Why would they hack little old me?

WordFence posted a great article on “Why is an insignificant website like mine being attached?”, a very common question asked by owners of smallish sites.

Most of it comes down to money. Here’s a quick synopsis:

1) Using your host’s server to run their own programs (the latest craze is cryptocurrency mining)

2) Leveraging your reputation

a) hosting phishing pages
b) hosting spam pages and injecting spam links
c) sending spam email
d) attacking other sites
e) hosting malicious content

3) Leveraging your site contents

a) malicious redirects
b) defacements
c) distributing malware

4) Stealing data

5) Ransomware

Full article at: https://www.wordfence.com/blog/2018/03/ask-wordfence-why-is-an-insignificant-site-like-mine-being-attacked/

Company fined £400k for sloppy security

A UK company, CarPhone Warehouse, was fined £400k (about half a million dollars) for a massive breach basically caused/allowed by ignoring basic security rules that we all should know:

  • Use secure, unique passwords (all their servers had the same root password, which was known by 30-40 people)
  • Software kept up to date (their WordPress installations were 6 years out of date; other software also years out of date.)
  • Although the historical transactions were protected by encryption, the encryption keys were stored in plain text within the application.

“Carphone Warehouse had claimed that the attack was ‘sophisticated’, but in reality the attacker used the Nikto web scanning tool which is freely available and checks for outdated web servers, application software and common configuration errors.”

Full article at https://www.accountingweb.co.uk/tech/tech -pulse/carphone-warehouse-fined- ps400000-for-cyber-attack

MalwareBytes bad update

If you use MalwareBytes (anti-malware program), they pushed out a bad update on Saturday, 1/27. 

How to resolve / verify you have the fixed update package:

Update package version 1.0.3803 or higher contains the fix.

To resolve, simply reboot your machine. In some cases, a second or even third reboot may be needed.

To verify you have this update, go to Settings -> About -> Update package version: 1.0.3803

More scary stuff

Lots more brute force attacks this month following the leak of 1.4 BILLION username/password pairs.