Updates on WordPress security, Wordfence and what we're cooking in the lab today.

Author Archive: Kathy Zant

Wordfence Blog

Episode 124: PrintNightmare 0Day Exploit Accidentally Leaked Online

This entry was posted in Podcasts on July 02, 2021 by Kathy Zant   2 Replies

Security researchers accidentally leaked zero-day exploit code for a new Windows bug, now called PrintNightmare, while easily exploitable vulnerabilities in the ProfilePress plugin, previously called WP User Avatar, were patched quickly. An unprotected cloud database containing over 814 million DreamHost user records was found online. Google Chrome is getting a HTTPS-only feature in an upcoming …
Read More

Episode 120: Jetpack Autoupdate Security Patch Bypasses Local Settings

This entry was posted in Podcasts on June 04, 2021 by Kathy Zant   0 Replies

A security fix for an information leak vulnerability was pushed out to WordPress sites using Jetpack that bypassed local settings preventing autoupdates. A ransomware attack on JBS that shut down meat processing operations in the United States has been attributed to REvil, a private Russian ransomware-as-‚Äča-service operation. A critical zero-day vulnerability was discovered by the …
Read More

Podcast 117: Cyber Attack on Colonial Pipeline Affects Fuel Availability in 17 States

This entry was posted in Podcasts on May 14, 2021 by Kathy Zant   1 Reply

A ransomware attack on Colonial Pipeline affected fuel availability in 17 southeastern US states, and Bloomberg reported that Colonial Pipeline paid $5 million to DarkSide, a Russian ransomware service provider. The Biden Administration issued an executive order to increase US cybersecurity defenses. WordPress 5.7.2 was released to patch a critical object injection vulnerability in PHPMailer. …
Read More

Episode 114: Trifecta of Compromises Affect Enterprise Systems

This entry was posted in Podcasts on April 23, 2021 by Kathy Zant   0 Replies

Attacks on unpatched SolarWinds systems continue. We’re now learning of a supply chain attack that started in late January 2021 affecting 29,000 customers of Codecov, as well as a zero-day under active attack affecting customers of PulseSecure VPN. Customers of these three services are well known enterprise and government organizations. In the WordPress space, there …
Read More

Episode 111: PHP Git Repository Compromised

This entry was posted in Podcasts on April 02, 2021 by Kathy Zant   0 Replies

The self-hosted Git repository for PHP was compromised, with attackers adding a backdoor to a development version of PHP 8.1. The intrusion was detected by the PHP community quickly, and no production environments were affected. Ubiquiti experienced an intrusion in January that was far worse than originally reported; attackers gained access to nearly all of …
Read More

Episode 109: This Attack Will Make You Want to Stop Using SMS 2FA

This entry was posted in Podcasts on March 19, 2021 by Kathy Zant   0 Replies

An attack shows how a SMS enablement service was used to bypass SMS 2FA for $16. We discuss the recently patched vulnerabilities in Elementor affecting over 7 million WordPress sites and how easily these cross-site scripting vulnerabilities can be exploited. We also talk about the SQL Injection vulnerabilities in Tutor LMS. The data center fire …
Read More

Episode 105: The Hottest Trend in WordPress

This entry was posted in Podcasts on February 19, 2021 by Kathy Zant   2 Replies

An analysis of WordPress-related search trends found that interest in WooCommerce related results dominated during 2020. We discuss recent vulnerabilities discovered by our threat intelligence team in Ninja Forms, affecting over 1 million sites. WordPress issues a statement that pirated themes and plugins are prohibited on the repository. And a supply chain attack affects users …
Read More

Episode 103: Wordfence Innovates with Machine Learning and Security for Schools

This entry was posted in Podcasts on February 05, 2021 by Kathy Zant   0 Replies

Wordfence opens the K-12 site audit and site cleaning service for publicly funded state schools worldwide. Machine learning is now a big part of our malware identification process, which will speed new malware signatures to deployment for WordPress sites protected by Wordfence. A bug in Sudo can let attackers with access to a local system …
Read More

Episode 102: Disruption Presents Opportunity

This entry was posted in Podcasts on January 29, 2021 by Kathy Zant   0 Replies

After a disruptive year in 2020, there are new challenges in 2021, but also immense opportunities in numerous fields. In a deep and wide-ranging conversation, Mark Maunder and Kathy Zant discuss artificial intelligence, whether or not we’re living in simulation, cryptocurrencies and the opportunities of blockchain technology, open source communities and publishing, avoiding scams and …
Read More

Announcing Free Site Cleaning & Site Security Audits for K-12 Public Schools

This entry was posted in Wordfence on January 21, 2021 by Kathy Zant   6 Replies

Update February 2, 2021: We are now expanding this program worldwide to include all public/state-funded schools serving students in K-12 programs (or the like) around the world. Wordfence, the leading provider of WordPress security software and services, is announcing today that we are, effective immediately, offering free site cleaning and site security audit services to …
Read More

Follow Us


Protect your websites with the #1 WordPress Security Plugin

Get Premium
Over 200 million downloads

Wordfence Newsletter

Get WordPress Security Alerts and Product Updates