HackDig : Dig high-quality web security articles for hackers

A new e-skimmer found on WordPress site using the WooCommerce plugin

Experts discovered a new e-skimmer employed in MageCart attacks against WordPress websites using the WooCommerce plugin. Experts from security firm Sucuri discovered a new e-skimmer software that is different from similar malware used in Magecart attacks. The new software skimmed was employed in attacks on the WordPress-based e-store using the WooCommerce
Publish At:2020-04-12 07:49 | Read:528 | Comments:0 | Tags:Breaking News Hacking Security hacking news information secu

Don’t get locked out of your own website – update this WordPress plugin now!

byPaul DucklinResearchers at WordFence, a company that provides cybersecurity services for WordPress users, has warned of two security problems in a popular WordPress plugin called Rank Math.That’s “math” as in “calculations relating to” and “rank” as in “search engine rating”, not “rank math”
Publish At:2020-04-02 14:22 | Read:465 | Comments:0 | Tags:Vulnerability Plugins Rank Math REST vulnerability Wordpress

A critical flaw in Rank Math WordPress plugin allows hackers to give users Admins privileges

A critical privilege escalation flaw in the WordPress SEO Plugin – Rank Math plugin can allow registered users to gain administrator privileges. Defiant’s Wordfence Threat Intelligence team discovered a critical privilege escalation vulnerability in the WordPress SEO Plugin – Rank Math plugin that could allow attackers to give administrator privileg
Publish At:2020-03-31 20:02 | Read:353 | Comments:0 | Tags:Breaking News Hacking information security news it security

WordPress WP-VCD malware delivered via pirated Coronavirus plugins

Crooks behind the WordPress WP-VCD malware are distributing pirated versions of the Coronavirus plugins that inject a backdoor into websites. behind the WordPress WP-VCD malware are distributing pirated versions of the Coronavirus plugins that inject a backdoor into websites The malware was first spotted in July 2017 by the Italian security expert Man
Publish At:2020-03-26 07:15 | Read:382 | Comments:0 | Tags:Breaking News Cyber Crime Malware covid19 hacking news infor

Flaws in the Popup Builder WordPress plugin expose 100K+ websites to hack

Flaws in the Popup Builder WordPress plugin could allow unauthenticated attackers to inject malicious JavaScript code into popups of 100K+ websites. The Popup Builder WordPress plugin is affected by security flaws that could be exploited by unauthenticated attackers to inject malicious JavaScript code into popups displayed on websites using it. More th
Publish At:2020-03-13 08:12 | Read:486 | Comments:0 | Tags:Breaking News Hacking hacking news information security news

XSS plugin vulnerabilities plague WordPress users

byDanny BradburyThousands of active WordPress plugins have been hit with a swathe of cross-site scripting (XSS) vulnerabilities that could give attackers complete control of sites. One of the affected plugins was designed to work with the popular WordPress ecommerce system WooCommerce.Researchers at NinTechNet found a vulnerability in the WordPress Flexible
Publish At:2020-03-03 08:07 | Read:399 | Comments:0 | Tags:Security threats Vulnerability Async cross-site scripting Fl

Crooks are attempting to take over tens of thousands of WordPress sites

Threat actors are launching a hacking campaign aimed at taking over tens of thousands of WordPress sites by exploiting critical vulnerabilities. One of the issues exploited in the attacks is a zero-day vulnerability that affects several plugins and that could allow hackers to create admin accounts and take over the sites. Researchers at NinTechNet repo
Publish At:2020-02-29 15:01 | Read:461 | Comments:0 | Tags:Breaking News Cyber Crime Hacking hacking news it security i

The Amazon Prime phishing attack that wasn’t…

byPaul DucklinEarlier this week, we received a moderately believable Amazon Prime phish via email.The scam had an Account Locked subject line, with a warning that we wouldn’t be able to buy or sell anything via Amazon’s services until we verified our account.To add a bit more fear and urgency, the crooks went on to warn us that if we didn’t
Publish At:2020-02-21 14:11 | Read:638 | Comments:0 | Tags:Phishing Backdoor phishing Wordpress

Hackers are actively exploiting a Zero-Day in WordPress ThemeREX Plugin to create Admin Accounts

A new flaw was discovered in a WordPress plugin, this time experts found a zero-day vulnerability in the ThemeREX Addons to create admin accounts. Security experts from WordFence have discovered a zero-day vulnerability in the ThemeREX Addons that was actively exploited by hackers in the wild to create user accounts with admin permissions. According t
Publish At:2020-02-20 03:27 | Read:511 | Comments:0 | Tags:Breaking News Hacking information security news it security

Flaw in WordPress ThemeGrill Demo Importer WordPress theme plugin expose 200K+ sites to hack

A serious flaw in the ThemeGrill Demo Importer WordPress theme plugin with over 200,000 active installs can be exploited to wipe sites and gain admin access to the site. Experts from the security firm WebARX have discovered a serious flaw in the WordPress theme plugin ThemeGrill Demo Importer with over 200,000 active installs. The vulnerability could be e
Publish At:2020-02-18 05:58 | Read:630 | Comments:0 | Tags:Breaking News Hacking hacking news it security it security n

Cookie-nabbing app could have served users side helping of XSS

byDanny BradburyA popular GDPR compliance WordPress plugin vendor has patched a flaw that rendered both site visitors and admins vulnerable to cookie-stealing cross-site scripting (XSS) attacks.The GDPR Cookie Consent plugin, created by WebToffee, claims over 700,000 users. The plug-in is a notification app that begs you to accept cookies when you first visi
Publish At:2020-02-15 12:43 | Read:481 | Comments:0 | Tags:Security threats Cookie consent cookies cross-site scripting

A week in security (October 28 – November 3)

Last week on Malwarebytes Labs, we celebrated the birth of the Internet 50 years ago, highlighted reports about the US Federal Trade Commission (FTC) filing a case against stalkerware developer Retina-X, issued a PSI on disaster donation scams, looked at the top cybersecurity challenged SMBs face, and provided guidance to journalists on how they can defend t
Publish At:2019-11-11 23:20 | Read:1045 | Comments:0 | Tags:A week in security Adobe Creative Cloud advanced persistent

Activity wrap-up including polyglots, RIPS, UploadScanner and Java fuzzing

A tweet of takesako including a C/C++/Perl/Ruby/Python polyglot got me interested, so I created two follow-up polyglots based on his work and put them on github. Recently I also evaluated the RIPS PHP scanner and I did that with some randomly chosen WordPress plugins. Afterwards I manually looked at the code of the plugins, to see if the scanner missed anyth
Publish At:2019-09-19 18:20 | Read:748 | Comments:0 | Tags:Various area41 Java security manager Java security policy PH

Zero-Day flaws in 3 WordPress Plugins being exploited in the wild

Security experts at Wordfence reported that Zero-Day vulnerabilities in three different WordPress plugins have been exploited in the wild. Zero-day vulnerabilities in several WordPress plugins have been exploited by threat actors in the wild to hack vulnerable websites and deliver backdoors, the alarm was launched by security firm Wordfence. The attackers ha
Publish At:2017-10-04 22:40 | Read:3891 | Comments:0 | Tags:Breaking News Cyber Crime Hacking Cybercrime plugin Wordpres

Crooks spreads backdoor devised as a security WordPress Plugin

Experts from Sucuri discovered crooks are spreading a fake WordPress plugin dubbed X-WP-SPAM-SHIELD-PRO containing a backdoor. A fake WordPress plugin dubbed X-WP-SPAM-SHIELD-PRO containing a backdoor was spread by crooks abusing the popularity of WP-SpamShield Anti-Spam, a WordPress antispam tool. The WP-SpamShield Anti-Spam plugin has over 100,000 installs
Publish At:2017-09-30 07:30 | Read:3619 | Comments:0 | Tags:Breaking News Hacking Malware backdoor fake plugin Wordpress

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud