Security

Brute Protect – Recommended WordPress Plugin [update]

If you have a standalone WordPress installation, I recommend adding the Brute Protect plugin. Brute Protect is designed to reduce the chance of your WordPress site falling victim of a ‘Brute Force Attack‘. This is where a nefarious computer system (a malicious bot) continually tries to break into your WordPress account. More >

250,000 Twitter Accounts Hacked

twitter-48  iconTwitter has announced that 250,000 accounts have been hacked in attacks that they say appeared similar to recent attacks on the New York Times and the Wall Street Journal. If the attacks, exposing usernames, encrypted password data, email addresses and session tokens, aren’t bad enough, Twitter’s announcement opens the door for a series of follow-up phishing attacks.

Here’s what to watch out for. More >

Latest Security Alerts

Security updates from the US Computer Emergency Readiness Team

Google Releases Security Updates for Chrome
Wednesday July 26th, 2017 US-CERT
Original release date: July 26, 2017 Google has released Chrome version 60.0.3112.78 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that, if exploited, may allow an attacker to take control of an affected system.Users ...

Joomla! Releases Security Update
Tuesday July 25th, 2017 US-CERT
Original release date: July 25, 2017 Joomla! has released version 3.7.4 of its Content Management System (CMS) software to address several vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected ...


A Note on security Updates

It’s easy to be overly concerned by the constant barrage of security alerts. The above list provides a brief and constantly updated summary of the latest threats from the US Computer Emergency Readiness Team. More >

Link

Over One-and-a-half-million account details revealed

Ghost Shell Icon The BBC reports that the ‘Ghost Shell’ hacking group have released user account data after it was obtained primarily from government agencies  in the US and Europe.

“The group gathered the data during a series of attacks on NASA, the FBI, the European Space Agency and many other government agencies and contractors.

Included in the dump were log-in names, passwords, email addresses and CVs, plus the contents of online databases.”

The full report can be read here: BBC- Hacktivists Ghost Shell dump 1.6m log-in details on web

Link

Email: “You receive the electronic reservation?” contains a malware attack

“Bogus hotel reservation emails have been spammed out widely, which claim to come from Booking.com but in reality carry malware designed to infect Windows computers.

Even if recipients haven’t booked a hotel room they might be tempted to open the dangerous attachments, in fear that their credit card has been charged.”

Read more on Sophos Naked Security

Tumblr has temporarily disabled posting due to ‘worm’ infection

Following the infection of many Tumblr sites with a worm today, Tumblr have temporarity suspended posting.

Update: Technical detail on how the worm spread are being revealed

You can read more about the attack on Sophos Naked Security

Hacked Go Daddy sites infecting users with ransomware – Sophos Naked Security Article

There is a report on Sophos’ Naked Security blog of criminals adding sub domains to genuine websites hosted by Go Daddy. The links lead to sites that install Ransomware.

What does this mean to you? As always, make sure your antivirus and malware protection is up to date, and exercise caution if a link is taking you to a sub domain. More >