“Based on similar compromises, the attacker’s way in was likely through outdated or buggy WordPress plugins, Zach Varnell, senior applications security consultant at the security firm nVisium, tells Information Security Media Group. “This breach underscores the importance of basic patch maintenance, security hygiene and vulnerability management. Keep all software and libraries updated and current, prefer well-vetted plugins over bespoke hacks and have systems and plans in place to continuously detect threats and remediate new security issues effectively.”

Read entire article here