Here’s another great plugin that’ll help keep your WordPress site secure, and it blocks the majority of spam comments too. More
If you have a standalone WordPress installation, I recommend adding the Brute Protect plugin. Brute Protect is designed to reduce the chance of your WordPress site falling victim of a ‘Brute Force Attack‘. This is where a nefarious computer system (a malicious bot) continually tries to break into your WordPress account. More
Twitter has announced that 250,000 accounts have been hacked in attacks that they say appeared similar to recent attacks on the New York Times and the Wall Street Journal. If the attacks, exposing usernames, encrypted password data, email addresses and session tokens, aren’t bad enough, Twitter’s announcement opens the door for a series of follow-up phishing attacks.
Here’s what to watch out for. More
Security updates from the US Computer Emergency Readiness Team
Friday November 17th, 2017 US-CERT
Thursday November 16th, 2017 US-CERT
A Note on security Updates
It’s easy to be overly concerned by the constant barrage of security alerts. The above list provides a brief and constantly updated summary of the latest threats from the US Computer Emergency Readiness Team. More
Microsoft has released updates to correct vulnerabilities in Microsoft Windows, Office, Developers Tools, Server Software, and .NET Framework as part of the Microsoft Security Bulletin summary for January 2013. More
Microsoft has announced a vulnerability in Microsoft Internet Explorer 6, 7, 8, 9 and 10. More
Facebook have announced new ‘better’ privacy controls to be rolled out by the end of the year. It’s mostly good news, but for some people there is a sting. More
Police in Global Arrests over $850m Facebook botnet crime spree
Facebook users were targeted over two years beginning in October 2010.”
Read the full post:
Police in Global Arrests over $850m botnet crime spree – BBC News
Over One-and-a-half-million account details revealed
“The group gathered the data during a series of attacks on NASA, the FBI, the European Space Agency and many other government agencies and contractors.
Included in the dump were log-in names, passwords, email addresses and CVs, plus the contents of online databases.”
The full report can be read here: BBC- Hacktivists Ghost Shell dump 1.6m log-in details on web
Email: “You receive the electronic reservation?” contains a malware attack
“Bogus hotel reservation emails have been spammed out widely, which claim to come from Booking.com but in reality carry malware designed to infect Windows computers.
Even if recipients haven’t booked a hotel room they might be tempted to open the dangerous attachments, in fear that their credit card has been charged.”
Read more on Sophos Naked Security
“Spam has somehow invaded the calendar and I am at a loss as to how to remove it.” was the gist of an email I was copied on earlier today. It was quickly followed by another saying: “Gary – HELPPPPPPPPPPPPPP Please:)” More
Tumblr engineers have resolved the issue of the viral post attack that affected a few thousand Tumblr blogs. Thanks for your patience.
— Tumblr (@tumblr) December 3, 2012
We are aware that there is a viral post circulating on Tumblr. We are working to resolve the issue as swiftly as possible.Thank you.
— Tumblr (@tumblr) December 3, 2012
You can read more about the attack on Sophos Naked Security
There is a report on Sophos’ Naked Security blog of criminals adding sub domains to genuine websites hosted by Go Daddy. The links lead to sites that install Ransomware.
What does this mean to you? As always, make sure your antivirus and malware protection is up to date, and exercise caution if a link is taking you to a sub domain. More
You’ll need to take the usual precautions. Don’t open a pdf, or any other file for that matter, that’s sent to you unless you trust the source and you are sure that the person sending it is who they claim to be. More