WordPress – SWITCH Security-Blog

Boston-Spam: Malicious actors are exploiting the Boston Marathon explosions to spread malicious code, the US-CERT warns. The Internet Storm Center provides some details and how the spam campaigns are now changing over to the Waco plant explosion.
WordPress: Securi.net blogged details about the massive brute force attacks against WordPress websites over the past days.
Waiting desperately for Android Security Updates from your carrier? The American Civil Liberties Union has filed a complaint with the US Federal Trade Commission (FTC) concerning this issue.
According to Reuters, China and the United States will set up a working group on cyber-security. “Cyberspace should be an area where the two countries can increase mutual trust and cooperation.”
Symantec published their 58-page Internet Security Threat Report 2013 (PDF). Reviews can be found here and here.

Hosting companies worldwide are reporting an increase in brute force attacks on the administration interfaces of WordPress installations. If you’re running a WordPress site, now would be a good time to ensure you are using strong passwords, change the user-id ‘admin’ and limit the number of logins.
PlaneSploit: Plane hijacking via smartphone (PDF). A talk by Hugo Teso at Hack In The Box Security Conference. Read more here.
Aditya Balapure provides some insights on the recent DDoS Attack against Spamhaus.
SSH: “There are often a great many more SSH keys in existence in an organisation than there are users.” SSH an ill-managed mess says Tatu Ylonen, author of the SSH protocol.
Windows XP: The countdown begins – Support for Windows XP ends on April 8, 2014. Newer OS-Versions have more built-in security features like ASLR or SEHOP.
What is the difference between a Penetration Test, Vulnerability Assessment and a Security Audit? Some definitions to help define future security service requests.