are susceptible to remote code execution attacks even if the plugin is deactivated. Cybercriminals have been actively exploiting a zero-day vulnerability in Fancy Product Designer, a WordPress plugin used by more than 17,000 websites, according to a blog post by Defiant, which makes Wordfence security plugins for the web publishing platform. Attackers … More Zero‑day in popular WordPress plugin exploited to take over websites

ESET launches a new blog aimed at insecure Android apps: Android App Watch

ESET unveiled a new blog named Android App Watch to help Android users protect themselves against insecure applications. “Insecurely developed apps, those that put their users’ privacy or money at risk are a growing problem. On one hand, such apps don’t qualify as malware and thus cannot be blocked by security solutions. On the other, the … More ESET launches a new blog aimed at insecure Android apps: Android App Watch

Former employee blamed for hack of WordPress plugin maker

The plugin’s users are recommended to change their passwords on WPML’s website following havoc reportedly wrought by a disgruntled ex-employee. The company behind the widely-used WordPress plugin WPML has been through a tumultuous few days after many of its customers received an email this past weekend that purported to warn them about “a bunch of … More Former employee blamed for hack of WordPress plugin maker

All websites running WordPress urged to update NOW

Millions of websites running WordPress are being strongly urged to update to the latest version of the popular content management system as soon as possible, after a serious security vulnerability was uncovered. Anthony Ferrara, who discovered the WordPress flaw, starkly summed up the situation: “Today, a significant SQL-Injection vulnerability was fixed in WordPress 4.8.3. Before reading further, … More All websites running WordPress urged to update NOW

Sathurbot: Distributed WordPress password attack

This article sheds light on the current ecosystem of the Sathurbot backdoor trojan, in particular exposing its use of torrents as a delivery medium and its distributed brute-forcing of weak WordPress administrator accounts. The torrent leecher Looking to download a movie or software without paying for it? There might be associated risks. It just might … More Sathurbot: Distributed WordPress password attack