Enjoy priority support and immediate help for your WordPress sites!

WP Security: 30 scary happenings worth reading from February 2019

WP Security: 30 scary happenings worth reading from February 2019

WP Security: 30 scary happenings worth reading from February 2019



  • GCP App Engine URL Redirection – Decoys

  • Spoofing search results and infecting browser extensions
    • Researchers have found a malicious browser extension they call Razy. It spreads through adware and tries to steal cryptocurrency. Razy in search of cryptocurrency

  • Protect Your Organization from Phishing Attacks
    • The latest State of the Phish report is out showing big increases in phishing attacks during the last year. Vishing and smishing efforts also increased. Baby boomers outperformed all other age groups in fundamental phishing and ransomware knowledge. 2019 State of the Phish Report

  • The Japanese government wants to secure IoT devices before the Tokyo 2020 Olympics
    • Japan amended its laws to allow government agents to access and survey IoT devices by using their default password settings. The idea is to collect all insecure devices — in both homes and in businesses — to alert the appropriate authorities to try to secure them. The Japanese government plans to hack into citizens’ IoT devices

  • Dailymotion announces being subject to a large-scale computer attack
    • Video sharing site Dailymotion announced that it had been the subject of a large-scale dictionary-based credential stuffing attack. Since the company is based in Paris, French authorities have been notified. All users’ passwords have been reset. Dailymotion subject to a computer attack

  • Vulnerabilities being exploited by malicious actors to gain WP administrative access

  • Securonix Threat Research: Moanacroner, XBash, and Others

 

Our only security is our ability to change. ~ John Lilly


  • Action was taken against cyber criminals linked to four million attacks
    • UK’s National Crime Agency is working with partners in more than a dozen countries to arrest hundreds of DDoS attackers that once used Webstressor services. This website has been taken down last year and could be responsible for launching more than 4M attacks during its tenure. Users of illegal websites targeted in joint law-enforcement activity

  • Hakai and Yowai can easily be abused by cybercriminals to breach web servers and attack websites



  • SQLite module is used to parse the databases in order to steal data
    • Researchers have found new malware samples written in the Go programming language. One is a variant of Zebrocy info stealer, another is a simple Trojan. Both appeared to be targeting SQL data files. Analyzing a new stealer written in Golang

  • Yet another phishing campaign poses as a reputable payments processor Nets.eu


 

Protect your WordPress: BEFORE IT’S TOO LATE! You will also protect your customers, your reputation and your online business!


At the end of the day, the goals are simple: safety and security. ~ Jodi Rell

Do you have any concerns with WordPress Security?
Leave your thoughts in the comments below!
Summary
WP Security: 30 scary happenings worth reading from February 2019
Article Name
Description
Be advised for your own WP Security about the latest security issues identified and reported publicly.
Author
Publisher
owl power EUROPE

Related Posts

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.