Posts tagged "hackers"

WordPress Sites Hacked Due to Exposed Vulnerability

February 8th, 2017 Posted by Best Practices, Hackers, Internet, rest api, Security, wordpress 0 thoughts on “WordPress Sites Hacked Due to Exposed Vulnerability”

WordPress 4.7.2 was released last Thursday, January 26th. If you have not already updated, please do so immediately.

A WordPress bug called REST API Endpoint allowed more than 100,000 websites to be hacked over the past two weeks. According to security firm Sucuri, websites have been hacked solely because the admins did not make an update to their WordPress as advised by the company. The exploit allows hackers to update content published on a WordPress website running with the 4.7.0 or 4.7.1 versions.

The security flaw, a zero-day vulnerability which affects the WordPress REST API, allows attackers to modify the content of posts or pages within a website backed by the WordPress content management system (CMS).

The reason the vulnerability wasn’t made public at the time of WordPress 4.7.2’s release was the real worry that malicious hackers might race to exploit the flaw, attacking millions of blogs and company websites. We have here, but not before a few headlines on Data Center Knowledge were altered to read “Hacked by (insert group name here)”. Sucuri also warned that version 4.7.2 may not automatically update even if that feature is turned on in WordPress.

MuhmadEmad, a Kurdish anti-ISIS hacktivist working for the Kurdlinux team, has hacked thousands of websites, leaving a message praising the Kurdish Peshmerga forces. This is not the first time the Kurdish hacker targeted websites leaving a message saying ‘Long Live the Peshmerga’. On Monday, the National Treasury Management Agency (NTMA) said that its official website was hacked by MuhmadEmad. “The perpetrator also posted a picture of the Kurdish flag, and wrote ‘long live Peshmerga’.”

To avoid your websites from being hacked with this exploit, Cyber Security professionals have requested to update to the latest WordPress version 4.7.2.

Please contact our sales team at [email protected] if you have any questions or concerns.

Is Your Security Layered Like Your Bean Dip?

September 9th, 2015 Posted by Best Practices, Security 0 thoughts on “Is Your Security Layered Like Your Bean Dip?”

By: Alicia Hernandez, Think Technical Writer

So there’s this simile… Stop me if you’ve heard this one… That says you should layer your security like a seven-layer burrito. Sounds like a logical thought to me! If you prefer burritos over bean dip, you are welcome to sign up for The Seven Layer Security Burrito: How it All Stacks Up, a live webcast with Channel Expert Hour and Open DNS on September 15, 2015. Otherwise, let’s talk about my favorite: bean dip!

No matter the simile that you prefer to use, the layered security approach is a simple concept to grasp. The more hoops a hacker has to jump through, the less likely they are to be successful. Of course, the tricky part here is not creating a bean dip so thick that your chips keep breaking off in it. In other words, while you want your hackers to have a hard time breaking into your systems, you still want to keep it simple and [nearly] seamless for your users to access the information they need.

Layer #1: Response Plan

So let’s look at this layered approach as if we were making a bean dip. The first layer along the bottom (the furthest inside your business) is your RESPONSE plan. In the event you have a breach, having a response plan laid out ahead of time will help you ensure that you address all of the necessary pieces of remediation. Without a plan, you are more likely to miss something as you hastily try and patch your holes, leaving your company still vulnerable.

Layer #2: Monitoring and Alerting

The second layer includes MONITORING and ALERTING. Without a solid monitoring and alerting system in place, you may never know that a hacker has infiltrated your systems, much less be in a position to take immediate action and reduce the damage to be done.

Layers #3 and #4: Data Encryption and User Permissions

The next two layers are kind-of like your lettuce and tomato – they just go together as one layer. Probably the most important piece of your business is your data – whether it is PII customer data, secret family recipes, or engineering blueprints – so we need to do what we can to protect the data. On the other side, hackers are out to get the data, so DATA ENCRYPTION in conjunction with user PERMISSIONS are very important layers!

Layers of Security

Layer #5: Applications

Logically… See I told you this was a simple-to-understand approach… the data lies within APPLICATIONS, so this is where our next layer of security falls. Again, ensuring access to the applications is accurate and limited, and practicing secure coding methods will help protect your application layer.

Layer #6: Operating System

The applications are usually accessed from a user’s desktop PC and/or laptop, so we want to ensure this is secure as well. Antivirus software, security policies, and patching are all methods to secure the OPERATING SYSTEM.

Layer #7: Network Security

And, finally, everyone’s favorite part of the bean dip, the cheese…or from a layered security perspective, the NETWORK! Setting up firewalls, intrusion detection systems, intrusion prevention systems, and user authentication technologies are just a few of the ways to protect your business from the bad guys.

While the following papers aided in the writing of this article, I recommend reaching out to Think Network Technologies for a layered security bean dip specific to your business!

Peters, C. Layered Protection for a Mobile Business
SANS Institute: Layered Security: Why It Works
TechRepublic: Understanding layered security and defense in depth

CONTACT US

888.98.THINK
970.247.1885
3067 Main Ave. Durango, CO

JOIN OUR TEAM

Join our team of hard-working, fun-loving, technology experts.

View Careers

© 2018 Think Network Technologies, LLC. All rights reserved.