User enumeration is a technique used by attackers to discover valid usernames associated with a CMS or website. By exploiting certain features, bad actors can compile a list of usernames, which can then be used to launch brute force attacks. These attacks systematically try various password combinations to gain unauthorized access to user accounts on […]
Tag Archives: WordPress Security
WordPress Vulnerability & Patch Roundup June 2024
Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. To help educate website owners about potential threats to their environments, we’ve compiled a list of important security updates and vulnerability patches for the WordPress ecosystem this […]
Hundreds of Websites Targeted by Fake Google Chrome Update Pop-Ups
Fake Browser Update campaigns are known for their deceptive tactics used by hackers to trick users into downloading malicious software. These campaigns typically involve injecting malicious code into a website, which then displays a popup message urging users to update their web browser. Clicking on the provided link usually results in downloading malware, such as […]
WordPress Vulnerability & Patch Roundup May 2024
Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. To help educate website owners about potential threats to their environments, we’ve compiled a list of important security updates and vulnerability patches for the WordPress ecosystem this […]
Server Side Credit Card Skimmer Lodged in Obscure Plugin
Attackers are always finding new ways to inject malware into websites and new ways to obscure it to avoid detection, but they’re always up to their same old tricks. In this post, we’ll explore how attackers are using a very obscure PHP snippet WordPress plugin to install server-side malware to harvest credit card details from […]
Mal.Metrica Redirects Users to Scam Sites
One of our analysts recently identified a new Mal.Metrica redirect scam on compromised websites, but one that requires a little bit of effort on the part of the victim. It’s another lesson for web users to be careful what they click on, and to be wary of anything suspicious that pops up in their browser […]
WordPress Vulnerability & Patch Roundup April 2024
Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. To help educate website owners about potential threats to their environments, we’ve compiled a list of important security updates and vulnerability patches for the WordPress ecosystem this […]
JavaScript Malware Switches to Server-Side Redirects & DNS TXT Records as TDS
Last August we documented a malware campaign that was injecting malicious JavaScript code into compromised WordPress sites to redirect site visitors to VexTrio domains. The most interesting thing about that malware was how it used dynamic DNS TXT records of the tracker-cloud[.]com domain to obtain redirect URLs. We’ve been tracking this campaign ever since — […]
WordPress Maintenance: Tasks & Best Practices
If you’re managing a WordPress site, it’s crucial to ensure it runs smoothly and securely. Many site owners worry that WordPress maintenance is a complex chore that requires a ton of technical expertise, but that’s not entirely true. This guide is here to show you the steps you can take on your own to help […]
Magento Shoplift: Ecommerce Malware Targets Both WordPress & Magento CMS
We often write about malware that steals payment information from sites built with Magento and other types of e-commerce CMS. However, WordPress has become a massive player in ecommerce as well, thanks to the adoption of Woocommerce and other plugins that can easily turn a WordPress site into a fully-featured online store. This popularity also […]