Top WordPress exploits, watch for cryptomining malware, update your browsers and patch Apple devices.
Welcome to Cyber Security Today. It’s Friday January 29th. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com. To hear the podcast click on the arrow below:
WordPress is one of the most popular content management systems in the world. It’s the system behind blogs by individuals, large news organizations and some e-commerce stores. That makes it a target for cybercrooks. This week Wordfence, a provider of security protection for WordPress, issued a report on the most popular ways WordPress was hacked last year. Top of the list was login attacks that using lists of stolen passwords, dictionary attacks and brute force guessing attacks. The best way organizations using WordPress can protect themselves is by enabling the multi-factor authentication capability and encouraging customers to take advantage of it. Attackers also took advantage of WordPress installations that didn’t have the latest security patches. And a third big category was the exploitation of plugins. Plugins and themes are third-party additions to WordPress that add capabilities. I’ve warned before that plugins that have been unknowingly corrupted are used by hackers. These include pirated copies of plugins. So to stop bad plugins from exploiting WordPress make sure anyone who administers a WordPress site only allows plugins from a reputable source.
Crooks love infecting the servers and PCs of organizations and using their combined calculating power to mine for cryptocurrency. A gang dubbed Rocke Group has been targeting cloud-based operations since 2019. IT departments have been watching for signs of its malware ever since, which has crimped the group’s efforts. But a new report from Palo Alto Networks says the group has updated its malware to keep from being detected. One obvious way IT managers know their systems have been hit is if servers slow dramatically. It’s important that cloud providers ensure their systems are protected from attacks like this.
A threat actor believed to be from a Middle East country has found a new way into the servers of organizations. A report from security vendor called ClearSky says the new malware, which gives attackers remote access to the IT network, has been seen on some 250 web servers running Oracle’s 10g database and Atlassian’s Jira software development planning tool. Victims firms were found in the United States, the United Kingdom, Egypt, Jordan, Lebanon, Israel, and the Palestinian Authority. Many are in the telecommunications, internet hosting and information technology sectors. IT departments are urged to make sure their applications and web servers have the latest security updates.
Last fall a security researcher discovered a sneaky way an attacker could get past firewall and what are called network address translation defences. It’s complicated. What’s important is that browsers like Chrome, Edge and Firefox were partially patched at the time to block this attack. However, a new version of the attack has been found. So recently browsers got another patch to close this new vulnerability. Make sure you’re running the latest versions of your browsers.
Finally, Apple iPhone, iPad and Apple TV users should make sure they’re running the latest versions of the operating systems on these devices. Security patches released this week fix three major vulnerabilities that could allow an attacker to compromise your devices. Go into the settings and check for updates.
That’s it for now. But after 3 o’clock Eastern this afternoon you can download the Week In Review podcast, when I’ll discuss the big news of the week, the crippling by police of the Emotet and Netwalker ransomware operations.
Links to details about stories can be found in the text version of this podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at cybersecurity professionals.
Subscribe to Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.