Think Like a Hacker with Wordfence

Episode 125: Critical SQL Injection Vulnerability Patched in WooCommerce Jul 16, 2021

A critical SQL injection vulnerability was discovered in WooCommerce, the most popular e-Commerce plugin used by over 5 million WordPress sites. The WordPress.org team pushed a forced security update ensuring that over 90 versions of WooCommerce were patched. REvil ransomware gang targeted a zero-day vulnerability in Kaseya, used by many in the banking industry, before going dark. A new SolarWinds zero-day was found in their Serv-U FTP platform. WordPress 5.8 will be released next week with many new features, as well as removing support for Internet Explorer 11. Microsoft released a number of patches, including those patching 3 zero-day vulnerabilities.

Episode 124: PrintNightmare 0Day Exploit Accidentally Leaked Online Jul 02, 2021

Security researchers accidentally leaked zero-day exploit code for a new Windows bug, now called PrintNightmare, while easily exploitable vulnerabilities in the ProfilePress plugin, previously called WP User Avatar, were patched quickly. An unprotected cloud database containing over 814 million DreamHost user records was found online. Google Chrome is getting a HTTPS-only feature in an upcoming version, and two bugs, one of which is a zero-day, are leading to attackers fighting over control of internet-connected Western Digital My Book Live devices.

Episode 123: Over 30 Million Dell Devices at Risk for Remote BIOS Attacks Jun 25, 2021

Over 30 million Dell devices are at risk for remote BIOS attacks due to four separate security bugs, which can have far reaching effects for enterprise organizations heavily invested in Dell devices. VMware Carbon Black App Control has been updated this week to fix a critical-severity vulnerability that allows authentication bypass. Antivirus creator John McAffee dies in a Spanish jail, and a bug found by a security researcher in Atlassian’s authentication could have led to a supply chain attack. A security update is planned for Google Drive that could break shared links. And a number of organizations were affected by security breaches, including the city of Tulsa, Oklahoma.

Episode 122: Largest Password Dump in History Fuels Credential Stuffing Extravaganza Jun 18, 2021

Sites running Jetpack are being infected via compromised WordPress.com credentials. The largest password dump ever with 8.4 billion passwords is used in credential stuffing attacks. Wordfence Threat Intelligence discloses new plugin vulnerabilities as well as a vulnerability at tsoHost. Data Breaches impact VW and EA, REvil compromises a nuclear weapons contractor, and TurboTax accounts are taken over. Ransomware surveys show conflicting results. Chrome and iOS Safari are both patched against 0-days.

Episode 121: Wordfence is Now a CVE Numbering Authority (CNA) Jun 11, 2021

Wordfence is now a CVE Numbering Authority, or a CNA. As a CNA, Wordfence can now assign CVE IDs for new vulnerabilities in WordPress Core, WordPress Plugins and WordPress Themes. An outage at Fastly takes down major websites including Reddit, Twitch, Amazon, and many others. Microsoft patches numerous Windows 0-day vulnerabilities, and Google patches a RCE in Android phones. A FBI informant and a messaging app led to huge global crime sting, and Windows container malware targets Kubernetes clusters used by numerous data centers.

Episode 120: Jetpack Autoupdate Security Patch Bypasses Local Settings Jun 04, 2021

A security fix for an information leak vulnerability was pushed out to WordPress sites using Jetpack that bypassed local settings preventing autoupdates. A ransomware attack on JBS that shut down meat processing operations in the United States has been attributed to REvil, a private Russian ransomware-as-a-service operation. A critical zero-day vulnerability was discovered by the Wordfence site cleaning team in the Fancy Product Manager plugin, used by 17,000 WordPress sites. Amazon devices will soon automatically share your Internet with neighbors, unless you opt out by June 8. Google PPC ads are serving up malicious content targeting searches for AnyDesk, Dropbox & Telegram apps.

Episode 119: Critical VMWare Vulnerability Threatens Data Centers May 28, 2021

A Critical Vulnerability in VMWare's vCenter Server threatens some of the largest data centers in the world. An actively exploited 0-day in macOS was used to take screen shots of infected computers. CodeCov claims another victim as Japanese e-Commerce unicorn Mercari reports a massive data breach. Domino's India and Air India suffer from large-scale data breaches. And last, but not least, it's time to update Chrome again, thanks to some high-severity vulnerabilities that were just patched.

Episode 118: Four Android Vulnerabilities Under Active Attack May 21, 2021

Four memory corruption vulnerabilities are being actively exploited on Android devices and nearly 2 dozen popular Android apps exposed over 100 Million users’ sensitive information in cloud databases. Over 600,000 sites using WP Statistics required a patch to fix a blind SQL injection vulnerability. WP User Avatar undergoes a dramatic rebranding to ProfilePress, adding completely divergent functionality and causing a user revolt in reviews. More details emerge about the ransomware attack on Colonial Pipeline, as DarkSide shuts down after losing access to their infrastructure. A popular Russian language hacking forum bans ransomware discussions, and an Apple executive claims there are unacceptable levels of Mac malware during the Epic Games lawsuit.

Podcast 117: Cyber Attack on Colonial Pipeline Affects Fuel Availability in 17 States May 14, 2021

A ransomware attack on Colonial Pipeline affected fuel availability in 17 southeastern US states, and Bloomberg reported that Colonial Pipeline paid $5 million to DarkSide, a Russia-based ransomware service provider. The Biden Administration issued an executive order to increase US cybersecurity defenses. WordPress 5.7.2 was released to patch a critical object injection vulnerability in PHPMailer. A critical vulnerability was patched in the External Media plugin, used by over 8K sites. Vulnerabilities were discovered in all WiFi devices, and patch is available for a zero-day RCE under active attack in Acrobat Reader.

Episode 116: Packagist Patch Shows how Supply Chain Threats Could Impact WordPress May 07, 2021

A vulnerability discovered in Packagist, which is used by Composer to manage PHP package requests, could have allowed attackers to cause Composer to download the wrong source code, potentially affecting all WordPress sites. Packagist reports that it's not aware of any exploits. A SQL injection vulnerability was patched in the CleanTalk AntiSpam plugin installed on over 100k sites. Vulnerabilities were discovered in Exim mail server, including 3 RCE vulnerabilities. We’re seeing some of the first trickle-down attacks from the Codecov supply chain attack, first from HashiCorp and also from Twilio. Apple releases iOS 14.5.1 to patch vulnerabilities in WebKit that are being exploited in the wild, a DDoS takes down Belgium, Peloton exposes customer information, and Signal taunts Facebook with a rejected advertising campaign.

Episode 115: Update Your Mac: Gatekeeper Bypass Vulnerability Exploited in the Wild Apr 30, 2021

Apple patches a gatekeeper bypass vulnerability that has been exploited in the wild on MacOS. Though this vulnerability requires some social engineering to exploit, it is believed to be actively exploited since January 9, 2021. Some Digital Ocean customers were affected by a data breach exposing personally identifiable information. A WordPress trac conversation considers blocking Federated Learning of Cohorts as a security release, and Creative Commons Search is coming to WordPress.org in a few weeks. And Google Chrome has another remote code execution bug requiring an update to patch.

Episode 114: Trifecta of Compromises Affect Enterprise Systems Apr 23, 2021

Attacks on unpatched SolarWinds systems continue. We're now learning of a supply chain attack that started in late January 2021 affecting 29,000 customers of Codecov, as well as a zero-day under active attack affecting customers of PulseSecure VPN. Customers of these three services are well known enterprise and government organizations. In the WordPress space, there are two add-on plugins experiencing active attacks: Kaswara Modern WPBakery Page Builder Addons and The Plus Addons for Elementor. Vulnerabilities discovered by our threat intel team in Redirection for Contact Form 7 were patched. We also take a look at updates coming in WordPress 5.8 to prepare the way for WordPress full-site editing.

Episode 113: An Unprecedented FBI Operation Removes Webshells from Infected Exchange Servers Apr 16, 2021

An FBI initiative began remotely removing webshells from infected Microsoft Exchange servers. WordPress 5.7.1 was released with a few security patches. Over 15 Elementor add on plugins were found to have vulnerabilities similar to those found in the main Elementor plugin; these additional plugin vulnerabilities affected over 3.5 million sites with over 100 vulnerable endpoints. Google Chrome was found to have two 0-day vulnerabilities. The US and UK blame Russian intelligence service hackers for the attack campaigns against SolarWinds. Organizations are still being urged to patch the five VPN and cloud vulnerabilities being exploited in ongoing attacks.

Episode 112: Wix Takes Aim at WordPress with New Ad Campaign Apr 09, 2021

A new Wix ad campaign targets WordPress but ends up being tone deaf in both content and strategy. New details emerge about the PHP compromise, but the full story remains unclear. Facebook user data from 2019 ends up on the dark web, and Have I Been Pwned adds a phone number check to help users determine if they’ve been affected. GitHub Actions are being used by cryptojackers, Gigaset Android phones have been infected with malware in a supply chain attack, and new phishing methods emerge using Telegram.

Episode 111: PHP Git Repository Compromised Apr 02, 2021

The self-hosted Git repository for PHP was compromised, with attackers adding a backdoor to a development version of PHP 8.1. The intrusion was detected by the PHP community quickly, and no production environments were affected. Ubiquiti experienced an intrusion in January that was far worse than originally reported; attackers gained access to nearly all of the AWS assets for the company who has shipped 85 million IoT devices. Some OpenSSL vulnerabilities were recently patched, and two new vulnerabilities in Linux-based operating systems could let attackers circumvent Spectre mitigations to obtain sensitive information from kernel memory.

Episode 110: Active Exploitation Continues on Unpatched Thrive Themes Mar 26, 2021

Attackers continue to exploit recently patched vulnerabilities in Thrive Themes, though not all of them are successful. Two vulnerabilities are patched in the Facebook for WordPress plugin installed on over half a million sites. Google Chrome version 90 will use HTTPS by default, bringing significant improvements to speed and security. A ransomware insurance provider experiences a breach that could affect customers, and Slack’s new “Slack Connect” feature has some security concerns.

Episode 109: This Attack Will Make You Want to Stop Using SMS 2FA Mar 19, 2021

An attack shows how a SMS enablement service was used to bypass SMS 2FA for $16. We discuss the recently patched vulnerabilities in Elementor affecting over 7 million WordPress sites and how easily these cross-site scripting vulnerabilities can be exploited. We also talk about the SQL Injection vulnerabilities in Tutor LMS. The data center fire at OVH in France that took 3.5 million sites offline also took down some advanced persistent threat (APT) actors. And there's yet another Chrome use-after-free zero-day vulnerability being actively exploited.

Episode 108: Hack Exposes 150,000 Security Cameras at Tesla, Cloudflare and Others Mar 12, 2021

A data breach exposes 150,000 security cameras used by organizations around the world, including Tesla and Cloudflare. State-sponsored hacking groups exploit Microsoft Exchange vulnerabilities. A fire in a French data center belonging to hosting company OVH affects millions of websites, including some prominent WordPress services like Imagify and WP Rocket. WordPress 5.7 was released this week with many new features. A zero-day vulnerability was listed for sale in a new way, as an NFT on the OpenSea NFT marketplace.

Episode 107: Two Plugin Vulnerabilities Target File Upload Capabilities Mar 05, 2021

The Wordfence Threat intelligence team finds vulnerabilities in two plugins, the User Profile Picture plugin and the WooCommerce Upload Files plugin. WordPress 5.7 is set to release on Tuesday, March 9 with numerous enhancements for the block editor, a new robots.txt API, and a stay of execution on jQuery-migrate. A zero day affecting Microsoft Exchange Server allows attackers to steal emails. And Brave buys a search engine to add to their growing privacy-oriented portfolio.

Episode 106: Admin Password Resets, Blockchain Botnets and a Central Management RCE Feb 26, 2021

WordPress 5.7 is due to be released on March 9, and it will allow administrators to send password reset emails to users. A botnet is abusing the Bitcoin blockchain for command and control, while VMWare fixes a critical remote code execution bug in all default vCenter installations. Android users now have an easy way to check password security. We talk about the ramifications of vulnerability disclosures and how last year's File Manager vulnerability did not have long lasting effects on plugin installation base or growth. We also discuss how investor data breach fatigue has reduced the stock price of cybersecurity failures.

Episode 105: The Hottest Trend in WordPress Feb 19, 2021

An analysis of WordPress-related search trends found that interest in WooCommerce related results dominated during 2020. We discuss recent vulnerabilities discovered by our threat intelligence team in Ninja Forms, affecting over 1 million sites. WordPress issues a statement that pirated themes and plugins are prohibited on the repository. And a supply chain attack affects users of the once-legitimate Barcode Scanner Android app. We also discuss some career opportunities on the Wordfence team.

Episode 104: Cryptography Demystified Feb 12, 2021

This week, the Wordfence team discusses cryptography in-depth, including the basics, a brief history, hashing, and the Crypto Wars. We also go over current news, including 2 new findings by the Wordfence Threat Intelligence team, a new milestone for WordPress, and a recent attack on a Florida Town's water supply.

Episode 103: Wordfence Innovates with Machine Learning and Security for Schools Feb 05, 2021

Wordfence opens the K-12 site audit and site cleaning service for public schools worldwide. Machine learning is now a big part of our malware identification process, which will speed new malware signatures to deployment for WordPress sites protected by Wordfence. A bug in Sudo can let attackers with access to a local system to elevate their access to a root-level account, which has implications for WordPress sites, Mac users, and many Internet of Things devices. WordPress 5.7, the next major release, will make it much easier for users to migrate their sites from HTTP to HTTPS.

Episode 102: Disruption Presents Opportunity Jan 29, 2021

After a disruptive year in 2020, there are new challenges in 2021, but also immense opportunities in numerous fields. In a deep and wide-ranging conversation, Mark Maunder and Kathy Zant discuss artificial intelligence, whether or not we're living in simulation, cryptocurrencies and the opportunities of blockchain technology, open source communities and publishing, avoiding scams and FOMO, as well as what fields are most promising for the next 10 years.

Episode 101: Supporting Remote Students with Free Site Audits & Cleanings Jan 22, 2021

Wordfence announced a new program offering free site cleaning and site audits to public schools in the United States. We talk about why we're offering this program and how to help schools take advantage of it. We also talk about the growing prevalence of WordPress as a content management system and how the incoming administration is using WordPress. We also talk about an unpatched Windows 10 denial of service vulnerability, a breach affecting over 1.9 million Pixlr users, and phishing kits exposing stolen passwords via Google search.

Episode 100: How to Lose 6 Figures the Easy Way Jan 15, 2021

The recent SolarWinds attack was incredibly sophisticated. What happens when that level of sophistication targets a homebuyer during one of the largest transactions of their lifetime? On this episode, we tell the story of an extremely difficult to detect spearphishing attack that almost cost a homebuyer a significant amount. From this story, we review the warning signs and steps you can take to protect against real estate wire transfer fraud.

Episode 99: SolarWinds Supply Chain Attack Affects Government and Fortune 500 Businesses Dec 18, 2020

Earlier this week, we learned that SolarWinds, the largest provider of network management tools for large enterprise organizations fell victim to a supply chain attack. This attack affected their Orion network management system. Reportedly, 18,000 enterprise and government customers downloaded and installed malware that was digitally signed by a valid certificate as part of an update from SolarWinds’ own servers. Microsoft took control of one of the primary command-and-control domains. We also talk about a vulnerability in the PageLayer plugin and a wormable zero-click XSS bug found in the Jabber client.

Episode 98: How Application Passwords Work in WordPress 5.6 Dec 11, 2020

WordPress 5.6 was released this week with a new feature called application passwords. In this episode we talk about how application passwords work, where to find them in your WordPress installation, and why Wordfence decided to turn these off by default in version 7.4.14. We also talk about a new Magecart attack that places card skimmers inside of CSS files, MailPoet joining WooCommerce and what this means for eCommerce on WordPress sites. FireEye, one of the largest security firms, reported they were hacked by a nation state APT group, and a wormable zero-click vulnerability was found in Microsoft Teams.

Episode 97: The Future of WordPress with PHP 8 and WordPress 5.6 Dec 04, 2020

With WordPress 5.6’s imminent release and the recent release of PHP 8, we talk about the rapid changes affecting the future of WordPress with new security features and new functionality available to both WordPress users and developers. We also review a recent vulnerability found in iPhones and a social engineering attack on GoDaddy that targeted numerous cryptocurrency exchange sites.

Episode 96: Hosting Provider Failures and Incident Response Preparedness Nov 20, 2020

Two hosting providers experienced outages this week. GoDaddy had a brief outage affecting numerous systems on Tuesday, November 17. Managed.com had an extensive outage due to ransomware that affected all systems. We discuss what types of incident response preparations site owners should consider when events beyond their control occur. We also discuss a large-scale attack targeting themes using the Epsilon Framework, the new head of security at Twitter, and an Android chat app exposing private messages.

Episode 95: Critical Privilege Escalation Vulnerabilities Affect Over 100K WordPress Sites Nov 13, 2020

Three critical privilege escalation vulnerabilities in the Ultimate Member plugin put over 100,000 sites at risk. We also talk about the Page Experience metric to be added as a ranking signal for Google search and what this means for WordPress sites using page builders or Gutenberg. Microsoft warns against using telephone/SMS-based multi-factor authentication, and two zero-day vulnerabilities were patched in Google Chrome. Windows patches over 111 vulnerabilities as a part of November's Patch Tuesday.

Episode 94: Hosting Provider Exposed 63 Million Customer Records Nov 06, 2020

A hosting provider exposed over 63 million customer records via an open elastic search database containing verbose logs with plain-text username/password credentials for numerous WordPress, Magento and other sites. We also talk about the security updates in WordPress 5.5.2/5.5.3 and the accidental 5.5.3-alpha autoupdate. We talk about object injection vulnerabilities like the one discovered in the Welcart e-Commerce plugin and how POP chain attacks work. And Google's Project Zero finds a high-severity vulnerability in GitHub Actions not fixed within the 90-day disclosure grace period.

Episode 93: Nitro Documents on the Dark Web and Botnets Targeting Older Vulnerabilities Oct 31, 2020

We cover a couple of breaking stories this week, including the emergency release of WordPress 5.5.3 on Friday, October 30. In preparation for this, a number of sites autoupdated to version 5.5.3-alpha. We also look at the the defacement of the Trump Campaign website, and how 2-Factor Authentication could have prevented this. We also look at the implications of a massive Nitro database impacting numerous large organizations. A botnet is targeting a number of content management systems, including WordPress sites. And AdWare found on the Google Play Store is targeting kids.

Episode 92: WordPress Forced Security Autoupdate Protects Sites from Loginizer Vulnerability Oct 23, 2020

An easily exploitable SQL injection vulnerability was discovered in the Loginizer plugin installed on over one million WordPress sites, causing the WordPress team to force an update to sites using the vulnerable version.

The Justice department is filing antitrust suit against Google for allegedly monopolizing search and search advertising markets. Google Chrome gets an update to fix an actively exploited zero-day vulnerability. And a new feature in Jetpack allows users to post Tweetstorms through WordPress.

Episode 91: How Hackers Can Use CSRF Vulnerabilities and Spearphishing to Wreak Havoc on WordPress Oct 17, 2020

On this week's episode of Think Like a Hacker, we chat about the cross-site request forgery vulnerability found in the Child Theme Creator by Orbisius and how attackers could potentially use a vulnerability like this with spearphishing to wreak havoc, much like the phishing campaigns now being found on the Canva design platform. We also discuss the benefits of adding application passwords for REST API authentication planned for WordPress version 5.6.

We also consider the ramifications of the critical, wormable RCE bug patched by Microsoft, and how attackers are actively attacking the recent zerologon vulnerability that was patched in August.

Episode 90: WPBakery Plugin Vulnerability Exposes Over 4 Million Sites Oct 09, 2020

A vulnerability discovered by the Wordfence Threat Intelligence team in the WPBakery plugin exposes over 4 million sites. High severity vulnerabilities were discovered in the Post Grid and Team Showcase plugins. The online avatar service Gravatar, has been exposed to a user enumeration technique, which could be abused to collect data on its users' profiles, and a card skimmer was found on Boom! Mobile's web site, putting customer card data at risk.

Episode 89: Shopify Rogue Employees, Medium and Twitter Vulnerabilities, and Hackers Hiding Out in Corporate Networks Oct 02, 2020

Shopify reports that rogue employees stole data from 200 merchants on their platform. A security researcher found a vulnerability in the Medium Partner Program could have allowed an attacker to steal writers' earnings. Symantec reports that a state-sponsored hacking group has been hiding out in company networks as a part of an information-stealing campaign. And Twitter reports that an API bug exposed app keys and tokens via a caching issue.

Episode 88: XCloner Vulnerabilities, LokiBot Malware, & a 14 Year Old Nets a $25K Bug Bounty Sep 25, 2020

Our Threat Intelligence team discovered several vulnerabilities present in XCloner Backup and Restore, a WordPress plugin installed on over 30,000 sites. These vulnerabilities could have allowed an attacker to modify arbitrary files, including PHP files. The US government Cybersecurity and Infrastructure Security Agency is warning of detected persistent malicious activity traced back to LokiBot infections. An upcoming API change will break Facebook and Instagram oEmbed links across the web beginning October 24. Google has launched the Web Stories for WordPress plugin with a drag-and-drop, WYSIWYG interface for making full-screen, tappable content. Drupal patches a critical reflected XSS vulnerability. And a critical stored XSS vulnerability in Instagram's Spark AR Studio nets a 14-year-old researcher $25,000.

Episode 87: Vulnerabilities Affect Discount Rules for WooCommerce Plugin, ModSecurity & Windows Sep 18, 2020

Vulnerabilities were recently patched in the Discount Rules for WooCommerce plugin installed on over 40,000 WordPress sites. Developers from OWASP Core Rule Set said ModSecurity v3 is exposed to denial of service exploits, though the maintainers of ModSecurity reject that claim. A severe vulnerability called Zerologon in Windows Netlogon was patched in August; this bug could be exploited to attack enterprise servers. And a security researcher also discovered that the Windows TCPIP Finger command can also function as a file downloader and a makeshift command and control server. Last weekend, nearly 2,000 Magento stores were compromised in the largest hacking campaign since 2015.

Episode 86: War of the Hackers Sep 11, 2020

Millions of attacks have been targeting the recent File Manager plugin zero-day vulnerability discovered last week. Two attackers are vying for control over sites compromised through the vulnerability. A security researcher has revealed that specially crafted Windows 10 themes can be used to perform Pass-the-Hash attacks. A database belonging to the Digital Point webmaster forum leaked records of over 800,000 web professionals that are members of the forum. Visa is warning of a new Baka Javascript credit card skimmer that removes itself from memory after exfiltrating stolen data, making it difficult to detect.

Episode 85: 0Day in File Manager Plugin and WordPress 5.5.1 Fixes Broken Sites Sep 04, 2020

Over 700,000 WordPress users were affected by a zero-day vulnerability in the File Manager plugin, and the WordPress 5.5.1 release fixed millions of sites affected by deprecation of jQuery Migrate. SendGrid is under siege from spammers using hacked accounts, and Apple approves a notorious malware variant to run on Macs.

Episode 84: Google Chrome Plans to Implement Insecure Form Warnings Aug 28, 2020

The Google Chrome web browser has a high-severity vulnerability that could be used to execute arbitrary code, which has been fixed in Chrome version 85. Google also announced that Chrome 86 will alert users if a form submission is using the insecure HTTP protocol, making it a good time to audit older sites that may have migrated to HTTPS, but still have forms submitting via HTTP. A security researcher found a flaw in Apple's Safari browser that could allow an attacker to access files on a Mac or iOS device. The FBI and CISA have issued a joint alert to warn about the growing threat from vishing attacks targeting companies.

Episode 83: 100,000 Sites Impacted by Vulnerabilities in Advanced Access Manager Aug 21, 2020

The Wordfence Threat Intelligence team discovered vulnerabilities in the Advanced Access Manager plugin installed on over 100,000 WordPress sites. A high severity authorization bypass could lead to privilege escalation and site takeover. Critical vulnerabilities found in the Quiz and Survey Master plugin could also lead to site takeover on the 30,000 WP sites using the vulnerable version of this plugin.

Thousands of sites broke after updating to WordPress 5.5 due to deprecated support for jQuery Migrate, and the release of the Enable jQuery Migrate Helper plugin reached 10,000 active installations to help fix these sites using older themes or plugins.

As cryptocurrency values rise, we’re seeing a wave of new scams and hacking campaigns with cryptocurrency as a driving force, such as the recent Twitter hack and a botnet campaign breaching SSH servers.

Episode 82: Important Changes in the WordPress 5.5 Update Aug 14, 2020

WordPress 5.5 was released on August 11 with a number of important updates, including a new feature allowing auto-updates of themes and plugins as well as changes to the block editor. The popular Astra theme was suspended from the repository for having affiliate links in the code. A vulnerability found in Google Chromium browsers could allow attackers to bypass content security policy in order to steal data and execute rogue code, this vulnerability affects billions of users. The Wall Street Journal reported that government tracking software is embedded in over 500 mobile apps.

Episode 81: Critical Vulnerability Exposes over 700,000 Sites Using Divi, Extra, and Divi Builder Aug 07, 2020

Our Threat Intelligence team disclosed numerous vulnerabilities this week, including a critical vulnerability in the Divi and Extra themes as well as the Divi Builder plugin. In total, this vulnerability affected over 700,000 sites. A vulnerability found in The Official Facebook Chat Plugin created a vector for social engineering attacks as it allowed an attacker to pose as a site owner via chat. Object injection vulnerabilities discovered in the Newsletter plugin affected over 300,000 sites. We also look at the charges brought against 3 people in connection with the recent Twitter hack. The WordCamp US organizing team made the difficult decision to cancel WCUS this year amid online event fatigue.

Episode 80: Critical File Upload Vulnerability in wpDiscuz Plugin Jul 31, 2020

Our threat intelligence team discovered a vulnerability in the wpDiscuz plugin, affecting over 80,000 sites. A blind SQL injection attack affected analytics service WayDev, exposing OAuth tokens for GitHub repositories for software companies, leading to further breaches. A debate about problematic admin notices on the WordPress admin dashboard has many wondering how to best solve the issue, while WordCamps move to all virtual in 2020. Garmin's ransomware attack takes down more than step counting.

Episode 79: High Profile Twitter Accounts Compromised in Coordinated Attack Jul 17, 2020

A number of high profile Twitter accounts including those of Elon Musk, Apple, Uber, Bill Gates, Joe Biden and others were compromised as a part of a coordinated bitcoin scam attack. The attack lasted a few hours and netted the attackers about $100,000 worth of bitcoin. We talk about how this attack could have possibly happened and lessons for businesses with remote workers accessing company systems.

We also talk about a vulnerability our Threat Intelligence team discovered in the All in One SEO Pack plugin used by over 2 million WordPress sites. This vulnerability could be used by a malicious contributor account to take over a WordPress site.

We also discuss SigRed: A 17-year-old ‘wormable’ vulnerability that could be used to hijack Windows servers, a vulnerability that could have severe ramifications for enterprise Windows networks. This vulnerability was patched on July 14.

And we take a look at some privacy concerns with the increasingly popular TikTok app and how Apple discovered TikTok spying on iPhone users.

Episode 78: Targeted Phishing Bypassing Security Checks and a new DDoS Record Jun 22, 2020

This week, we look at some targeted phishing attacks that are bypassing Microsoft Outlook’s protective filters, and phishing campaigns using calendar invitations to target unsuspecting recipients. We also look at some successful bitcoin scams and a new record for a massive DDoS attack that targeted an AWS customer. Drupal pushes out some security fixes, and zero-day vulnerabilities found in numerous Netgear routers.

Episode 77: WordPress 5.4.2 Released, Fake Ransomware Bitcoin Scams Jun 12, 2020

This week, we look at the WP 5.4.2 release and a ransomware bitcoin scam targeting site owners with a “You’ve Been Hacked” email. We also look at an FBI warning about online banking app malware, the Verizon data breach report and what is says about WordPress, and how some white hat hackers are becoming millionaires by responsibly disclosing vulnerabilities via HackerOne.

Episode 76: Ongoing Attacks on WP Growing in Volume Plus Numerous Plugin Vulnerabilities May 15, 2020

On this week's Think Like a Hacker podcast, we cover an active attack campaign targeting WordPress sites and numerous plugin vulnerabilities. This active attack campaign has been ongoing and has outpaced all other attacks on WordPress vulnerabilities. Our threat intelligence team has been tracking this attacker for months now, and we’re seeing these attacks intensifying. We also look at vulnerabilities found in Google's Site Kit plugin and the Page Builder by SiteOrigin, and why it’s so important for plugin developers to have a Responsible Disclosure Policy published in an easy to find location on their site.

We also look at how a combination of two vulnerabilities were used in a zero-day active attack on sites running Elementor Pro and the Ultimate Addons for Elementor plugin.

We also look at some new updates to Fast or Slow, the new global site speed profiling tool created by the Wordfence engineering team, and the impromptu hard launch the site experienced when it rose to the #1 position on Hacker News on May 8, 2020.

May has been a rather busy month in WordPress security and for the Wordfence team. Enjoy the podcast, and stay safe.

Episode 75: The WordPress 5.4.1 Security Release & More Plugin Vulnerabilities May 02, 2020

The Wordfence Threat Intelligence team unpacked the security updates in WordPress 5.4.1, and they published quite a few blog posts about vulnerabilities in popular plugins like Ninja Forms, LearnPress, and the Real-Time Find and Replace plugin. These plugin vulnerabilities affected over 1 million WordPress sites. As a few of these were Cross Site Request Forgery vulnerabilities, so we take a look at how these attacks work and how to avoid becoming a victim to a malicious CSRF request.

We also look at more scams targeting COVID-19 fears and stimulus funds, and Google’s upcoming crackdown on Chrome extensions set to happen in August 2020. We also look at the privacy concerns expressed by many in the information security field about contact tracing initiatives by various companies including Google and Apple as well as governmental agencies.

Episode 74: Staying Safe When Hackers Use Sophisticated Attacks Apr 24, 2020

Stories this week about targeted attacks using 0days in iPhone and iPad devices and a sophisticated phone scam targeting a security professional that ended with a $9,800 wire transfer underscore what we all know: malicious attacks are becoming increasingly sophisticated. We also cover a recent plugin vulnerability in the MapPress Maps plugin affecting over 80,000 WordPress sites, Google’s report that they’re seeing more than 18 million daily malware and phishing emails. We also cover the recent funding that Frontity received, and look at what this might mean for faster WordPress sites.

Episode 73: Security News and Success through Processes with Adam Silver Apr 17, 2020

The FTC is reporting numerous scams targeting fears and uncertainty, with over $12 million lost to Coronavirus-related scams. We also cover BBB warnings against oversharing on social media, over 500,000 Zoom credentials found on the dark web, Google's removal of malicious Chrome extensions, as well as recent plugin and theme vulnerabilities. We chat with Adam Silver, host of the KitchenSinkWP podcast, celebrating 6 years of podcasting. We ask Adam about his consistent success, experiences with WordCamps, as well as the impact of Open, the film about the WordPress community, in which Adam plays a starring role.

Episode 72: WordPress 5.4 Released, Zoom Conferencing Safety & Security Apr 06, 2020

This week, we look at what’s new in WordPress 5.4, including that distraction free editing is now on by default. We also look at new plugin vulnerabilities, including Rank Math and a Contact From 7 helper plugin. We review the new updates to Fast or Slow, the free global website speed profiler. We also talk about Zoom’s recent security and privacy issues, including a recent discovery by a security researcher who found recordings of meetings containing sensitive information on Zoom’s cloud service.

Episode 71: Hackers Targeting COVID-19 Fears Mar 25, 2020

With many of us under either lockdown or shelter-in-place orders due to the COVID-19/Corona virus, fear and stress are rampant. This additional stress lowers our critical thinking capabilities and increases our vulnerability. Hackers targeting these human vulnerabilities are using the global pandemic to attempt exploitation through numerous scams and phishing campaigns. We also cover two plugin vulnerabilities affecting tens of thousands of sites as well as a new product from Wordfence, Fast or Slow, a global website speed profiler.

Episode 70: Customer Education and Agency Resiliency with Jon Bius Mar 14, 2020

We chat with Jon Bius, a web developer at Biz Tools One, an agency in Fayetteville, NC, about how they use customer education to build relationships and differentiate their business. We also cover two plugins with vulnerabilities, more cancelled WordCamps, some hackers taking advantage of the fear surrounding COVID-19, the rise of remote work, and what’s coming with full screen editing in WordPress 5.4. Find show notes and links on https://www.wordfence.com/podcast/

Episode 69: The Meteoric Growth of Elementor with Kfir Bitton Mar 06, 2020

On February 26, WordPress page building platform Elementor announced that they had received $15 million in venture funding. After topping 4 million installations of their plugin in January, it appears that Elementor is on a path to do some big things with WordPress. This week, we chat with Elementor CRO Kfir Bitton from his office in Tel Aviv, Israel about how Elementor grew so quickly, what's next for this plugin turned platform, and how Elementor strives to give back to the WordPress community. Of course, we also have news stories including how COVID-19 is affecting WordCamps, the Let's Encrypt domain control validation bug, and the coupon creation vulnerability in WooCommerce Smart Coupons.

Episode 68: More Plugin Vulnerabilities and Active Attack Campaigns Feb 29, 2020

This week, we review numerous plugin vulnerabilities in popular WordPress plugins and the attacks that are targeting them. We also review the Duplicator vulnerability affecting over 1 million sites, and Chloe Chamberland's discovery of multiple vulnerabilities in the Pricing Table by Supsystic plugin. Some WordPress-focused companies, Elementor and Strattic, receive venture funding.

We also ask lead customer support engineer Tim Cantrell about the different ways to use Wordfence settings for brute force protection, blocking IP addresses, and how to prevent alert fatigue. A transcript is available on wordfence.com/podcast

Episode 67: Avoiding Common Vulnerabilities When Developing WordPress Plugins Feb 28, 2020

Almost every week, a new vulnerability is discovered in a popular WordPress plugin or theme, leaving developers scrambling to fix it before it’s widely exploited. Surprisingly, almost all critical vulnerabilities boil down to a few common mistakes. In this talk from WordCamp Phoenix, Ramuel Gall reviews these common errors and provides advice on creating secure plugins. Check out the video on YouTube to see slides with example code. There were some audio glitches during the presentation, but the content is good enough we had to share this with you. Transcript available in the show notes.

Episode 66: New Plugin Vulnerabilities & Succeeding as a Digital Nomad with Chloe at WCPHX Feb 21, 2020

It has been a busy week in WordPress security with active attacks on a number of plugins including ThemeRex Addons and Theme Grill Demo Importer plugins. In this week’s Think Like a Hacker, we look at what’s happening, review what a zero-day vulnerability is, and give you some advice on keeping WordPress installations clean and safe. We also look at a vulnerability uncovered in the wpCentral plugin installed on over 60,000 sites, a WHO phishing attack, and Malwarebytes’ State of Malware report.

At WordCamp Phoenix, Wordfence Threat Analyst Chloe Chamberland spoke to a packed room of attendees looking to learn more about how she succeeds working remotely as a digital nomad. Her talk starts at 19:13 if you’d like to skip ahead, though we recommend watching the YouTube video of her talk to see Chloe’s travel photos and audience interaction. Links to that video and all of the news items are available in the show notes on wordfence.com/podcast.

Episode 65: WordCamp Asia Cancellation Prompts Community Support Feb 15, 2020

WordCamp Asia was cancelled this week due to concerns of COVID-19/coronavirus in the region. This week, Wordfence CEO Mark Maunder talks about the decision to offer the WordCamp Asia Cancellation Fee Assistance Package to attendees, volunteers, organizers, and speakers that had planned to travel to this inaugural regional WordCamp. We also cover a number of WordPress plugin vulnerabilities disclosed this week and over 500 malicious Chrome extensions removed from the Chrome Web Store affecting millions of browsers worldwide.

Episode 64: Backdoors, Webshells, and the Growing Risks of Leaks & Breaches Feb 07, 2020

We take a look at the annual hacked site report from GoDaddy's Sucuri Security and the types of malware they found in various CMS and shopping cart applications. Microsoft reports they're finding 77,000 webshells daily, and WP Scan's roundup lists a number of popular plugins and themes with recent vulnerabilities. A report from students at Harvard University exposes the growing risks of online leaks & breaches.

Episode 63: Succeeding as a Remote Working Nomad with Chloe Chamberland Jan 30, 2020

Chloe Chamberland never wanted to get into security, and yet in the last three years, she has emerged as one of our most effective and prolific threat researchers. Not only does she find vulnerabilities in numerous popular plugins, she also travels the world while doing so. Chloe talked to me from a cabin in a remote area of Alaska, where she saw a moose for the first time. Chloe talks about how she got started in security and gives advice for young people who think they might enjoy security research. She also tells us why she loves speaking at WordCamps, the scariest vulnerability she's discovered, and also tells us she's working with more developers to make their code secure.

In the news, I cover some recent WordPress plugin vulnerabilities, why cloud firewalls can be bypassed, and what site owners might need to watch for in Google Chrome's upcoming SameSite cookie changes.

Think Like a Hacker: Changes Coming, 3 Critical Plugin Vulnerabilities Jan 17, 2020

Welcome to 2020! We're making some changes to Think Like a Hacker and wanted to let you know. We're moving to an audio-only version of the podcast, publishing twice per month. We also wanted to let you know about 3 major vulnerabilities in WordPress plugins potentially affecting over 400,000 WordPress installations. Details are on the Wordfence blog as well.

Episode 62: 2019 Think Like a Hacker Highlights Dec 20, 2019

We've had quite a year with Think Like a Hacker, the podcast about WordPress, security and innovation. For the end of year episode, we thought it would be fun to take a look back at a few of our favorite interviews and news stories. For episode 62, we review conversations with Josepha Haden, Brandy Lawson, Jennifer Bourn, Matt Cromwell, and we look back at the Pipdig story that created a furor earlier this year. Thank you to everyone who sat down with us over the first year of Think Like a Hacker, and thank you to our audience for listening, commenting, and helping Think Like a Hacker become what it is. We have big plans for 2020, and we hope you join us. Happy holidays to everyone celebrating, and we'll see you in 2020.

Here are timestamps if you'd like to jump around: 0:55 Josepha Haden on how she got involved with WordPress 1:59 Jon Brown talks about managing a remote team 3:50 Verious Smith's entrepreneurship journey 5:40 the Pipdig story with Mikey Veenstra 6:53 Ryan Dewhurst on the WP Vulnerability Database 7:44 Brandy Lawson talks about entrepreneurship 8:42 WordPress core and signing core updates 10:19 Matt Cromwell on why open source community matters 11:37 Jennifer Bourn on the benefits of young people in WordPress 13:03 Marieke van de Rakt on Yoast Academy 14:00 Think Like a Hacker at WordCamp US

Episode 61: Improving Website User Experiences with Dave Ryan Dec 18, 2019

With Google Chrome experimenting with a badge of shame for websites that load slowly in Chrome, there is a new urgency for high performance interfaces for web users. Gatsby, Gridsome and other static site interfaces are hot in the development community right now, especially when talking about headless WordPress. At WordCamp US, Mark chats with Dave Ryan about these technologies, reminding us that no matter the technology we use to create a website, our decisions during development matter to the end users' experience.

Episode 60: Top WordPress Influencer Lists & Chrome Password Security Improvements Dec 12, 2019

A small furor erupted over a top influencers in WordPress list that neglected to show the diverse nature of the WordPress community. We talk about the impossibility of making an accurate list that reflects the true nature of WordPress influence or contribution, and the diversity we saw during our work on Open, our film project about the WordPress community. We also talk about Google plans to give slow websites a new badge of shame in Chrome, password security updates in Chrome 79, and the DHS reconsiders a plan to use facial-recognition technology on all U.S. citizens traveling internationally.

Episode 59: Mailpoet's Kim Gjerstad on Beating Spammers and Improving Net Promoter Scores Dec 10, 2019

Kim Gjerstad, one of the founders of Mailpoet, visited with Mark at the Wordfence booth at WordCamp US. Kim and Mark talked about the origins of Mailpoet, the plugin that gives users a full email management system within the WordPress administrative dashboard. They talk about email deliverability as well as the challenges of fighting email abuse, a constant battle that Mailpoet is winning. They also talk about net promoter scores and what it means for the success of a SaaS business.

Episode 58: Leadership and the Business of WordPress Plugins: Lessons from the Yoast Black Friday Ad Dec 06, 2019

Yoast, the SEO plugin installed on 9 million WordPress sites, ran a Black Friday sale, experimenting with an ad in the WordPress admin dashboard. The internet furor was dramatic, and Yoast's CEO Marieke van de Rakt took ownership, showing exceptional leadership. We discuss the ad and the response from both users and competitors and the challenges of running a plugin business under a freemium model. We also cover stories about AVG and Avast browser extensions, the Magento Marketplace hack, the private equity purchase of .org and a data leak affecting 1.2 billion people.

Episode 57: SEO Content Strategy and Lock Picking with Maddy Osman at WordCamp US Nov 22, 2019

Maddy Osman is a SEO content strategist that has worked with a number of familiar brands in both the WordPress and SaaS spaces. She spoke at WordCamp US and took some time to chat with us at the Wordfence sponsor booth. Maddy talks about how she got started in SEO content strategy after doing web design and development, and also what the entrepreneurial journey has been like for her. Maddy also shows off some of her lock picking skills she picked up while hanging out at the Wordfence booth.

Episode 56: WordCamp US, WordPress 5.3 and Chrome Blocking Mixed Content Nov 20, 2019

In Episode 56, we review the premiere of Open, The Community Code, a film about the WordPress community that world premiered at Matt Mullenweg's State of the Word Keynote at WordCamp US. Mark and Kathy talk about what it was like watching friends in the community see the film for the first time. We also discuss recent updates to WordPress in version 5.3, especially some of the improvements to the new Gutenberg editor, accessibility, and site health. We also review Google Chrome's plans to warn and block mixed content and how site owners can prepare now for these upcoming changes.

Episode 55: Yoast's Marieke van de Rakt & Michiel Heijmans at WordCamp US Nov 14, 2019

At WordCamp US in Saint Louis, Mark sat down with Yoast CEO Marieke van de Rakt and COO Michiel Heijmans in the Wordfence booth to talk about not only how Yoast began, but also how they've grown to over 9 million active installations and the challenges of managing such a large user base. Marieke and Michiel also talk about the big changes coming in 2020 for the Yoast plugin as well as training and educational efforts via Yoast Academy.

Episode 54: The Hacker Mindset at WordCamp US Nov 08, 2019

Kathy Zant gave a presentation about The Hacker Mindset at WordCamp US 2019 in St. Louis. Learning to think like a hacker in the security realm is a big part of keeping your assets safe, and there are additional benefits. Kathy illustrates how the hacker mindset is much more than protecting your site. Thinking like a hacker can also help you break through perceived limitations, overcome obstacles, and capitalize on opportunities to innovate.

Episode 53: The WordCamp US 2019 Preview from St. Louis Nov 01, 2019

Mark and Kathy connect in person on Halloween in St. Louis to talk about what's happening at WordCamp US. We review what's new at WCUS, some of the more interesting sessions, and all of the fun activities Wordfence is bringing to North America's largest WordCamp. Kathy and Mark also tear down the 4th wall to talk to award-winning Director Sean Korbitz, the creative force behind OPEN | The Community Code, the movie about the WordPress community that premieres Saturday, November 2.

Episode 52: Innovating for Customer Success with Andrea Zoellner Oct 18, 2019

Andrea Zoellner has been an active organizer of WordCamp Montreal and is the Chief Content Creator at hosting provider, SiteGround. Andrea focuses on supporting SiteGround customers in the North American and English-speaking market. With a background in journalism, Andrea found WordPress as the easiest way to get online and integrate with different services. She talked with us at WordCamp Sacramento about how she got involved with WordPress and the community and how her position at SiteGround puts her in a unique position to innovate through new tools and services for WordPress customers at SiteGround.

Episode 51: WeWork's Financial Woes Spark Meetup RSVP Fees and the WordPress 5.2.4 Security Release Oct 16, 2019

This week, we cover WeWork's failed IPO and financial woes and how this likely led to Meetup's introduction of an RSVP fee. We discuss why this decision doesn't bode well for WeWork's future. We also look at the WordPress 5.2.4 security release and what fixes are included. We discuss the planned release of PHP 7.4 on November 28 and how WordPress core is preparing for this update. We also get a little excited about our plans for WordCamp US November 1-2 and our party to celebrate the worldwide premiere of the open source film about the WordPress community: Open, The Community Code.

Episode 50: Empowering WordPress Users Through Education with Jennifer Bourn Oct 10, 2019

Jennifer Bourn has been a leader in the WordPress community for years, helping WordPress users of all experience levels get the most out of the platform. She has also created beautiful websites for recognizable brands through her design company, Bourn Creative. At WordCamp Sacramento, we talked about how the WordPress community has opened new experiences for her entire family, her new ventures in training including Content Camp and the Profitable Project Plan, the Bourn family goal of visiting all national parks as well as the future of WordPress.

Episode 49: Building Business Through Community with Lindsey Miller Oct 03, 2019

At WordCamp Minneapolis, our Lead Customer Service Engineer Tim Cantrell chats with Lindsey Miller about her work as Partner Marketing Manager at LiquidWeb. Tim and Lindsey also talk about the challenges of being a remote worker, and how the connections in the WordPress community can help individuals make connections that grow a business. Lindsey also turns the tables and interviews Tim, asking how he got involved in WordPress and came to be the lead customer service engineer at Wordfence.

Episode 48: Salesforce Ventures invests $300 Million in Automattic Oct 01, 2019

Salesforce Ventures invested $300 million into Automattic at a $3 billion valuation. We discuss what this might mean for Automattic, the WordPress community, and the WordPress ecosystem by analyzing the roots of Salesforce and the opportunities it brings to WordPress. We also talk about features and fixes coming in November to WordPress 5.3 especially within the block editor and site health check. We also look at the DoorDash breach affecting nearly 5 million users.

Episode 47: Staying Secure through Community Cooperation with GiveWP's Matt Cromwell Sep 26, 2019

At WordCamp Sacramento, Matt Cromwell from GiveWP talked to us about how Give began, their mission of democratizing generosity, and how they handled the vulnerability disclosure from the Wordfence team. When our security researchers reached out to provide a proof of concept, the Give and Wordfence teams worked together to ensure that the vulnerability was patched in the safest way possible. Matt also tells us how he got involved with WordPress and how he gives back to the community through the Advanced WordPress Facebook group with over 30,000 members.

Episode 46: Zero Day Vulnerability in Rich Reviews Plugin Exploited In The Wild Sep 25, 2019

We chat with Mikey Veenstra to talk about the Wordfence Threat Intelligence team's work tracking a series of active attacks on an unpatched vulnerability in the Rich Reviews plugin for WordPress. With an estimated 16,000 installations, attackers are targeting unauthenticated plugin option updates, which can be used to deliver stored cross-site scripting (XSS) payloads. Mikey explains how this works and what users of Rich Reviews can do to protect themselves. Podcast recorded September 24, 2019.

Episode 45: Securing and Scaling eCommerce with Zach Stepek Sep 20, 2019

This week, our lead customer service engineer Tim Cantrell interviews Zach Stepek, CEO of MindSize, a digital agency focused on helping customers scale and succeed with eCommerce. Zach talks about how he got started with WordPress and WooCommerce, new features in JetPack that add functionality to WooCommerce, and how critical security is to site owners no matter what platform they use to sell goods and services online.

Episode 44: Unpacking the WordPress 5.2.3 Security Release Sep 10, 2019

WordPress core version 5.2.3 was released on September 4. This was a security release patching eight key vulnerabilities in WordPress core, most of which were cross site scripting vulnerabilities. In this episode of Think Like a Hacker, we walk through each of the patched elements of WordPress core and how these vulnerabilities could have been exploited. We also look at the SIM port attack on Jack Dorsey's Twitter account, and the lessons for all of us in using our cellphones and mobile devices for securing our online accounts.

Episode 43: Wordfence Research on Malvertising Campaign Makes the News Sep 05, 2019

This week, we chat about the plan for WordPress 5.3 and some of the new features we will see added to WordPress in November, including many improvements to the editor. We will also see a switch from robots.txt files to meta tags for better control over search engine indexing. We also cover the latest developments with our threat intelligence team's research into an ongoing malvertising campaign targeting WordPress plugin vulnerabilities. This story received quite a bit of news coverage, and that coverage caused closed-source content management platform Wix to Tweet a cheeky dig at WordPress that fell flat.

Episode 42: Building WordPress Websites that Convert with Bill Rice Aug 29, 2019

Bill Rice is the CEO of Kaleidico, a digital agency in Michigan. We chatted at WordCamp Minneapolis about WordPress and the community, and his work creating websites that convert. Bill spoke at WordCamp Minneapolis about trends in WordPress website design that allow businesses to deeply engage with site visitors. Mobile browsing has changed the way users interact with the web on all devices, including desktop. In this episode, Bill tells us how this shift creates new opportunities to design compelling digital experiences.

Episode 41: KidsCamp and the Next Generation of WordPress Users with Sandy Edwards Aug 22, 2019

As of WordCamp Boston 2019, Sandy Edwards has organized 26 KidsCamps across the US. We talk about what kids do at a WordPress KidsCamp, the success these kids have had publishing with WordPress, and how Sandy teaches basic internet safety and security to the next generation of WordPress users. Sandy is an organizer at WordCamp Orlando as well as a homeschooling mom, and runs a digital agency helping small businesses benefit from data-driven marketing.

Episode 40: WordPress Considers Ditching Signed Core Updates Aug 20, 2019

A recent discussion among WordPress core developers about removing support for code signing in core caught our attention. Code signing support was included with the WordPress 5.2 release. The discussion centers around removing code signing and implementing SSL verification and hashes to verify code integrity. In this week's episode we chat about the history behind the vulnerability found by Wordfence's Matt Barry, which is what motivated the addition of code signing to WordPress core. We review several high profile supply chain attacks and discuss how SSL and hashes would not protect against a sophisticated attack on WordPress core servers.

Episode 39: Headless eCommerce, Scaling for eCommerce Growth with Topher DeRosia Aug 16, 2019

Topher DeRosia is the developer evangelist for BigCommerce and a frequent WordCamp speaker. He's worked with WordPress for a long time and is the man behind HeroPress, telling the stories of people whose lives have been transformed by WordPress. HeroPress is now syndicated on WordPress.org/news, bringing these inspirational stories to an even wider audience. At WordCamp Boston, Topher and Kathy talked about everything WordPress, from security to eCommerce, HeroPress, headless WordPress, headless eCommerce as well as how these new methods of distributing content and commerce will change publishing.

Episode 38: Automattic Buys Tumblr from Verizon Aug 13, 2019

The Wall Street Journal reported on Monday, August 12, 2019 that Verizon is selling social media and blogging platform Tumblr to Automattic for an undisclosed sum, though rumors state that it may be as low as $3 million dollars. After the announcement, Automattic CEO Matt Mullenweg discussed the news on PostStatus, stating that they plan to migrate infrastructure off of Verizon, move Tumblr's backend to WordPress, and support the same APIs on both WP.com and Tumblr. Mullenweg noted on PostStatus that this acquisition is "by far the largest investment or acquisition Automattic has ever made." In this episode, we discuss the implications for Tumblr, WordPress, and Automattic.

Episode 37: Vito Peleg Talks Breaking the Agency Glass Ceiling and Building a Product with Your Customers Aug 08, 2019

In this episode, Mark chats with Vito Peleg, the founder of WP Feedback, a plugin that helps WordPress-focused agencies streamline approval and support for their customers. Vito talks about the glass ceiling in agencies where managing people and projects begins to inhibit growth and profitability.He also shares some interesting thoughts on where pain points lie and how to move past them, as well as how to effectively leverage your own customers to inform product design.

Episode 36: Proposals to Improve WordPress Include WP Notify and Security Backporting Changes Aug 07, 2019

This week, we talk about our corporate trip to DEF CON, the WordPress security team's proposal to backport security fixes to fewer releases, a new feature proposal called WP Notify that has a number of very positive implications for WordPress users, Cloudflare's decision to terminate service for 8Chan, and a European court's ruling that companies using the Facebook "like" button are liable for data collection.

Here are timestamps in case you would like to jump around: 1:18 The Defiant trip to DEF CON 3:05 WordPress Security team proposes backporting fixes to fewer releases 6:58 Feature Proposal: WP Notify 11:52 Cloudflare terminates service for 8Chan 16:05 Sites using Facebook "like" button liable for data

Episode 35: Security Researcher Jem Turner Talks About Pipdig Scandal Aug 02, 2019

Jem Turner was one of the security researchers that found malicious code in Pipdig's P3 plugin. Both Jem and Wordfence's Mikey Veenstra found the P3 plugin to contain a number of suspicious or malicious features, including a remote "killswitch," an obfuscated function used to change users' passwords, and code which generated hourly requests to DDoS a competitor's site. At WordCamp Europe, Mark sat down with Jem and asked about her process of finding this malicious code and the diligence in her research. Jem also talks about the unexpected reaction from the Pipdig developer and their many users, and how the community of bloggers banded together to help others who found themselves unable to migrate to safer themes themselves.

Episode 34: Capital One Data Breach Impacts over 100M Customers and Other News Jul 31, 2019

This week we talk about the Capital One breach affecting over 100 million customers and some important takeaway lessons from that case. We also look at news with the the Equifax settlement, a spearphishing campaign targeting ProtonMail users, the conclusion to Marcus Hutchins' legal woes, and Facebook's $5 billion fine and new regulation from the FTC, amongst other stories.

Here are timestamps in case you would like to jump around: 1:20 WordCamp Asia & WordCamp US 3:36 Capital One Breach 14:19 Equifax settlement news 18:00 ProtonMail spearphishing 21:08 Marcus Hutchins case 25:01 Facebook fined by FTC 31:27 Ransomware affecting Georgia police car laptops 33:08 Los Angeles police data breach 36:48 Comodo exposed credentials 39:34 Siri recording sensitive moments 44:04 Anonymizing data doesn't protect privacy

Episode 33: Joomla Security Lead David Jardin Discusses Securing Over 2.5 Million Joomla Sites Jul 26, 2019

David Jardin is the Security Strike Team Lead for Joomla, an open-source content management system powering more than 2.5 million websites. At WordCamp Europe, Mark and David sat down and talked about the workflow for Joomla security reports and why a proper proof of concept makes fixing vulnerabilities easier for security teams. They also discussed the improvements in cryptographic code signing expected in Joomla 4, its next major release.

Episode 32: WordPress Vulnerabilities Targeted, iOS Security Update & the Equifax Settlement Jul 23, 2019

This week, we cover WordPress vulnerabilities targeted by a malvertising campaign and an important iOS security update. We also look at Equifax's $700 million settlement and a recent uptick of new breaches added to Have I Been Pwned. Along with other news and a summary of WordCamp Boston, we talk about the film project we've worked on since late last year. Open | The Community Code will premiere November 2019. We talk about how and why we created this film about the open-source WordPress community.

Episode 31: Securing Sensitive Data in the Cloud with Chris Teitzel Jul 19, 2019

At WordCamp Europe, Mark chats with Chris Teitzel, CEO and founder of Lockr. Lockr is a key management system for websites using CMSs like WordPress and Drupal. Chris talks about the challenges of securing sensitive information and how Lockr makes secure key management affordable. Chris speaks on security topics at WordCamps and DrupalCons around the world.

You can find Chris on Twitter @technerdteitzel and learn more about his company at www.lockr.io.

Episode 30: WordPress Ad Inserter Plugin Vulnerability and Other News Jul 17, 2019

This week we review a critical vulnerability in the Ad Inserter plugin, currently installed on over 200,000 WordPress sites. The vulnerability, discovered by our Director of Threat Intelligence Sean Murphy, was patched quickly by the developer. We also cover Google's decision to remove Chrome's built-in XSS protection, a researcher's discovery of vulnerability in Instagram's 2FA, updates to the Gutenberg editor and hackers that created an Android app that can kill to prove a point amongst other stories.

Episode 29: iThemes Security Creator Chris Wiegman on Flying, Plugins & Developer Tools Jul 12, 2019

At WordCamp Atlanta, Mark sat down with Chris Wiegman, the creator of Better WP Security. Now known as iThemes Security, it is installed on over 900,000 WordPress sites. Chris talks about his experiences as a flight captain flying over the Hawaiian islands and what happened when an earthquake occurred shortly after takeoff. He also talks about why he created Better WP Security, the process of selling the plugin to iThemes and the tools he's created in his new role at WP Engine. He describes his move from iThemes to WP Engine as "the move I didn't know I needed to make."

Episode 28: Zoom Zero-Day Vulnerability, WP Engine Buys Flywheel, and Other News Jul 09, 2019

A security researcher found vulnerabilities in the Mac client for Zoom, a popular video conferencing application. After 90 days and two weeks, the vulnerability still exists. Mitigating the vulnerability entails typing the following commands in terminal, replacing [pid] with the process ID:

$> lsof -i :19421 $> kill -9 [pid] $> rm -rf ~/.zoomus $> touch ~/.zoomus

Wordfence Threat Analyst Mikey Veenstra also verified that the Linux client for Zoom also will turn video on automatically, but was not susceptible to reinstall if the client had been removed.

We also cover the WP Engine acquisition of Flywheel, cPanel's new pricing structure and what it means for hosting providers, removal of caps on .org domain names, critical security vulnerabilities in Magento, WP Statistics XSS vulnerability, a hacked ad server pushing out SEON ransomware, British Airways landmark GDPR fine, breaches and leaks of the week, amongst many other stories.

Here are approximate timestamps in case you want to jump around:

1:30 Zoom Zero Day Vulnerability 10:12 WP Engine Acquires Flywheel 19:45 cPanel pricing structure changes 23:02 .org pricing caps removed 28:30 Magento vulnerabilities 32:15 XSS Vulnerabilities in WP Statistics 35:30 Ad server hacked, serving ransomware 38:00 YouTube 40:18 British Airways GDPR Fine 42:00 Breaches of the week: MongoDB leak and leaky S3 buckets 44:50 Ruby Gem "strong_password" supply chain attack

Episode 27: Liquid Web COO Carrie Wheeler talks Leadership & Transitioning from Tech Jul 05, 2019

Liquid Web COO Carrie Wheeler chatted with Mark at WordCamp Atlanta about her path from developer to leadership in the tech field. She talks about the three things all people look for in their jobs and how to provide context so they feel connected to an organization's mission. She also talks about the competitive hosting space and how Liquid Web positions themselves for success. You can connect with Carrie on LinkedIn or at liquidweb.com.

Our TOPPODCAST Picks

Follow Us

Stay Connected

Think Like a Hacker with Wordfence

Related Podcasts

Links

Stay Connected