Daily Archives: May 7, 2015

Internet, Internet crime, Malware, Security, Spam and scams, WordPress and other CMS

Recent surge in spam likely due to Mumblehard botnet

Leave a comment

If you noticed more spam than usual in your inbox in recent months, you’re not alone. You may also have noticed that using your email client to block the sender is typically ineffective. That’s because the spam is coming from thousands of different domains, each corresponding to a different compromised web server.

This is the work of the Mumblehard botnet, which was observed sending mass spam starting about seven months ago by ESet researchers. The Mumblehard code has existed on the web for at least five years, but seems to have started its spamming activities on a large scale only in the last year or so.

Computers infected with Mumblehard are typically Linux web servers. It remains unclear exactly how servers become infected, but researchers suspect that unpatched WordPress and Joomla vulnerabilities provide the key.

Internet, Patches and updates, Security, WordPress and other CMS

WordPress 4.2.2 and critical theme updates

Leave a comment

A new version of WordPress addresses several critical security issues. Version 4.2.2 also fixes some non-security issues that were introduced in WordPress 4.2.

The vulnerabilities fixed in WordPress 4.2.2 are being actively exploited on the web, so anyone who operates a WordPress site should immediately check whether the new version has been auto-installed, and if not, install it.

Another vulnerability was recently discovered in the Twenty Fifteen theme that comes packaged with newer versions of WordPress. An updated version of the theme that addresses the issue is now available.