Wordfence Author, Author at Wordfence

Image may be NSFW.
Clik here to view.

Two Weeks of Monitoring ProxyNotShell (CVE-2022-41040 & CVE-2022-41082)...

October 19, 2022, 9:01 am

The Wordfence Threat Intelligence team has been monitoring exploit attempts targeting two zero-day vulnerabilities in Microsoft Exchange Server tracked as CVE-2022-41040 and CVE-2022-41082,...

View Article

Image may be NSFW.
Clik here to view.

What Does The Fox Hack? Breaking Down the Anonymous Fox F-Automatical Script

October 26, 2022, 9:00 am

While performing routine security research, one of our threat analysts discovered the latest version of a Command and Control (C2) script, which is referred to as F-Automatical within the script’s code...

View Article

Image may be NSFW.
Clik here to view.

Not Just for the Government: Using the NIST Framework to Secure WordPress

November 15, 2022, 9:00 am

When setting up a WordPress website, it is easy to focus on the look and feel of the website, while overlooking the important aspect of security. This makes sense, because the security of a website is...

View Article

Image may be NSFW.
Clik here to view.

Configuration Probing: Your Backups Might Be Your Greatest Weakness

November 29, 2022, 9:22 am

Configuration files exist to make life easier for developers and website operators. In a world without configuration files, every instance of code that depended on a database connection could...

View Article

Image may be NSFW.
Clik here to view.

Spikes in Attacks Serve as a Reminder to Update Plugins

December 12, 2022, 9:28 am

The Wordfence Threat Intelligence team continually monitors trends in the attack data we collect. Occasionally an unusual trend will arise from this data, and we have spotted one such trend standing...

View Article

Image may be NSFW.
Clik here to view.

Exploiting WordPress Plugin Vulnerabilities to Steal AWS Metadata

December 21, 2022, 9:02 am

In an ideal world, vulnerabilities would not exist. A request would be sent to a server, properly validated, and only the intended information would be provided by the server. Of course, this is not a...

View Article

Image may be NSFW.
Clik here to view.

Holiday Attack Spikes Target Ancient Vulnerabilities and Hidden Webshells

January 12, 2023, 11:05 am

Winter brings a number of holidays in a short period of time, and many organizations shut down or run a skeleton crew for a week or more at the end of the year and beginning of the new year. This makes...

View Article

PSA: Your Site Isn’t Hacked By This Bitcoin Scam, Keep the Money

January 23, 2023, 11:50 am

On January 19th, 2023, a member of the Wordfence Threat Intelligence team received an email from their personal blog, claiming the site had been hacked, and we received two reports from Wordfence users...

View Article

Image may be NSFW.
Clik here to view.

The WordPress Ecosystem is Becoming More Secure with Responsible Disclosure...

February 28, 2023, 9:06 am

The Wordfence 2022 State of WordPress Security Report was released on January 24th, 2023. One area that we reviewed in this report were the vulnerabilities disclosed in 2022. Keeping in mind that some...

View Article

PSA: Intentionally Leaving Backdoors in Your Code Can Lead to Fines and Jail...

March 8, 2023, 8:59 am

In the cybersecurity field, we talk a lot about threat actors and vulnerable code, but what doesn’t get discussed enough is intentional vulnerabilities and becoming your own threat actor. Even when...

View Article

More Pages to Explore .....

Latest Images