Security Updates – Major Security Vulnerabilities in WordPress and OpenSSL and 1.2 Billion Reasons Why You Should Change Your Passwords

Wednesday 13 August 2014

This past week has seen a number of security issues come to light.

In the news, WordPress and OpenSSL are the main story makers with even more patches and updates required.

Additionally, it was revealed this week that all victims of the Cryptolocker Ransomware can access their codes for free! But a group of Russian hackers have amassed 1.2 billion usernames and passwords.

WordPressWordPress – Keep It Up To Date

WordPress is one of the most popular installations on the web. With over 23% of the World’s websites powered by WordPress, any security flaw is seen as a serious security issue.

A researcher for the Salesforce.com security team has discovered an XML vulnerability that impacts the popular website platforms WordPress and Drupal.

Known as the XML Quadratic Blowup Attack. When executed, it can take down an entire website or server almost instantly.

What Action to Take

This flaw affects WordPress versions 3.5 – 3.9 (the current versions) and Drupal 6.x – 7.x (the latest versions).

Regardless of your version, it is important that you update all WordPress and Drupal applications.

Heartbleed

OpenSSL – More Patches Required

Since the Heartbleed Bug in April, more and more effort is going into securing the open-source code for OpenSSL. Their funding has increased through more donations and more experts are contributing to the code.

Another nine patches for the critical Web encryption tool are available. These are important, but none of them are as critical as Heartbleed – but please do not ignore them!

The patches fix several issues that enables DoS attacks, which can cause OpenSSL to crash, consume large amounts of memory or leak information.

CWCS Managed Hosting strongly advises all users to immediately update their version of OpenSSL.

GameoverCryptolocker – Agencies Publish Codes

The malicious programme encrypts files on Windows computers and hold all the files to ransom, demanding a substantial fee in return for your files.

All victims of Cryptolocker are now able to recover their files which were previously held to ransom.

In May, law enforcement agencies and security companies seized the operations of the Gameover Zeus network.

Through constant efforts during the surveillance, the task force were able to hijack the data before taking down the whole operation.

Surviving in the digital ageRussian Hackers Amass Over a Billion Passwords

If you ever needed another reason to change all your passwords and continually managed your passwords, then this it!

A Russian crime ring has collected over 1.2 billion username and password combinations. The hackers targeted any website they could, large and small!

What this means is, there is a good possibility that your personal and business login credentials are a part of this mass hoard of data.

CWCS Managed Hosting strongly advises all customers to change their passwords and maintain a high-standard of password management. Notably, you should make sure every password is unique for each site and change it on a regular basis. A good password contains a random mixture of letters (upper and lower case), numbers and symbols.

If your business holds customer details, ensure the data is secure and also advise your customers on good password management.

Return to blog page

Put Your Servers In Safe Hands With Our Supreme Cloud Hosting

View our services to see which of our hosting options best suits your needs.

ISO 27001 Certified

Compliant to ISO 9001:2015 & ISO 27001:2013, CWCS is independently audited for your assurance that you will receive the highest level of quality, and will ensure your information secure, intact, and only available to those authorised to access it.

G-Cloud Supplier

The UK Government G-Cloud is an initiative targeted at easing procurement by public-sector bodies in departments of the UK Government of commodity information technology services using cloud computing.

Cyber Essentials

Cyber Essentials certifiication demonstrates our commitment to cyber security. Government and industry have worked together to produce a set of standards which helps organisations safeguard against the most common cyber threats.

Call us on 0800 1 777 000 or email us at sales@cwcs.co.uk