Akamai has identified a new phishing kit that is being installed on hacked WordPress sites and targets PayPal users. The malware tries to steal the personal information of the victims, and also asks to take a selfie with identity documents. Let me remind you that we also wrote that Iranian Spear-Phishing Operation Targets US And… Continue reading Cybersecurity Researchers Discovered a New Phishing Kit targeting PayPal Users
Tag: WordPress
Ukraine Was Hit by DDoS Attacks from Hacked WordPress Sites
Ukrainian Computer Emergency Response Team (CERT-UA) said that Ukraine was hit by large-scale DDoS attacks. CERT-UA has published a report on ongoing DDoS attacks on Ukrainian websites and a government web portal. Unknown attackers compromise WordPress sites and inject malicious JavaScript code into the HTML structure. The script is base64 encoded to avoid detection like… Continue reading Ukraine Was Hit by DDoS Attacks from Hacked WordPress Sites
About 30% of critical vulnerabilities in WordPress plugins remain unpatched
Patchstack analysts have released a report on security and critical vulnerabilities in WordPress in 2021. Unfortunately, the picture turned out to be depressing, for example, it turned out that 29% of critical errors in WordPress plugins did not receive patches at all. In addition, the number of reported vulnerabilities has increased by 150% over the… Continue reading About 30% of critical vulnerabilities in WordPress plugins remain unpatched
Hackers create scam e-commerce sites over hacked WordPress sites
Akamai specialist Larry Cashdollar discovered a hacker group that uses hacked WordPress sites in an interesting way. First, hackers run fraudulent online stores over WordPress sites. Second, they poison XML maps to influence search results. Attackers use brute force attacks to gain access to the site administrator account, next they overwrite the main index file… Continue reading Hackers create scam e-commerce sites over hacked WordPress sites
KashmirBlack botnet is behind attacks on popular CMS including WordPress, Joomla and Drupal
Researchers from Imperva have found that the KashmirBlack botnet, active since the end of 2019, is behind attacks on hundreds of thousands of websites powered by popular CMS, including WordPress, Joomla, PrestaShop, Magneto, Drupal, vBulletin, osCommerce, OpenCart and Yeager. As a rule, a botnet uses the servers of infected resources to mine cryptocurrency, redirects legitimate… Continue reading KashmirBlack botnet is behind attacks on popular CMS including WordPress, Joomla and Drupal