As part of an ongoing IT and Cyber Security Audit, I had several meetings this week to advise a client on how to migrate their current bespoke website to WordPress. These meetings included how to find a good WordPress developer and the standard of cyber security they should demand for …
If you use WordPress then read on…
Automattic likes to tell us that it’s product WordPress is the world’s most popular website platform so it is dissapoibnting that a vulnerability has existed in it’s own popular plugin Jetpack since 2016. Jetpack fixes critical information disclosure flaw existing since 2016 (bleepingcomputer.com) How popular is Jetpack? As it offers …
A Real-World Example – BYOD A Primer (pt.3)
I did promise you that today I would make a start on what a BYOD (Bring-Your-Own-Device) policy would look like. However, regular readers will know I can get distracted easily… The distraction this time came from one of our members of staff who reminded me that we developed a BYOD …
Continue reading “A Real-World Example – BYOD A Primer (pt.3)”
Putting the effort in – 3000 fake accounts
Hackers known as “Stargazer Goblin” running a network called Stargazers Ghost Network have been distributing malware, in particular info-stealing malware via over 3,000 fake accounts on GitHub. Over 3,000 GitHub accounts used by malware distribution service (bleepingcomputer.com) Using these accounts, compromised WordPress websites and relying on GitHub’s reputation as trusted …
Continue reading “Putting the effort in – 3000 fake accounts”
Supply Chain Attacks
I am always alerting you to the cyber security issues that WordPress and WordPress plugin report – many of you use WordPress and need to be alert to these breaches in your cyber security. Or at least someone in your organisation or supply chain – if you use a thrid-party …
