News in brief: Big Brother in India; hacking warning to journalists; WordPress sites hit

Your daily round-up of some of the other stories in the news

India steps up mass surveillance

Big Brother is watching you if you’re in India: or at any rate, he will be sometime before the end of the first quarter of the year when the country’s Centralised Monitoring System is fully operational.

The scheme, which the Indian government says is “to automate the process of lawful interception and monitoring of phones and the internet”, began rolling out in 2013, to the consternation of privacy campaigners at the time.

A draft report from the Indian government to the UN, its Universal Periodic Review of India, notes that the Supreme Court of India has “put in place adequate procedural safeguards”, but India’s Democracy Project has raised concerns, saying “No information has been made available about whose data will be collected, how the collected [data] will be used or how long the data will be retained.”

Google warns journalists of email hack attempts

Several prominent journalists have been warned by Google that “state-sponsored hackers” are trying to break into their email, Politco reported on Friday.

Julia Ioffe of The Atlantic tweeted a screenshot from her Gmail inbox with the warning that her account was being targeted, while others including Ezra Klein of Vox, Brian Stelter of CNN and New York Times national security correspondent David Sanger also said they’d been warned.

These attempts to break into the email of high-profile individuals aren’t new, and you don’t have to be a high-profile journalist to be at risk from a hacking or phishing attack. As ever, at Naked Security we recommend that you pick a strong password and secure your account with two-factor authentication.


1.5m unpatched WordPress sites defaced

If you run a WordPress-based website and haven’t updated to version 4.7.2 yet, you need to do so as a priority. Attacks on WordPress sites that still have the vulnerability in the REST API are facing a growing incidence of attacks, bleepingcomputer has warned. More than 1.5m pages have now been defaced.

On Monday, security company Sucuri reported that hackers were defacing unpatched websites and that some 3,000 sites a day were being attacked.

If you’ve got automatic updates enabled, chances are you are protected from the attack, as we wrote last week. You can check which version you’re running by going to Dashboard>Updates: make sure you’re on version 4.7.2, which has patched the vulnerability the attackers are using.

Catch up with all of today’s stories on Naked Security