Cybersecurity Starts in the Boardroom
Fast Company an American magazine was hacked and abusive articles added to its news feeds, resulting in this material getting a wider audience through syndication on the Apple News app. The Apple News channel was quickly disabled and Fast Company took its site down pending a fix but the damage was …
WordPress plugin called BackupBuddy I wrote an article today for our training site CyberAwake, questioning exactly how much governance organisations are extending to their websites. The article started off because of two WordPress issues this week and during my background reading for the article I came across this from last …
Continue reading “Then there was a third problem with WordPress… BackupBuddy”
Earlier today I wrote about the FishPig/Magento supply chain attack, now I have come across another WordPress cyber security problem. A popular WordPress plugin is being actively exploited. PSA: Zero-Day Vulnerability in WPGateway Actively Exploited in the Wild (wordfence.com) The Wordfence Threat Intelligence team have warned that WordPress sites running …
Continue reading “Two WordPress vulnerability posts in a day – WPGateway zero-day vulnerability”
This is a classic supply chain attack. UK based FishPig, seller of Magento WordPress integrations, ecommerce software has discovered that its distribution server had been compromised, which allowed threat actors backdoor access to the customer’s systems. The ecommerce software is believed to be used by more than 200,000 websites. Breach …
Many of us use WordPress for our web sites – if you do not know what your web designer is using for you website, then you have a cyber security issue, and you or your cyber security consultant should get in contact with your web designer ASAP. Here is one …
Plug-ins is a way of vendors and third-parties extending the functionality of software – it work very well, the success of WordPress is partly based on plug-ins. Now the threat actor vendors are taking the same approach with their malware – with the plug-ins helping to obfuscate the malware to …
There has been a flurry of WordPress security and vulnerability articles over the past week or so. It is no surprise that the world’s most popular website builder is a target for threat actors, especially as Automatic’s core code can be added to with third-party, open-source or even self-written plugins, …
