Tag: Cybersecurity

Posted on

Backdoor in Captcha Discovered

Nothing to see here, folks …

“Backdoor in Captcha Plugin Affects 300K WordPress Sites”

“The WordPress repository recently removed the plugin Captcha over what initially appeared to be a trademark issue with the current author using “WordPress” [Editors note: the original page has been removed, we’re now linking to a screen shot.] in their brand name.

Whenever the WordPress repository removes a plugin with a large user base, we check to see if it was possibly due to something security-related. Wordfence alerts users when any plugin they are running is removed from WordPress repo as well. At the time of its removal, Captcha had over 300,000 active installs, so its removal significantly impacts many users.”

Incredible analysis in the below link. Nicely done by WordFence.

Full article or Blog here

Posted on

Equifax Breach or Hack

This is the only link [the first one, below] or site that matters when it comes to the Equifax hack. There are many phishing websites disguising themselves, and reports are coming in that hoax or fake emails are popping into Inboxes. Use caution. ONLY go through Equifax, seeming as though they are the ones who caused the mess. As they likely already have your identity, and then lost it via a hack, you may as well follow the steps off the link below to get yourself courtesy identity theft protection for a few years [that is their penance].

I would even emphasize that you should not take my [or anyone’s] word for it, and double check on Equifax’s website yourself.

https://www.equifaxsecurity2017.com

Cross reference with the FTC:

https://www.consumer.ftc.gov/blog/2017/09/equifax-data-breach-what-do

Posted on

This is a wonderful overview of the “Darknet” and the Thor browser.

Darknet 101: Your guide to the badlands of the internet

“Hacked login details. Cybersecurity exploits for hire. Drugs, guns and ammo. If there’s something shady going on online, chances are it’s happening on the darknet.”

Read it Here

Posted on

New Thinking On Password Changes

I really like this way of thinking outside the box! Some of the old, and current, concepts on password complexity, length, history etc. are being revised. There is some new thinking on the matter, based mainly on trends and analytics Microsoft has done via millions of hack attempts on Azure based resources.

New Microsoft recommendations:

  • “Maintain an 8-character minimum length requirement (and longer is not necessarily better).
  • Eliminate character-composition requirements.
  • Eliminate mandatory periodic password resets for user accounts.
  • Ban common passwords, to keep the most vulnerable passwords out of your system.
  • Educate your users not to re-use their password for non-work-related purposes.
  • Enforce registration for multi-factor authentication.
  • Enable risk based multi-factor authentication challenges.”

Read it here 

Posted on

Thousands of Hacked Home Routers are Attacking WordPress Sites

Thousands of Hacked Home Routers are Attacking WordPress Sites

Fascinating blog from WordFence, one of the best WordPress firewall out there. They uncovered attacks coming from various countries and regions. The target is home networks. There is a router vulnerability called “Misfortune Cookie” [really] that is being exploited. It appears many home routers are hacked with this vulnerability and they in turn launch attacks. The tricky part here is that the launched attacks are actually small per home router, so detection is difficult.

The really weird thing is that the IPS are coming from all over the place, but attacks from Algeria [!] are increasing dramatically.

Read the WordFence Blog here

Posted on

Ukraine In The House

There are hundreds and hundreds of these WordFence Firewall entries on Riguy.Com. I blocked some IPs here and there; that will work for a while. I wonder what these nice people from Ukraine would ever want with my most humble of web sites? Regardless, thanks WordFence [awesome security plugin]!

WFence1

 

WFence2 WFence1

 

Posted on

WordPress Security – WordFence

WordFence Security hard at work, on my humble website ;>

I love this Plugin [although I use the free version for my personal website, our work pays for it because it is worth every penny].

Wordfence2

 

Posted on

Critical Windows Security Flaw and Fix Released

Microsoft has released a major Critical Windows Security Flaw and fix. By critical, I mean they went outside of their normally rigid ‘patch Tuesday’ [twice a month] schedule and released this fix on-the-fly, so to speak.

From Mashable:
“The flaw is in the way the Windows Adobe Type Manager Library handles OpenType fonts. In practical terms, if someone running Windows visits a website that contains embedded OpenType fonts or a specially crafted document, an attacker could execute code on his or her computer.

“An attacker who successfully exploited this vulnerability could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights,” Microsoft wrote in a security bulletin.”

The Windows update tool in modern Windows OS can handle this.

Critical Windows Security Flaw + Fix Article