Cyber criminals send victims their own passwords in Bitcoin blackmail scam

Cyber criminals are attempting to blackmail unsuspecting victims by claiming to have used the victims' password to install spying malware on the victims' computer. The criminals claim they’ve recorded videos of the victim watching adult material by activating their webcam when they visit these websites. What makes this scam so convincing is that the email usually includes a genuine password the...
Read More

How to keep the cyber-criminals out

Cyber-criminals use weaknesses in software and apps to attack your devices and steal your identity. Software updates are designed to fix these weaknesses and installing them as soon as possible will keep your devices & data secure. Software updates don’t have to get in the way of what you’re doing. You can choose to install them at night, when your device is plugged in and connected to...
Read More

Security of Drupal 8.5 or below.

This post contains important, time sensitive information about the security of your website if you're running Drupal version 7.57 or below or Drupal 8.5 or below. If you're an O'Brien Media client with a Drupal website you'll probably be familiar with the periodic Drupal update emails we send out regarding how important it is to keep up to date with security patches and other updates for your...
Read More

The end of the insecure web is nigh, switch to HTTPS to keep current

For the past several years, Google has been leading the charge towards a more secure web by strongly advocating that website owners adopt HTTPS encryption. And within the last year, Google has also helped users understand that HTTP sites are not secure by gradually marking a larger subset of HTTP pages as “not secure” - including contact and enquiry forms. Beginning in July of this year,...
Read More
Malicious website password reset requests on the rise from Russia

Important: Malicious website password reset requests on the rise from Russia

With all the interest in Russian hackers and a certain presidential campaign you'd be forgiven for thinking that only high-profile websites and individuals are targets for hackers. Not so. Over the past week we’ve seen a 1900% (yes one thousand nine hundred) percent increase in the number of malicious login attempts to websites hosted on our servers. And we’re not alone. Across the...
Read More

Keep your WordPress or Drupal website up-to-date to stay safe from hackers

How often should you update your WordPress or Drupal, themes and plugins/modules? The short answer is as often as possible... and here's why. The main reason for this is security. WordPress & Drupal sites are prime targets for hackers. These hackers don't want to bring you down because they dislike you, in fact most of these hacks originate from bots crawling the web, looking for WordPress...
Read More

Is your website using HTTPS?

Google’s efforts with Chrome to encourage the web’s transition to HTTPS are beginning to pay off. The company has now announced plans to extend the effort with the “Not secure” badge scheduled to show up on more HTTP pages. With version 56 in January, Chrome began marking HTTP sites with password or credit card fields as “Not secure” in the address bar. As a result, Google...
Read More

New ransomware campaign is targeting Google Chrome users with fake font update alerts

A new ransomware campaign is targeting Google Chrome users.  If Chrome users visit a compromised site, an alert will pop up prompting the user to “update” a Chrome font extension.  The false update claims it need to execute because Hoefler Text is not found.  Although this text font is legitimate, the update is not. According to Forbes, researchers have found after users execute the fake...
Read More

Hundreds of Thousands of WordPress Sites Defaced through REST API Vulnerability

At the end of January, WordPress 4.7.2 was released to fix four security issues, three of which were disclosed at the time of the release. The fourth and most critical issue, an unauthenticated privilege escalation vulnerability in a REST API endpoint, was fixed silently and disclosed a week after the release. This vulnerability allows anyone with the right know-how to edit the content of...
Read More

Upgrade today WordPress, Drupal websites

On the 25th of December 2016, a security researcher disclosed a critical remote code execution flaw within a popular programme used to send emails from websites and web applications. The PHPMailer library is used by more than 9 million websites worldwide and is bundled with popular content management systems such as WordPress and Drupal. At worst this is a flaw that could be used to run...
Read More