This alert may not be shared outside your organization, Do Not Repost or send, place on other websites, List servers, or send to others via email, including other associations or parties.  Members and Law enforcement use only. Contact us for any permissions.  To do otherwise will result in the loss of membership.

Complete Story
 

09/29/2019

WordPress sites hacked through defunct Rich Reviews plugin

The State of Security

An estimated 16,000 websites are believed to be running a vulnerable and no-longer-maintained WordPress plugin that can be exploited to display pop-up ads and redirect visitors to webpages containing porn, scams, and–worst of all–malware designed to infect users’ computers.

Researchers at WordFence went public about how hackers are exploiting a zero-day vulnerability in a third-party WordPress plugin called Rich Reviews to inject malvertising code into vulnerable WordPress sites.

The threat is not theoretical.

Website owners have posted publicly about how they have been hit by scripting malware, and they are pointing the finger of blame at the Rich Reviews plugin.

Normally the advice would be for website administrators to update the plugin, thereby patching the security hole and preventing hackers from being able to compromise their websites. But in this instance, there is no update, and there may never be… because the developers of Rich Reviews stopped maintaining their software long ago.

Read more...

Printer-Friendly Version


Resources

Alerts

The FRPA alert system distinguishes us from other groups by gathering and providing information to law enforcement, retailers AND financial institutions.

more information
Resources

Resources

Your electronic library to help in fighting financial fraud for all of our partners.

more information