Security

Brute Protect – Recommended WordPress Plugin [update]

If you have a standalone WordPress installation, I recommend adding the Brute Protect plugin. Brute Protect is designed to reduce the chance of your WordPress site falling victim of a ‘Brute Force Attack‘. This is where a nefarious computer system (a malicious bot) continually tries to break into your WordPress account. More >

250,000 Twitter Accounts Hacked

twitter-48  iconTwitter has announced that 250,000 accounts have been hacked in attacks that they say appeared similar to recent attacks on the New York Times and the Wall Street Journal. If the attacks, exposing usernames, encrypted password data, email addresses and session tokens, aren’t bad enough, Twitter’s announcement opens the door for a series of follow-up phishing attacks.

Here’s what to watch out for. More >

Latest Security Alerts

Security updates from the US Computer Emergency Readiness Team

Google Releases Security Updates for Chrome
Friday September 22nd, 2017 US-CERT
Original release date: September 22, 2017 Google has released Chrome version 61.0.3163.100 for Windows, Mac, and Linux. This update addresses multiple vulnerabilities that an attacker may exploit to cause a denial-of-service condition.US-CERT encourages ...

Joomla! Releases Security Update
Thursday September 21st, 2017 US-CERT
Original release date: September 21, 2017 Joomla! has released version 3.8.0 of its Content Management System (CMS) software to address a vulnerability. A remote attacker could exploit this vulnerability to obtain access to sensitive information.US-CERT ...


A Note on security Updates

It’s easy to be overly concerned by the constant barrage of security alerts. The above list provides a brief and constantly updated summary of the latest threats from the US Computer Emergency Readiness Team. More >

Link

Over One-and-a-half-million account details revealed

Ghost Shell Icon The BBC reports that the ‘Ghost Shell’ hacking group have released user account data after it was obtained primarily from government agencies  in the US and Europe.

“The group gathered the data during a series of attacks on NASA, the FBI, the European Space Agency and many other government agencies and contractors.

Included in the dump were log-in names, passwords, email addresses and CVs, plus the contents of online databases.”

The full report can be read here: BBC- Hacktivists Ghost Shell dump 1.6m log-in details on web

Link

Email: “You receive the electronic reservation?” contains a malware attack

“Bogus hotel reservation emails have been spammed out widely, which claim to come from Booking.com but in reality carry malware designed to infect Windows computers.

Even if recipients haven’t booked a hotel room they might be tempted to open the dangerous attachments, in fear that their credit card has been charged.”

Read more on Sophos Naked Security

Tumblr has temporarily disabled posting due to ‘worm’ infection

Following the infection of many Tumblr sites with a worm today, Tumblr have temporarity suspended posting.

Update: Technical detail on how the worm spread are being revealed

You can read more about the attack on Sophos Naked Security

Hacked Go Daddy sites infecting users with ransomware – Sophos Naked Security Article

There is a report on Sophos’ Naked Security blog of criminals adding sub domains to genuine websites hosted by Go Daddy. The links lead to sites that install Ransomware.

What does this mean to you? As always, make sure your antivirus and malware protection is up to date, and exercise caution if a link is taking you to a sub domain. More >