Attention WordPress, Joomla and Magento content management system users. There’s a new dual threat malware that not only steals administrative privileges, but also takes computer files and makes them public. Identified by SiteLock and named Tusayan, the malware is currently active in the wild. How does it work? An attack begins by inserting an IndoXploit Shell file and then … [Read more...]
Political Trojans, WordPress 0day, and Tool Fails- WSWiR Episode 150
Another week, another flood of security news. Do you find yourself falling behind of the latest InfoSec news? Than this weekly video should help you catch up. This week's video covers the latest on the White House breach, a new security tool that got hacked a day later, and an old trojan that has received some politically-motivated updates. Press play to learn about all that … [Read more...]
0Day WordPress XSS – Daily Security Byte EP.71
A really, really long comment could allow an attacker to hijack your WordPress blog. Watch today's quick video to learn about the zero day XSS flaw reported by a Finnish security researcher, and what you can do about it. (Episode Runtime: 1:48) Direct YouTube Link: https://www.youtube.com/watch?v=H2XR2tnm0yQ EPISODE REFERENCES: Researchers blog post on 0day WordPress XSS - … [Read more...]
ICANN Breach & More Sony – WSWiR Episode 133
Wow! This week's been such a busy news week that the information security (InfoSec) stories kept pouring in, long after I finished this week's video. The latest? CERT just warned about some critical vulnerabilities in NTPd, a popular network time protocol (NTP) service that many network devices and software uses. If you use NTPd, look into it (and I'll post more soon). In the … [Read more...]
WatchGuard Security Week in Review: Episode 61 – InfoSec UK 2013
AP Twitter Hack, Serial Offenders, and InfoSec UK This week's security highlights video comes a bit early due to my travels in London to attend InfoSec UK. If you're looking for a quick summary of the week's top security news, this is the vlog for you. In today's video, I share a few themes from the biggest security conferences in Europe, news of the AP twitter feed hijack, … [Read more...]