WordPress Plug-in “Custom Content Type Manager” is found with Backdoor
Sucuri has unmasked wicket WordPress plug-in “Custom Content Type Manager” (CCTM) that can install backdoor and alter WordPress core files. Sucuri client informed Sucuri researchers when he found (auto-update.php) file while updating plug-into its version 0.9.8.8. This file included the skill to download files from a remote server on the infected website. The plug-in was installed on more than 10K sites. Besides, the developer of this plug-in also added CCTM_Communicator.php file that worked with another legitimated plug-in. The motto of these two files was to gather information on the victim’s site and recorded username and password of WordPress users.
Rapid7 revealed most used Usernames and Password in Hacking
Rapid7 collected data from honeypots looking alike office, POS and kiosk payment systems whose RDP port was opened. Rapid7 has carried out project Heisenberg honeypot experiment in which the firm collected 221,203 login attempts originated from 5076 IP addresses across 119 countries. Hackers used different 1806 usernames and 3969 passwords. The most used passwords by hackers were “x” used for 11865 times where “Zz” and “St@rt123” were used for 10591 times and 8014 times succeeding.
Pentagon announced Bug Bounty Program “Hack the Pentagon”
Defense secretary of Pentagon has announced bug bounty program “Hack the Pentagon“. The program is going to start in upcoming month and will be open for only US citizens after their background check. In initial stage, few public facing will be submitted for hacking purpose. This program is a new division in US Department of Defense (DOD) named the Defense Digital Service (DDS) that will be supervised by Mr. Chris Lynch – a Microsoft Executive. Currently, expertise coders and security researchers from Google and Shopify are invited.
Around 707 million records were exposed in 2015 Year
Gemalto – a data security company revealed in data breach report in 2015, there were 707 million records were exposed. The company has analyzed 1673 data breaches. There were few known breaches like Anthem Insurance data breach with 78.8 million breached records, the Turkish General Directorate of Population and Citizenship Affairs data breach (50 million records), the Korea Pharmaceutical Information Center data breach (43 million records), the US Office of Personnel Management data breach (22 million), and the Experian data breach (15 million records). There were 964 incidents taken place due to malicious outsiders while 398 incidents and 238 incidents happened due to accidentally and insider’s behavior.
French Government would Penalize Apple and Google for User Access Data
French Government is in mood to penalize Apple and Google if these companies refuse to provide access user’s data. According to The Local website, Apple could penalize for €1 Million, if the company refuse to unlock an iPhone in France. Google is also in radar of French government and may be penalized in the same way if it refused to give user access data to the French authorities. Last year, France authority detected eight phones that were unapproachable and connected in terror activities. Yann Galut – French Socialist Party member has submitted amendment to a bill to fight against terrorism.