GetMama – Conditional malware affecting thousands of sites
Daniel Cid We have been tracking an interesting malware that is affecting thousands of compromised sites. We call it GetMama!! Why conditional? Because instead of just displaying…
Browsing Category
WordPress Security
663 posts
WordPress Third Party Vulnerability – Deans FCKEditor with PWWANGS Code for WordPress(version 1.0.0)
Tony Perez You have heard me write in the past about understanding the true Vulnerability within WordPress. In that post I talk to the benefits of the…
WordPress – Understanding its True Vulnerability
Everyday we manage thousands of clients running a wide range of applications, built across a number of different platforms. It should be of no surprise…
Brute force attacks against WordPress sites
We talk a lot about the importance of using strong passwords, but sometimes it it hard to see how important it really is, or what…
Latest Mass Compromise of WordPress sites – More Details
We are getting lots of questions about the latest mass compromise targeting WordPress sites (redirecting to fake AV) that has affected over 30,000 domains. The…
Vulnerability in the Absolute Privacy Plugin
David Dede We are seeing reports that a vulnerability in the Absolute Privacy WordPress plugin (link) is being used to hack and compromise sites with it installed.…
New WordPress ToolsPack Plugin
We deal with many compromised sites daily and lately we are seeing something in common across many of the sites running WordPress. They have installed…
WordPress 3.3 XSS Vulnerability Patched (3.3.1 Released)
We just learned of a reflected XSS vulnerability in WordPress 3.3 via the comments form (wp-comments.php). It is explained in detail here. The disclosed vulnerability…
Blacklist Warnings for Users of the Stream-Video-Player WordPress Plugin
If you are using the plugin stream-video-player, it might be a good idea to disable this plugin for now. The plugin loads a Flash player…
WordPress 3.3 is Out
For all our WordPress users, please remember to update to WordPress 3.3 that was just released. It should be a quick 1-click process in your…
The New (and Old) .htaccess Attacks – Now Using .in Domains
We have been talking about .htaccess redirections for a while. A site gets compromised and the attackers modify the .htaccess file(s) to redirect any search…