HackDig : Dig high-quality web security articles for hacker

Zero-Day flaws in 3 WordPress Plugins being exploited in the wild

Security experts at Wordfence reported that Zero-Day vulnerabilities in three different WordPress plugins have been exploited in the wild. Zero-day vulnerabilities in several WordPress plugins have been exploited by threat actors in the wild to hack vulnerable websites and deliver backdoors, the alarm was launched by security firm Wordfence. The attackers ha
Publish At:2017-10-04 22:40 | Read:2324 | Comments:0 | Tags:Breaking News Cyber Crime Hacking Cybercrime plugin Wordpres

Crooks spreads backdoor devised as a security WordPress Plugin

Experts from Sucuri discovered crooks are spreading a fake WordPress plugin dubbed X-WP-SPAM-SHIELD-PRO containing a backdoor. A fake WordPress plugin dubbed X-WP-SPAM-SHIELD-PRO containing a backdoor was spread by crooks abusing the popularity of WP-SpamShield Anti-Spam, a WordPress antispam tool. The WP-SpamShield Anti-Spam plugin has over 100,000 installs
Publish At:2017-09-30 07:30 | Read:2063 | Comments:0 | Tags:Breaking News Hacking Malware backdoor fake plugin Wordpress

WPSetup attack, hackers targets uncompleted WordPress installs

Attackers are using automated scans to target freshly installed WordPress websites, WordFence experts dubbed the technique WPSetup attack. According to experts at the WordPress security plugin WordFence, attackers are using automated scans to target freshly installed WordPress websites, taking advantage of administrators who fail to properly configure their
Publish At:2017-07-14 18:40 | Read:2074 | Comments:0 | Tags:Breaking News Hacking Wordpress WPSetup attack

Relying on Data to Mitigate the Risk of WordPress Website Hijacking

One of the most common methods cybercriminals use to deliver phishing and malware to unsuspecting users is compromising legitimate websites, such as those hosted on WordPress, to house their own malicious content for free. The URLs of compromised sites used for phishing attacks reach users through spam emails, allowing security professionals to keep track of
Publish At:2017-05-30 22:30 | Read:3233 | Comments:0 | Tags:Fraud Protection Risk Management Software & App Vulnerabilit

Security researcher disclosed a WordPress Password Reset Vulnerability

A researcher reported a WordPress Password Reset vulnerability, tracked as CVE-2017-8295, and detailed it in a security advisory. On Wednesday, the popular security experts Dawid Golunski reported a WordPress Password Reset vulnerability, tracked as CVE-2017-8295, and detailed it in a security advisory. Golunski classified the flaw as a “medium/high severity
Publish At:2017-05-05 03:00 | Read:1972 | Comments:0 | Tags:Breaking News Hacking CMS password reset vulnerability Wordp

Cybercrime – Interpol shutdown nearly 9,000 C&C servers in Asia hacked with a WordPress plug exploit

The Interpol located and shut down nearly 9,000 Command and control servers located in Asia and hacked with a WordPress plug-in exploit. An investigation conducted by the Interpol resulted in the identification of nearly 9,000 command and control servers located in Asia. The law enforcement body operated with the support of private partners, including Kasper
Publish At:2017-04-26 07:50 | Read:2489 | Comments:0 | Tags:Breaking News Cyber Crime Hacking botnet Cybercrime DDoS INT

The Sackcloth & Ashes of WordPress Security

This is my first blog in an ongoing “It’s Not Rocket Science” series featuring articles on Information security.“Security is not an absolute, it’s a continuous process and should be managed as such. Security is about risk reduction, not risk elimination, and risk will never be zero. It’s about employing the appropriate security controls tha
Publish At:2017-03-28 06:40 | Read:3815 | Comments:0 | Tags:Featured Articles IT Security and Data Protection CMS securi

WordPress 4.7.3 is out to fix 6 security issues, but CSRF flaw remains unpatched

WordPress 4.7.3 release is out to fix six security issues, but a CSRF vulnerability discovered in July 2016 remains unpatched. WordPress has issued a new security release, the WordPress 4.7.3 release, that addresses six security flaws, including three cross-site scripting (XSS) vulnerabilities.  The flaws were discovered by the security experts Chris Andrè D
Publish At:2017-03-08 06:00 | Read:2272 | Comments:0 | Tags:Breaking News Hacking CMS CSRF Pierluigi Paganini Security A

Over a million websites could be at risk from critical WordPress gallery plugin flaw

NextGEN Gallery is an extraordinarily popular plugin for self-hosted WordPress websites, having been downloaded over 16.5 million times.The software’s widespread popularity (it claims to have been “the industry’s standard WordPress gallery plugin” since 2007) makes it an seemingly obvious choice for website owners looking to add image
Publish At:2017-03-08 04:11 | Read:1954 | Comments:0 | Tags:Featured Articles IT Security and Data Protection SQL Inject

SQLi flaw in the NextGEN Gallery plugin exposes at risk of hack more than 1 Million WordPress Installs

More than 1 million WordPress website are at risk due to a critical SQL injection vulnerability in the NextGEN Gallery plugin. Update it asap. Security experts at Sucuri firm have identified a SQL injection flaw in the WordPress image gallery NextGEN Gallery that could be exploited by a remote to gain access to the targeted website’s backend, including sensi
Publish At:2017-03-01 19:40 | Read:2066 | Comments:0 | Tags:Breaking News Hacking CMS NextGEN Gallery plugin SQL injecti

WordPress content injection flaw abused in defacement campaigns

According to experts at the security firm Sucuri, a critical content injection flaw in WordPress recently disclosed has already been exploited to deface thousands of websites. Recently a critical vulnerability has been discovered in the WordPress CMS, it is a zero-day content injection flaw that affects the WordPress REST API. The vulnerability was discover
Publish At:2017-02-07 12:35 | Read:2434 | Comments:0 | Tags:Breaking News Hacking 0day content injection flaw defacement

Ignorance is Bliss? An Enormous WordPress Zero-Day has Been Secretly Fixed

What has happened?A severe zero-day vulnerability has been fixed in WordPress, which – if left unpatched – could allow a malicious attacker to modify the content of any post or page on a WordPress site.Woah! Any post or page could be hijacked?Yes, it’s as though you’ve handed the reins of your site over to a malicious hacker and said
Publish At:2017-02-02 20:10 | Read:3235 | Comments:0 | Tags:Featured Articles IT Security and Data Protection vulnerabil

Zero-day Content Injection Vulnerability found in WordPress

A new dangerous Zero-day Content Injection vulnerability has been discovered in the WordPress CMS, it affects the WordPress REST API. A new dangerous vulnerability has been discovered in the WordPress CMS, it is a zero-day content injection flaw in the WordPress REST API. The vulnerability discovered by a security researcher at firm Sucuri could be exploite
Publish At:2017-02-02 03:35 | Read:2192 | Comments:0 | Tags:Breaking News Hacking 0day Wordpress Zero-day Content Inject

Wordfence warns of a huge increase in brute force attacks on WordPress

Security experts from Wordfence observed a huge increase in Brute Force attacks in the last three weeks. The security firm Wordfence is warning the WordPress community of a spike in the number of brute force attacks against websites running WordPress. has increased significantly in December compared to the previous period. The researchers observed brute forc
Publish At:2016-12-20 18:25 | Read:2662 | Comments:0 | Tags:Breaking News Hacking brute force attacks Cybercrime Wordpre

More than 8,800 WordPress Plugins out of 44,705 are flawed

Security firm RIPS Technologies has analyzed 44,705 in the official WordPress plugins directory and discovered that more than 8,800 of them are flawed. Experts from the security company RIPS Technologies have conducted an interesting analysis of WordPress plugins. The researchers have analyzed 44,705 of the roughly 48,000 plugins available in the official Wo
Publish At:2016-12-16 22:10 | Read:2409 | Comments:0 | Tags:Hacking Reports Security hacking XSS SQL injection Wordpress

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud