- Популярные видео
- Авто
- Видео-блоги
- ДТП, аварии
- Для маленьких
- Еда, напитки
- Животные
- Закон и право
- Знаменитости
- Игры
- Искусство
- Комедии
- Красота, мода
- Кулинария, рецепты
- Люди
- Мото
- Музыка
- Мультфильмы
- Наука, технологии
- Новости
- Образование
- Политика
- Праздники
- Приколы
- Природа
- Происшествия
- Путешествия
- Развлечения
- Ржач
- Семья
- Сериалы
- Спорт
- Стиль жизни
- ТВ передачи
- Танцы
- Технологии
- Товары
- Ужасы
- Фильмы
- Шоу-бизнес
- Юмор
c/side Won't Protect WordPress Websites From Being Hacked
The WP Security Minute for March 7, 2025.
Yesterday, The Hacker News ran a story titled "Over 1,000 WordPress Sites Infected with JavaScript Backdoors Enabling Persistent Attacker Access." The story was missing a key detail and the story's source seemed to be trying to mislead WordPress webmasters about how to protect their websites from being hacked.
The story referred to this as an attack happening against WordPress websites, but what was being described was the result of an attack having already happened. The attack caused malicious JavaScript code to be loaded from another website. The story and the sole source cited were silent on how that happened.
A posting on the official WordPress support forum from December appeared to reference the same malware being on a website. That was being placed in a sitemap, so the attacker must have already been able to place malicious code on the website or inject it in to the database.
The source for the story, a security provider named c/side claimed that they had "successfully detected and blocked the malicious JavaScript injection" and claimed that "our system can provide real-time analysis and proactive defense." But what they were referring to was something that would happen after the original attack had been successful, which they didn't stop.
If you know how the original attack happened comment below.
The mention of the cdn.csyndication.com malware on the official WordPress support forum can be found at https://wordpress.org/support/topic/xml-sitemap-error-xml-declaration-only-allowed-at-start/
Видео c/side Won't Protect WordPress Websites From Being Hacked канала WP Security Minute
Yesterday, The Hacker News ran a story titled "Over 1,000 WordPress Sites Infected with JavaScript Backdoors Enabling Persistent Attacker Access." The story was missing a key detail and the story's source seemed to be trying to mislead WordPress webmasters about how to protect their websites from being hacked.
The story referred to this as an attack happening against WordPress websites, but what was being described was the result of an attack having already happened. The attack caused malicious JavaScript code to be loaded from another website. The story and the sole source cited were silent on how that happened.
A posting on the official WordPress support forum from December appeared to reference the same malware being on a website. That was being placed in a sitemap, so the attacker must have already been able to place malicious code on the website or inject it in to the database.
The source for the story, a security provider named c/side claimed that they had "successfully detected and blocked the malicious JavaScript injection" and claimed that "our system can provide real-time analysis and proactive defense." But what they were referring to was something that would happen after the original attack had been successful, which they didn't stop.
If you know how the original attack happened comment below.
The mention of the cdn.csyndication.com malware on the official WordPress support forum can be found at https://wordpress.org/support/topic/xml-sitemap-error-xml-declaration-only-allowed-at-start/
Видео c/side Won't Protect WordPress Websites From Being Hacked канала WP Security Minute
Комментарии отсутствуют
Информация о видео
7 марта 2025 г. 19:01:14
00:01:01
Другие видео канала
WordPress Finally Moving to More Secure Password Hashing in Version 6.8
Google Promoted Barely Disguised VPN Ad as News Story About Exploring WordPress Plugins Securely
Hacker Targeting WordPress Plugin Patchstack, Wordfence, and WPScan Falsely Claimed Was Secured
WP Engine Hasn't Fixed Vulnerability in 100,000+ Install WordPress Plugin NitroPack in 4 Months
Hacker Targeting WordPress Plugin Patchstack, Wordfence, and WPScan Falsely Claimed Was Secured
Is WordPress hacker's "strong password" strong? Password strength meters have varying answers.
WordPress Security Providers Downplayed Vulnerability Based on Inaccurate Info From Patchstack
Popular WordPress File Manager Plugins Contain Vulnerable jQuery UI Library
WordPress is Blocking Update That Stops Exploitation of Hacker Targetted Vulnerability in Plugin
The 8G Firewall for WordPress Is Too Good to Be True
Patchstack's "Fastest Protection" for "Vulnerabilities" Was a Week Behind Merely Updating Plugin
Developer of 300,000+ Install WordPress Plugin Not Upfront About Belated Security Fixes
Patchstack and Bleeping Computer's Bill Toulas Caught Lying About Exploitation of WP Plugin Vuln
Data Tells Different Story About Companies Alleged Reduction in Pledged Support for WordPress
Shadow Server Data Shows Hackers Targeting Vulnerable Security Solutions, Not WordPress
The 8G Firewall for WordPress Is Too Good to Be True
How is a WordPress security plugin with fewer than 10 installs "trusted by thousands"?
Popular WordPress File Manager Plugins Contain Vulnerable jQuery UI Library
Awesome Motive Also Using Fake Security Certifications When Promoting Their WordPress Plugins
Hundreds of Thousands of Websites Using Wordfence Are Consistently Infected with Malware
