A malicious WordPress plugin posing as a security tool has been found to have a hidden PHP backdoor code. The fake tool named “X-WP-SPAM-SHIELD-PRO” leveraged the popularity of a legitimate WordPress anti-spam tool plugin “WP-SpamShield Anti-Spam”. Once installed, the malicious plugin allowed an attacker to access the account through a...

The Senate Intelligence Committee has asked executives of Facebook, Google, and Twitter to testify in a probe on Russia’s alleged involvement in the 2016 US elections. Even though the House panel did not identify the companies who were asked to attend next month’s open hearing, representatives from Google and Facebook already...

Security researchers from ESET have identified an operation where a malware author/authors raised $63,000 in five months by taking over unpatched IIS 6.0 servers to mine the Monero cryptocurrency. It was revealed that the attacker exploited the CVE-2017-7269 vulnerability to hack the servers. Michal Poslusny of ESET said that very little...

CyberArk researchers have recently discovered a technique dubbed “Illusion Gap” which leverages social engineering and an SMB server to bypass Windows Defender. The researchers said that attack is not as complex to carry out, an attacker only needs to make a user run a malicious file hosted on an SMB server...

Last Wednesday, Uber maintained its stance in a British employment appeal tribunal, saying that its drivers are self-employed and are not entitled to benefits that a worker receives. Uber likened the drivers who use their app to self-employed private hire drivers who work under traditional minicab firms. Similar to Uber, British...