Malicious Exchange Server Module Hoovers Up Outlook Credentials

“Owowa” stealthily lurks on IIS servers, waiting to harvest successful logins when an Outlook Web Access (OWA) authentication request is made. Researchers have uncovered a previously unknown malicious IIS module,…

Sprawling Active Attack Aims to Take Over 1.6M WordPress Sites

Cyberattackers are targeting security vulnerabilities in four plugins plus Epsilon themes, to assign themselves administrative accounts. An active attack against more than 1.6 million WordPress sites is underway, with researchers…

1.6 million WordPress Sites Were Attacked

WordPress is a free and open-source content management system (CMS) developed in PHP and used in conjunction with a MySQL or MariaDB database. WordPress started as a blog-publishing system but…

1.6 Million WordPress Sites Hit With 13.7 Million Attacks In 36 Hours From 16,000 IPs

WordFence –  WordFence –  Today, on December 9, 2021, our Threat Intelligence team noticed a drastic uptick in attacks targeting vulnerabilities that make it possible for attackers to update arbitrary…

Credit Card Swipers Injected into WordPress Plugins

As the holiday season is approaching, more and more people to rush to finish their Christmas shopping without being aware of the fact that cybercriminals don’t take time off for…

Authentication Bypass Vulnerability Patched in User Registration Plugin

WordFence –  WordFence –  Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List. On September 16, 2021…

Hackers using concern about Omicron strain of COVID-19 to attack US universities

Researchers with cybersecurity firm Proofpoint have discovered a new phishing attack leveraging concern about the spread of the Omicron strain of COVID-19 to steal credentials and gain access to accounts…

Omicron Scam Targets Universities

Omicron Scam Targets Universities Dozens of universities are being hit with a coordinated cyber-attack that uses news of the Omicron variant as a lure to steal login credentials. Evidence of…

80K Retail WooCommerce Sites Exposed by Plugin XSS Bug

The Variation Swatches plugin security flaw lets attackers with low-level permissions tweak important settings on e-commerce sites to inject malicious scripts. The plugin “Variation Swatches for WooCommerce,” installed across 80,000…

XSS Vulnerability Patched in Plugin Designed to Enhance WooCommerce

WordFence –  WordFence –  Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List. On November 11, 2021…