Posts

Showing posts with the label infosec

An Attack Platform Infecting WordPress Sites

Image
At DP2Web, we often research hacked customer websites as a component of a progressing R&D effort to enhance our center scanning engine. Analyzing hacked sites gives us information on how the attackers picked up section and furnishes us with perceivability on the most recent attack tools. It likewise furnishes us with signatures we can add to our center scanning engine that enhances our capacity to distinguish and save a hack. Amid a late examination of a huge infections we found a trove of assault tools that all indicated back a solitary "meta" script. This script was just two lines in length however furnished an attacker with an intense capability. When it completely introduces itself it gives what we are alluding to as an "attack platform". We figured out the script and uncovered that it was downloading it's full source code from pastebin.com which is a webpage where anybody can post any content anonymously. The attacker had posted the source on pas...

Akismet XSS Vulnerability : Wordpress Security Update

Image
A scientist from Sucuri told us of a XSS vulnerability in the Akismet WordPress plugin. This bug influences all versions of the Akismet WordPress plugin since 2.5.0, however we have no confirmation that it has been misused in nature.  A vulnerability in Akismet found a week ago and due to fact that Akismet is a standout amongst the most broadly utilized plugins for WordPress, we needed to draw it out into the open.  Akismet is a comment spam channel for WordPress and when all is said in done, it makes an awesome showing. The Akismet team reported on their web journal a week ago that a cross website scripting (XSS) vulnerability had been found in all versions of Akismet since 2.5.0.  The vulnerability permits an hacker to post a remark on a WordPress site which will execute javascript in the WordPress administrator console. This is a normal XSS vulnerability example and one of the assaults it empowers would permit an aggressor to take a WordPress head's treats an...