Updates on CyberSecurity, WordPress and what we're cooking in the lab today.

Category Archive: General Security

New Attacker Scanning for SSH Private Keys on Websites

This entry was posted in General Security, WordPress Security on October 18, 2017 by Mark Maunder   11 Replies

Wordfence is seeing a significant spike in SSH private key scanning activity. We are releasing this advisory to ensure that our customers and the broader WordPress community are aware of this new activity and of the risk of making private SSH keys public, and to explain how to avoid this problem....read more

PSA: Severe Vulnerability in All Wi-Fi Devices

This entry was posted in General Security on October 16, 2017 by Mark Maunder   77 Replies

This is a public service announcement (PSA) from the Wordfence team regarding a security issue that has a wide impact....read more

Gravityscan Lowers Price and Adds Free Trial

This entry was posted in General Security on October 5, 2017 by Mark Maunder   6 Replies

We have an exciting announcement today regarding the Gravityscan project. As you know the Wordfence team launched Gravityscan on May 16th of this year. Gravityscan is designed to provide malware and vulnerability scanning for any website....read more

The Man Behind Plugin Spam: Mason Soiza

This entry was posted in General Security, WordPress Security on September 13, 2017 by Mark Maunder   161 Replies

This post is part of a series. This is the second post and a follow-up to our first story titled "Display Widgets Plugin Includes Malicious Code to Publish Spam on WP Sites". There is a third post in this series which explains how the same spammer influenced a total of 9 WordPress plugins over a 4.5 year period....read more

Cyber Insurance: Should You Get It?

This entry was posted in General Security on September 5, 2017 by Mark Maunder   3 Replies

You have probably noticed the gradual increase in the number of ads over the past two years selling "cyber insurance," or insurance that covers a hack. The market for this kind of insurance has been growing....read more

Dreamhost is Under DDoS Attack

This entry was posted in General Security, WordPress Security on August 24, 2017 by Mark Maunder   32 Replies

Dreamhost is currently experiencing a DDoS attack. I am updating this post in real-time as the situation unfolds. Last update was at 10:46am PST. ~Mark Maunder...read more

PSA: 4.8 Million Affected by Chrome Extension Attacks Targeting Site Owners

This entry was posted in General Security on August 17, 2017 by Mark Maunder   27 Replies

This is a public service announcement from the Wordfence team regarding a security issue that has a wide impact. During the past 3 months, eight Chrome browser extensions were compromised and the attacker used them to steal Cloudflare credentials and serve up malicious ads....read more

NGINX and PHP Malware Used in Petya/Nyetya Ransomware Attack

This entry was posted in General Security, Research on July 7, 2017 by Mark Maunder   5 Replies

Author's note: This is a technical blog post which I'm hoping server administrators and web hosting providers will find helpful. It also includes malware history and video footage which I hope you enjoy. ~Mark Maunder...read more

PSA: Petya Ransomware Affecting Critical Systems Globally: Here’s What to Do.

This entry was posted in General Security on June 27, 2017 by Mark Maunder   37 Replies

Updated 3:19PM Pacific Time: A method to 'vaccinate' yourself against this ransomware variant has been found. I have posted details towards the end of the post along with a batch file you can run. It is as simple as creating the file C:\Windows\perfc and marking it read-only....read more

PSA: OneLogin Breached. Here’s What You Need to Do.

This entry was posted in General Security on June 1, 2017 by Mark Maunder   19 Replies

This is a public service announcement from Wordfence. We are sending this notice to the WordPress community due to the widespread nature and potential severity of this security issue. It has a high likelihood of impacting some of our readers and requires immediate action on their part....read more

Get the latest WordPress security updates and news

Sign up for WordPress security alerts, Wordfence product updates and security news via email.