Dodged this one!

None of our clients use the plugin or themes mentioned here as far as I can see. (Ultimate Member plugin and TagDiv Themes)

This August, we’ve seen a new massive wave of WordPress infections that redirect visitors to unwanted sites.

When redirected, users see annoying pages with random utroro[.]com addresses and fake reCAPTCHA images. The messages and content try to convince visitors to verify and subscribe to browser notifications without disclosing the purpose of this behavior.

Full Article: https://blog.sucuri.net/2018/08/massive-wordpress-redirect-campaign-targets-vulnerable-tagdiv-themes-and-ultimate-member-plugins.html

Severe PHP Exploit Threatens WordPress Sites with Remote Code Execution

(but probably not yours…)

Researchers have created a proof-of-concept exploit that would enable bad actors to target a severe vulnerability in the PHP programming language behind several major CMS companies, including WordPress. The vulnerability remains unresolved – more than a year after it was reported.

[Editor note: “Proof of concept” means that they’ve figured out how to do this in a security research lab. As far as we know this exploit has NOT been found “in the wild”. So between that and the required privileges described below, you’re probably safe.]

The researchers at Secarma who uncovered the exploit said it enables bad actors to potentially open up thousands of WordPress sites (and other web applications) to remote code-execution.

“For WordPress, an attacker would need privileges to upload and modify media items to gain sufficient control of the parameter, researchers said.”

Full article: https://threatpost.com/severe-php-exploit-threatens-wordpress-sites-with-remote-code-execution/136649/

SuperProf private tutor site massively fails password test, makes accounts super easy to hack

“This isn’t super. The level of incompetence is astonishing”

“SuperProf, which claims to be ‘the world’s largest tutoring network’, has made its newest members’ passwords utterly predictable… leaving them wide open to hackers.” All the temporary passwords were the person’s first name with the word “Super” before it.

SECURITY HINT: If a site you signed up for ever sends you a password via email, CHANGE THAT PASSWORD IMMEDIATELY!  And if they send you THAT password in a confirmation email, let them know in no uncertain terms that this practice is unacceptable.

We had exactly that happen with the ‘service’ our son’s school used to collect *personal financial data* for scholarship applications. We contacted them and threatened to contact the Attorney General. Though it took them longer than we would have liked, they did rewrite that part of their site so that it now behaves in a much more secure manner. (They also fired the person responsible). Don’t be afraid to make a fuss!

Full article: https://www.grahamcluley.com/superprof-private-tutor-site-massively-fails-password-test-makes-accounts-super-easy-to-hack/?utm_content=76315909&utm_medium=social&utm_source=twitter

Update: WordPress Plugin Scammer Investigated for Prescription-Free Online Pharmacy

You may remember last year when it was discovered that a number of popular WordPress plugins were purchased by a new ‘developer’, who then released new versions which included backdoor spamming software – turning thousands of unsuspecting sites into spam factories.

Now he’s being investigated for one of his other scams – an online pharmacy which doesn’t require a prescription.

The wheels of justice are moving slowly, but hopefully they’ll put this guy away.

Full article: https://www.wordfence.com/blog/2018/08/known-wordpress-threat-actor-under-investigation-for-prescription-free-online-pharmacy/