October 2016 Summaries
4 posts from Detectify
Filter
Month:
Year:
Post Summaries
Back to Blog
WordPress releases changelogs for every new version, highlighting changes and patched security vulnerabilities, which hackers can exploit from older versions, making it crucial for site owners to use the latest version. To address this, WordPress introduced an automatic update feature in late 2013 to ensure users have the most secure version, discouraging disabling of this feature. Despite fears of updates breaking websites, this is rare due to rigorous testing. Exceptions for disabling updates include sites managed by version control systems or those with their own deployment mechanisms. It's vital to keep auto-updates enabled and regularly test website security to prevent hacks, as outdated installations are commonly found during security scans.
Oct 27, 2016
480 words in the original blog post.
Content Delivery Networks (CDNs) offer numerous benefits, including improved loading speeds and reduced server pressure, making them attractive for both small and large websites. Despite their advantages, CDNs pose security risks if they become malicious or are hacked, as they control the execution of scripts on websites and can potentially alter content or steal user credentials. To mitigate these risks, website owners are advised to ensure the trustworthiness of their chosen CDN, implement security measures such as the integrity attribute in script tags to verify the authenticity of scripts, and prepare backup solutions to maintain functionality if the CDN is compromised or unavailable. Additionally, using a separate domain for CDN content can enhance privacy and reduce exposure to client-side attacks.
Oct 27, 2016
876 words in the original blog post.
A recent phishing email impersonating Telia, a Swedish mobile network operator, has been circulating, urging recipients to click a link to access their mobile bill, highlighting the growing threat of phishing attacks that range from mass emails to sophisticated CEO fraud. To identify phishing attempts, it is crucial to verify the sender's email address, avoid downloading attachments or clicking links in unsolicited emails, and rely on common sense. Attackers often exploit timing, sending emails when recipients are likely to be stressed or distracted. Falling for such scams can result in malware infection or credential theft, as attackers can create convincing fake websites or emails mimicking trusted brands or employers. Advanced phishing schemes, such as CEO fraud, involve personalized emails that exploit workplace communication dynamics to trick recipients into transferring money, emphasizing the need for robust internal security checks and vigilance.
Oct 20, 2016
602 words in the original blog post.
Service desk roles are often misunderstood as mundane, but they involve significant security responsibilities, such as managing password resets, handling potential crypto trojan outbreaks, and controlling access to accounts, all while maintaining a customer-friendly demeanor. Despite being low in organizational hierarchy and salary, service desk staff have high system privileges, making them attractive targets for hackers. Security issues are categorized into procedures, passwords, privilege, and insider threats, with a focus on the importance of effective procedures, robust password management, and minimal privilege access to mitigate risks. The text highlights vulnerabilities within Active Directory systems, emphasizing the importance of encryption and proper password hashing to prevent breaches. Insider threats, including potential espionage from within, are a concern, as service desk employees often have extensive access to sensitive information. The text suggests that security threats should not be underestimated and that societal control could be more effective than judicial measures in preventing insider threats.
Oct 06, 2016
1,275 words in the original blog post.