Microsoft, responding to sophisticated cyberattacks

Microsoft is aware of a sophisticated supply chain attack that has targeted a variety of victims over the past year. The attack utilizes malicious SolarWinds files that possibly gave cybercriminals access to some victims’ networks. Microsoft cybersecurity experts are investigating the attack to help ensure that Microsoft customers are as secure as possible. Microsoft has commented "Microsoft is...
Read More
blue RollsdArtboard

WooCommerce: Spam Orders and Accounts from Bots

Versions of WooCommerce prior to 4.6.2 contain a vulnerability that allows guest users to create accounts during checkout even when the "Allow customers to create an account during checkout" setting is disabled. This vulnerability is being exploited by a bot to place spam orders and create user accounts that are then used to probe for vulnerabilities in other plugins on the site. In response to...
Read More
Developer working on websites codes in office. SEO optimization. Server logs analysis. Binary digits code editing. Coding script text on screen

Post Grid WordPress Plugin Flaw Found “Patch it sharpish if you use it…”

Two high-severity vulnerabilities in Post Grid, a WordPress plugin with more than 60,000 installations, opens the door to site takeovers, according to researchers. To boot, nearly identical bugs are also found in Post Grid's sister plug-in, Team Showcase, which has 6,000 installations. The issues are a cross-site scripting (XSS) flaw as well as a PHP object-injection issue. Both bugs are pending...
Read More
a person login a form on a desktop

Analytics and Web App Confusion as Privacy Shield Lies in Tatters

Before the world changed due to COVID-19, the GDPR (General Data Protection Regulations) came into force back in 2018.  This impacted businesses across all industries and implemented strict regulation on the storage and transfer of personal data, with heavy fines as punishment for non-compliance. Many cloud services, from those offered by Microsoft and Google to much smaller, niche services, are...
Read More

Is your website’s front door wide open to WordPress hackers?

It is frustrating to find out that your WordPress site has been hacked, recently one of our customers asked us why do hackers target WordPress? The answer is usually, in part at least, due to the very reason that WordPress is such a popular content management system for websites, its active developer community and the volume of free plugins and free themes available to customise your site without...
Read More
hands of hacker in dark room writing code

Cybercrime: Europe’s Most & Least Secure Countries

Specops Software has released data showing the countries in Europe most and least susceptible to cyber crimes. The company analysed the total number of cloud provider related incoming attacks as well as cryptocurrency mining, malware and ransomware encounters on machines in each country. The Netherlands has the highest rate of machines that experienced one of the above attacks at 17.64 percent...
Read More
a person checking a WordPress website from a laptop

4 tips for managing WordPress plugins in 2020

Updating your WordPress plugins is most easily achieved from the Plugins tab in the WordPress dashboard. From there you can see which plugins have updates available, after which it’s a matter of hitting Update now to install the new versions. Minimise the number of plugins you have. Always remove plugins if you aren’t using them anymore. Keep your attack surface area as small as you can....
Read More
cyber essentials logo with blue background

O’Brien Media are Cyber Essentials Certified via IASME and CyberSmart

The growing threat of cyber-related crime is quickly becoming a major concern for most organisations and business leaders. With regular reports of high-profile businesses falling victim to cybercrime across the globe, it’s the responsibility of every organisations to ensure they adequately protect themselves and their customers. What is Cyber Essentials? Cyber Essentials is a cybersecurity...
Read More website plugin

Hackers infecting WordPress sites via defunct “Rich Reviews” plug-in

If you’re a WordPress admin using a plug-in called Rich Reviews, you’ll want to uninstall it. Now. The now-defunct plug-in has a major vulnerability that allows malvertisers to infect sites running WordPress and redirect visitors to other sites. Rich Reviews was a WordPress plugin that lets sites manage reviews internally in WordPress, and also displays Google reviews for a business...
Read More
different security icons

Update Easy WP SMTP – Vulnerability affecting thousands of sites across the internet discovered

The Easy WP SMTP plugin authors have released a new update, fixing a very critical 0day vulnerability. When leveraged, this vulnerability gives unauthenticated attackers the power to modify any options of an affected site — ultimately leading to a complete site compromise. The vulnerability, found only in version 1.3.9, has been seen exploited in the wild and impacts thousands of sites. The...
Read More