Connect with us

Published

on

WordPress plugin poses a great danger to credit card information. A security vulnerability detected in a plugin used on WordPress sites poses a great danger to site owners and users. Malicious codes use this vulnerability to steal credit card information.

WordPress plugin Dessky Snippets is a special feature for site administrators. PHP code additions It is known as an enabling tool. However, this plugin has become a target of cybercriminals due to its security vulnerability. Attackers who look for active installations, especially on websites with online stores, install their malware using this plugin.

WordPress Plugin Malicious Code That Steals Credit Card Information

Cybersecurity firm Sucuri was the first organization to detect this attack. Attackers inject their own code by manipulating the WooCommerce checkout process. This malicious code is saved in the dnsp_settings option in WordPress’s wp_options table and steals users’ credit card information by changing the payment form. Name, address, credit card number, expiration date and like CVV number Fake forms are added to collect information.

WordPress plugin credit card information

A remarkable feature of these fake forms is, autocomplete feature has been disabled. Users are forced to manually enter their information in these forms without receiving any warning, even if their browser’s autocomplete feature is turned on.

WordPress Plugin Credit Card: Recommendations for WordPress Users

WordPress attracts the attention of cybercriminals because it is one of the most popular website building platforms. Platform in general Although it is considered secure, attackers are turning to less secure plugins and themes. Therefore, WordPress users need to be wary of little-known plugins.

Security precautions

WordPress You can follow these steps to increase security on your site:

Update Plugins and Themes: Make sure all the plugins and themes you use are up to date.

Download from Reliable Sources: Do not download plugins and themes from unreliable sources.

Perform Regular Security Scans: Detect potential threats by performing regular security scans on your site.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Security

4 MOST COMMON CYBER ATTACKS

Nowadays, as digital transformation accelerates, institutions are faced with more and more cyber attacks every day. Threats such as ransomware and social engineering that businesses are frequently exposed to cause damage such as disclosure of sensitive data and unauthorized access to personal information of employees and customers.

Published

on

Nowadays, as digital transformation accelerates, institutions are faced with more and more cyber attacks every day. Threats such as ransomware and social engineering that businesses are frequently exposed to cause damage such as disclosure of sensitive data and unauthorized access to personal information of employees and customers.

Increasing cyber attacks in recent years have made institutions more vulnerable. proactive and encourages people to take preventive measures. Methods such as ransomware, identity attack and social engineering, which are most frequently used by attackers, pose various risks for organizations of all sizes.

Many risks, such as leaking personal information of employees and customers and disclosure of sensitive company data, damage the integrity of the business. For this reason, it is critical for organizations to invest in layered protection systems to survive in the threat environment. These systems increase resistance to cyber attacks by providing integrated protection in the digital environment.

At the same time, regular training of internal employees on cyber security culture helps them foresee a possible attack. The team’s coordinated cooperation and monitoring of the process increases the security standards of the institution.

cyber attack

What are the 4 most common cyber threats that organizations face?

  1. Ransomware: Data ransomware has become the most dangerous cybersecurity threat in recent years. It is known as one of the most feared cyber threats globally as it attacks everyone equally, regardless of industries or company size. Each sector’s unique data sensitivity, dependence on public trust or financial capacity attracts the attention of cyber attackers. Attacks on these points can stop an organization’s operations or damage its reputation by causing significant financial losses. This is often the last step in a more complex cyberattack process and means the organization is already compromised.
  1. Misconfigurations and unpatched systems: Companies that do not use adequate security configurations expose themselves to serious cyber risks. Unpatched systems serve as gateways to access confidential information, such as weak access controls, exposure of sensitive data, and outdated components. Tools on the deep web enable hackers to identify these vulnerabilities in an automated manner.
  1. ID filling: In identity attacks, cybercriminals gain unauthorized access to users’ digital accounts by exploiting their weaknesses, such as the use of simple passwords. Using automated bots, they test username and password pairs obtained from data breaches. If a user uses the same combination on multiple sites, the hacker can easily access their account.
  1. Social engineering: Cybercriminals use social engineering, a manipulation technique, to encourage users to take actions that compromise their security. Attackers gain access to victims’ sensitive information through deception and trickery. In these types of attacks, hackers research individuals and collect personal data and details about their online habits. With this information, personalized scenarios are created using fake emails, fraudulent websites or vishing to fool their targets.
Continue Reading

Security

New Statement About Microsoft Russian Hacker Attacks

Microsoft made some statements about Russian hacker attacks. Microsoft, which has been subjected to a major cyber attack in recent months, revealed new details about the incident in its statement this week. It turned out that the damage caused by the Russian hacker group was much greater than expected.

Published

on

Microsoft made some statements about Russian hacker attacks. Microsoft, which has been subjected to a major cyber attack in recent months, revealed new details about the incident in its statement this week. It turned out that the damage caused by the Russian hacker group was much greater than expected.

Microsoft initially stated that the effects of the attack were limited. However, recent revelations have shown that the truth is much more complex and damaging. Russia-based hacker group Storm-0558, 27 business partners in total captured e-mail data. This attack, which started with the seizure of the e-mail accounts of the US Department of Commerce, was actually part of a much larger operation.

Microsoft Russian Hacker Attacks: Storm-0558 and Previous Attacks

Storm-0558 is known as a group that has previously attacked US websites with the ‘.gov’ extension. This group caused great damage by targeting various government institutions. Now Microsoft’s They caused a significant security vulnerability by taking over e-mail accounts. Microsoft contacted the affected institutions after this attack and stated that the accounts are now safe.

Microsoft Russian hacker attacks

This attack occurred at the peak of the cyber war between Russia and the United States. While both sides blame each other, Russia denied these allegations. Microsoft’s underestimation of the extent of the attack and the subsequent emergence of the facts brought the reliability of the company into question. Microsoft, which initially claimed that personal data was not stolen, now admits that the data of 27 different companies was compromised.

Microsoft Russian Hacker Attacks: Impacts and Concerns of the Attack

It is still unclear how attackers obtained email data and for what purpose they will use this data. This raises serious concerns for companies affected by the attack. Microsoft after the attack has increased security measures and continues to work to ensure the security of affected accounts.

Microsoft’s This large-scale attack experienced by technology giants on cyber security It once again revealed their fragility. The precautions taken by the company and its future security strategies are critical to prevent similar incidents from occurring again.

Continue Reading

Security

Apps Will Be Locked with Face ID in iOS 18

The expected day for WWDC 2024 has arrived, but there is no problem for iOS 18 rumors. It looks like the rumors will continue until the last minute. Another feature of the new iOS version has emerged.

Published

on

The expected day for WWDC 2024 has arrived, but there is no problem for iOS 18 rumors. It looks like the rumors will continue until the last minute. Another feature of the new iOS version has emerged.

According to MacRumors, based on multiple sources iOS 18In , applications will be locked one by one with Face ID. This new security feature will be compatible with Mail, Messages, Phone, Photos, Safari browser, Settings and other built-in apps on iPhone. Thus, it will provide extra privacy and security. Face ID will be required to unlock and use the app. The security feature will also be compatible with the iPhone’s passcode and Touch ID. It is unclear whether this feature works with 3rd party applications.

Currently, the Notes app, recently deleted photos, and a secret album can be locked with Face ID, Touch ID, or passcode. However, with iOS 18, this will be taken one step further. For example, the Photos album will be completely locked, and even if the iPhone’s screen is unlocked, it will be necessary to use Face ID to enter any application.

ios 18

iOS 18, iPadOS 18, macOS 15, visionOS 2 and other new operating systems will be introduced at this year’s WWDC. The focus of the event will be artificial intelligence. WWDC will start today, June 10, at 20:00 CET. The event can be watched on apple.com/tr, Apple Developer application, Apple TV application and Apple YouTube channel.

The beta of the new iOS will be released for developers immediately after WWDC 2024. Open beta is expected to be released later. According to reports, many of the features related to artificial intelligence will not be in the beta version at first. It will be added in subsequent beta updates.

Continue Reading

Trending

Copyright © 2022 RAZORU NEWS.
Project by V