Think Like a Hacker with Wordfence

Our threat intelligence team discovered a vulnerability in the wpDiscuz plugin, affecting over 80,000 sites. A blind SQL injection attack affected analytics service WayDev, exposing OAuth tokens for GitHub repositories for software companies, leading to further breaches. A debate about problematic admin notices on the WordPress admin dashboard has many wondering how to best solve the issue, while WordCamps move to all virtual in 2020. Garmin's ransomware attack takes down more than step counting.

A number of high profile Twitter accounts including those of Elon Musk, Apple, Uber, Bill Gates, Joe Biden & others were compromised as part of a coordinated bitcoin scam attack. The attack lasted a few hours and netted the attackers about $100k worth of bitcoin. We talk about how this attack could have happened & lessons for businesses with remote workers accessing company systems. We also discuss a vulnerability we discovered in the All in One SEO Pack plugin used by 2+ million WP sites.

This week, we look at some targeted phishing attacks that are bypassing Microsoft Outlook’s protective filters, and phishing campaigns using calendar invitations to target unsuspecting recipients. We also look at some successful bitcoin scams and a new record for a massive DDoS attack that targeted an AWS customer. Drupal pushes out some security fixes, and zero-day vulnerabilities found in numerous Netgear routers.

This week, we look at the WP 5.4.2 release and a ransomware bitcoin scam targeting site owners with a “You’ve Been Hacked” email. We also look at an FBI warning about online banking app malware, the Verizon data breach report and what is says about WordPress, and how some white hat hackers are becoming millionaires by responsibly disclosing vulnerabilities via HackerOne.

We cover an active attack campaign targeting WordPress sites and numerous plugin vulnerabilities. This active attack campaign has been ongoing and has outpaced all other attacks on WordPress vulnerabilities. Our threat intelligence team has been tracking this attacker for months now, and we’re seeing these attacks intensifying. We also look at vulnerabilities found in Google's Site Kit plugin, the Page Builder by SiteOrigin, as well as a 0day exploit targeting Elementor Pro sites.

The Wordfence Threat Intelligence team unpacked security updates in WordPress 5.4.1, & wrote about plugin vulnerabilities in popular plugins like Ninja Forms, LearnPress, & the Real-Time Find and Replace plugin. We also look at how a Cross Site Request Forgery attack works & how to thwart these attacks. There are more scams targeting COVID-19 fears, Google is crackdown on Chrome extensions, & the privacy concerns of many in the information security field surrounding the contact tracing initiatives.

Stories this week about targeted attacks using 0days in iOS devices & a sophisticated phone scam targeting a security professional that ended with a $9,800 wire transfer underscore that malicious attacks are becoming increasingly sophisticated. We also cover a plugin vulnerability in the MapPress Maps plugin affecting over 80k WordPress sites, Google’s report that they’re seeing more than 18M daily malware & phishing emails. We also cover Frontity's funding & what this might mean for WordPress.

The FTC is reporting numerous scams with over $12 million lost to Coronavirus-related scams. We also cover BBB warnings against oversharing on social media, Zoom credentials found on the dark web, Google's removal of malicious Chrome extensions, & recent plugin/theme vulnerabilities. We chat with Adam Silver, host of the KitchenSinkWP podcast, celebrating 6 years of podcasting. We ask Adam about his consistent success, experiences with WordCamps, & the impact of Open, the film about the WordPress community.

This week, we look at what’s new in WordPress 5.4, including that distraction free editing is now on by default. We also look at new plugin vulnerabilities, including Rank Math and a Contact From 7 helper plugin. We review the new updates to Fast or Slow, the free global website speed profiler. We also talk about Zoom’s recent security and privacy issues, including a recent discovery by a security researcher who found recordings of meetings containing sensitive information on Zoom’s cloud service.

With many of us under either lockdown or shelter-in-place orders due to the COVID-19/Corona virus, fear and stress are rampant. This additional stress lowers our critical thinking capabilities and increases our vulnerability. Hackers targeting these human vulnerabilities are using the global pandemic to attempt exploitation through numerous scams and phishing campaigns. We also cover plugin vulnerabilities as well as a new product from Wordfence, Fast or Slow, a global website speed profiler.

We chat with Jon Bius, a web developer at Biz Tools One, an agency in Fayetteville, NC, about how they use customer education to build relationships and differentiate their business. We also cover two plugins with vulnerabilities, more cancelled WordCamps, some hackers taking advantage of the fear surrounding COVID-19, the rise of remote work, and what’s coming with full screen editing in WordPress 5.4.

Elementor announced that they've received $15 million in venture funding. After topping 4 million plugin installations in January, it appears that Elementor is on a path to do some big things with WordPress. This week, we chat with Elementor CRO Kfir Bitton asking how Elementor grew so quickly, what's next for this plugin-turned-platform. We also have news: how COVID-19 is affecting WordCamps, the Let's Encrypt domain control validation bug, and a coupon creation vulnerability in WooCommerce Smart Coupons.

This week, we review numerous plugin vulnerabilities in popular WordPress plugins & the attacks that are targeting them. We review the Duplicator vulnerability affecting over 1 million sites, and Chloe Chamberland's discovery of multiple vulnerabilities in the Pricing Table by Supsystic plugin. We also ask lead customer support engineer Tim Cantrell about the different ways to use Wordfence settings for brute force protection, blocking IP addresses, and how to prevent alert fatigue.

Almost every week, a new vulnerability is discovered in a popular WordPress plugin or theme, leaving developers scrambling to fix it before it’s widely exploited. Almost all critical vulnerabilities boil down to a few common mistakes. In this talk from WordCamp Phoenix, Ramuel Gall reviews these common errors & provides advice on creating secure plugins. Check out the video on YouTube to see slides with example code. Transcript in the show notes.

A busy week in WordPress security with active attacks on a number of plugins including ThemeRex AddOns & Theme Grill Demo Importer plugins. We also look at a vulnerability uncovered in the wpCentral plugin installed on over 60,000 sites, a WHO phishing attack, & Malwarebytes’ State of Malware report. We also include the audio from Chloe Chamberland's talk from WordCamp Phoenix about working remotely as a nomad. Her talk starts at 19:13 to skip ahead, though we recommend watching the video on YouTube.