Highly Effective Gmail Phishing Technique Being Exploited

A new highly effective phishing technique targeting Gmail and other services has been gaining popularity during the past year among attackers. Over the past few weeks there have been reports of experienced technical users being hit by this.

This attack is currently being used to target Gmail customers and is also targeting other services.

The way the attack works is that an attacker will send an email to your Gmail account. That email may come from someone you know who has had their account hacked using this technique. It may also include something that looks like an image of an attachment you recognise from the sender.

Wordfence Blocks Username Harvesting via the New REST API in WP 4.7

WordPress 4.7 was released 6 days ago, on December 6th. It includes a REST API that will be used by many WordPress plugins, mobile apps, desktop applications, cloud services and even WordPress core in future. Every site that upgrades to WordPress 4.7 has this API enabled by default.

Emergency Bulletin: Firefox 0 day in the wild. What to do.

We’re publishing this as an emergency bulletin for our customers and the larger web community. A few hours ago a zero day vulnerability emerged in the Tor browser bundle and the Firefox web browser. Currently it exploits Windows systems with a high success rate and affects Firefox versions 41 to 50 and the current version of the Tor Browser Bundle which contains Firefox 45  ESR.

If you use Firefox, we recommend

WP Plugin 404 to 301 - Considered Harmful

Yesterday we received a site cleaning request where one of our customers was seeing spammy links, Payday Loans in this case, injected into their WordPress website page content. The links were only appearing when the site was visited by a search engine crawler. This is common when a site has been hacked.

It turns out that this is not a hacked site. It is content that is injected by a plugin called 404 to 301 plugin which has 70,000 active installs and has a 4.5 star review from 56 reviewers. When you install the plugin it asks you to agree to a long agreement which includes parts of the GNU general public license. But at the end it also includes the following text:

New Vulnerability in All in One SEO Pack Plugin 2.3.7 and earlier

Yesterday morning Panagiotis Vagenas, a Wordfence Security Researcher, discovered a new vulnerability in the All in One SEO Pack WordPress plugin. This is in addition to another serious vulnerability we wrote about yesterday morning in the same plugin.

As detailed yesterday, All in One SEO Pack is an extremely popular plugin with over 1,000,000 active installs. Both free and Premium Wordfence users with the firewall enabled had partial protection at the time we discovered this new vulnerability.

Vulnerability in Yoast SEO 3.2.4 for WordPress

The team of Wordfence discovered a vulnerability in Yoast SEO version 3.2.4 and earlier that allows any user with ‘subscriber’ level access to download your Yoast SEO settings. For sites that have open registration, this means that anyone can register and download your Yoast SEO settings by simply creating an account and running the exploit.

Panama Papers: How they hacked!

Email Hackable via WordPress, Docs Hackable via Drupal

The Mossack Fonseca (MF) data breach, aka Panama Papers, is the largest data breach to journalists in history and includes over 4.8 million emails.

Yesterday we broke the story that MF was running WordPress with a vulnerable version of Revolution Slider and the WordPress server was on the same network as their email servers when the breach occurred.

WordPress delivered Ransomware and Hacked Linux Distributions

In a rather unfortunate turn of events earlier this month, the Hollywood Presbyterian Medical Center was infected with ransomware. Ransomware, if you’re unfamiliar with it, encrypts everything on your workstation and then tells you to pay an attacker to decrypt your system and regain access to your information.

In the case of Presbyterian, they had to pay 40 bitcoins or the equivalent of $17,000 to regain access to their systems. The ransomware attack affected CT scans, documentation, lab work, pharmacy functions and their email went down. Last week they paid the attacker the $17,000 and their systems were decrypted and they’re back online.

WordPress Security: Core XSS and 4 Plugin vulnerabilities

This has certainly been an eventful month in WordPress security. January 6th saw a WordPress core security update. Upgrade immediately to version 4.4.1 of WordPress core if you haven’t already.

The vulnerability that WordPress 4.4.1 fixes is a cross site scripting or XSS vulnerability.

LastPass - The last password you have to remember

Security and automation are imperative if you want to succeed in today’s online world. Needing access from any device on any place can make life a bit confusing. Everyday at Azorvida we’re working on different projects. But our workload is more manageable and smoother because all of our admin passwords are tightly held inside LastPass. So long are the days of writing every password down, or saving them on a file.

Browser Update

Browser-Update.org

An initiative by web designers to inform users about browser-updates

This service is an opportunity to inform your visitors unobtrusively to switch to a newer browser. Many internet users are still using very old, out-dated browsers – most of them for no actual reason. Switching to an newer browser is better for them and for you as a web designer.

How it works

Project Honey Pot

Project Honey Pot will not end spam, but it has lots of potential. It could put many spammers out of business by providing the data necessary to catch them. It could raise the barrier of entry and lower the profits of the spam business, persuading would-be spammers that it's not worth the trouble. And it could prod legitimate marketers to act more responsibly and send e-mail only to those who verifiably have agreed to receive their pitches.

Project Honey Pot is the first and only distributed system for identifying spammers and the spambots they use to scrape addresses from your website. Using the Project Honey Pot system you can install addresses that are custom-tagged to the time and IP address of a visitor to your site. If one of these addresses begins receiving email we not only can tell that the messages are spam, but also the exact moment when the address was harvested and the IP address that gathered it.

At its core, Project Honey Pot is a collection of people from around the world working together to track email harvesters and help stop spam.

Flipmailer - Flipora and more ....

It started with an email from I guy I know and have worked with from time to time but never been particularly close to. Let’s call him Bob.

Not visible in the image above – the From line in the message indicated Bob’s email address where the sender’s name usually goes, followed by an email address – <info@flipmailer.com>, suggesting this wasn’t really from Bob at all. And it claimed that Bob “would like to add me as a friend”. What sort of friend? It’s not a Facebook message. A “Flipmailer” friend? What’s that?