This past week has seen a number of security issues come to light.
In the news, WordPress and OpenSSL are the main story makers with even more patches and updates required.
Additionally, it was revealed this week that all victims of the Cryptolocker Ransomware can access their codes for free! But a group of Russian hackers have amassed 1.2 billion usernames and passwords.
WordPress – Keep It Up To Date
WordPress is one of the most popular installations on the web. With over 23% of the World’s websites powered by WordPress, any security flaw is seen as a serious security issue.
A researcher for the Salesforce.com security team has discovered an XML vulnerability that impacts the popular website platforms WordPress and Drupal.
Known as the XML Quadratic Blowup Attack. When executed, it can take down an entire website or server almost instantly.
What Action to Take
This flaw affects WordPress versions 3.5 – 3.9 (the current versions) and Drupal 6.x – 7.x (the latest versions).
Regardless of your version, it is important that you update all WordPress and Drupal applications.
OpenSSL – More Patches Required
Since the Heartbleed Bug in April, more and more effort is going into securing the open-source code for OpenSSL. Their funding has increased through more donations and more experts are contributing to the code.
Another nine patches for the critical Web encryption tool are available. These are important, but none of them are as critical as Heartbleed – but please do not ignore them!
The patches fix several issues that enables DoS attacks, which can cause OpenSSL to crash, consume large amounts of memory or leak information.
CWCS Managed Hosting strongly advises all users to immediately update their version of OpenSSL.
Cryptolocker – Agencies Publish Codes
The malicious programme encrypts files on Windows computers and hold all the files to ransom, demanding a substantial fee in return for your files.
All victims of Cryptolocker are now able to recover their files which were previously held to ransom.
In May, law enforcement agencies and security companies seized the operations of the Gameover Zeus network.
Through constant efforts during the surveillance, the task force were able to hijack the data before taking down the whole operation.
Russian Hackers Amass Over a Billion Passwords
If you ever needed another reason to change all your passwords and continually managed your passwords, then this it!
A Russian crime ring has collected over 1.2 billion username and password combinations. The hackers targeted any website they could, large and small!
What this means is, there is a good possibility that your personal and business login credentials are a part of this mass hoard of data.
CWCS Managed Hosting strongly advises all customers to change their passwords and maintain a high-standard of password management. Notably, you should make sure every password is unique for each site and change it on a regular basis. A good password contains a random mixture of letters (upper and lower case), numbers and symbols.
If your business holds customer details, ensure the data is secure and also advise your customers on good password management.Return to blog page