NEWS

SimplyWordPress Traced to Mason Soiza

By Black Pine Cyber | December 19, 2017 | Comments Off on SimplyWordPress Traced to Mason Soiza

Earlier today, the folks over at Wordfence released news that plugins from SimplyWordpress were found to be malicious in nature. The WordPress plugin “Captcha”, which had over 300,000 active installs, was modified to deploy an unauthenticated backdoor via an automatic update process that downloads, self-extracts and installs a different version…

Read More

More than 100,000 WordPress sites hacked via REST API zero-day

By Black Pine Cyber | February 27, 2017 | Comments Off on More than 100,000 WordPress sites hacked via REST API zero-day

WordPress was updated on January 26th to patch three separate security vulnerabilities. At the time, the folks at WordPress advised that you should update immediately which is fairly normal (and recommended). What you may not know, is that a fourth vulnerability was kept private for several weeks. Why wasn’t it publicized? Security…

Read More

Mossack Fonseca Breach Caused by Outdated WordPress Plugin

By Black Pine Cyber | April 7, 2016 | Comments Off on Mossack Fonseca Breach Caused by Outdated WordPress Plugin

Early this morning Wordfence released information from a security audit performed after the Mossack Fonseca breach that points to an outdated plugin on the firm’s WordPress site as the likely attack vector. Mossack Fonseca had been running a horribly out of date version of the Slider Revolution plugin for WordPress, created by ThemePunch. They further detailed how the intruder may have…

Read More