Fast Company an American magazine was hacked and abusive articles added to its news feeds, resulting in this material getting a wider audience through syndication on the Apple News app. The Apple News channel was quickly disabled and Fast Company took its site down pending a fix but the damage was done. Unsuspecting users received malicious content.
Fast Company used to send an obscene Apple News push notification – The Verge
Now the hacker who did it has released details on how they were able to compromise a big company’s security precautions and breach their WordPress site – spoilers, poor passwords, the apparent lack of password discipline and multi factor authentication (MFA) appear to be components of the attack:
Hacker shares how they allegedly breached Fast Company’s site (bleepingcomputer.com)
The hackers from the Breached hacking community not only impacted the reputation of Fast Company and Apple News, but in the obscene posts they made they named a cyber security researcher, Vinny Troia, damaging his reputation as well! The use of Vinny Troia’s name in the defacing attack is part of a long running feud between the hacking group and the researcher as it is not the first time they have added that name to their malicious content.
Is your WordPress website secure and do you use it in a secure manner?
Read this article on CyberAwake, our online cyber awareness training site, to start to understand how you should be using WordPress:
Are you using Bring Your Own Device – BYOD – to save money? – CyberAwake
The article is primarily about starting to realise the risk your organisation is taking when you allow your team to use their own devices to carry out your work, but it ends with a real-world example of how we dealt with a problem a client had with enforcing security in their WordPress site balanced with the operational needs for senior staff in the company to produce real-time content.
But WordPress security does not end there.
Can you answer this question?
Do you take responsibility for the security of your website, or do you leave it to the web designers?
Remember that website and content is your reputation!
Clive Catton MSc (Cyber Security) – by-line and other articles
My advice: Either you or your IT support need to check whether these issues impact your systems. You need to have a master document that details your systems, hardware, software, online, networks, back-ups, suppliers etc – so when cyber security (or operational) issues arise you and your support teams can quickly check if you are affected. From there you can take fast, effective action.