Cybersecurity Starts in the Boardroom
This original post was made on 23 August 2022 Update 21 October 2022 There has been another “mis-configuration story this week – Microsoft exposed thousands of client records when they mis-configured a server. Following a report in the summer of patient information leaking from a health care company because of …
Fast Company an American magazine was hacked and abusive articles added to its news feeds, resulting in this material getting a wider audience through syndication on the Apple News app. The Apple News channel was quickly disabled and Fast Company took its site down pending a fix but the damage was …
WordPress plugin called BackupBuddy I wrote an article today for our training site CyberAwake, questioning exactly how much governance organisations are extending to their websites. The article started off because of two WordPress issues this week and during my background reading for the article I came across this from last …
Continue reading “Then there was a third problem with WordPress… BackupBuddy”
Earlier today I wrote about the FishPig/Magento supply chain attack, now I have come across another WordPress cyber security problem. A popular WordPress plugin is being actively exploited. PSA: Zero-Day Vulnerability in WPGateway Actively Exploited in the Wild (wordfence.com) The Wordfence Threat Intelligence team have warned that WordPress sites running …
Continue reading “Two WordPress vulnerability posts in a day – WPGateway zero-day vulnerability”
This is a classic supply chain attack. UK based FishPig, seller of Magento WordPress integrations, ecommerce software has discovered that its distribution server had been compromised, which allowed threat actors backdoor access to the customer’s systems. The ecommerce software is believed to be used by more than 200,000 websites. Breach …
