‘Highly critical’ bug exposes unpatched Drupal sites to attacks

Worse, attackers have already been spotted targeting the flaw to deliver cryptocurrency miners and other payloads. Days after the team behind Drupal urged website admins to apply an update patching a highly critical vulnerability in the content management system (CMS) platform, threat actors were spotted exploiting the loophole in the wild. The remote code execution … More ‘Highly critical’ bug exposes unpatched Drupal sites to attacks

Former employee blamed for hack of WordPress plugin maker

The plugin’s users are recommended to change their passwords on WPML’s website following havoc reportedly wrought by a disgruntled ex-employee. The company behind the widely-used WordPress plugin WPML has been through a tumultuous few days after many of its customers received an email this past weekend that purported to warn them about “a bunch of … More Former employee blamed for hack of WordPress plugin maker

Attackers exploit flaw in GDPR-themed WordPress plugin to hijack websites

The campaign’s goals aren’t immediately clear, as the malefactors don’t appear to be leveraging the hijacked websites for further nefarious purposes. Attackers have been exploiting a security weakness in a GDPR compliance plugin for WordPress to seize control of vulnerable websites, according to a blog post by Defiant, which makes Wordfence security plugins for the web … More Attackers exploit flaw in GDPR-themed WordPress plugin to hijack websites

All websites running WordPress urged to update NOW

Millions of websites running WordPress are being strongly urged to update to the latest version of the popular content management system as soon as possible, after a serious security vulnerability was uncovered. Anthony Ferrara, who discovered the WordPress flaw, starkly summed up the situation: “Today, a significant SQL-Injection vulnerability was fixed in WordPress 4.8.3. Before reading further, … More All websites running WordPress urged to update NOW

Sathurbot: Distributed WordPress password attack

This article sheds light on the current ecosystem of the Sathurbot backdoor trojan, in particular exposing its use of torrents as a delivery medium and its distributed brute-forcing of weak WordPress administrator accounts. The torrent leecher Looking to download a movie or software without paying for it? There might be associated risks. It just might … More Sathurbot: Distributed WordPress password attack

100,000+ WordPress webpages defaced, Irish pages included

Thousands of WordPress webpages hacked, ESET Ireland finds several Irish pages, including GAA Daily among them. Two weeks ago WordPress 4.7.2 was released, and website administrators running self-hosted versions of the hugely popular CMS and blogging platform were advised to update their systems as a matter of urgency. What we didn’t know at the time … More 100,000+ WordPress webpages defaced, Irish pages included

Millions of WordPress sites left vulnerable by plugin flaw

Millions of WordPress sites have been left vulnerable by a scripting flaw found in two popular plugins, one of which is present in the default installation of the blogging platform, reports Computer World. The two plugins are JetPack and Twenty Fifteen, the first of which is a customization and performance tool, and the latter is … More Millions of WordPress sites left vulnerable by plugin flaw