Cybersecurity Starts in the Boardroom
I have not written about WordPress recently, but it is one of the most – if not the most – popular website package on the web so any issues with it or its plug-ins is news. Both professional web designers and less professional web designers use it. One of the …
This one to be specific: WooCommerce admins targeted by fake security patches that hijack sites It is a phishing campaign, attacking the popular WordPress plugin WooCommerce, exploiting admins and their credentials with malicious security patches the admins think they must have – again a classic bit of threat actor social …
Continue reading “I was going to write about a WooCommerce attack…”
As part of an ongoing IT and Cyber Security Audit, I had several meetings this week to advise a client on how to migrate their current bespoke website to WordPress. These meetings included how to find a good WordPress developer and the standard of cyber security they should demand for …
Automattic likes to tell us that it’s product WordPress is the world’s most popular website platform so it is dissapoibnting that a vulnerability has existed in it’s own popular plugin Jetpack since 2016. Jetpack fixes critical information disclosure flaw existing since 2016 (bleepingcomputer.com) How popular is Jetpack? As it offers …
Hackers known as “Stargazer Goblin” running a network called Stargazers Ghost Network have been distributing malware, in particular info-stealing malware via over 3,000 fake accounts on GitHub. Over 3,000 GitHub accounts used by malware distribution service (bleepingcomputer.com) Using these accounts, compromised WordPress websites and relying on GitHub’s reputation as trusted …
Continue reading “Putting the effort in – 3000 fake accounts”
