- Boston-Spam: Malicious actors are exploiting the Boston Marathon explosions to spread malicious code, the US-CERT warns. The Internet Storm Center provides some details and how the spam campaigns are now changing over to the Waco plant explosion.
- WordPress: Securi.net blogged details about the massive brute force attacks against WordPress websites over the past days.
- Waiting desperately for Android Security Updates from your carrier? The American Civil Liberties Union has filed a complaint with the US Federal Trade Commission (FTC) concerning this issue.
- According to Reuters, China and the United States will set up a working group on cyber-security. “Cyberspace should be an area where the two countries can increase mutual trust and cooperation.”
- Symantec published their 58-page Internet Security Threat Report 2013 (PDF). Reviews can be found here and here.
Tag: WordPress
IT-Security-Links #19
- Hosting companies worldwide are reporting an increase in brute force attacks on the administration interfaces of WordPress installations. If you’re running a WordPress site, now would be a good time to ensure you are using strong passwords, change the user-id ‘admin’ and limit the number of logins.
- PlaneSploit: Plane hijacking via smartphone (PDF). A talk by Hugo Teso at Hack In The Box Security Conference. Read more here.
- Aditya Balapure provides some insights on the recent DDoS Attack against Spamhaus.
- SSH: “There are often a great many more SSH keys in existence in an organisation than there are users.” SSH an ill-managed mess says Tatu Ylonen, author of the SSH protocol.
- Windows XP: The countdown begins – Support for Windows XP ends on April 8, 2014. Newer OS-Versions have more built-in security features like ASLR or SEHOP.
- What is the difference between a Penetration Test, Vulnerability Assessment and a Security Audit? Some definitions to help define future security service requests.