A new ransomware campaign is targeting Google Chrome users. If Chrome users visit a compromised site, an alert will pop up prompting the user to “update” a Chrome font extension. The false update claims it need to execute because Hoefler Text is not found. Although this text font is legitimate, the update is not.
At the end of January, WordPress 4.7.2 was released to fix four security issues, three of which were disclosed at the time of the release. The fourth and most critical issue, an unauthenticated privilege escalation vulnerability in a REST API endpoint, was fixed silently and disclosed a week after the release. This vulnerability allows anyone with the right know-how to edit the content of your site without needing a valid username and password.
If you haven’t yet updated to 4.7.2 and your site is running 4.7.0 or 4.7.1, you are at risk for content injection.
On the 25th of December 2016, a security researcher disclosed a critical remote code execution flaw within a popular programme used to send emails from websites and web applications including systems such as WordPress and Drupal. If you are unfamiliar with security vulnerabilities a RCE, or remote code execution vulnerability is the worst-case-scenario. They allow an attacker to execute their own code on a victim website and thereby take control of the website.
A secure version of PHPMailer has now been released (as of the 11th January 2017) and updated versions of WordPress, and affected Drupal modules, have been made available and we are asking all customers who do not have support agreements in place to ensure that these updates are installed as soon as possible to ensure that your website remains secure.
If you need assistance installing these updates on your WordPress or Drupal based website please email [email protected] with your website details. If you have a monthly support agreement in place we will be installing the relevant updates on the 12th January 2017 and will issue confirmation emails once updates have been installed.
As you may now be aware, an increasing number of websites and online services have recently revealed breaches in their cyber security. In many cases, a user’s email address, username, and password are obtained from one website, and then used to access other websites and services. This is because people tend to use the same username and password for multiple online accounts.
To be clear, we have no evidence to suggest there has been any breach of O'Brien Media Limited systems.
Whilst it’s unlikely you have been impacted, we are now advising all customers to take the following precautionary steps to secure your information…
Nearly all aspects of our lives now involve technology in one way or another. Everyone owns several devices that are connected to the internet. Naturally with internet connectivity comes the inevitable danger of malicious activity.
Malware development is a booming business and is growing by millions in stolen revenue every year. As malware gets more and more sophisticated, cyber security firms needs to reciprocate with the same amount of effort to keep up. One of those companies is Malwarebytes, a popular cyber security software company who make anti-malware products.
Malware is a common term used for the description of software viruses, Trojans, ransomware and spyware. Short for ‘malicious software’, malware has been plaguing homes
On October 14th 2014 Google released details on the POODLE attack, a padding oracle attack that targets CBC-mode ciphers in the 15 year old SSLv3 security protocol. The vulnerability
Over the past couple of weeks we've received calls and emails from a few customers about an email they have received from a "company" called IGN Domains asking them to confirm they are the registered owner of their domain name and informing them that, in all cases, someone is trying to register the same name on "7 domain extensions". The email also invited the customer to get in touch with IGN Domains within 7 days to prevent the domain names being registered to another person or business.
