Tips & Tricks

opular WordPress plugin opens backdoor, steals user credentials

"If you are one of the 10,000+ users of the Custom Content Type Manager
(CCTM) WordPress plugin, consider your site to be compromised and
proceed to clean your installation up, Sucuri Security researchers have
warned.

After finding “a very suspicious auto-update.php file inside
wp-content/plugins/custom-content-type-manager/ during the cleanup on an
infected WP site, the researchers have begun digging, and discovered that:

The file in question is a backdoor that can download additional files
from a third-party domain, and save them in the plugin directory

The CCTM plugin has been available for download from the official WP
Plugin Directory for around three years, but hasn’t been updated in the
last 10 months. But, some two weeks ago, a new developer (“wooranker”)
started adding “small tweeks by new owner” and “bug fixes”:"

Monitoring National Internet Traffic

National internet traffic monitoring report featuring weekly traffic reports, monthly traffic reports and annual traffic reports.

System Security & Vulnerability Threat Warning

A collection of articles about the early warnings of security threats and system vulnerabilities.

Security News

Newsgroups of Cyber Security or IT.