Wordpress logo sinking
Wordpress logo sinking

Is the wildly popular WordPress a conduit to compromise?

According to the latest data from the IBM X-Force team the reasons that WordPress sites are so open to attack are not exactly rocket science.

The WordPress platform pretty much dominates the content management system (CMS) driven web development market. The latest figures suggest it has a 60 percent share.

Cyber-criminals looking to host malicious content are drawn to legitimate sites, especially those that have been established for a while. WordPress often provides the entry point, or more accurately vulnerable and unpatched plugins do. More...

Hackers use EternalBlue exploit to distribute non-WannaCry payloads

Hackers are using same Microsoft Server Message Block (SMB) protocol vulnerability (MS017-010), used in the WannaCry outbreak, to disperse Backdoor.Nitol and Trojan Gh0st RAT, according to FireEye.

“We observed lab machines vulnerable to the SMB exploit were attacked by a threat actor using the EternalBlue exploit to gain shell access to the machine,” said the researchers in a recent blogpost. They said that the initial exploit technique used at the SMB level is similar to what they had seen in WannaCry campaigns; “however, once a machine is successfully infected, this particular attack opens a shell to write instructions into a VBScript file and then executes it to fetch the payload on another server.” More...

SC Awards Europe 2017: And the winners of this year's awards are...

Awards were given to leading products and services in the cyber-security industry  at the SC Awards Europe 2017 held at London's Old Billingsgate on Tuesday 6 June.

Hosted by Holly Walsh at Old Billingsgate, was an evening of glitz and glamour on the Thames in the heart of the City of London and also featured awards for individuals and teams who have made an outstanding contribution to cyber-security. 

One of those individuals was Marcus Hutchins, aka MalwareTech, the 22-year-old security researcher who "accidentally" stopped the WannaCry attack in its tracks and in so doing, earned himself a place in cyber history. We were delighted to give him Special Recognition Award. More...

InfoSec 2017: Can you buy your way to GDPR compliance?

The General Data Protection Regulation (GDPR) is not about products, stated Ilias Chantzos, Symantec's senior director of government affairs for EMEA and Asia, as he addressed an audience at Infosecurity Europe 2017, Europe's largest infosecurity product vendor feeding frenzy.

Given the commercial interests of the assembled vendors, this may come across as a somewhat controversial statement.

Many here today will be advertising “the box that can solve your GDPR problems,” said Chantzos before helpfully reminding his audience that there is, indeed, no box that can “solve your GDPR problems”. More ...

Government again takes aim at encryption after terrorists shake London

UK Prime Minister Theresa May (as at Friday 9th June) says that technology companies are providing a "safe space" for terrorists.

Following a third terror attack on UK soil in three months, we're now witnessing a UK government which is going to war with technology, as British PM Theresa May said tech giants provided a “safe space” for terrorism to recruit and operate globally.

According to the BBC, speaking outside Downing Street on Sunday, Theresa May said: "We cannot allow this ideology the safe space it needs to breed. Yet that is precisely what the internet, and the big companies... provide." In short, the government appears intent on breaking encryption. More ...