Cybersecurity Starts in the Boardroom
This one to be specific: WooCommerce admins targeted by fake security patches that hijack sites It is a phishing campaign, attacking the popular WordPress plugin WooCommerce, exploiting admins and their credentials with malicious security patches the admins think they must have – again a classic bit of threat actor social …
Continue reading “I was going to write about a WooCommerce attack…”
As part of an ongoing IT and Cyber Security Audit, I had several meetings this week to advise a client on how to migrate their current bespoke website to WordPress. These meetings included how to find a good WordPress developer and the standard of cyber security they should demand for …
Automattic likes to tell us that it’s product WordPress is the world’s most popular website platform so it is dissapoibnting that a vulnerability has existed in it’s own popular plugin Jetpack since 2016. Jetpack fixes critical information disclosure flaw existing since 2016 (bleepingcomputer.com) How popular is Jetpack? As it offers …
Hackers known as “Stargazer Goblin” running a network called Stargazers Ghost Network have been distributing malware, in particular info-stealing malware via over 3,000 fake accounts on GitHub. Over 3,000 GitHub accounts used by malware distribution service (bleepingcomputer.com) Using these accounts, compromised WordPress websites and relying on GitHub’s reputation as trusted …
Continue reading “Putting the effort in – 3000 fake accounts”
I am going to promise you a good news story for the “Wednesday Bit” tomorrow as we start the week off with another vulnerability with WordPress that is probably impacting many organisations without their knowlege. Why? Because they just let their web designers get on with the website without any …
