Hackers Exploit Recent WordPress Plugin Bugs for Malvertising

An ongoing malvertising campaign is targeting an unauthenticated stored cross-site scripting (XSS) vulnerability in the Coming Soon Page & Maintenance Mode WordPress plugin. Wordfence’s Defiant Threat Intelligence team found the flaw in the plugin’s version 1.7.8 or below. Malvertising campaign causes compromised WordPress sites “to display unwanted popup ads and redirect visitors to malicious destinations

Source: and sketchy pharmaceutical ads”” Attackers are using a small array of compromised sites to perform these attacks in order to conceal source of their activities.”

Something Fresh

Zip Codes & PII: Are They Personal Data?

ZeroNet: 51% Attack Risks & Mitigation

Zero Knowledge Voting with Trusted Server

What People Reading

Zero-Day Vulnerabilities: User Defence Guide

YubiKey Security: Initial Setup with Yubi Cloud

Feedback and data-driven updates to Googles disclosure policy

ZAP: Brute Force Passwords

Security Insider Interview Series: John McArthur, Senior Product Manager, IP Intelligence; and Rupert Young, Senior Director Software Engineering, Data Compilation and Identity, Neustar

Categories

Partners

Just add here your partners image or promo text