Updates on CyberSecurity, WordPress and what we're cooking in the lab today.

Category Archive: Research

Top Tools for Security Analysts in 2018

This entry was posted in General Security, Research, WordPress Security on June 26, 2018 by Mikey Veenstra   4 Replies

Last spring, after discussing the tools and tech used by our team, we published a list of 51 Tools for Security Analysts. The article was well-received, and the comments offered some great suggestions to top it all off....read more

BabaYaga: The WordPress Malware That Eats Other Malware

This entry was posted in Research, WordPress Security on June 6, 2018 by Mikey Veenstra   15 Replies

Recently, Defiant's analysts have been tracking a particularly sophisticated malware infection responsible for generating spam links and redirection, while still remaining relatively difficult for victims to detect....read more

Hijacked WordPress.com Accounts Being Used To Infect Sites

This entry was posted in Research, WordPress Security on May 22, 2018 by Brad Haas   25 Replies

Update on May 23 at 11:50AM: A representative from WordPress.com reached out to us with the following statement:...read more

WordPress: Tracking Emerging Cryptomining Threats

This entry was posted in Research, Wordfence, WordPress Security on May 8, 2018 by Mark Maunder   16 Replies

This is a post written by James Yokobosky who works on the Defiant Threat Intelligence team. In his daily job he analyzes new WordPress threats as they emerge and adds detection capability to the Wordfence malware scanner. In addition to making sure we detect new malware, James also researches the pieces of malware we find to learn more about how they work, what they do and who is behind each campaign....read more

Service Vulnerability: MelbourneIT Fixes NFS Permissions Problem

This entry was posted in Research, Vulnerabilities on March 30, 2018 by Brad Haas   0 Replies

In February, we wrote about a vulnerability on three shared hosting services.  Following our Vulnerability Disclosure Policy, we had alerted them about vulnerable permissions on shared drives on their servers. They fixed the problem, making things safer both for their customers and for their customers' site visitors....read more

Three Plugins Backdoored in Supply Chain Attack

This entry was posted in Research, WordPress Security on December 27, 2017 by Dan Moen   54 Replies

In the last two weeks, the WordPress.org repository has closed three plugins because they contained content-injection backdoors. "Closing" a plugin means that it is no longer available for download from the repository, and will not show up in WordPress.org search results. Each of them had been purchased in the previous six months as part of the same supply chain attack, with the goal of injecting SEO spam into the sites running the plugins....read more

Massive Cryptomining Campaign Targeting WordPress Sites

This entry was posted in Research, WordPress Security on December 19, 2017 by Brad Haas   31 Replies

On Monday we wrote about the massive spike in brute force attacks on WordPress sites that we observed. As reported, it was the most intense period of attacks we had ever recorded. We believe that a single botnet is behind the attacks....read more

WordPress Plugin Banned for Crypto Mining

This entry was posted in Research on November 8, 2017 by Mark Maunder   30 Replies

The WordPress plugin repository recently removed a plugin known as "Animated Weather Widget by weatherfor.us." We dug a little deeper, and it appears that the plugin was removed for including JavaScript code that would mine cryptocurrency using the CPU resources of site visitors....read more

Cryptocurrency Miners Exploiting WordPress Sites

This entry was posted in Research, WordPress Security on October 26, 2017 by Brad Haas   11 Replies

During the last month, the information security media has paid a lot of attention to cryptocurrency mining malware. The Wordfence team has been monitoring the situation, and we are now starting to see attacks attempting to upload mining malware, and site cleaning customers that are already infected....read more

NGINX and PHP Malware Used in Petya/Nyetya Ransomware Attack

This entry was posted in General Security, Research on July 7, 2017 by Mark Maunder   5 Replies

Author's note: This is a technical blog post which I'm hoping server administrators and web hosting providers will find helpful. It also includes malware history and video footage which I hope you enjoy. ~Mark Maunder...read more

Get the latest WordPress security updates and news

Sign up for WordPress security alerts, Wordfence product updates and security news via email.