Updates on WordPress security, Wordfence and what we're cooking in the lab today.

Category Archive: Podcasts

Wordfence Blog

Episode 87: Vulnerabilities Affect Discount Rules for WooCommerce Plugin, ModSecurity & Windows

This entry was posted in Podcasts on September 18, 2020 by Scott Miller   0 Replies

Vulnerabilities were recently patched in the Discount Rules for WooCommerce plugin installed on over 40,000 WordPress sites. Developers from OWASP Core Rule Set said ModSecurity v3 is exposed to denial of service exploits, though the maintainers of ModSecurity reject that claim. A severe vulnerability called Zerologon in Windows Netlogon was patched in August; this bug …
Read More

Episode 86: War of the Hackers

This entry was posted in Podcasts on September 11, 2020 by Scott Miller   0 Replies

Millions of attacks have been targeting the recent File Manager plugin zero-day vulnerability discovered last week. Two attackers are vying for control over sites compromised through the vulnerability. A security researcher has revealed that specially crafted Windows 10 themes can be used to perform Pass-the-Hash attacks. A database belonging to the Digital Point webmaster forum …
Read More

Episode 85: 0Day in File Manager Plugin and WordPress 5.5.1 Fixes Broken Sites

This entry was posted in Podcasts on September 04, 2020 by Scott Miller   0 Replies

Over 700,000 WordPress users were affected by a zero-day vulnerability in the File Manager plugin, and the WordPress 5.5.1 release fixed millions of sites affected by deprecation of jQuery Migrate. SendGrid is under siege from spammers using hacked accounts, and Apple approves a notorious malware variant to run on Macs. Here are timestamps and links …
Read More

Episode 84: Google Chrome Plans to Implement Insecure Form Warnings

This entry was posted in Podcasts on August 28, 2020 by Scott Miller   0 Replies

The Google Chrome web browser has a high-severity vulnerability that could be used to execute arbitrary code, which has been fixed in Chrome version 85. Google also announced that Chrome 86 will alert users if a form submission is using the insecure HTTP protocol, making it a good time to audit older sites that may …
Read More

Episode 83: 100,000 Sites Impacted by Vulnerabilities in Advanced Access Manager

This entry was posted in Podcasts on August 21, 2020 by Scott Miller   0 Replies

The Wordfence Threat Intelligence team discovered vulnerabilities in the Advanced Access Manager plugin installed on over 100,000 WordPress sites. A high severity authorization bypass could lead to privilege escalation and site takeover. Critical vulnerabilities found in the Quiz and Survey Master plugin could also lead to site takeover on the 30,000 WP sites using the …
Read More

Episode 82: Important Changes in the WordPress 5.5 Update

This entry was posted in Podcasts on August 13, 2020 by Scott Miller   0 Replies

WordPress 5.5 was released on August 11 with a number of important updates, including a new feature allowing auto-updates of themes and plugins as well as changes to the block editor. The popular Astra theme was suspended from the repository for having affiliate links in the code. A vulnerability found in Google Chromium browsers could …
Read More

Episode 81: Critical Vulnerability Exposes over 700,000 Sites Using Divi, Extra, and Divi Builder

This entry was posted in Podcasts on August 07, 2020 by Scott Miller   0 Replies

Our Threat Intelligence team disclosed numerous vulnerabilities this week, including a critical vulnerability in the Divi and Extra themes as well as the Divi Builder plugin. In total, this vulnerability affected over 700,000 sites. A vulnerability found in The Official Facebook Chat Plugin created a vector for social engineering attacks as it allowed an attacker …
Read More

Episode 80: Critical File Upload Vulnerability in wpDiscuz Plugin

This entry was posted in Podcasts on July 30, 2020 by Scott Miller   0 Replies

In this week’s news, our Threat Intelligence team discovered a vulnerability in the wpDiscuz plugin, affecting over 80,000 WordPress sites. A blind SQL injection attack affected analytics service Waydev, exposing OAuth tokens for GitHub repositories for software companies, leading to further breaches. A debate about problematic admin notices on the WordPress admin dashboard has many …
Read More

Episode 79: High Profile Twitter Accounts Compromised in Coordinated Attack

This entry was posted in Podcasts on July 17, 2020 by Kathy Zant   0 Replies

A number of high profile Twitter accounts including those of Elon Musk, Apple, Uber, Bill Gates, Joe Biden and others were compromised as a part of a coordinated bitcoin scam attack. The attack lasted a few hours and netted the attackers about $100,000 worth of bitcoin. We talk about how this attack could have possibly …
Read More

Episode 78: Targeted Phishing Bypassing Security Checks and a new DDoS Record

This entry was posted in Podcasts on June 22, 2020 by Kathy Zant   0 Replies

This week, we look at some targeted phishing attacks that are bypassing Microsoft Outlook’s protective filters, and phishing campaigns using calendar invitations to target unsuspecting recipients. We also look at some successful bitcoin scams and a new record for a massive DDoS attack that targeted an AWS customer. Drupal pushes out some security fixes, and …
Read More

Follow Us

      


Protect your websites with the #1 WordPress Security Plugin

Get Premium
Over 150 million downloads

Wordfence Newsletter

Get WordPress Security Alerts and Product Updates