Sites – Page 2 – OWASP Jakarta

WordPress Plugin Exploited to Steal Credit Card Data from E-commerce Sites

WordPress Plugin Exploited to Steal Credit Card Data from E-commerce Sites Unknown threat actors are abusing lesser-known code snippet plugins for WordPress to insert malicious PHP code in victim sites that are capable of harvesting credit card data. The campaign, observed by Sucuri on May 11, 2024, entails the abuse of a WordPress plugin Read more

By adminowasp, 1 year ago

News

Hackers Exploiting LiteSpeed Cache Bug to Gain Full Control of WordPress Sites

Hackers Exploiting LiteSpeed Cache Bug to Gain Full Control of WordPress Sites A high-severity flaw impacting the LiteSpeed Cache plugin for WordPress is being actively exploited by threat actors to create rogue admin accounts on susceptible websites. The findings come from WPScan, which said that the vulnerability (CVE-2023-40000, CVSS score: 8.3) has been leveraged to set up bogus Read more

By adminowasp, 1 year ago

News

Android Malware Wpeeper Uses Compromised WordPress Sites to Hide C2 Servers

Android Malware Wpeeper Uses Compromised WordPress Sites to Hide C2 Servers Cybersecurity researchers have discovered a previously undocumented malware targeting Android devices that uses compromised WordPress sites as relays for its actual command-and-control (C2) servers for detection evasion. The malware, codenamed Wpeeper, is an ELF binary that leverages the HTTPS protocol Read more

By adminowasp, 1 year ago

News

Hackers Exploiting WP-Automatic Plugin Bug to Create Admin Accounts on WordPress Sites

Hackers Exploiting WP-Automatic Plugin Bug to Create Admin Accounts on WordPress Sites Threat actors are attempting to actively exploit a critical security flaw in the WP‑Automatic plugin for WordPress that could allow site takeovers. The shortcoming, tracked as CVE-2024-27956, carries a CVSS score of 9.9 out of a maximum of 10. Read more

By adminowasp, 1 year ago

News

Massive Sign1 Campaign Infects 39,000+ WordPress Sites with Scam Redirects

Massive Sign1 Campaign Infects 39,000+ WordPress Sites with Scam Redirects A massive malware campaign dubbed Sign1 has compromised over 39,000 WordPress sites in the last six months, using malicious JavaScript injections to redirect users to scam sites. The most recent variant of the malware is estimated to have infected no less than Read more

By adminowasp, 1 year ago

News

Hackers Exploiting Popular Document Publishing Sites for Phishing Attacks

Hackers Exploiting Popular Document Publishing Sites for Phishing Attacks Threat actors are leveraging digital document publishing (DDP) sites hosted on platforms like FlipSnack, Issuu, Marq, Publuu, RelayTo, and Simplebooklet for carrying out phishing, credential harvesting, and session token theft, once again underscoring how threat actors are repurposing legitimate services for malicious ends. Read more

By adminowasp, 1 year ago

News

Hackers Using Sneaky HTML Smuggling to Deliver Malware via Fake Google Sites

Hackers Using Sneaky HTML Smuggling to Deliver Malware via Fake Google Sites Cybersecurity researchers have discovered a new malware campaign that leverages bogus Google Sites pages and HTML smuggling to distribute a commercial malware called AZORult in order to facilitate information theft. “It uses an unorthodox HTML smuggling technique where the malicious Read more

By adminowasp, 1 year ago

News

Malware Campaign Exploits Popup Builder WordPress Plugin to Infect 3,900+ Sites

Malware Campaign Exploits Popup Builder WordPress Plugin to Infect 3,900+ Sites A new malware campaign is leveraging a high-severity security flaw in the Popup Builder plugin for WordPress to inject malicious JavaScript code. According to Sucuri, the campaign has infected more than 3,900 sites over the past three weeks. “These attacks are Read more

By adminowasp, 1 year ago

News

Hacked WordPress Sites Abusing Visitors' Browsers for Distributed Brute-Force Attacks

Hacked WordPress Sites Abusing Visitors' Browsers for Distributed Brute-Force Attacks Threat actors are conducting brute-force attacks against WordPress sites by leveraging malicious JavaScript injections, new findings from Sucuri reveal. The attacks, which take the form of distributed brute-force attacks, “target WordPress websites from the browsers of completely innocent and unsuspecting Read more

By adminowasp, 1 year ago

News

Watch Out for Spoofed Zoom, Skype, Google Meet Sites Delivering Malware

Watch Out for Spoofed Zoom, Skype, Google Meet Sites Delivering Malware Threat actors have been leveraging fake websites advertising popular video conferencing software such as Google Meet, Skype, and Zoom to deliver a variety of malware targeting both Android and Windows users since December 2023. “The threat actor is distributing Read more

By adminowasp, 1 year ago