|

Linked – Popular WordPress Plugin Comes with a Backdoor, Steals Site Admin Credentials

ByMike McBride Reading Time: 1 minute

620861371_41bc79ff9e_m_wordpress“The plugin in question was Custom Content Type Manager (CCTM), a popular WordPress plugin for creating custom post types that, in the three years since it was uploaded on the WordPress plugin repo, has amassed quite a following, being currently installed on more than 10,000 sites.

Custom Content Type Manager version 0.9.8.8 contains malicious code

As Sucuri’s investigation revealed, in the past two weeks, the plugin that looked like an abandoned project for the last 10 months, mysteriously changed owner, and immediately after, the new developer, named wooranker, updated the plugin and pushed out a new version.”

The question, for me, is how did this person get ownership and access to update a WordPress plugin? Is there some flaw in the WordPress plugin community that would allow someone to take ownership of existing plugins? That’s scary. The original Sucuri post has some more info in that regard.

Popular WordPress Plugin Comes with a Backdoor, Steals Site Admin Credentials

Similar Posts

Linked – Cryptojacking on the Rise: Employees are Hijacking Company Servers
|

Linked – Cryptojacking on the Rise: Employees are Hijacking Company Servers

ByMike McBride Reading Time: 1 minute

It’s not just data breaches and ransomware these days. It might be theft of computing cycles, or just plain “borrowing” physical servers. Darktrace’s CEO gave an instance of a particular case where a junior staff at an Italian Bank [name withheld] stole servers that he ordered for on behalf of the bank. According to Eagan,…

|

ReadTwit, An interesting Added Value

ByMike McBride Reading Time: 2 minutes

I ran across this post about ReadTwit over the weekend and was immediately intrigued. I’ve watched as Twitter has become a source of interesting links being passed around by the folks I follow, I’m missing some really great information. Now, as I’ve said before, I have no desire, nor the time, to try and read…

Linked: Password-exposing bug purged from LastPass extensions

Linked: Password-exposing bug purged from LastPass extensions

ByMike McBride Reading Time: 1 minute

Hopefully your extension updated automatically, as mine did. But check. “The LastPass bug was fixed in version 4.33.0. The extension update should automatically install on users’ computers, but it’s not a bad idea to check. While LastPass said the bug was limited to the Chrome and Opera browsers, the company has deployed the update to…

Linked – Fake news, propaganda spread quickly on social media
|

Linked – Fake news, propaganda spread quickly on social media

ByMike McBride Reading Time: 2 minutes

I would like all of you who participate in social media to read the following quote very carefully: “According to Durfee, social media misinformation usually spreads due to a user’s status online. If users are trusted by a group of people, their posts are more likely to be accepted and shared as truth.” When you…

Links (weekly)

ByMike McBride Reading Time: 1 minute

When a Party Requests Native Files…. tags: MM LitSupport Marketing a Litigation Support / eDiscovery Department within a Law Firm: Getting New Customers, Part 4 tags: LitSupport MM Levels: Getting the Professional ‘Pop’ tags: Photography MM Maryland Law Firm Loses Medical Data tags: LitSupport MM Security Marketing a Litigation Support / eDiscovery Department within a…

Linked – Think in Terms of What is Relevant, Not Producing Keyword Hits
|

Linked – Think in Terms of What is Relevant, Not Producing Keyword Hits

ByMike McBride Reading Time: 1 minute

The problem is that to many people involved in litigation, this is too much work: “When requesting parties want all search hits in an email mailbox containing a common search term,  they are asking for trouble. Requesting communications between specific people, over a set period of time, regarding specific subject matter, is one way to…

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.