Wordfence Research and News

Blog icon
Category: PSA
Newest

PSA: Critical Vulnerability Patched in Ninja Forms WordPress Plugin

On June 16, 2022, the Wordfence Threat Intelligence team noticed a back-ported security update in Ninja Forms, a WordPress plugin with over one million active installations. As with all security updates in WordPress plugins and themes, our team analyzed the plugin to determine the exploitability and severity of the vulnerability that had been patched. We …
Read More

Millions of Attacks Target Tatsu Builder Plugin

The Wordfence Threat Intelligence team has been tracking a large-scale attack against a Remote Code Execution vulnerability in Tatsu Builder, which is tracked by CVE-2021-25094 and was publicly disclosed on March 24, 2022 by an independent security researcher. The issue is present in vulnerable versions of both the free and premium Tatsu Builder plugin. Tatsu …
Read More

Increase In Malware Sightings on GoDaddy Managed Hosting

Today, March 15, 2022, The Wordfence Incident Response team alerted our Threat Intelligence team to an increase in infected websites hosted on GoDaddy’s Managed WordPress service, which includes MediaTemple, tsoHost, 123Reg, Domain Factory, Heart Internet, and Host Europe Managed WordPress sites. These affected sites have a nearly identical backdoor prepended to the wp-config.php file. Of …
Read More

Entering a Higher State of Vigilance – Ukraine Under Attack

It appears that Russia has just commenced the invasion of Ukraine. Check your preferred international news outlet, but according to the Ukrainian foreign minister “Putin has just launched a full-scale invasion of Ukraine.” Ukrainian airspace is closed with flights diverting. The Twitter Safety account just started tweeting in Ukrainian, giving users instructions on how to: …
Read More

Post title on background showing lit matches

GoDaddy Breach Widens to tsoHost, Media Temple, 123Reg, Domain Factory, Heart Internet, and Host Europe

Yesterday GoDaddy disclosed a massive data breach impacting over 1.2 Million customers. Today, we received confirmation from GoDaddy that multiple brands that resell GoDaddy Managed WordPress were impacted. The brands impacted include: tsoHost Media Temple 123Reg Domain Factory Heart Internet Host Europe According to Dan Rice, VP of Corporate Communications at GoDaddy, “The GoDaddy brands …
Read More

post title on background showing laptop

GoDaddy Breached – Plaintext Passwords – 1.2M Affected

There is an update available here: GoDaddy Breach Widens to tsoHost, Media Temple, 123Reg, Domain Factory, Heart Internet, and Host Europe This morning, GoDaddy disclosed that an unknown attacker had gained unauthorized access to the system used to provision the company’s Managed WordPress sites, impacting up to 1.2 million of their WordPress customers. Note that this …
Read More

PSA: Widespread Remote Working Scam Underway

I’ve just gotten off the phone with a victim of the scam that I’m about to describe. This is impacting a lot of folks, so please do spread the word. It’s infuriating. I’ll be around to reply to your comments below, but please do not engage in victim-blaming, because until you’ve actually been hit by …
Read More

On Hacking and Responsible Disclosure.

It’s Not You. It’s Them. On Hacking and Responsible Disclosure.

A story was recently posted to Hacker News celebrating a hack of IoT devices at a school that let a student and their friends rickroll the school via a video system. On the one hand, this guy is my personal hero and I want to be them. But I’m a cybersecurity professional, I run a …
Read More

Featured image - Header text on background of padlock images on a screen

Malicious Attack Campaign Targeting Jetpack Users Reusing Passwords

The Wordfence Threat Intelligence and Site Cleaning teams have been tracking a malware campaign that redirects all site visitors to malvertising domains, while attempting to keep site administrators unaware of the infection. Since June 1, 2021, the number of sites we are tracking that have been infected with this malware has more than doubled, and …
Read More