Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.

Botnet of Infected WordPress Sites Attacking WordPress Sites

This entry was posted in Research, Wordfence, WordPress Security on December 5, 2018

The Defiant Threat Intelligence team recently began tracking the behavior of an organized brute force attack campaign against WordPress sites. This campaign has created a botnet of infected WordPress websites to perform its attacks, which attempt XML-RPC authentication to other WordPress sites in order to access privileged accounts.

The threat actors use a group of four command and control (C2) servers to send requests to over 14,000 proxy servers provided by a Russian proxy provider called best-proxies[.]ru. They use these proxies to anonymize the C2 traffic. The requests pass through the proxy servers and are sent to over 20,000 infected WordPress sites. Those sites are running an attack script which attacks targeted WordPress sites.

Hacker says USPS ignored serious security flaw for over a year

Your tax dollars not at work. A security researcher claims the US Postal Service ignored a security flaw affecting 60 million users, until it was contacted by journalist Brian Krebs.

Protecting Against Identity Theft

11/29/2018 09:12 PM EST  Original release date: November 29, 2018

As the holidays draw near, many consumers turn to the internet to shop for goods and services. Although online shopping can offer convenience and save time, shoppers should be cautious online and protect personal information against identity theft. Identity thieves steal personal information, such as a credit card, and run up bills in the victim’s name.

DOJ exposes huge ad-fraud operation, eight charged

The US Department of Justice has charged eight men from Russia and Kazakhstan with running a vast ad-fraud scheme that milked a total of $36 million from advertisers.  Three of the accused – Aleksandr Zhukov, Sergey Ovsyannikov and Yevgeniy Timchenko – have been arrested in different countries pending extradition to the US, with Boris Timokhin, Mikhail Andreev, Denis Avdeev, Dmitry Novikov, and Aleksandr Isaev still at large, an announcement said.

21 Terrifying Cyber Crime Statistics

From VPN Geeks.  Unfortunately, with technology on the rise, there’s more room for cyber crime in 2018. According to the Cyber Security Breaches Survey 2018, 43% of businesses were a victim of a cyber security breach in the last 12 months. In the U.S., the state of California lost more than $214 million through cyber crime alone.

The internet will add 1.4 billion new users by 2022 as the world enters the multi-zettabyte era

Cisco’s Visual Networking Index forecast update for 2018 shows that there will be 1.4 billion more people using the internet by 2022 than the 3.4 billion users in 2017. There will also be significant growth in M2M and in 5G connections.

The 4.8 billion users represent about 60% of what the global population will be in 2022, assuming there will be 8 billion people on the planet. Having more internet users also means that ever-increasing quantities of data will be transmitted over the internet, establishing the multi-zettabyte era. By 2022, internet users will consume 4.8 zettabytes of data a year, which is 11 times the amount of IP traffic generated in 2012, with 437 exabytes.

A zettabyte is 1 trillion gigabytes, or 1,000,000,000,000,000,000,000 bytes. (A byte equals a single letter.)

Microsoft’s Office 365 MFA security crashes for second time

Microsoft’s multi-factor authentication (MFA) for Microsoft Office 365 and Azure Active Directory has fallen over for the second time in a week.



About the Author:

Cybersecurity analyst, pen-tester, trainer, and speaker. Owner of the WyzCo Group Inc. In addition to consulting on security products and services, Bob also conducts security audits, compliance audits, vulnerability assessments and penetration tests. Bob also teaches Cybersecurity Awareness Training classes. Bob works as an instruction for CompTIA’s non-profit IT-Ready Program in the Twin Cities. IT-Ready is a tuition free 8-week program designed to teach students of all ages the fundamentals of IT support to prepare them for an entry level position in Information Technology Support. Graduates of the classes take the exams to become CompTIA A+ certified. Bob is a frequent speaker at conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. Bob has been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.