Cybersecurity Starts in the Boardroom
The death of Her Majesty Queen Elizabeth II and the associated ceremonies and period of national mourning will be no exception: Potential phishing activity update – NCSC.GOV.UK The National Cyber Security Centre has issued a warning that the potential for malicious phishing, social engineering and scam cyber-attacks is very high …
Earlier today I wrote about the FishPig/Magento supply chain attack, now I have come across another WordPress cyber security problem. A popular WordPress plugin is being actively exploited. PSA: Zero-Day Vulnerability in WPGateway Actively Exploited in the Wild (wordfence.com) The Wordfence Threat Intelligence team have warned that WordPress sites running …
Continue reading “Two WordPress vulnerability posts in a day – WPGateway zero-day vulnerability”
This is a classic supply chain attack. UK based FishPig, seller of Magento WordPress integrations, ecommerce software has discovered that its distribution server had been compromised, which allowed threat actors backdoor access to the customer’s systems. The ecommerce software is believed to be used by more than 200,000 websites. Breach …
CISA has issued security advisories for a range of vendors: Adobe Releases Security Updates for Multiple Products | CISA Apple Releases Security Updates for Multiple Products | CISA Microsoft Releases September 2022 Security Updates | CISA The US Cybersecurity and Infrastructure Security Agency also issues advisories on Industrial Control Systems …
Continue reading “CISA security advisories for Adobe, Microsoft and Apple”
Intermittent encryption is a recently detected method of obscuring malware from anti-virus software and other detection methods. It is not encryption of whole files, byte encryption of bytes within the malware. Research by SentinelOne has shown this evasion technique is being deployed by ransomware gangs in the wild: Crimeware Trends …
