This website uses cookies, pixels, and similar technologies (collectively “Cookies”) to improve your browsing experience. By clicking “Accept All”, you agree to the storing of Cookies on your device and that we may share, track, store, and analyze your interactions with the website to enhance site navigation, analyze site usage, and assist in our marketing efforts. For more information on our use of cookies please review our Cookie Policy.
Think Like a Hacker
Newest
Episode 125: Critical SQL Injection Vulnerability Patched in WooCommerce
A critical SQL injection vulnerability was discovered in WooCommerce, the most popular e-Commerce plugin used by over 5 million WordPress sites. The WordPress.org team pushed a forced security update ensuring that over 90 versions of WooCommerce were patched. The REvil ransomware gang targeted a zero-day vulnerability in Kaseya, used by many in the banking industry,…
Episode 124: PrintNightmare 0Day Exploit Accidentally Leaked Online
Security researchers accidentally leaked zero-day exploit code for a new Windows bug, now called PrintNightmare, while easily exploitable vulnerabilities in the ProfilePress plugin, previously called WP User Avatar, were patched quickly. An unprotected cloud database containing over 814 million DreamHost user records was found online. Google Chrome is getting a HTTPS-only feature in an upcoming…
July 2, 2021
Episode 123: Over 30 Million Dell Devices at Risk for Remote BIOS Attacks
Over 30 million Dell devices are at risk for remote BIOS attacks due to four separate security bugs, which can have far reaching effects for enterprise organizations heavily invested in Dell devices. VMware Carbon Black App Control has been updated this week to fix a critical-severity vulnerability that allows authentication bypass. Antivirus creator John McAffee…
June 25, 2021
Episode 122: Largest Password Dump in History Fuels Credential Stuffing Extravaganza
Sites running Jetpack are being infected via compromised WordPress.com credentials. The largest password dump ever with 8.4 billion passwords is used in credential stuffing attacks. Wordfence Threat Intelligence discloses new plugin vulnerabilities as well as a vulnerability at tsoHost. Data Breaches impact VW and EA, REvil compromises a nuclear weapons contractor, and TurboTax accounts are…
June 18, 2021
Episode 121: Wordfence is Now a CVE Numbering Authority (CNA)
Wordfence is now a CVE Numbering Authority, or a CNA. As a CNA, Wordfence can now assign CVE IDs for new vulnerabilities in WordPress Core, WordPress Plugins and WordPress Themes. An outage at Fastly takes down major websites including Reddit, Twitch, Amazon, and many others. Microsoft patches numerous Windows 0-day vulnerabilities, and Google patches a…
June 11, 2021
Episode 120: Jetpack Autoupdate Security Patch Bypasses Local Settings
A security fix for an information leak vulnerability was pushed out to WordPress sites using Jetpack that bypassed local settings preventing autoupdates. A ransomware attack on JBS that shut down meat processing operations in the United States has been attributed to REvil, a private Russian ransomware-as-a-service operation. A critical zero-day vulnerability was discovered by the…
June 4, 2021
Episode 119: Critical VMWare Vulnerability Threatens Data Centers
A Critical Vulnerability in VMWare’s vCenter Server threatens some of the largest data centers in the world. An actively exploited 0-day in macOS was used to take screen shots of infected computers. CodeCov claims another victim as Japanese e-Commerce unicorn Mercari reports a massive data breach. Domino’s India and Air India suffer from large-scale data…
May 28, 2021
Episode 118: Four Android Vulnerabilities Under Active Attack
Four memory corruption vulnerabilities are being actively exploited on Android devices and nearly 2 dozen popular Android apps exposed over 100 Million users’ sensitive information in cloud databases. Over 600,000 sites using WP Statistics required a patch to fix a blind SQL injection vulnerability. WP User Avatar undergoes a dramatic rebranding to ProfilePress, adding completely…
May 21, 2021
Podcast 117: Cyber Attack on Colonial Pipeline Affects Fuel Availability in 17 States
A ransomware attack on Colonial Pipeline affected fuel availability in 17 southeastern US states, and Bloomberg reported that Colonial Pipeline paid $5 million to DarkSide, a Russian ransomware service provider. The Biden Administration issued an executive order to increase US cybersecurity defenses. WordPress 5.7.2 was released to patch a critical object injection vulnerability in PHPMailer.…
May 14, 2021
Episode 116: Packagist Patch Shows How Supply Chain Threats Could Impact WordPress
A vulnerability discovered in Packagist, which is used by Composer to manage PHP package requests, could have allowed attackers to trick Composer into downloading backdoored source code, potentially affecting all WordPress sites. Packagist reports that it’s not aware of any exploits. A SQL injection vulnerability was patched in the CleanTalk AntiSpam plugin installed on over…
May 6, 2021
The Official Wordfence Mailing List
Receive WordPress security news before publication.
Episode 115: Update Your Mac: Gatekeeper Bypass Vulnerability Exploited in the Wild
Apple patches a gatekeeper bypass vulnerability that has been exploited in the wild on MacOS. Though this vulnerability requires some social engineering to exploit, it is believed to have been actively exploited since January 9, 2021. Some Digital Ocean customers were affected by a data breach exposing personally identifiable information. A WordPress trac conversation considers…
April 30, 2021
Episode 114: Trifecta of Compromises Affect Enterprise Systems
Attacks on unpatched SolarWinds systems continue. We’re now learning of a supply chain attack that started in late January 2021 affecting 29,000 customers of Codecov, as well as a zero-day under active attack affecting customers of PulseSecure VPN. Customers of these three services are well known enterprise and government organizations. In the WordPress space, there…
April 23, 2021
Episode 113: An Unprecedented FBI Operation Removes Webshells from Infected Exchange Servers
An FBI initiative began remotely removing webshells from infected Microsoft Exchange servers. WordPress 5.7.1 was released with a few security patches. Over 15 Elementor add on plugins were found to have vulnerabilities similar to those found in the main Elementor plugin; these additional plugin vulnerabilities affected over 3.5 million sites with over 100 vulnerable endpoints.…
April 16, 2021
Episode 112: Wix Takes Aim at WordPress With New Ad Campaign
A new Wix ad campaign targets WordPress but ends up being tone deaf in both content and strategy. New details emerge about the PHP compromise, but the full story remains unclear. Facebook user data from 2019 ends up on the dark web, and Have I Been Pwned adds a phone number check to help users…
April 9, 2021
Episode 111: PHP Git Repository Compromised
The self-hosted Git repository for PHP was compromised, with attackers adding a backdoor to a development version of PHP 8.1. The intrusion was detected by the PHP community quickly, and no production environments were affected. Ubiquiti experienced an intrusion in January that was far worse than originally reported; attackers gained access to nearly all of…
April 2, 2021
Episode 110: Active Exploitation Continues on Unpatched Thrive Themes
An active exploitation of recently patched vulnerabilities in Thrive Themes continues, and new attackers are unsuccessfully attempting the same exploit chain. Two vulnerabilities are patched in the Facebook for WordPress plugin installed on over half a million sites. Google Chrome version 90 will use HTTPS by default, bringing significant improvements to speed and security. A…
March 26, 2021
Episode 109: This Attack Will Make You Want to Stop Using SMS 2FA
An attack shows how a SMS enablement service was used to bypass SMS 2FA for $16. We discuss the recently patched vulnerabilities in Elementor affecting over 7 million WordPress sites and how easily these cross-site scripting vulnerabilities can be exploited. We also talk about the SQL Injection vulnerabilities in Tutor LMS. The data center fire…
March 19, 2021
Episode 108: Hack Exposes 150,000 Security Cameras at Tesla, Cloudflare and Others
A data breach exposes 150,000 security cameras used by organizations around the world, including Tesla and Cloudflare. State-sponsored hacking groups exploit Microsoft Exchange vulnerabilities. A fire in a French data center belonging to hosting company OVH affects millions of websites, including some prominent WordPress services like Imagify and WP Rocket. WordPress 5.7 was released this…
Episode 107: Two Plugin Vulnerabilities Target File Upload Capabilities
The Wordfence Threat intelligence team finds vulnerabilities in two plugins, the User Profile Picture plugin and the WooCommerce Upload Files plugin. WordPress 5.7 is set to release on Tuesday, March 9 with numerous enhancements for the block editor, a new robots.txt API, and a stay of execution on jQuery-migrate. A zero day affecting Microsoft Exchange…