MalConfScan is a Volatility plugin extracts configuration data of known malware. Volatility is an open-source memory forensics framework for incident response and malware analysis. This tool searches for malware in memory images and dumps configuration data. In addition, this tool has a function to list strings to which malicious code refers. Supported Malware Families […]
Researchers discovered an ongoing buggy malware campaign that attempts to exploit the newly discovered vulnerabilities resides in the WordPress theme and plugin. Cybercriminals are always curious about developing the exploits soon after the new vulnerabilities found in wide particularly sites that running under WordPress. Attackers are cleverly changing the new domains every week by slightly […]
Researchers discovered an ongoing malvertising campaign targeting millions of WordPress websites to infect with backdoor and exploiting the various WordPress plugins vulnerabilities. According to WordPress, there are nearly 60 million Websites power by WordPress content management system and hundreds of WordPress Plugins are installed that developers by various developers around the globe. Cybercriminals launch the […]
WordPress plugins are back in the list of positive results for cybercriminals. These attacks explicitly use plugins to perform their malicious actions. In a newly discovered campaign, attackers use some WordPress plugins to divert traffic from websites. Some vulnerabilities in several WordPress plugins under Exploit Reportedly, WordFence researchers have noticed an ongoing attack campaign on […]
Experts in vulnerability testing discovered a critical flaw in Ad Inserter, a plugin for advertising management on WordPress sites. If exploited, this flaw would allow any low-privileged user to execute code on the compromised web server. After the presence of this flaw was verified, multiple members of the cybersecurity community recommended that system administrators using […]
We recently saw a merge proposal from Canonical to replace gnome-software snap with their own Snap Store. Along the similar lines, Red Hat’s Richard Hughes has announced that Fedora will disable snap plugin for GNOME Software. His announcement comes just a day after this. Fedora will disable the snap plugin in its next major update […]
WordPress and other CMS (Content Management System) are heaven-sent for non-programmers, as they can build and update the contents of their website without knowing any programming languages or scripting techniques. Developers of CMS are on-top of the situation when it comes to fixing bugs and security vulnerabilities of their products, however, the same CMS feature […]
Cybersecurity specialists recommend e-commerce WordPress websites using the WooCommerce plugin to remain alert due to the presence of a critical vulnerability that, if exploited, could allow hackers to take control of trade movements on a compromised website. Plugin Vulnerabilities, a company dedicated to the security of sites in WordPress, was in charge of revealing the […]
Cyber forensics course specialists report an active campaign to exploit two critical vulnerabilities in Social Warfare, one of the most used social media plugins, to take control over WordPress websites that use a non updated version of this plugin. Social Warfare is a plugin widely used by WordPress site administrators and has been downloaded almost […]
Here comes news about another WordPress website security breach carried out by exploiting plugin vulnerabilities. Reports say that hackers have been exploiting vulnerabilities in a popular social media sharing plugin on WordPress. The Hacker News reports, “Hackers have been found exploiting a pair of critical security vulnerabilities in one of the popular social media sharing […]
Take your business to the next level in 2019, with the best WordPress plugins to? There are over 50k WordPress plugins to choose from, and the user has plenty to think about which one to go for. We have narrowed it down to the best 10 WordPress plugins. 1. Beaver Builder Most business website owners […]
Signing-up for Managed Service Providers (MSP) is a quick solution to lower the cost of maintenance for workstation troubleshooting, repairs, and maintenance. However, allowing a 3rd party company as the system administrators of a corporate network entails its own risks. Such risk may even reach critical operational levels and damage the company, losing weeks if […]
As WordPress gained popularity over its CMS competitors like Joomla and Drupal, it grew to a level where plugin developers jumped into the bandwagon effect. Plugins are a double-edged sword; it extends WordPress’ capabilities beyond the default functions. But it comes with risks which if not checked can cause trouble for the website. Woocommerce Abandoned […]
Many WordPress websites have come under attack via a zero-day flaw in an abandoned plugin. The “Total Donations” plugin, which was earlier used by many WordPress website owners, has now started creating issues. Some hackers have started exploiting an unpatched vulnerability in the code of this plugin to attack WordPress websites. Security experts at Defiant, […]
The plugin’s users are recommended to change their passwords on WPML’s website following havoc reportedly wrought by a disgruntled ex-employee
Adobe’s longtime ugly duckling in their application portfolio, Flash Player, which is scheduled to be discontinued in 2020, is slowly losing support from mainstream browsers. Mozilla, the developer of Firefox has published their flash player support discontinuation timeline. 2019 Firefox will disable the Flash plugin by default. Users will not be prompted to enable Flash, […]
PA Toolkit is a collection of traffic analysis plugins to extend the functionality of Wireshark from a micro-analysis tool and protocol dissector to the macro analyzer and threat hunter. PA Toolkit contains plugins (both dissectors and taps) covering various scenarios for multiple protocols, including: WiFi (WiFi network summary, Detecting beacon, deauth floods etc.) HTTP (Listing […]
A security flaw in a GDPR-themed WordPress plugin has been used by hackers to hijack websites, as per reports. A blog post by Defiant, a company that focuses on WordPress security, discusses this issue pertaining to the popular plugin WP GDPR Compliance in detail. Tomáš Foltýn, security writer at ESET, had also discussed the issue […]
Update your GDPR Compliance plugin right now. Security researchers have identified a critical vulnerability in the popular WP GDPR Compliance plugin assisting over 100,000 website owners around the world to comply with European privacy regulations known as GDPR that was announced by European Union on May 25th, 2018. The vulnerability was discovered by researchers at Wordfence which allows hackers to […]
Burpsuite Plugin to decrypt AES Encrypted traffic on the fly. Requirements Burpsuite Java Tested on Burpsuite 1.7.36 Windows 10 xubuntu 18.04 Kali Linux 2018 What it does The IProxyListener decrypt requests and encrypt responses, and an IHttpListener than encrypt requests and decrypt responses. Burp sees the decrypted traffic, including Repeater, Intruder and Scanner, but the […]
Use this IDA python plugin to scan your binary with yara rules. All the yara rule matches will be listed with their offset so you can quickly hop to them! All credit for this plugin and the code goes to David Berard (@p0ly) This plugin is copied from David’s excellent findcrypt-yara plugin. This plugin just […]