Telecoms don’t protect users from government overreach
The data stored on our mobile phones, laptops, and especially our online services can, when aggregated, paint a detailed picture of our lives—where we go, who we see, what we …
WordPress
WordPress announces bug bounty program
WordPress Foundation is the latest organization to publicly announce a bug bounty program set up on the HackerOne platform. What’s in scope of the WordPress bug bounty …
WordPress admins, take note: RCE and password reset vulnerabilities revealed
Independent security researcher Dawid Golunski has released a proof-of-concept exploit code for an unauthenticated remote code execution vulnerability in WordPress 4.6 …
20,000-bots-strong Sathurbot botnet grows by compromising WordPress sites
A 20,000-bots-strong botnet is probing WordPress sites, trying to compromise them and spread a backdoor downloader Trojan called Sathurbot as far and as wide as possible. …
Fake SEO plugin backdoors WordPress installations
Administrators of WordPress sites, beware! A fake SEO plugin is being used by attackers to compromise WP installations. The plugin in question is named WP-Base-SEO, and is a …
Organizations still vulnerable to brute force attacks
While increases in malware are clearly a major threat to both enterprises and service providers, network complexity is creating its own vulnerability, according to Ixia. The …
Tens of thousands WordPress sites defaced, SEO spam to follow
Attackers are actively exploiting the recently patched unauthenticated privilege escalation vulnerability in WordPress’ REST API to deface websites. Sucuri, the company …
WordPress kept users and hackers in the dark while secretly fixing critical zero-day
Last week WordPress released the newest version (4.7.2) of the popular CMS, ostensibly fixing three security issues affecting versions 4.7.1 and earlier. What the WordPress …
WordPress 4.6.1 upgrades security, fixes 15 bugs
WordPress 4.6.1 is now available. This is a security release for all previous versions and all users are strongly encouraged to update their sites immediately. The two …
Spammers modify sites’ core WordPress files for long-lasting compromise
In their quest to compromise WordPress installations and prevent site owners from discovering it and cleaning up the website, blackhat SEO spammers have turned to modifying …
