Get Started for FREE
Sign up with Facebook Sign up with X
I don't have a Facebook or a X account
 Your new post is loading...
Your new post is loading...
Scoop.it!
Multiple vulnerabilities in the WPML plugin that could allow attackers to access databases, delete site content, and gain administrative privileges have put as many as 400,000 websites at risk. 
No comment yet.
Sign up to comment
Scoop.it!
Legitimate sites forced to aid criminals' illicit botnet operations Hackers have hijacked more than 162,000 legitimate WordPress sites, connecting them to a criminal botnet and forcing them to mount distributed denial-of-service (DDoS) attacks, according to security firm Sucuri. Sucuri CTO Daniel Cid said the company uncovered the botnet when analysing an attack targeting one of its customers. Cid said Sucuri managed to trace the source of the attack to legitimate WordPress sites. "The most interesting part is that all the requests were coming from valid and legitimate WordPress sites. Yes, other WordPress sites were sending random requests at a very large scale and bringing the site down," read the blog.
Gust MEES's curator insight,
March 11, 2014 10:42 AM
Gust MEES's curator insight,
March 11, 2014 10:48 AM
Scoop.it!
The issue of hacked WordPress sites continues to persist, as evidenced by one victimized URL being used to host links to thousands if not millions or billions of shady pharmaceutical sites without the knowledge of the owners.
===> And, the team recommended the common-sense step of upgrading WordPress and all plugins to their latest versions. <===
Gust MEES's insight:
===> And, the team recommended the common-sense step of upgrading WordPress and all plugins to their latest versions. <===
Learn more:
- http://www.scoop.it/t/securite-pc-et-internet/?tag=WordPress
Gust MEES's curator insight,
December 11, 2013 6:39 PM
===> And, the team recommended the common-sense step of upgrading WordPress and all plugins to their latest versions. <===
Learn more:
- http://www.scoop.it/t/securite-pc-et-internet/?tag=WordPress
Scoop.it!
Automatic updating comes to self-hosted WordPress sites, with the hope of stamping out security vulnerabilities.
Scoop.it!
Researchers have concluded that 73% of the 40,000 most popular websites that use WordPress software are vulnerable to attack. But they admit they might be wrong. Even so, they still highlight an im...
Gust MEES's insight:
73.2% of the most popular WordPress installations are vulnerable to vulnerabilities which can be detected using free automated tools. Learn more: - http://www.scoop.it/t/securite-pc-et-internet/?tag=WordPress
Gust MEES's curator insight,
September 27, 2013 9:10 AM
73.2% of the most popular WordPress installations are vulnerable to vulnerabilities which can be detected using free automated tools.
Learn more:
- http://www.scoop.it/t/securite-pc-et-internet/?tag=WordPress
Scoop.it!
WordPress 3.5.2 is now available. This is the second maintenance release of 3.5, fixing 12 bugs.
===> This is a security release for all previous versions and we strongly encourage you to update your sites immediately. <===
Gust MEES's insight:
WordPress 3.5.2 is now available. This is the second maintenance release of 3.5, fixing 12 bugs. ===> This is a security release for all previous versions and we strongly encourage you to update your sites immediately. <=== The WordPress security team resolved seven security issues, and this release also contains some additional security hardening.
Gust MEES's curator insight,
June 21, 2013 5:14 PM
WordPress 3.5.2 is now available. This is the second maintenance release of 3.5, fixing 12 bugs.
===> This is a security release for all previous versions and we strongly encourage you to update your sites immediately. <===
The WordPress security team resolved seven security issues, and this release also contains some additional security hardening.
Gust MEES's curator insight,
June 21, 2013 5:15 PM
WordPress 3.5.2 is now available. This is the second maintenance release of 3.5, fixing 12 bugs.
===> This is a security release for all previous versions and we strongly encourage you to update your sites immediately. <===
The WordPress security team resolved seven security issues, and this release also contains some additional security hardening.
Scoop.it!
Gust MEES's insight:
Scoop.it!
There is a lot of interesting discussion going on at the moment across the interwebs on the intention of the latest string of Brute Force attacks, much of which
That finding comes from Arbor Networks, which said that attackers had compromised numerous PHP Web applications, such as Joomla, as well as many WordPress sites, many of which were using an outdated version of the TimThumb plug-in. After compromising the sites, attackers then loaded toolkits onto the sites that turned them into DDoS attack launch pads. – Information Week Security
Gust MEES's insight:
That finding comes from Arbor Networks, which said that attackers had compromised numerous PHP Web applications, such as Joomla, as well as many WordPress sites, many of which were using an outdated version of the TimThumb plug-in. After compromising the sites, attackers then loaded toolkits onto the sites that turned them into DDoS attack launch pads. – Information Week Security A MUST read to understand the WHY and HOW!!!
Gust MEES's curator insight,
April 13, 2013 9:56 AM
That finding comes from Arbor Networks, which said that attackers had compromised numerous PHP Web applications, such as Joomla, as well as many WordPress sites, many of which were using an outdated version of the TimThumb plug-in. After compromising the sites, attackers then loaded toolkits onto the sites that turned them into DDoS attack launch pads. – Information Week Security
A MUST read to understand the WHY and HOW!!!
Scoop.it!
If you have a web service that supports remote users, you will know that malevolent login attempts are an everyday occurrence.
Scoop.it!
WordPress Pingback Vulnerability Can Be Abused for DDOS Attacks
|
Scoop.it!
Web site security monitoring and malware removal Is my WordPress Site DDOS'ing others? Lately we are seeing many legitimate and clean WordPress sites being misused on DDOS attacks. We explain in more detail in our blog how it can happen. . Example of site being misused: here. If you have any questions, please contact us at labs@sucuri.net or hit us on Twitter - @Sucuri_Security. . ===> Check out if YOUR WordPress site is secure! <===
Gust MEES's insight:
===> Check out if YOUR WordPress site is secure! <===
Gust MEES's curator insight,
March 13, 2014 5:15 PM
===> Check out if YOUR WordPress site is secure! <===
Scoop.it!
Ce bulletin a été rédigé par Vigil@nce : http://vigilance.fr/offre SYNTHÈSE DE LA VULNÉRABILITÉ Un attaquant peut employer plusieurs vulnérabilités de (...) Gravité : 2/4 Date création : 24/01/2014 DESCRIPTION DE LA VULNÉRABILITÉ Plusieurs vulnérabilités ont été annoncées dans WordPress WP-E-Commerce. Un attaquant peut uploader un fichier illicite via save-data.functions.php, afin par exemple de déposer un Cheval de Troie. [grav:2/4] Un attaquant peut utiliser ajax.php, afin d’exécuter du code. [grav:2/4] Un attaquant peut utiliser display-sales-logs.php, afin d’exécuter du code. [grav:2/4] Un attaquant peut utiliser misc.functions.php, afin d’obtenir des informations sensibles. [grav:2/4] Un attaquant peut provoquer un Cross Site Scripting dans swfupload.swf, afin d’exécuter du code JavaScript dans le contexte du site web. [grav:2/4]
Gust MEES's insight:
Scoop.it!
Gust MEES's insight:
WordPress › AntiVirus « WordPress Plugins
Learn more:
- http://gustmees.wordpress.com/2013/06/23/ict-awareness-what-you-should-know/
Gust MEES's curator insight,
November 2, 2013 8:00 PM
WordPress › AntiVirus « WordPress Plugins
Learn more:
- http://gustmees.wordpress.com/2013/06/23/ict-awareness-what-you-should-know/
Training in Business's curator insight,
November 7, 2013 1:37 PM
WordPress › AntiVirus « WordPress Plugins
Scoop.it!
It’s being reported that hackers have seized control of a number of WordPress sites and are launching DDoS attacks against various websites.
Gust MEES's insight:
73.2% of the most popular WordPress installations are vulnerable to vulnerabilities which can be detected using free automated tools.
Learn more:
- http://www.scoop.it/t/securite-pc-et-internet/?tag=WordPress
Gust MEES's curator insight,
September 27, 2013 4:47 PM
73.2% of the most popular WordPress installations are vulnerable to vulnerabilities which can be detected using free automated tools.
Learn more:
- http://www.scoop.it/t/securite-pc-et-internet/?tag=WordPress
Scoop.it!
WordPress is one of the most popular content management system (CMS) in use and around 17% of the websites that are present on the internet these days are powered by this CMS.
Gust MEES's insight:
Scoop.it!
Gust MEES's insight:
Scoop.it!
An ongoing brute-force attack on WordPress-based websites has compromised more than 90,000 blogs, but there are simple ways to make sure your blog won't be next to fall.
Gust MEES's insight:
Scoop.it!
According to Sucuri, WordPress administrators who have been hacked should strongly consider taking the following steps to eradicate the intruders and infections:
- Log in to the administrative panel and remove any unfamiliar admin users (the first step after the attackers get in is to add a new user).
- Change all passwords for all admin users (and make sure all legitimate accounts are protected with strong passwords this time!)
- Update the secret keys inside WordPress, otherwise any rogue admin user can remain logged in.
===> Reinstall WordPress from scratch or revert to a known, safe backup. <===
Gust MEES's insight:
According to Sucuri, WordPress administrators who have been hacked should strongly consider taking the following steps to eradicate the intruders and infections:
- Log in to the administrative panel and remove any unfamiliar admin users (the first step after the attackers get in is to add a new user).
- Change all passwords for all admin users (and make sure all legitimate accounts are protected with strong passwords this time!)
- Update the secret keys inside WordPress, otherwise any rogue admin user can remain logged in.
- Reinstall WordPress from scratch or revert to a known, safe backup.
Check also:
- http://www.scoop.it/t/wordpress-annotum-for-education-science-journal-publishing?tag=WordPress
Gust MEES's curator insight,
April 13, 2013 9:20 AM
According to Sucuri, WordPress administrators who have been hacked should strongly consider taking the following steps to eradicate the intruders and infections:
- Log in to the administrative panel and remove any unfamiliar admin users (the first step after the attackers get in is to add a new user).
- Change all passwords for all admin users (and make sure all legitimate accounts are protected with strong passwords this time!)
- Update the secret keys inside WordPress, otherwise any rogue admin user can remain logged in.
- Reinstall WordPress from scratch or revert to a known, safe backup. Check also: - http://www.scoop.it/t/wordpress-annotum-for-education-science-journal-publishing?tag=WordPress
Scoop.it!
A security vulnerability in the WP Banners Lite plugin for WordPress sites allows an attacker to inject malicious html or javascript code.
Bart van Maanen's curator insight,
March 28, 2013 6:20 AM
Hoe minder plugins, hoe beter, blijft een goede aanbeveling. |
Multiple vulnerabilities in the WPML plugin that could allow attackers to access databases, delete site content, and gain administrative privileges have put as many as 400,000 websites at risk.
WPML is a popular WordPress plugin used for creating multi-lingual websites, and researchers have uncovered four critical vulnerabilities, the most serious being a SQL injection flaw that can allow unauthenticated access to the website’s database, exposing user details and password hashes.