Macs, PCs and Servers. Just about everything. The jury is still out on the likelihood of phones being vulnerable. Here’s what you can do right now. More
Here’s another great plugin that’ll help keep your WordPress site secure, and it blocks the majority of spam comments too. More
Update: Brute Protect is now built into Automattics Jetpack plugin.
If you have a standalone WordPress installation, I recommend adding the Brute Protect plugin. Brute Protect is designed to reduce the chance of your WordPress site falling victim of a ‘Brute Force Attack‘. This is where a nefarious computer system (a malicious bot) continually tries to break into your WordPress account. More
Twitter has announced that 250,000 accounts have been hacked in attacks that they say appeared similar to recent attacks on the New York Times and the Wall Street Journal. If the attacks, exposing usernames, encrypted password data, email addresses and session tokens, aren’t bad enough, Twitter’s announcement opens the door for a series of follow-up phishing attacks.
Here’s what to watch out for. More
It’s easy to be overly concerned by the constant barrage of security alerts. The above list provides a brief and constantly updated summary of the latest threats from the US Computer Emergency Readiness Team. More
Microsoft has released updates to correct vulnerabilities in Microsoft Windows, Office, Developers Tools, Server Software, and .NET Framework as part of the Microsoft Security Bulletin summary for January 2013. More
Microsoft has announced a vulnerability in Microsoft Internet Explorer 6, 7, 8, 9 and 10. More
Facebook have announced new ‘better’ privacy controls to be rolled out by the end of the year. It’s mostly good news, but for some people there is a sting. More
From BBC News:
“An alleged cybercrime ring said to be responsible for losses of $850m (£530m) looks to have been foiled by the FBI – by using Facebook.Facebook users were targeted over two years beginning in October 2010.”
Read the full post:
Police in Global Arrests over $850m botnet crime spree – BBC News
The BBC reports that the ‘Ghost Shell’ hacking group have released user account data after it was obtained primarily from government agencies in the US and Europe.
“The group gathered the data during a series of attacks on NASA, the FBI, the European Space Agency and many other government agencies and contractors.
Included in the dump were log-in names, passwords, email addresses and CVs, plus the contents of online databases.”
The full report can be read here: BBC- Hacktivists Ghost Shell dump 1.6m log-in details on web
“Bogus hotel reservation emails have been spammed out widely, which claim to come from Booking.com but in reality carry malware designed to infect Windows computers.
Even if recipients haven’t booked a hotel room they might be tempted to open the dangerous attachments, in fear that their credit card has been charged.”
Read more on Sophos Naked Security
“Spam has somehow invaded the calendar and I am at a loss as to how to remove it.” was the gist of an email I was copied on earlier today. It was quickly followed by another saying: “Gary – HELPPPPPPPPPPPPPP Please:)” More
Tumblr engineers have resolved the issue of the viral post attack that affected a few thousand Tumblr blogs. Thanks for your patience.
— Tumblr (@tumblr) December 3, 2012
We are aware that there is a viral post circulating on Tumblr. We are working to resolve the issue as swiftly as possible.Thank you.
— Tumblr (@tumblr) December 3, 2012
Following the infection of many Tumblr sites with a worm today, Tumblr have temporarity suspended posting.
Update: Technical detail on how the worm spread are being revealed
You can read more about the attack on Sophos Naked Security
There is a report on Sophos’ Naked Security blog of criminals adding sub domains to genuine websites hosted by Go Daddy. The links lead to sites that install Ransomware.
What does this mean to you? As always, make sure your antivirus and malware protection is up to date, and exercise caution if a link is taking you to a sub domain. More