Mass exploit of WordPress plugin backdoors sites running Joomla, Magento, too

As many as 50,000 websites have been remotely commandeered by attackers exploiting a recently patched vulnerability in a popular plugin for the WordPress content management system, security researchers said Wednesday.

As Ars reported in early July, the vulnerability in MailPoet, a WordPress plugin with more than 1.7 million downloads, allows attackers to upload any file of their choice to vulnerable servers. In the three weeks since then, attackers have exploited the bug to install a backdoor on an estimated 30,000 to 50,000 websites, some that don't even run WordPress software or that don't have MailPoet enabled, according to Daniel Cid, CTO of security firm Sucuri.

"To be clear, the MailPoet vulnerability is the entry point," he wrote in a blog post. "It doesn't mean your website has to have it enabled or that you have it on the website; if it resides on the server, in a neighboring website, it can still affect your website." In an e-mail to Ars, he elaborated:

Read 2 remaining paragraphs | Comments

Clear Your Cookies? You Can’t Escape Canvas Fingerprinting

So tracking is getting even trickier, it seems canvas fingerprinting would work in any browser that supports HTML5 and is pretty hard to stop as a user, as it’s a basic feature (a website instructing your browser to draw an image using canvas). And it turns out, every single browser will draw the image slightly [...] The post Clear Your...

Read the full post at

WSJ website hacked, data offered for sale for 1 bitcoin

A screenshot posted by "w0rm" showing he had dumped the user table from a Wall Street Journal database.

Dow Jones & Co. took two servers that store the news graphics for The Wall Street Journal website offline yesterday evening after a confirmed intrusion by a hacker calling himself “w0rm.” The hacker was offering what he claimed was user information and server access credentials that would allow others to “modify articles, add new content, insert malicious content in any page, add new users, delete users, and so on,” Andrew Komarov, chief executive officer of cybersecurity firm IntelCrawl, told The Wall Street Journal.

W0rm, according to Komarov, is the same individual previously known as “Rev0lver” and “Hash,” a Russian hacker who tried to sell access to the BBC’s servers last December and attacked the Web servers of Vice Media earlier this year. At 5:30pm ET on July 21, he posted a screenshot to Twitter that showed the e-mail address, username, and hashed password for the database admin on a server. He offered to sell the full dump of the database table of authorized users for one bitcoin through an exploit marketplace at

According to The Journal, Dow Jones has taken the servers offline to isolate them and prevent further intrusions into their systems. A spokeperson for the company said, “At this point we see no evidence of any impact to Dow Jones Customers or customer data.”

Read 1 remaining paragraphs | Comments