Wordpress

(get it in RSS or Atom)

FBI warns WordPress users of ISIS threat: Patch and update now

FBI warns WordPress users of ISIS threat: Patch and update now

The FBI is advising all WordPress site owners to update and patch their installation and plugins. If you're not already doing so, now is a great time to start. We offer tips on how to get started.

Google bans sexually explicit content on Blogger

Nude ban. Image courtesy of Shutterstock.

Unless the content has "public benefit," it will be bumped out of public view as of 23 March (if it's already been published) and banned outright after that date.

If you use either of these WordPress themes update them now

Pagelines

Older versions of the Platform and PageLines WordPress themes contain privilege escalation vulnerabilities that could allow attackers to take over the website using them.

"Obamacare" phishing email leads to banking malware‏

dol-fake-250

Unfortunately, official emails and web bulletins are a handy source of believable content for scammers.

This time, it's a Department of Labor bulletin "borrowed" to help distributed a variant of the infamous Vawtrak banking malware.

SSCC 175 - "My, what an ENORMOUS malware infection you have!" [PODCAST]

Here's the latest episode of our weekly security podcast.

For your listening pleasure - the news you can use!

WordPress issues critical security fixes, closing remote anonymous compromise bug and more

wp-250

WordPress has just published a critical security release.

If you're still on WordPress 3, this is about as critical as it gets, because one of the fixes closes a "remote anonymous compromise" bug.

Is it *really* such a bad idea to use a password twice?

reuse-250

We regularly warn you against using the same password for multiple accounts.

But if you memorise one really long and complex password, isn't that enough?

No! Here's why...

SSCC 165 - "U2 or not U2," that is the question [PODCAST]

It's Chet Chat time!

Here's this week's episode of our news-you-can-use security podcast...

TimThumb plugin for WordPress - zero-day remote code execution hole disclosed, quickly fixed

thumb-250

WordPress sites with the TimThumb image thumbnailing plugin could be taken over by attackers.

Paul Ducklin looks at what went wrong and explains how to fix the hole...

Skype's Twitter account compromised by Syrian Electronic Army

Microsoft's reading Skype messages

Microsoft's Skype brand had its Twitter, Facebook and WordPress accounts hacked by a someone claiming to be the Syrian Electronic Army. The real question is, where was the two-factor?

SSCC 121 - WordPress, OS X, iCloud, smartphone tracking and medical devices [PODCAST]

sscc-121-thumb-250

By popular demand, the Chet Chat has gone back to a weekly format, so your favourite security podcast will now be appearing twice as frequently!

Listen to Chet and Duck in the latest episode...

WordPress 3.7 with automatic security updating is out now

Wordpress 3.7

Wordpress 3.7 isn't important because it fixes any particularly devilish vulnerabilities but because, for the first time, it will automatically update itself with the latest maintenance and security releases - something that could change the security of the whole Wordpress ecosystem.

SSCC 119 - Happy 10th, Patch Tuesday - Adobe "goes open source" - Dread Pirate Roberts [PODCAST]

sscc-119-250

A wild ride this week, with Patch Tuesday turning 10, Adobe "going open source" by losing 40GB of code, and Silk Road operator Dread Pirate Roberts getting locked in the brig.

Chet and Duck turn their amusing but insightful attention to the latest security stories...

How to avoid being one of the "73%" of WordPress sites vulnerable to attack

How to avoid being one of the 73% of WordPress sites vulnerable to attack

Researchers have concluded that 73% of the 40,000 most popular websites that use WordPress software are vulnerable to attack. But they admit they might be wrong. Even so, they still highlight an important security issue which isn't diminished one iota by their sketchiness.

Monday review - the hot 24 stories of the week

Monday review

Missed anything last week? Catch up with everything we talked about with our weekly roundup.

WordPress issues security fixes, advises "update your sites immediately"

wp-logo-250

Mega-popular blogging and content management system WordPress has just put out version 3.6.1.

This includes a patch for a remote code execution hole, so you are advised to update ASAP.

SSCC 116 - Google Authenticator, Apple bugs, Facebook data probes, WordPress phishing [PODCAST]

sscc-116-250

Here you are! Episode #116 of the Sophos Security Chet Chat.

News, opinion, advice and research: Chet and Duck bring you their unique and entertaining combination of all four in their regular podcast.

Monday review - the hot 17 stories of the week

Monday review

Get yourself up to date with everything we've written in the last seven days - it's weekly roundup time.

Anatomy of a phish - a "generic mass targeted attack" against WordPress admins

wpphish-250

Naked Security reader Lisa Goodlin is a website designer and a WordPress user.

She was recently targeted by cybercrooks trying to phish her WordPress credentials, and though the phish ended up being comical rather than threatening, there were some useful lessons to be learned...

Sophos Techknow - Two-factor Authentication [PODCAST]

techknow-logo-250-150

To some of us, two-factor authentication (2FA) is a welcome aspect of online security; to others, token or SMS-based login codes are just extra online hassle we'd rather do without.

Duck and Chet help you evaluate the risks and rewards of 2FA in this enjoyable quarter-hour podcast.