websites Archives - Cyber Security Minute

Malicious Plugins Found on 25,000 WordPress Websites: Study

Issued by: Security Week

An analysis of nightly backups of more than 400,000 unique web servers has revealed the existence of more than 47,000 malicious plugins installed on nearly 25,000 unique WordPress websites. More than 94% of these plugins (over 44,000) continue to be in use today. Over 3,600 of the identified malicious plugins were purchased from legitimate marketplaces…

Vulnerabilities

Websites Hacked via Zero-Day Flaws in WordPress Plugins

Issued by: Security Week

Zero-day flaws affecting several WordPress plugins have been exploited by malicious actors to plant backdoors and take control of vulnerable websites. The attacks have been spotted by Wordfence, a company that specializes in protecting WordPress websites. The firm’s investigation revealed that attackers had been exploiting previously unknown vulnerabilities in three WordPress plugins.

Vulnerabilities

Most Federal Government Websites Lack Basic Security

Issued by: Dark Reading

HTTPS and DNSSEC not used across the board on agency websites despite federal requirements to do so. The majority of federal agency websites fail to meet basic standards for security as well as for speed and mobile-friendliness.

Vulnerabilities

Joomla vulnerability can be exploited to hijack sites, so patch now!

Issued by: Help Net Security

If you’re running a website on Joomla, you should update to the newly released 3.6.5 version as soon as possible – or risk your site being hijacked. The newest version of the popular CMS has been released on Tuesday (December 13), and it fixes three vulnerabilities, several bugs, and includes a number of new security…

Application Security

Tips to shop safely on Cyber Monday

Issued by: Help Net Security

As consumers gear up for Cyber Monday, the largest online shopping day of the year, cybercriminals are also preparing to take advantage of deal-seekers. IBM X-Force researchers are monitoring malicious activity closely to help organizations and consumers stay safe during the holiday shopping season. Researchers have already seen cybercriminals actively masking malicious malware in emails…

Network Security

As Deadline Looms, 35 Percent Of Web Sites Still Rely On SHA-1

Issued by: Dark Reading

Over 60 million web sites are relying on a hashing algorithm that will be blocked by major browsers starting Jan 1. A surprising 35 percent of websites around the world are still using SHA-1 though barely 45 days remain before some of the major browsers stop trusting certificates signed with the hash algorithm altogether.

Network Security

Catching Online Scammers, Dealers & Drug Dealers With DNS

Issued by: Dark Reading

Takedowns of malicious or fraudulent websites is a temporary fix for online fraud and crime, mainly because the bad guys then just put up another website domain they have waiting in the wings. Researchers at Black Hat Europe in London tomorrow will demonstrate a new technique they developed that uses Domain Name Service (DNS) analysis…

Network Security

Chinese firm admits its hacked products were behind Friday’s massive DDOS attack

Issued by: CSO

A Chinese electronics component manufacturer says its products inadvertently played a role in a massive cyberattack that disrupted major internet sites in the U.S. on Friday. Hangzhou Xiongmai Technology, a vendor behind DVRs and internet-connected cameras, said on Sunday that security vulnerabilities involving weak default passwords in its products were partly to blame.

Malware & Threats, Network Security

Extensive DDoS attack against Dyn restarts, could indicate a new use of old criminal tech

Issued by: CIO Security

Attacks against DNS service provider Dyn resumed today after a two and a half hour lull, and could indicate a new application of an old criminal technology, experts say. Dyn hasn’t shared details on the type of DDoS attacks used nor the size of those attacks that have affected access to sites including Amazon, Etsy,…