Updates on CyberSecurity, WordPress and what we're cooking in the lab today.

Category Archive: Miscellaneous

Breaking Out of Shells at DerbyCon

This entry was posted in Miscellaneous on October 12, 2018 by Nate Smith   0 Replies

I downloaded my first copy of BackTrack when I was 13. I had no idea what I was doing, or how to use it, but I knew that I was hooked. I’ve been fascinated with technology since I was a kid, so the idea that I could interact with that technology in new and unexpected ways was exciting. I followed my passion for technology into my adult life, but had always played it relatively safe. I got into satellite and other RF communications, then found myself working various IT roles. I worked my way up to an admin role for a hosting provider, decided it wasn’t for me, and found myself back where I originally started: information security. I began pursuing a career in InfoSec and rediscovered my passion for red team work, but felt disconnected from the community. I didn’t feel like I had the talent or experience required to get involved in any hackerspaces, and was holding myself back from interacting with other people like myself. This is a story of how I overcame that by doing something I’ve always wanted to do, but never had the social courage to take on: attend a security conference, and involve myself in a community that I’ve always admired from afar....read more

Known WordPress Threat Actor Under Investigation For Prescription-Free Online Pharmacy

This entry was posted in Miscellaneous on August 8, 2018 by Dan Moen   10 Replies

Last September we published a series of three blog posts exposing a threat actor who had purchased a number of WordPress plugins as part of an elaborate supply chain attack. This ownership enabled him to inject SEO spam into hundreds of thousands of websites, boosting search engine rankings for various illicit online businesses....read more

Hacked by an 11 Year Old

This entry was posted in Miscellaneous on May 3, 2018 by Mark Maunder   12 Replies

The Wordfence team recently sponsored and attended WordCamp Atlanta. Instead of doing the usual boring corporate thing with our booth, we decided to host a capture the flag, or CTF contest. A CTF is essentially a hacking contest. It is a series of puzzles that the contestant needs to solve. They might include decrypting an encrypted piece of text, performing a challenge involving a browser and website, or hacking into something we set up....read more

Remote Working: No Bad Hair Days at Wordfence

This entry was posted in Miscellaneous, Wordfence on February 23, 2017 by Mark Maunder   6 Replies

The core team at Wordfence is now 13 full-time employees, and with contractors we are a team of 29. We are still at that really fun size where you can have a full team meeting and everyone has a chance to have their say. Every day feels like a hacker conference where everyone knows everyone else, and we are here to help our customers be more secure....read more

Wide Impact: Highly Effective Gmail Phishing Technique Being Exploited

This entry was posted in General Security, Miscellaneous on January 12, 2017 by Mark Maunder   172 Replies

Update on February 24th: Chrome has resolved this issue to my satisfaction. Earlier this month they released Chrome 56.0.2924 which changes the location bar behavior. If you now view a data URL, the location bar shows a "Not Secure" message which should help users realize that they should not trust forms presented to them via a data URL. It will help prevent this specific phishing technique....read more

Election Hack Report FAQ: What You Need to Know

This entry was posted in General Security, Miscellaneous, Research, Wordfence, WordPress Security on January 2, 2017 by Mark Maunder   13 Replies

On Friday we published an analysis of the FBI and DHS Grizzly Steppe report. The report was widely seen as proof that Russian intelligence operatives hacked the US 2016 election. We showed that the PHP malware in the report is old, freely available from a Ukrainian hacker group and is an administrative tool for hackers....read more

US Govt Data Shows Russia Used Outdated Ukrainian PHP Malware

This entry was posted in General Security, Miscellaneous, Research, WordPress Security on December 30, 2016 by Mark Maunder   137 Replies

Update at 1am Pacific Time, Monday morning Jan 2nd: Please note that we have published a FAQ that accompanies this report. It contains a summary of our findings and answers several other questions our readers have had. It also provides some background on our methodology. You can read it either before or after reading this report. The original report follows:...read more

Commuting Kills

This entry was posted in Miscellaneous, Wordfence on August 12, 2015 by Mark Maunder   81 Replies

Every year we lose up to 10% of our electricity purely due to resistance during transmission. If you've ever wondered why a room-temperature superconductor is sought after, this is why. Thinking about superconductivity reminded me of the problem I have with companies who don't allow telecommuting. The way I see it, remote-workers are like work-place superconductivity: Brain power and productivity arrive instantly where they're needed with zero transmission cost....read more

A Malicious Del.icio.us?

This entry was posted in Miscellaneous on October 27, 2014 by Mark Maunder   23 Replies

Google blacklisted bit.ly several days ago in a move that caught many publishers off guard. We started seeing spotty reports of del.icio.us being blacklisted over the weekend and it has now gone full-blown with all del.icio.us links apparently being blacklisted by Chrome as hosting malware....read more

The Black War

This entry was posted in General Security, Miscellaneous on May 20, 2014 by Mark Maunder   2 Replies

The US Justice Department today indicted five Chinese Military officers for hacking. The DoJ alleges that the officers were hacking into US companies to steal trade secrets. Here's the official press release on FBI.gov....read more

Get the latest WordPress security updates and news

Sign up for WordPress security alerts, Wordfence product updates and security news via email.