Shane Chambers No Comments

WordPress Sites Seeing Increased Cyber Attacks Thanks to Plugin Vulnerability

The team behind Wordfence, a popular security plugin for WordPress, have reported seeing a large increase in cyber attacks aimed at WordPress-based websites over the last few weeks. This is believed to be due to a vulnerability in another WordPress plugin, File Manager, which has over 700,000 active installations. While the vulnerability only affects those running certain versions of the File Manager plugin, Wordfence reports that cyber attacks are up across the board, as cyber criminals cast a wide net with their attacks.

An estimated 455 million websites run on WordPress, accounting for more than 30% of sites worldwide.

WordPress is an immensely popular platform that allows users to create websites easily, often with little to no coding skills, and add functionality via plugins. WordPress has been around since 2003, and while it initially gained traction as a blogging platform, it has since gained a much larger audience.

Plugins are the bread and butter of WordPress, allowing users to add advanced functionality without writing complex code from scratch or paying a developer. However, like all software, plugins must be updated regularly to protect against vulnerabilities and prevent devastating zero-day attacks.

WordPress site owners who are using versions 6.0 to 6.8 of the File Manager plugin are advised to update the plugin immediately, as the recently-discovered vulnerability allows unauthorised parties (see: cyber criminals) to upload potentially malicious files or execute commands on their target site, with the potential to cause catastrophic damage.

Wordfence, whose security plugin protects WordPress sites against malicious traffic, has said that although the overall percentage of sites running the vulnerable versions of File Manager is low, they have seen a huge increase in bots attacks to check for weaknesses.

“Attacks against this vulnerability have risen dramatically over the last few days. Wordfence has recorded attacks against over one million sites today, September 4, 2020. Sites not using this plugin are still being probed by bots looking to identify and exploit vulnerable versions of the File Manager plugin, and we have recorded attacks against 1.7 million sites since the vulnerability was first exploited,” according to Wordfence’s Ram Gall.

“Although Wordfence protects well over three million WordPress sites, this is still only a portion of the WordPress ecosystem. As such, the true scale of these attacks is larger than what we were able to record.”

Incidences such as these where criminals jump up en-masse to take advantage of a vulnerability in a broadly-used plugin highlights how important it is to ensure your WordPress site is as up-to-date as possible. Plugins which are no longer in use should ideally be disabled to reduce a website’s risk.

The latest version (6.9) of the File Manager plugin mitigates this vulnerability and WordPress site owners are strongly advised to update to it as soon as possible.

Shane Chambers No Comments

How To: Creating Safe Passwords in 2020

When is the last time your organisation updated its password policy or sent out guidance to employees around creating safe and secure passwords? It’s been a year since we last updated our guidance on creating safe and secure passwords, so we thought it’s about time for our 2020 edition of “how to keep your accounts secure”. Specifcally, we’ll be looking at current best practice for creating passwords & passphrases and how to leverage multi-factor authentication.

Password guidance is constantly changing, so it’s extremely important to stay up-to-date and keep ahead of cyber criminals!
Read more
Shane Chambers No Comments

‘Privacy Shield’ Regulation Ruled Invalid by EU Court, Complicating EU-US Data Transfer


Another blow has been struck to US companies wishing to do business in the European Union, as the ‘Privacy Shield’ regulation which allowed EU citizen data to be transferred to and processed in the US has been deemed invalid by the European Court of Justice. Privacy Shield was itself designed to replace an older data transfer mechanic/regulation called ‘Safe Harbor’, which also met the wrath of European lawmakers back in 2015.

The EU-US Privacy Shield, like Safe Harbor before it, has been deemed invalid by the European Court of Justice.
Read more
Shane Chambers No Comments

Property Firm Collapses After Ex-Employee Deletes Dropbox

A 58 year old woman in the UK has become one of a handful of people ever convicted under the Computer Misuse Act 1990 after committing an act of ‘revenge’ against a former business associate, causing a new company to cease operations and lay off staff.

The woman, Danielle Bulley, was formerly a director at successful UK-based property magazine Property Press, alongside co-director Alan Marriott. When Bulley and Marriott fell out in 2018, Bulley left the company and Marriott started a new venue called Letterbox Productions – using former assets from Property Press.

Danielle Bulley, a 58 year old British woman with no previous convictions, was sentenced to 18 months of unpaid community service under the Computer Misuse Act 1990.

After Property Press went into liquidation, Marriott started a new company called Letterbox Productions without Bulley – however the new venture used former Property Press assets.

Upon learning of the new company and angry at her former co-director, Bulley engaged in a revenge mission to gain unauthorised access to its Dropbox account and spent hours deleting the contents. Over 5,000 files were permanently erased, causing damage to Letterbox Productions so great that it could no longer function and had to shut down, laying off all its staff in the process.

Bulley admitted to deleting the files when speaking to authorities, stating that she believed she was entitled to do so, but acknowledging that she knew the move would cause harm to the fledgling business.

Bulley was sentenced to an 18 month community order with 80 hours of unpaid work under the Computer Misuse Act 1990, becoming one of only a handful of people to be convicted using the legislation. Bulley had no previous convictions or offenses.

In a statement from the North Yorkshire Police’s Cyber Crime Unit, Detective Constable Steven Harris said “During our investigation, it became clear that Bulley had left the original company on a bad note, but the deletion of thousands of files containing vital information was catastrophic for the victim.”

“It dealt the new business a blow from which it never recovered. Ex-employees can pose a serious risk to a business because they are familiar with the company’s IT infrastructure and procedures. This can make it easier for them to carry out cyber crimes against their former organisation.”

“We encourage businesses to ensure they have policies in place for removing user accounts and changing passwords when an employee leaves an organisation.”

The incident highlights the need for strict user access controls and stringent leaver procedures along with regular backups to another secure location. As the North Yorkshire police rightfully pointed out, former employees pose a unique threat in that they have inside knowledge of the business and are familiar with its infrastructure, especially if they are in high-level positions or sensitive departments such as finance or IT.

When a user leaves, their accounts should be disabled and their passwords changed. Where possible, multiple users should never share login details for generic/shared accounts – if this cannot be avoided, then the password must be changed whenever users leave. Multi-factor authentication should be used where possible to prevent unauthorised access.

And of course, if you are angry at a company you used to work for, we strongly advise against committing criminal acts which will only make the situation worse for everyone.

Judge Simon Hickey noted that Bulley was a respectable woman who had acted on impulse and lost her good character to chase revenge.

“It is a sad end to a working career,” he said.

Shane Chambers No Comments

Users Warned of Major New Phishing Campaign, Using Infected Excel Files

Microsoft has released a statement warning users to stay vigilant of phishing emails, as a malicious campaign has been detected which tricks users into downloading an Excel sheet containing harmful software. The criminals responsible are taking advantage of the confusion around Covid-19, as many others have been doing lately, to convince users that the emails are genuine and to enable macros within Excel once the file has been downloaded to their computer.

Users should be extremely wary of attachments they are not expecting, as many common file types can be injected with malware.
Read more