WordPress is one of the most – if not the most – popular website package on the web. Both professional web designers and less professional web designers use it. One of the reasons it is so popular is that with a little work, anyone can alter the code or download …
Attaching “Premium” to a product does not guarantee it’s cyber security…
The premium WordPress plugin LayerSlider, which is used in over one million sites, has been shown to be vulnerable to one of the most basic of cyber security hacks – unauthenticated SQL injection. There were tutorials at Napier University showing us how to carry out these types of hacks, it …
Continue reading “Attaching “Premium” to a product does not guarantee it’s cyber security…”
WordPress again…
I wrote about the potential victim base that any WordPress cyber security issue exposes last week: WordPress is always a target Have a read of that article if you do not understand why WordPress, WordPress plugins and user authorisation, need careful management in any cyber security plan. To reinforce the …
The Reboot
Regular readers will know the importance I attach to software and firmware patches as part of any cyber security plan. In fact, with most projects, managed and monitored updates one of the first things we implement across an organisation as it gives an immediate win for improved cyber security. Restarting …
WordPress is always a target
WordPress is one of the most – if not the most – popular website package on the web. Both professional web designers and less professional web designers use it. One of the reasons it is so popular is that with a little work, anyone can alter the code or download …
The Threat Actors will abuse any service for their own ends
Researchers are warning that threat actors are abusing the Google Cloud Run – an application and website development and management service – to distribute banking trojans on an industrial scale: Hackers abuse Google Cloud Run in massive banking trojan campaign (bleepingcomputer.com) Your takeaway Any applications or software you have written …
Continue reading “The Threat Actors will abuse any service for their own ends”
Infected Python Packages
It is a while since I have written about the threat actors getting inside software repositories and infecting widely used software packages with malware. Subsequently these packages are then innocently used by web and software developers, infecting their work which is then passed onto the end client, potentially you. The …