HackDig : Dig high-quality web security articles

Massive Black hat SEO campaign used +15K WordPress sites

Experts warn of a malicious SEO campaign that has compromised over 15,000 WordPress websites to redirect visitors to fake Q&A portals. Since September 2022, researchers from security firm Sucuri have tracked a surge in WordPress malware redirecting website visitors to fake Q&A sites via ois[.]is. The campaign’s end goal appears to be bl
Publish At:2022-11-14 12:24 | Read:97446 | Comments:0 | Tags:Breaking News Hacking Malware black hat SEO hacking news inf

WordPress Security Update 6.0.3 Patches 16 Vulnerabilities

WordPress 6.0.3 started rolling out this week. The latest security release patches 16 vulnerabilities.WordPress 6.0.3 fixes nine stored and reflected cross-site scripting (XSS) vulnerabilities, as well as open redirect, data exposure, cross-site request forgery (CSRF), and SQL injection flaws.WordPress security company Defiant has shared a description of eac
Publish At:2022-10-19 11:03 | Read:116441 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities wordpress security

Wordpress plugin - WPvivid Backup - CVE-2022-2863.

=====[ Tempest Security Intelligence - ADV-15/2022]==========================Wordpress plugin - WPvivid Backup - Version < 0.9.76Author: Rodolfo TavaresTempest Security Intelligence - Recife, Pernambuco - Brazil=====[ Table of Contents]================================================== * Overview * Detailed description * Timeline of disclosure * Thanks &a
Publish At:2022-10-03 12:25 | Read:189027 | Comments:0 | Tags: wordpress

WPGateway WordPress plugin vulnerability could allow full site takeover

There’s been a few WordPress plugin vulnerabilities in the wild recently, and today we have another one to add to the list. Sometimes when word breaks of a WordPress plugin issue, a fix is already available and all you have to do is perform an update. On other occasions, the attack is live and out there doing damage with no fix yet available. Sadly, th
Publish At:2022-09-14 22:45 | Read:291273 | Comments:0 | Tags:News WPGateway WordPress plugin vulnerability CVE Vulnerabil

WordPress Sites Hacked via Zero-Day Vulnerability in WPGateway Plugin

Many WordPress sites are at risk of full compromise as attackers are actively exploiting a zero-day vulnerability in the WPGateway plugin, Defiant’s WordFence team warns.A premium plugin for the WPGateway cloud service, the WPGateway plugin provides users with WordPress installation, backup, and cloning capabilities.Tracked as CVE-2022-3180 (CVSS score of 9.
Publish At:2022-09-14 15:00 | Read:267581 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability wordpress

Threat actors are actively exploiting a zero-day in WPGateway WordPress plugin

Threat actors are actively exploiting a zero-day vulnerability in the WPGateway premium plugin to target WordPress websites. The Wordfence Threat Intelligence team reported that threat actors are actively exploiting a zero-day vulnerability (CVE-2022-3180) in the WPGateway premium plugin in attacks aimed at WordPress sites. The WPGateway plugin is a pr
Publish At:2022-09-14 03:00 | Read:232264 | Comments:0 | Tags:Breaking News Cyber Crime Hacking hacking news information s

BackupBuddy WordPress plugin vulnerable to exploitation, update now!

Users of WordPress may need to perform an urgent update related to the popular BackupBuddy plugin. BackupBuddy is a plugin which offers backup solutions designed to combat “hacks, malware, user error, deleted files, and running bad commands”. Unfortunately, running an older version of BackupBuddy could leave your site open to potential breaches.
Publish At:2022-09-13 22:45 | Read:243823 | Comments:0 | Tags:News BackupBuddy WordPress vulnerability exploit hack compro

Zero-day in WPGateway Wordpress plugin actively exploited in attacks

The Wordfence Threat Intelligence team warned today that WordPress sites are actively targeted with exploits targeting a zero-day vulnerability in the WPGateway premium plugin.WPGateway is a WordPress plugin that allows admins to simplify various tasks, including setting up and backing up sites and managing themes and plugins from a central dashboard.Th
Publish At:2022-09-13 16:43 | Read:200832 | Comments:0 | Tags:Security exploit wordpress

Vulnerability in BackupBuddy Plugin Exploited to Hack WordPress Sites

A recently resolved vulnerability in the BackupBuddy WordPress plugin has been exploited in malicious attacks since late August, Defiant’s Wordfence team warns.The BackupBuddy plugin, which has roughly 140,000 active installations, is meant to help WordPress site administrators easily manage their backup operations. The plugin allows users to store the backu
Publish At:2022-09-12 11:02 | Read:220996 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Vulnerabilities Cybe

Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of September 5, 2022

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of September 5th, 2022. I’ve also included some comments on these stories.Critical RCE Vulnerability Affects Zyxel NAS Devices — Firmwa
Publish At:2022-09-12 07:49 | Read:183767 | Comments:0 | Tags:VERT News Google Play RCE tools WordPress zero-day security

Experts warn of attacks exploiting zero-day in WordPress BackupBuddy plugin

Threat actors are exploiting a zero-day vulnerability in a WordPress plugin called BackupBuddy, Wordfence researchers warned. On September 6, 2022, the Wordfence Threat Intelligence team was informed of a vulnerability being actively exploited in the BackupBuddy WordPress plugin. This plugin allows users to back up an entire WordPress installation, includ
Publish At:2022-09-09 08:11 | Read:403358 | Comments:0 | Tags:Breaking News Hacking Security BackupBuddy hacking news info

Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of August 29, 2022

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of August 29th, 2022. I’ve also included some comments on these stories.WordPress 6.0.2 Patches Vulnerability That Could Impact Million
Publish At:2022-09-05 07:49 | Read:244807 | Comments:0 | Tags:VERT News API AWS iOS microsoft TikTok vulnerability WordPre

WordPress 6.0.2 Patches Vulnerability That Could Impact Millions of Legacy Sites

The WordPress team this week announced the release of version 6.0.2 of the content management system (CMS), with patches for three security bugs, including a high-severity SQL injection vulnerability.Identified in the WordPress Link functionality, previously known as ‘Bookmarks’, the issue only impacts older installations, as the capability is disabled by de
Publish At:2022-08-31 09:52 | Read:256660 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability wordpress

A study on malicious plugins in WordPress Marketplaces

A group of researchers from the Georgia Institute of Technology discovered malicious plugins on tens of thousands of WordPress sites. A team of researchers from the Georgia Institute of Technology has analyzed the backups of more than 400,000 unique web servers and discovered 47,337 malicious plugins installed on 24,931 unique WordPress websites. The expe
Publish At:2022-08-30 11:23 | Read:498383 | Comments:0 | Tags:Hacking Malware Reports Security Cybercrime hacking news inf

Malicious Plugins Found on 25,000 WordPress Websites: Study

Researchers at Georgia Institute of Technology have identified malicious plugins on tens of thousands of WordPress websites.An analysis of nightly backups of more than 400,000 unique web servers has revealed the existence of more than 47,000 malicious plugins installed on nearly 25,000 unique WordPress websites. More than 94% of these plugins (over 44,000) c
Publish At:2022-08-29 10:16 | Read:226678 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Virus & Malware

Announce

Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud