0-day Vulnerability in WordPress BackupBuddy Plugin Attacked Over 5 million Times

Wordfence analysts have discovered that a fresh 0-day vulnerability in the popular WordPress plugin, BackupBuddy, which has been installed about 140,000 times, is under active attack. Since August 26, 2022, there have been about 5,000,000 hack attempts. The BackupBuddy plugin allows users to backup their entire WordPress installation right from the dashboard, including theme files,… Continue reading 0-day Vulnerability in WordPress BackupBuddy Plugin Attacked Over 5 million Times

NetSupport and RaccoonStealer malware spreads masked as Cloudflare warnings

Unknown attackers hacked WordPress sites to send fake DDoS protection notifications supposedly coming from Cloudflare and through such fakes, the attackers users with NetSupport RAT and the RaccoonStealer infostealer (aka Raccoon). Let me remind you that we also talked about the fact that Hackers create scam e-commerce sites over hacked WordPress sites, and also that… Continue reading NetSupport and RaccoonStealer malware spreads masked as Cloudflare warnings

Cybersecurity Researchers Discovered a New Phishing Kit targeting PayPal Users

Akamai has identified a new phishing kit that is being installed on hacked WordPress sites and targets PayPal users. The malware tries to steal the personal information of the victims, and also asks to take a selfie with identity documents. Let me remind you that we also wrote that Iranian Spear-Phishing Operation Targets US And… Continue reading Cybersecurity Researchers Discovered a New Phishing Kit targeting PayPal Users

Ukraine Was Hit by DDoS Attacks from Hacked WordPress Sites

Ukrainian Computer Emergency Response Team (CERT-UA) said that Ukraine was hit by large-scale DDoS attacks. CERT-UA has published a report on ongoing DDoS attacks on Ukrainian websites and a government web portal. Unknown attackers compromise WordPress sites and inject malicious JavaScript code into the HTML structure. The script is base64 encoded to avoid detection like… Continue reading Ukraine Was Hit by DDoS Attacks from Hacked WordPress Sites

About 30% of critical vulnerabilities in WordPress plugins remain unpatched

Patchstack analysts have released a report on security and critical vulnerabilities in WordPress in 2021. Unfortunately, the picture turned out to be depressing, for example, it turned out that 29% of critical errors in WordPress plugins did not receive patches at all. In addition, the number of reported vulnerabilities has increased by 150% over the… Continue reading About 30% of critical vulnerabilities in WordPress plugins remain unpatched

Hackers create scam e-commerce sites over hacked WordPress sites

Akamai specialist Larry Cashdollar discovered a hacker group that uses hacked WordPress sites in an interesting way. First, hackers run fraudulent online stores over WordPress sites. Second, they poison XML maps to influence search results. Attackers use brute force attacks to gain access to the site administrator account, next they overwrite the main index file… Continue reading Hackers create scam e-commerce sites over hacked WordPress sites

KashmirBlack botnet is behind attacks on popular CMS including WordPress, Joomla and Drupal

Researchers from Imperva have found that the KashmirBlack botnet, active since the end of 2019, is behind attacks on hundreds of thousands of websites powered by popular CMS, including WordPress, Joomla, PrestaShop, Magneto, Drupal, vBulletin, osCommerce, OpenCart and Yeager. As a rule, a botnet uses the servers of infected resources to mine cryptocurrency, redirects legitimate… Continue reading KashmirBlack botnet is behind attacks on popular CMS including WordPress, Joomla and Drupal