The Latest in IT Security

Posts Tagged ‘theme authors’

A few days ago we posted about a series of attacks that were happening against WordPress sites running the vulnerable timthumb.php script. We detected thousands of sites compromised with it and now are are seeing a small change in the malware. Instead of, the malware is now pointing to a remote javascript from […]

Read more ...

We are seeing a large number of WordPress sites compromised with a malicious JavaScript loading from That JavaScript redirects visitors that were going to the WordPress site to fake search engines. This is what shows up at the bottom of the hacked sites: <script language=”javascript” SRC=””></script> This script basically loads a bunch of encoded JavaScript that […]

Read more ...

There has been some buzz about a zero day vulnerability found in Timthumb.php that can allow for arbitrary file uploads. Although this is a platform independent issue, it is specially an issue on WordPress where a lot of theme authors choose to include scripts in themes without any extra security measures. You can read more […]

Read more ...





Latest Comments

Social Networks