The details on the latest WordPress vulnerability, then the surprising, or perhaps not so surprising takeover of a cybersecurity firms website & watch out, hacker’s may be using your microphone to steal your data!

Plus a packed roundup, your feedback & so much more!

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Patreon

Show Notes:

Trend Micro’s Own Cybersecurity Blog Gets Hacked

  • We covered the WordPress bug in TechSNAP 306
  • See also [Security Firm Trend Micro’s Blog Falls Victim To Content Spoofing Attack]http://www.silicon.co.uk/security/trendmicro-blog-security-205197
  • and WordPress Quietly Fixes Zero-Day Flaw Tom
  • WordPress was alerted to the flaw on 20 January
  • WordPress officially released WordPress 4.7.2 to the world on Thursday 26 January.
    • “The release went out over our autoupdate system and, over a couple of hours, millions of WordPress 4.7.x users were protected without knowing about the issue or taking any action at all.”
  • Dan confirms the above upgrade timeline; his WordPress sites were updated on 26 January, between 2:30 and 3:30 EST
  • Researcher’s Feb 1 blog post with details
  • WordPress’ Feb 1 10:59 AM blog post
  • NOTE: Virally growing attacks on unpatched WordPress sites affect ~2m pages
  • Attacks on websites running an outdated version of WordPress are increasing at a viral rate. Almost 2 million pages have been defaced since a serious vulnerability in the content management system came to light nine days ago. The figure represents a 26 percent spike in the past 24 hours
  • Google trend chart

Hackers who took control of PC microphones siphon >600 GB from 70 targets

  • Real information in the blog post
  • Suggestions: put such devices on their own VLAN, but I’m not sure how their connections work
  • Large-scale ~= 70 organisations
  • Most of the targets are located in the Ukraine, but there are also targets in Russia and a smaller number of targets in Saudi Arabia and Austria. Many targets are located in the self-declared separatist states of Donetsk and Luhansk, which have been classified as terrorist organizations by the Ukrainian government.

Feedback


Round Up:


Question? Comments? Contact us here!