CogDogBlog: Gizmo-ing Stuff to Mastodon

CogDogBlog: Gizmo-ing Stuff to Mastodon. “Once Jim Groom took the nudge to figure out how to spin up Mastodon in the Reclaim Hosting cloud gizmo (see, thingamagig!) and launch a place for DS106 I was starting to think how it might be possible to wire up the DS106 Daily Create (well into its 10th year, never missed a day, and zeroing in on the 4000th TDC, one has to hum the song Where Have All the MOOCs Gone) to join Tootland.”

Bleeping Computer: 15,000 sites hacked for massive Google SEO poisoning campaign

Bleeping Computer: 15,000 sites hacked for massive Google SEO poisoning campaign. “Hackers are conducting a massive black hat search engine optimization (SEO) campaign by compromising almost 15,000 websites to redirect visitors to fake Q&A discussion forums. The attacks were first spotted by Sucuri, who says that each compromised site contains approximately 20,000 files used as part of the search engine spam campaign, with most of the sites being WordPress.”

Techdirt: Phishing Attacks On WordPress Site Owners Disguised As Copyright Infringement Warnings

Techdirt: Phishing Attacks On WordPress Site Owners Disguised As Copyright Infringement Warnings. “What makes this so devious is that, though the public has somewhat learned to filter out the common email phishing attempts, disguising all of this as a copyright infringement issue pointed at website owners is likely to ensnare more people than a common phish attempt.”

The Register: Thousands of websites run buggy WordPress plugin that allows complete takeover

The Register: Thousands of websites run buggy WordPress plugin that allows complete takeover. “Miscreants have reportedly scanned almost 1.6 million websites in attempts to exploit an arbitrary file upload vulnerability in a previously disclosed buggy WordPress plugin. Traced as CVE-2021-24284, the vuln targets Kaswara Modern WPBakery Page Builder Addons and, if exploited, it would allow criminals to upload malicious JavaScript files and even completely take over an organization’s website.”

WordPress: 7 Best Security Plugins to Protect Your WordPress Site

WordPress: 7 Best Security Plugins to Protect Your WordPress Site. “f your website is running on WordPress and you haven’t invested in a robust security plugin, your site could be next on the hit list. Thankfully, there are a number of reliable and highly adaptable plugins available for WordPress sites (you can browse a few of the options available at Envato) but how do you know which one is right for your business?”

WP Tavern: rtCamp Launches WordPress Plugin Compare Project

WP Tavern: rtCamp Launches WordPress Plugin Compare Project. “The team behind rtCamp, a 125-person agency and a WordPress VIP Gold agency partner, has launched a new tool called WordPress Plugin Compare Project (WPPC) to help users extend WordPress with the right plugins for their needs. WPPC lets users search for plugins to compare and customize each selection displayed on [a] chart.”

The Hacker News: YODA Tool Found ~47,000 Malicious WordPress Plugins Installed in Over 24,000 Sites

The Hacker News: YODA Tool Found ~47,000 Malicious WordPress Plugins Installed in Over 24,000 Sites. “As many as 47,337 malicious plugins have been uncovered on 24,931 unique websites, out of which 3,685 plugins were sold on legitimate marketplaces, netting the attackers $41,500 in illegal revenues. The findings come from a new tool called YODA that aims to detect rogue WordPress plugins and track down their origin, according to an 8-year-long study conducted by a group of researchers from the Georgia Institute of Technology.”

Ars Technica: Researchers find backdoor lurking in WordPress plugin used by schools

Ars Technica: Researchers find backdoor lurking in WordPress plugin used by schools. “The premium version of School Management, a plugin schools use to operate and manage their websites, has contained the backdoor since at least version 8.9, researchers at website security service JetPack said in a blog post without ruling out that it had been present in earlier versions. This page from a third-party site shows that version 8.9 was released last August.”