Wordfence Research and News

Blog icon
Think Like a Hacker Episode 124
Newest

Episode 124: PrintNightmare 0Day Exploit Accidentally Leaked Online

Security researchers accidentally leaked zero-day exploit code for a new Windows bug, now called PrintNightmare, while easily exploitable vulnerabilities in the ProfilePress plugin, previously called WP User Avatar, were patched quickly. An unprotected cloud database containing over 814 million DreamHost user records was found online. Google Chrome is getting a HTTPS-only feature in an upcoming …
Read More

Think Like a Hacker Ep 120

Episode 120: Jetpack Autoupdate Security Patch Bypasses Local Settings

A security fix for an information leak vulnerability was pushed out to WordPress sites using Jetpack that bypassed local settings preventing autoupdates.
Think Like a Hacker Episode 117

Podcast 117: Cyber Attack on Colonial Pipeline Affects Fuel Availability in 17 States

A ransomware attack on Colonial Pipeline affected fuel availability in 17 southeastern US states, and Bloomberg reported that Colonial Pipeline paid $5 million to DarkSide, a Russian ransomware service provider.
Think Like a Hacker Ep 114

Episode 114: Trifecta of Compromises Affect Enterprise Systems

Attacks on unpatched SolarWinds systems continue. We’re now learning of a supply chain attack that started in late January 2021 affecting 29,000 customers of Codecov, as well as a zero-day under active attack affecting customers of PulseSecure VPN.
Wordfence think like a hacker 111

Episode 111: PHP Git Repository Compromised

The self-hosted Git repository for PHP was compromised, with attackers adding a backdoor to a development version of PHP 8.1.
Episode 109: Stop using sms 2fa

Episode 109: This Attack Will Make You Want to Stop Using SMS 2FA

An attack shows how a SMS enablement service was used to bypass SMS 2FA for $16.
Think Like a Hacker Episode 105

Episode 105: The Hottest Trend in WordPress

An analysis of WordPress-related search trends found that interest in WooCommerce related results dominated during 2020.

Episode 103: Wordfence Innovates with Machine Learning and Security for Schools

Wordfence opens the K-12 site audit and site cleaning service for publicly funded state schools worldwide.
Think Like a Hacker episode 102

Episode 102: Disruption Presents Opportunity

After a disruptive year in 2020, there are new challenges in 2021, but also immense opportunities in numerous fields.
Wordfence K-12 Site Cleaning and Audit Program

Announcing Free Site Cleaning & Site Security Audits for K-12 Public Schools

Update February 2, 2021: We are now expanding this program worldwide to include all public/state-funded schools serving students in K-12 programs (or the like) around the world.