Podcast 117: Cyber Attack on Colonial Pipeline Affects Fuel Availability in 17 States

A ransomware attack on Colonial Pipeline affected fuel availability in 17 southeastern US states, and Bloomberg reported that Colonial Pipeline paid $5 million to DarkSide, a Russian ransomware service provider. The Biden Administration issued an executive order to increase US cybersecurity defenses. WordPress 5.7.2 was released to patch a critical object injection vulnerability in PHPMailer. A critical vulnerability was patched in the External Media plugin, used by over 8K sites. Vulnerabilities were discovered in all WiFi devices, and patch is available for a zero-day RCE under active attack in Acrobat Reader.

Here are timestamps and links in case you’d like to jump around, and a transcript is below.
0:21 Cyber Attack on Colonial Pipeline leads to executive order on cybersecurity
9:55 WordPress 5.7.2 Security Release
12:36 Critical Vulnerability Patched in External Media Plugin
14:29 All Wi-Fi devices impacted by new FragAttacks vulnerabilities
17:11 Zero-day patched in Acrobat Reader
17:57 Defiant is hiring
18:39 Wordfence K-12 Site Security Audit and Site Cleaning Program

Find us on your favorite app or platform including iTunes, Google Podcasts, Spotify, YouTube, SoundCloud and Overcast.

Click here to download an MP3 version of this podcast. Subscribe to our RSS feed.

Episode 117 Transcript

Ram Gall:
Welcome to Think Like a Hacker, the podcast about WordPress security and innovation. I am Ram Gall, threat analyst at Wordfence, and with me is Director of Marketing, Kathy Zant. It’s another busy week. Are we still screaming?

Kathy Zant:
I haven’t stopped screaming. I think I’ve been screaming for about three weeks. This has been a crazy year with cybersecurity events. What’s going on, Ram?

Ram Gall:
Well, we’ve all heard about the cyber attack on the Colonial Pipeline that delivers oil and gas to most of the East Coast.

Kathy Zant:
It’s crazy, yeah. There was a cyber attack. I heard about it over the weekend. 17 states have declared states of emergency because this pipeline delivers fuel.

Ram Gall:
Things that make your car go.

Kathy Zant:
Exactly. You want to go to the grocery-

Ram Gall:
Car go juice.

Kathy Zant:
Car-go juice, yes. You want to go to the grocery store? You need the Colonial Pipeline to be delivering gas to your region.

Ram Gall:
You want trucks to drive stuff to your region, they need the gas too.

Kathy Zant:
Yes, perishable …. Florida is in the region that’s affected here. Florida is a major place where strawberries, oranges, perishable goods are being grown that need to be put on trucks and shipped around the country in order to feed people. So this has wide ranging effects across the entire Southeast. Gas prices in my region of the country are going up, even though we’re not directly affected, so this is definitely taking a toll. It looks like a Russian cyber crime group called DarkSide were behind the attack. Ram, you did some research on them. What do you know?

Ram Gall:
I guess they’ve been a little bit more low profile until now, though since the Colonial Pipeline, they’ve already attacked four more organizations or at least claimed credit for four more attacks. They do say they’re going to be a little bit more careful in picking their targets going forward.

Kathy Zant:
Oh, how nice of them.

Ram Gall:
They say that their goal is … I know, right? Their goal is to make money and not to create problems for society. “From today, we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future.”

Kathy Zant:
Oh, thanks DarkSide.

Ram Gall:
Thanks DarkSide. So it looks like Colonial Pipeline did actually pay them $5 million, and they provided Colonial with a decrypting tool to restore its computer system. But I guess it was so slow that the company continued using its own backups to help restore that system. This is why you should have a warm site instead of a cold site for your backups. I know it’s a little bit pricier, but if you’re doing something that’s critical to the entire Southeastern United States, then maybe you should have a warm site backup.

Kathy Zant:
Yeah. Explain the difference between a cold site backup and a warm site backup for the uninitiated.

Ram Gall:
Okay. So there’s basically three kinds of backups. There’s hot sites, which are very expensive, but generally let you more or less seamlessly switch over after an incident or disaster. There’s warm sites, which are usually more practical and most larger companies at least have a warm site backup, something where you can restore full or really close to full functionality within 24 hours or less. Then there’s cold site, which is where yeah, you have all the old stuff, but it might take a few days for the truck to come by and drop off your old hard drives.

Kathy Zant:
We were talking earlier about just basically this year, we’re already at middle of May, and it was around Christmas time when we heard about SolarWinds for the first time. It seems like this year is the year of cyber attacks and cyber incidents, supply chain attacks. Every week, we’re coming on this podcast and it’s like, oh my gosh, where do we start? It seems like we’re in this situation where it’s like that frog in the boiling pot. We’re in the state of all of these different cyber attacks happening, and it just keeps happening.

Kathy Zant:
It’s almost like we were talking earlier in a different podcast about breach fatigue. It’s not even affecting the stock prices of organizations anymore, and it just seems like this is just part of our life now. I feel like it shouldn’t be, and that there should be lessons like in this particular case with the Colonial Pipeline. We don’t know how the original intrusion happened, but we do know that DarkSide is a paid ransomware service. Can you explain a little bit how that works?

Ram Gall:
Well, basically what it means is that someone else would have gained access to Colonial’s network, and they wanted to monetize that access. So they hire DarkSide to basically ransom based on the access that they were able to gain.

Kathy Zant:
Okay, so somebody gained access. It could have been a very low privileged user that just escalated out of something. Could have been an unpatched Windows server that was attached to a network. It could have been bad passwords, shared passwords, no multi-factor authentication. It could have been anything that’s really like low key, right?

Ram Gall:
I do remember that someone who had performed an audit of their systems fairly recently, not even a security focused audit, disclosed that they’d seen some major security issues. I don’t want to say that you can stop all of these things just by doing the basics, but it looks like in this case, these guys may not have done all the basics. But I mean, it’s important to just do things like patch all systems, do strong authentication, especially multi-factor authentication, segment the network. You don’t always need to air gap. A lot of the time, just having, making sure that whatever sensitive systems are in a different VLAN, or even a physically separate network is useful, and conduct … do things like conduct tabletop exercises. Having a disaster recovery plan is really the most important thing. It’s just like, assume that something like this is going to happen and know what you’re going to do when it does.

Kathy Zant:
Right, and just have plans in place so that you have some business continuity. Just planning for an attack, expect that an attack is going to happen. It’s happening all over the place. We’ve got SolarWinds, we’ve got Codecov. We’ve got all kinds of situations happening that are trickling down into organizations. Maybe this is related to SolarWinds or Codecov. We don’t know that, but it’s just showing us … all of these incidents are showing us how important it is to have some kind of disaster recovery plans in place. It looks like our government is planning on pushing the envelope on that a little bit. What are they doing?

Ram Gall:
The White House has issued an executive order, more or less a plan for modernizing the government’s cyber security response. I actually checked the details and there is some decent stuff in there. It’s fairly detailed. A lot of it is already covered in existing NIST standards, but maybe isn’t implemented across the board, especially not by state and local governments. But what’s more interesting about this is the idea that they’re going to create a review board to conduct postmortems across agencies and also a rating system like ENERGY STAR or Underwriters Laboratories for judging software security and grading how secure software is.

Ram Gall:
I do think that that’s something that I don’t necessarily think has to be applied to all software, otherwise, no software would … Candy Crush probably doesn’t need to have a UL rating, but maybe it does, depending on how much data it collects. Anyways, but I do think that for mission critical stuff or things that impact infrastructure, yeah, it’s maybe not a bad thing that the software will take longer to write and be a little bit more expensive. If you can actually assure that it’s going to be done right is really the thing.

Kathy Zant:
Well, the thing that needs to get thrown in the balance is what’s the impact of the systems that are at play here? We’ve got this pipeline, dramatic impact throughout 17 States. The airline industry that you were talking about earlier, dramatic impacts if there’s a security issue there. So there’s definitely standards. I mean, I remember back in the 1970s, you remember the movie Airplane, a great comedy piece, one of my all-time favorites, but it was based on the fact that there was so much … so many scares that happened in the 1970s with plane crashes and things like that. These days, we don’t hear about that because there’s certain standards in place in order for safety and security in the airline industry. It almost seems that we’re in the … it’s like the 1970s of cyber attacks and cyber incidents now. We need that same standard to be applied across the board for software so that these kinds of impacts don’t happen.

Ram Gall:
From everything I understand, most agencies already follow these standards. I think it’s largely a case of how they’re implemented. I think that a lot of them are implemented in ways that maybe involved checking the box, but actually make it harder to actually get anything done. I think that some sort of review of these standards to figure out which things are actually super important and implement them, things like multi-factor authentication, isn’t a bad idea. So we’ll see where it goes with this. This could go horribly wrong as with anything involving implementing more standards. It could also really improve the security of a lot of systems. So I guess we’ll see.

Kathy Zant:
Yeah, it is the year of the cybersecurity wake up call, if you haven’t gotten it yet.

Ram Gall:
Speaking of such things and supply chain … potential supply chain issues, WordPress 5.7.2 just came out. It’s a emergency security release for all WordPress versions between 3.7 and 5.7.

Kathy Zant:
Right, and this was for a very specific vulnerability and PHPMailer. You took a deeper look at this. What do you know?

Ram Gall:
PHPMailer is what WordPress uses by default to send email. On its own, the vulnerability in the actual PHPMailer library itself is considered critical because you can use it for object injection, which is, as we’ve maybe discussed in previous episodes and certainly had some posts about, can be super dangerous and super critical. It basically it was via the way that it processed UNC path names, the paths that Windows networks use to refer to network resources. So it’s the kind of thing that the way that WordPress actually uses PHPMailer and the way that most plugins use PHPMailer, this isn’t really going to be exploitable unless the stars align just right, because WordPress doesn’t really allow unrestricted access to the mailing system. Anything that does grant that would be considered a separate vulnerability on its own. So it looks like this would be fairly difficult to exploit for most attackers, unless they were already in your network and using your WordPress site that has been hardened, but that they somehow gained admin access to as a pivot point. Something like that, but still I understand why they released it.

Kathy Zant:
Yeah.

Ram Gall:
It could be super bad.

Kathy Zant:
Okay, could be super bad, but has a lot of different stars aligning that need to happen in order for it to be super bad. But this really does underscore the fact that the WordPress core team is taking security incredibly seriously. If any libraries do have critical vulnerabilities, even in a WordPress situation would not necessarily be, oh my gosh, all the sites are hacked, this is still something that they’re taking seriously and ensuring that all of the sites that are using WordPress are receiving an update to patch this.

Ram Gall:
Exactly. I don’t honestly expect any of our users are going to be impacted by this. I don’t expect to see this as an intrusion vector. I don’t know if it’s ever going to be exploited in the wild, but still good that they patch it just because there’s so many WordPress installations that someone’s maybe using WordPress for their intranet site, and they’ve got just the setup that an attacker could exploit to pivot or escalate their privileges or something like that, so

Kathy Zant:
Someone somewhere is vulnerable. Now we have a plugin that Chloe examined called External Media, and it looks like this is installed on about 8,000 sites. It had a critical vulnerability that was recently patched that could have been used by subscribers, even a site that had subscriber … anybody can subscribe, anyone can register for the site if that was open. This could be used to fully take over a site.

Ram Gall:
Yeah. I mean, the plugin is basically just designed to allow authors or anyone who’s writing posts on the site to add external media, external images, stuff like that. But didn’t really do any access controls to make sure that the people who are adding stuff were actually allowed to add stuff. That’s not necessarily the worst part of it. It also didn’t run checks on what files were being added. So you could add executable PHP files, which means you have to mix-

Kathy Zant:
With back doors?

Ram Gall:
Yes, with back doors, which means you get remote code execution, which means that your subscriber now owns your site.

Kathy Zant:
Got you, okay. Chloe, one of our threat analysts here at Wordfence, she’s taking a look at plugins, themes, all sorts of things out in the WordPress space and thanks to our premium subscribers who make that research possible so that we can find these types of vulnerabilities, make sure that firewall rules are written. Both premium and free subscribers to Wordfence are protected at the current moment of recording this podcast. I just want to say thank you to premium users for that research that you guys make possible to keep all of WordPress safer.

Ram Gall:
Definitely. I would not be able to find stuff or be on this podcast without you.

Kathy Zant:
Me neither. So it’s always good to thank them. Thank you guys for listening as well. So wifi devices, I love wifi. Wifi makes my phone work everywhere in my house, right?

Ram Gall:
Yeah.

Kathy Zant:
But what’s going on? This was a scary story. It looks like all wifi devices have some vulnerabilities.

Ram Gall:
Yeah, this is called the Frag Attacks. It’s by the guy who discovered the KRACK attacks a few years back, but this is basically a bunch of issues with how a wifi devices reassemble fragmented data. The wifi signal might bounce around a little bit or lose a little bit of information, so they have to reassemble data from the pieces. It turns out that you can use that capability to … Even if you’re not on an encrypted network, you can still inject packets from pieces into an encrypted connection. It looks like the main way this would be weaponized would be to get a victim to use a malicious DNS server, so that you type in your bank’s domain and the malicious DNS server tells your computer, “Hey, here’s where your bank’s domain points to,” but it’s actually an evil site.

Kathy Zant:
Got you. Okay, is this something I need to worry about on my home network, or is this something I just need to worry about like at Starbucks?

Ram Gall:
Realistically, this … I mean, yes, an attacker could potentially drive by your house and tell your smart fridge to turn on. That’s another one of the things, by the way, is you can send commands to IOT devices, which is also scary depending on what they do and how hackable they are. So I could see that being a problem, but I think that this is more likely to impact enterprises. I think that this is more likely to impact being out and about. The same advice applies. If you’re just a normal user, it applies as if you’re using open networks. Only now, it also applies to secured networks, which is use a VPN, make sure that there’s a TLS certificate matching the site you’re visiting, that kind of thing.

Kathy Zant:
Okay, awesome. This is something that is going to keep people busy writing papers for DEF CON?

Ram Gall:
I think this is going to be yet another reason to not bring or to keep your phone turned off at DEF CON, or at least to not allow wifi to stay on. Which, I mean, you probably shouldn’t have your wifi or your Bluetooth on at DEF CON anyways, so. You should probably be running a VPN for your mobile data connection at DEF CON anyways, because people have spoofed towers in the past and yeah.

Kathy Zant:
Boy, DEF CON is just a whole other level of protecting you-

Ram Gall:
This is terrifying.

Kathy Zant:
Yeah, definitely.

Ram Gall:
Speaking of our final, this is terrifying, this week, it wouldn’t be a Think Like a Hacker podcast without a zero day, but hey, this time it’s not on Chrome, it’s on Acrobat Reader, which I’m pretty sure I have it installed on every computer I have. I’m pretty sure you do too.

Kathy Zant:
Yeah.

Ram Gall:
Update it because it’s a zero day that’s under active attack, at least limited amounts of active attacks in the wild. It’s a remote code execution, which means that they could possibly own your computer.

Kathy Zant:
Yikes.

Ram Gall:
Yeah, update Acrobat Reader. I’m not going to talk to you much more about it because there’s rarely any details about zero days other than that they’re happening, so.

Kathy Zant:
Yeah, but good for us to let everybody know. I will be updating my Acrobat immediately after recording this podcast. Thanks for joining me again, Ram.

Kathy Zant:
Hey, we’ve got some jobs that we’re hiring for. Still looking for someone to do security operations, the perfect person. We have very high standards there. Some PHP developers, QA role, helping us to ensure that all of the software that we write is meeting those very high standards. We’re still looking for someone to do some website performance research, and we still have our instructional designer role open. So if you like to develop courses, and you’re really into security, and you like managing that entire process, we’d love to talk to you. We’ll have links to those in our show notes, as well as links to all of our immense benefits here at Defiant.

Kathy Zant:
We’d also like to mention that we are still offering K through 12 site cleaning and site auditing for schools that are using WordPress. If you know of a school that’s using WordPress, they are government funded anywhere in the world, we would love to provide security services for them, make sure that they are secure as they are educating the next generation of WordPress users out there. So we’ll have links to that in our show notes as well. Anything else I’m missing?

Ram Gall:
I just want to say that when we say we have high standards, we really mean that we want people who have high standards for themselves. We’re not like certain FAANG companies where you must have graduated from Harvard. No, it’s more we want people who really want … expect the best of themselves.

Kathy Zant:
Yes, like us.

Ram Gall:
Like us.

Kathy Zant:
Very high standards. I have high standards for lots of things like comedy, and having a good time, and also be passionate about what we’re doing. I’m very passionate about WordPress and security and helping WordPress users get the most out of WordPress. That’s my standard, for myself.

Ram Gall:
Exactly.

Kathy Zant:
Thanks for joining us.

Ram Gall:
Talk to you next week.

You can find Wordfence on Twitter, Facebook, Instagram. You can also find us on YouTube, where we have our weekly Wordfence Live on Tuesdays at noon Eastern, 9:00 AM Pacific.

The post Podcast 117: Cyber Attack on Colonial Pipeline Affects Fuel Availability in 17 States appeared first on Wordfence.

Server Side Scans and File Integrity Monitoring

When it comes to the ABCs of website security server side scans and file integrity monitoring are the “A” and “B”. In fact, our server side scanner is one of the most crucial tools in Sucuri’s arsenal. It’s paramount in maintaining an effective security product for our customers and analysts alike.

This crucial tool handles tasks like issuing security warnings and alerts to our clients, notifying them that they have been compromised, and assisting our analysts in detecting new and emerging variants of malware.

Continue reading Server Side Scans and File Integrity Monitoring at Sucuri Blog.

WordPress 5.7.2 Security Release: What You Need to Know

On May 13, 2021 01:00 UTC, WordPress core released a security patch for a Critical Object Injection vulnerability in PHPMailer, the component that WordPress uses to send emails by default. If your site is set to allow auto updating of minor point releases, your site has probably already updated to WordPress 5.7.2.

While we do recommend updating WordPress immediately if you haven’t already, at this time we do not believe that most WordPress sites are likely to be exploitable by this vulnerability.

Don’t Panic

The vulnerability in question is an Object Injection flaw present in multiple versions of PHPMailer which has been given an identifier of CVE-2020-36326. It is similar to another vulnerability, CVE-2018-19296, that had been patched in an earlier version of PHPMailer.

We’ve written about Object Injection vulnerabilities in the past, and while they should be taken seriously, all Object Injection vulnerabilities require a “POP Chain” in order to cause additional damage. In order to exploit this vulnerability, additional software with a vulnerable magic method would need to be running on the site.

Assuming the presence of a POP chain, there are still more obstacles that would need to be bypassed in order to exploit this vulnerability. Although anyone with direct access to PHPMailer might be able to inject a PHP object, warranting a critical severity rating in the PHPMailer component itself, WordPress does not allow users this type of direct access. Instead, all access occurs through functionality exposed in core and in various plugins.

In order to exploit this, an attacker would need to find a way to send a message using PHPMailer and add an attachment to that message. Additionally, the attacker would need to find a way to completely control the path to the attachment. This automatically rules out built-in WordPress functionality and the functionality of most plugins, as even contact form plugins that allow file uploads and send attachments typically use the location of the uploaded file as the attachment and don’t allow users to directly control the attachment path.

In our assessment, successfully exploiting this vulnerability would require a large number of factors to line up, including the presence of at least one additional vulnerability in a plugin or other component installed on the site as well as the presence of a vulnerable magic method. We are also currently unaware of any plugins that could be used to exploit this vulnerability even as a site administrator.

This is unlikely to be used as an intrusion vector, though it is possible that it could be used by attackers who have already gained some level of access to escalate their privileges

Nonetheless, we do strongly recommend updating to the latest version of WordPress as soon as possible, as the sheer number of WordPress installations in existence means that exploitable sites likely exist. Additionally, the vulnerability may be easier to exploit than originally anticipated, or the original researchers or other actors may release more detailed proof of concept code sometime in the future.

The Wordfence firewall’s Built-In PHAR Deserialization protection should protect all of our users, including Wordfence Premium customers as well as those still using the free version, against any attempts to exploit this vulnerability.

Conclusion

In today’s article, we covered an Object Injection vulnerability in PHPMailer, a software component used by WordPress to send email. We recommend updating WordPress core if you haven’t already, but we do not currently believe there is cause for alarm, and do not expect to see this vulnerability attacked at scale as it is dependent on a number of other factors to successfully exploit.

Special thanks to Wordfence Lead Developer Matt Barry and QA Lead Matt Rusnak for their assistance with this article.

The post WordPress 5.7.2 Security Release: What You Need to Know appeared first on Wordfence.

Critical Vulnerability Patched in External Media Plugin

On February 2, 2021, our Threat Intelligence team responsibly disclosed the details of a vulnerability in External Media, a WordPress plugin used by over 8,000 sites. This flaw made it possible for authenticated users, such as subscribers, to upload arbitrary files on any site running the plugin. This vulnerability could be used to achieve remote code execution and take over a WordPress site.

We initially reached out to the plugin’s developer on February 2, 2021. After establishing an appropriate communication channel, we provided the full disclosure the same day. After several minor patches and follow-ups with the developer, a fully patched version was released as version 1.0.34.

This is considered a critical vulnerability. Therefore, we highly recommend updating to the latest patched version available, 1.0.34, immediately.

Wordfence Premium users received a firewall rule to protect against any exploits targeting this vulnerability on February 2, 2021. Sites still using the free version of Wordfence received the same protection on March 4, 2021.

Description: Authenticated Arbitrary File Upload and Remote Code Execution
Affected Plugin: External Media
Plugin Slug: external-media
Affected Versions: <= 1.0.33
CVE ID: Pending.
CVSS Score: 9.9 (Critical)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Fully Patched Version: 1.0.34

External Media is a WordPress plugin designed to allow users to upload media files from external sources. Unfortunately, the plugin had a flaw that made it possible for authenticated low-level users like subscribers to upload PHP files from external sources. Any site allowing anyone to register as a subscriber was particularly vulnerable.

The plugin registered an AJAX action, wp_ajax_upload-remote-file, that was tied to the upload_remote_file function. This function was used to obtain the remote file’s name, URL, and caption, in addition to a few other fields.

public function upload_remote_file() {
  $file = $_POST['url'];
  $plugin = $_POST['plugin'];
  $filename = $_POST['filename'];
  $caption = !empty($_POST['caption']) ? $_POST['caption'] : '';
  $referer = !empty($_POST['referer']) ? $_POST['referer'] : '';
  $loaded_plugin = $this->load_plugin( $plugin );
  $this->_call_class_method( $loaded_plugin['phpClassName'], 'download', array( $file, $filename, $caption, $referer ) );
  }

This information was used to load a “plugin” method to upload a file, and then trigger the download function which ultimately triggered the file upload function save_remote_file that saved the remote file to the server.

Unfortunately, there were no capability checks that verified if a user had the appropriate capabilities to upload a file, which allowed any user logged in the WordPress site running the plugin to upload files using the external media functionality. There were also no nonce checks, making it possible for an attacker to exploit this functionality using a cross-site request forgery attack.

In addition to missing capability and nonce checks, there was no validation on the filename that was being uploaded, which made it possible to set a PHP file extension. This effectively allowed authenticated users to upload PHP files to a vulnerable site that could be used for remote code execution, ultimately allowing an attacker to completely take over a vulnerable WordPress site.

Disclosure Timeline

February 2, 2021 – Conclusion of the plugin analysis that led to the discovery of a vulnerability in the External Media plugin. We develop a firewall rule to protect Wordfence customers and release it to Wordfence Premium users prior to initiating contact with the plugin’s developer.
February 2, 2021 – The plugin’s developer confirms the inbox for handling discussion. We send over full disclosure.
February 15, 2021 – A newly updated version of External Media is released containing a partial patch. We inform the developer of additional enhancements that are required.
February 15, 2021 – May 5, 2021 – Several follow-ups with the developer who remains in contact with us. A few partial patches are released during this time.
March 4, 2021 – Free Wordfence users receive firewall rules.
May 5, 2021 – Fully patched version of the plugin is released.

Conclusion

In today’s post, we detailed a flaw in External Media that granted authenticated attackers the ability to upload arbitrary files onto a vulnerable site’s server and achieve remote code execution. This flaw has been fully patched in version 1.0.34. We recommend that all users immediately update to the latest version available, which is version 1.0.34 at the time of this publication.

Wordfence Premium users received firewall rules protecting against this vulnerability on February 2, 2021, while those still using the free version of Wordfence received the same protection on March 4, 2021.

If you know a friend or colleague who is using this plugin on their site, we highly recommend forwarding this advisory to them to help keep their sites protected as this is a critical vulnerability that can lead to full site takeover.

The post Critical Vulnerability Patched in External Media Plugin appeared first on Wordfence.

WPScan Intro: How to Scan for WordPress Vulnerabilities

In this post, we look at how to use WPScan. The tool provides you a better understanding of your WordPress website and its vulnerabilities. Be sure to check out our post on installing WPScan to get started with the software.

Big Threats Come from Unexpected Places

Imagine for a second that you’re a survivor in a zombie apocalypse.

You’ve holed up in a grocery store, barricading windows and checking door locks.

Continue reading WPScan Intro: How to Scan for WordPress Vulnerabilities at Sucuri Blog.

Pin It on Pinterest