Website Security News, Articles and Updates

Pair of WordPress plug-ins inject malicious scripts to deliver unwanted ads

Two malicious plug-ins were recently discovered injecting obfuscated JavaScript into WordPress websites to generate advertisements that appear if a visitor clicks anywhere on the page.

Government websites, including ICO, hit by cryptocurrency mining campaign

More than 5,000 sites, including sites belonging to the NHS, ICO, local councils and the Student Loans Company were hit by a cryptocurrency mining campaign that exploited a popular plug-in to infect sites with a malicious script.

Reddit site spoofed by cyber-criminals to steal credentials of users

Cyber-criminals set up a malicious website that spoofed the original Reddit site and stole login credentials of unsuspecting visitors, yet managed to obtain a valid SSL certificate from a domain registry.

Retailers need to identify and block threats to online shoppers

To prevent fraud, online retailers need to widen their cyber-security perimeters to encompass virtual geographies such as the deep web and social networking sites to identify and block fraud threats before they are executed.

WikiLeaks homepage defaced as it dumps more CIA hacking tools

The Central Intelligence Agency can take some small comfort that as WikiLeaks was preparing for its latest dump of the spy agency's Vault7 hacking tools, a group of hackers was busy defacing WikiLeaks' homepage.

Prospective students tricked into handing over confidential information

Prospective Newcastle University students are being scammed into handing over details and making payments for fake courses.

Web hacking only getting worse as webmasters fail to patch ageing code

As part of its #NoHacked campaign, Google has published figures on the state of website security, and the trend doesn't look good.

Cloudflare flaw leaked data from websites for months - now patched

Undetected coding error allows sensitive customer information to pour from sites since September - now fixed and believed unexploited

Mozilla Firefox 50 adds multi-process security feature

Mozilla is introducing the first major piece of its multi-process architecture with its latest browser version, Firefox 50.

UK schools must invest in online strategy and encrypt sensitive data

New research from Web Foundry that polled 1,000 parents of children of school age suggests that UK schools need to invest in their online strategy.

National Childbirth Trust suffers major data breach

The National Childbirth Trust has become the latest victim of hackers seeking to plunder data from every source possible on the internet.

Marks & Spencer data compromise not a hack

M&S website closed for two hours as customers see the account details of others. Retailer says it was an internal issue, not a hack, and no financial details were disclosed.

Cyber-attack alert in Malaysia

The Malaysian government is preparing itself against cyber-attacks threatened to occur two days before National Day on 29 August.