Important Vulnerability on Advanced Custom Fields Plugin for WordPress

At Imunify, we’re committed to empowering businesses with cutting-edge security solutions. Discover how Snel.com, renowned for being "Your Friendly Hosting Provider" from the Netherlands, revolutionized their server management services with Imunify360.

Imunify360 researchers have identified a growing number of malicious redirects on Joomla CMS.

In this post, discover how Imunify360 is leading the charge against a sophisticated cyber threat targeting Joomla CMS. This post delves into the rise of malicious redirects caused by a deceptive fake-plugin, capable of injecting harmful scripts into websites. Learn about the insidious mechanism of this threat, which targets unsuspecting visitors with phishing and malware, and how Imunify360's advanced security measures, including its proactive scanner and comprehensive defense system, offer robust protection against such evolving cyber dangers. Protect your Joomla site with Imunify360's integrated antivirus, firewall, and WAF, ensuring the safety and integrity of your online presence.

We are thrilled to share that Webuzo, a leading web hosting platform that simplifies the management of cloud or dedicated servers, has officially integrated ImunifyAV as its default antivirus software, recognizing the importance of top-notch security for its users.

Imunify360 researchers have recently found a wave of attacks exploiting a known vulnerability in Chamilo LMS (CVE-2023-34960) to escalate and execute arbitrary commands. Chamilo is an e-learning platform, also called Learning Management Systems (LMS), widely used by Universities and NGOs with a total of ~85k installations.

сPanel is one of the most popular control panels on the web with a broad community and a large number of extensions. But as always, popularity has its price: every month Imunify web security analysts detect tens of thousands of specialized automated attacks on cPanel users’ accounts. The vast majority of such attacks are simple Brute-Force, however, there is always a portion of more sophisticated attempts like SQLi and others.

Dear customers,

We've identified a concern with Yandex bot crawling that may impact your website's visibility. Our investigation shows that, besides legitimate Yandex bots, some traffic from these IP addresses may be malicious.

While we're collaborating with Yandex's support team for a solution, here are some interim measures:

In today's digital landscape, monetizing websites through ads has become a standard practice, but it comes with security trade-offs.

Cybercriminals, in their relentless pursuit of exploiting vulnerabilities, have recently focused their efforts on a critical flaw in the WooCommerce Payments WordPress plugin. This flaw, tagged as CVE-2023-28121, is a perfect example of how an unauthorized attacker can impersonate users and potentially gain complete control over websites. The sheer scale and potential for site takeovers underscore the importance of deploying comprehensive cybersecurity solutions, such as Imunify360, to detect and protect against such threats in real time.

As the world becomes increasingly digital, e-commerce platforms have become a prime target for cybercriminals seeking to exploit vulnerabilities and gain unauthorized access to sensitive information. Recently, a critical security flaw was uncovered in the popular WooCommerce Stripe Gateway WordPress plugin, putting hundreds of thousands of e-commerce websites at risk. In this blog post, we will delve into the vulnerability details and explore how utilizing the Imunify360 server security suite can help prevent such incidents.

Imunify360 has a robust set of mitigation that acts proactively against advanced attacks, and its layer works either on L7 (http request) against known vulnerabilities and also at runtime by our innovative Proactive defense module, and behind the scenes, there's a team of malware experts researching 24x7 and figuring out in-depth the malware behavior.