• Home
  • About Us
    • Our Team
    • Defense Expo 2022
    • Blog
  • Our Offerings
    • Information Security >
      • Services >
        • Risk Advisory Services >
          • Audits & Compliances >
            • ISO 9001:2015 | Quality Management System
            • ISO 27001:2013 | Information Security Management System
            • ISO 22301:2019 BCMS
            • ISO 27017:2015 | Cloud Security
            • TL 9000 | Telecom Quality
            • PAS 99 | Integrated Management System
            • SOC 2 Audits
            • GDPR | Privacy Controls
            • Trusted Partner Network (TPN) Assessment
          • Vulnerability Assessment & Penetration Testing (VA & PT)
          • Security Operations Center (SOC)
          • Red Team Assessment
        • Cyber Threat Management
        • Privacy & Data Protection
        • Third Party Risk Management
      • Products >
        • Digital Forensics Equipment - Procurement
        • Mobile Threat Defense Suite
        • Insider Threat Prevention Suite
        • Data Diode
        • Secure Communication Suite
    • Cyber Crime Investigations
    • Digital Forensics >
      • Forensics Lab Setup
      • Data Recovery Services
    • Online Reputation Management
    • Other Services >
      • Homeland Security
  • Careers
  • Training Labs
    • ISO 27001:2013 Lead Implementer Course
  • Contact Us
    • FAQ
Best Information Security Services | Cyber Intelligence | Data Diode
  • Home
  • About Us
    • Our Team
    • Defense Expo 2022
    • Blog
  • Our Offerings
    • Information Security >
      • Services >
        • Risk Advisory Services >
          • Audits & Compliances >
            • ISO 9001:2015 | Quality Management System
            • ISO 27001:2013 | Information Security Management System
            • ISO 22301:2019 BCMS
            • ISO 27017:2015 | Cloud Security
            • TL 9000 | Telecom Quality
            • PAS 99 | Integrated Management System
            • SOC 2 Audits
            • GDPR | Privacy Controls
            • Trusted Partner Network (TPN) Assessment
          • Vulnerability Assessment & Penetration Testing (VA & PT)
          • Security Operations Center (SOC)
          • Red Team Assessment
        • Cyber Threat Management
        • Privacy & Data Protection
        • Third Party Risk Management
      • Products >
        • Digital Forensics Equipment - Procurement
        • Mobile Threat Defense Suite
        • Insider Threat Prevention Suite
        • Data Diode
        • Secure Communication Suite
    • Cyber Crime Investigations
    • Digital Forensics >
      • Forensics Lab Setup
      • Data Recovery Services
    • Online Reputation Management
    • Other Services >
      • Homeland Security
  • Careers
  • Training Labs
    • ISO 27001:2013 Lead Implementer Course
  • Contact Us
    • FAQ

Hackers Find Yet Another Loophole In WordPress Websites

25/5/2018

0 Comments

 
Picture





















​Hackers have found a new technique to access WordPress websites through weak accounts who do not have a two way authentication and through JetPack plugins. The technique is highly complex to compromise a website and a hacker must utilize multiple steps to attack a WordPress website. 

Hackers first try and hijack websites by trying reused passwords of the usernames they have. This is where the two way authentication loophole is compromised. There is an analytics module named Jetpack which is one of the most popular plugins for WordPress Sites. JetPack provides an ability to install various plugins across different sites by just using the wordpress.com Jetpack dashboard. The plugin doesn’t even have to be hosted or hidden on the official WordPress.org repository, and criminals can easily upload a ZIP file with the malicious code that then gets sent to each site.

​Hackers are taking advantage of this remote management feature to deploy backdoored plugins across previously secured websites. Experts say that attacks started on May 16, with the hackers deploying a plugin named “pluginsamonsters,” later switching to another plugin named “wpsmilepack” on May 21.

0 Comments



Leave a Reply.

    AuthoR

    Team Trojan Hunt

    Archives

    March 2021
    June 2018
    May 2018

    Categories

    All

    RSS Feed

Picture
TROJAN HUNT INDIA LLP
Review Us on Google  
https://bit.ly/thi_review

Services

Products

  Connect with us

Red Team Exercise & Assessment
Vulnerability Assessment & Penetration Testing
Privacy & Data Protection
Risk Advisory Services
Third Party Risk Management
Cyber Threat Management

Data Recovery Services

Mobile Threat Defense
Encrypted Communication Suite
Insider Threat Prevention Suite
Digital Forensic Products
Data Diode
​Data Recovery Products

​OSINT
Global Helpline:
+91-8178440079
+91-11-41671961
Chat With Us:
+91-8178440079
Working Hours:
​Monday - Saturday
1000 Hrs - 1900 Hrs
Corporate Office:
Level 3, Gate Number 1, Plot No 9-11, Vardhman Trade Center, Lala Lajpat Rai Road, Nehru Place - 110019, New Delhi, India

    Subscribe to our newsletter

Subscribe
Member of:
Picture
Certifications:
Picture
Picture
© Trojan Hunt India LLP 2019 - 2022. ​All Rights Reserved.
Disclaimer: All images are licensed and text copyrighted material of Trojan Hunt India LLP. Logo is Trademark Registered. No unauthorized copy or distribution allowed.
  • Home
  • About Us
    • Our Team
    • Defense Expo 2022
    • Blog
  • Our Offerings
    • Information Security >
      • Services >
        • Risk Advisory Services >
          • Audits & Compliances >
            • ISO 9001:2015 | Quality Management System
            • ISO 27001:2013 | Information Security Management System
            • ISO 22301:2019 BCMS
            • ISO 27017:2015 | Cloud Security
            • TL 9000 | Telecom Quality
            • PAS 99 | Integrated Management System
            • SOC 2 Audits
            • GDPR | Privacy Controls
            • Trusted Partner Network (TPN) Assessment
          • Vulnerability Assessment & Penetration Testing (VA & PT)
          • Security Operations Center (SOC)
          • Red Team Assessment
        • Cyber Threat Management
        • Privacy & Data Protection
        • Third Party Risk Management
      • Products >
        • Digital Forensics Equipment - Procurement
        • Mobile Threat Defense Suite
        • Insider Threat Prevention Suite
        • Data Diode
        • Secure Communication Suite
    • Cyber Crime Investigations
    • Digital Forensics >
      • Forensics Lab Setup
      • Data Recovery Services
    • Online Reputation Management
    • Other Services >
      • Homeland Security
  • Careers
  • Training Labs
    • ISO 27001:2013 Lead Implementer Course
  • Contact Us
    • FAQ