The Defiant team (Wordfence) have discovered a new malware that, interestingly, removes other malware.
This is done, apparently, to keep the host server alive to allow it to continue to spew spam and other malicious activities.
Learn more about Baba Yaga at the Wordfence blog: https://www.wordfence.com/blog/2018/06/babayaga-wordpress-malware/
Users of the Firefox web browsers are advised to discontinue use and switch to Google Chrome, Apple Safari or another non-Firefox based browser.
Wordfence reports: A zero day vulnerability emerged in the Tor browser bundle and the Firefox web browser. It exploits Windows systems with a high success rate and affects Firefox versions 41 to 50 and the current version of the Tor Browser Bundle which contains Firefox 45 ESR.
Here is the link to the announcement:
Emergency Bulletin: Firefox 0 day in the wild. What to do.
Wordfence has posted an important article revealing how WordPress’ automatic update system is vulnerable to compromise. It’s thick reading, but well worth understanding.
Automatic updates is by default “on” with all installations of WordPress.
Hacking 27% of the Web via WordPress Auto-Update
Wordfence has been studying this IP address that is located in St. Petersburg, Russia. They report that it is by far the source of the most attacks on WordPress powered web sites in the past week.
Here is their article about it. It includes some interesting data about the themes and plugins that have been attacked.
Every web site owner puts up a web site and hopes that people will visit it.
Some will employ Search Engine Optimization techniques to get visitors by carefully crafting the content and infrastructure of their site on their own. Others will hire a third-party company to help them with it. Is the effort worth the investment in time and money when the rules keep changing?
Quality content is the primary ingredient needed for web site success, according to Catalin Zorzini. Here is an article he has written that provides us with a good perspective on the state of SEO, search engines, web visitors and the tug-of-war that each deal with to gain eyeballs.