Crypto-Ransomware Round-Up

cryptolockerSome of the nastiest exploits going around are the many variants of the CryptoLocker and CryptoWall malware that encrypt all your personal files and hold them for ransom.  Payment in bitcoin is required, in amounts starting at $200 and ranging upward to the $17,000 (400 BTC) that Hollywood Presbyterian Hospital just paid to unlock their files.  Or even more.  The amount will be whatever the attackers think they can extract from the victim.

  • The latest ...
Continue Reading →
0

WordPress Security Learning Center

WordPresslogoLast Friday we dove down the WordPress Security bunny hole to chase the Aethera botnet and the other attack platform that WordFence reported.  Today we are looking a their new WordPress Security Learning Center.

If you are a developer or security professional, you should check this site out, and take the time to fit the classes into your schedule.  If you are interested ...

Continue Reading →
0

Alert: WPEngine User Credentials Breached

WordPresslogoJust received an email from WordFence, the WordPress security plugin-developer, that popular WordPress hosting company WPEngine had a breach that may have included customer user name and password information.  The full text of the email I received follows.

“We learned about an hour ago that there has been a data breach at WPEngine. Some of their customer login credentials have been exposed. If ...

Continue Reading →
0

When Bad Things Happen To Good Web Sites

website-securityToday we are going to take a deeper dive into the subject of website security.  Web servers can be  breached in a number of ways, but the most common is simply stealing your user ID and password, either through a clever spearphishing email, or an automated brute force password cracking program.  The second most common way is through software vulnerabilities in the web site code itself that opens it up ...

Continue Reading →
0

WordPress Security Tips

WordPresslogoAs we have mentioned in previous postings, WordPress has become one of the world’s leading web design tools, with a 27% share of all web sites, and a 65% share of CMS or Content Management System type websites.  Because it is an open source product that is free to use, it has become hugely popular.  We have been designing in WordPress ourselves for ...

Continue Reading →
0

WordPress Site Owners – Update Now

WordPresslogoJust a quick note to my WordPress pals – the latest update, WordPress 4.2.3, has an import fix for a cross site scripting (XSS) vulnerability that leaves your site vulnerable to attack.  According to Sophos:

“The flaw allows WordPress users who have Contributor or Author roles to add javascript to a site (something normally reserved for Editors and Administrators) using specially crafted shortcodes.

Attackers ...

Continue Reading →
0

Backup For Your WordPress Site

WordPresslogoOne of the most important and easily implemented security protections is data backup.  That’s right, backup is a part of a well crafted security program.  Because whatever the disaster, whether cyber-attack, theft, data corruption, hardware failure, fire, flood, or bad weather, having a good backup program means that you can recover from disaster and continue operations.

And one of the most important things to ...

Continue Reading →
0

Have a WordPress Site? Better Secure It!

WordPresslogoWordPress has become an incredibly popular web design platform, and currently has about a 25% share of all web sites on the Internet.  As an open-source software product that is free to download and use, with a great support and documentation through WordPress.org, and a huge, international development community providing an endless array of themes, plug-ins and widgets, it is easy ...

Continue Reading →
0
Page 3 of 3 123