SoakSoak using compromised websites to spread CryptXXX ransomware

The SoakSoak botnet is compromising business websites so that they redirect visitors to the Neutrino exploit kit and CryptXXX ransomware.

David Bisson reports.

Uber awards researcher $10,000 for reporting serious security hole

A security researcher found a way of accessing Uber’s internal network.

David Bisson reports.


WordPress users warned of plugin flaw being exploited in porn spam attack

Tens of thousands of websites running WordPress are thought to have been put at risk from a vulnerability that hackers have been actively exploiting to inject pornographic spam messages.

Read more in my article on the Hot for Security blog.


Now all WordPress.com sites can benefit from HTTPS encryption

Good news for security and privacy.

Millions of users hosting their sites on the wordpress.com servers will be able to force the use of HTTPS encryption – for free.

Read more in my article on the Hot for Security blog.

Ransomware’s new target? Websites

Extortionists demand Bitcoin ransom be paid to restore WordPress websites.

David Bisson reports.

Websites running WordPress hacked to display money-making ads for hackers

Don’t just delete the malicious code on your web server. Determine how it got there in the first place if you want to prevent future attacks.

Malware found on Guardian article that asks if cybercrime is out of control

Oh the irony.

An article on The Guardian website discussing whether cybercrime is out of control is redirecting users to the malicious Angler exploit kit, and infecting visiting PCs.

David Bisson reports.

WordPress 4.2.4 released, fixing critical security holes. Update immediately!

Yet more cross-site scripting security holes found in WordPress. Users advised to update their websites “immediately.”

WordPress 4.2.3 released, fixing critical security hole. Update!

Do you, or your business, run a self-hosted WordPress site?

If so, it’s time to ensure that you are updating to the latest version.

Microsoft privacy and surveillance site compromised to promote online casinos

Well, this is embarrassing…

The website set up by Microsoft to fight the United States government on issues of over-reaching surveillance has been hacked.


Millions of WordPress websites at risk from in-the-wild exploit

Many WordPress sites are at risk of hijack, after cross-site scripting vulnerability uncovered.

Read more in my article on the Tripwire State of Security blog.

If you’re going to run WordPress, please please keep it updated

Researcher complains that WordPress has been ignoring his vulnerability reports, as details of zero-day comments XSS flaw are made public and then patched.

Popular WordPress plugins found vulnerable to XSS vulnerability

Popular WordPress plugins such as JetPack and WordPress SEO by Yoast need to be updated after a cross-site scripting flaw was found in their code. And they’re not the only ones…

Hey, maybe ISIS can get you to update your WordPress site’s security?

The FBI has issued a warning that ISIS-supporting hackers are exploiting vulnerabilities on websites running WordPress.

Run WordPress SEO by Yoast on your website? You need to update it

A serious vulnerability was found in one of the most popular WordPress plugins, and guess what?

It got fixed really quickly. :) All that remains is for you to apply the update on your web server.

ISC warns that users may have been infected by malware, after hackers poison website

The Internet Services Consortium (ISC) has warned visitors that its website recently suffered a malware attack that may have left visiting computers infected.