ClickSSL Weekly InfoSec Snipper March 7, 2016

This entry is part 13 of 73 in the series Weekly Infosec Snipper

WordPress Plug-in “Custom Content Type Manager” is found with Backdoor

Sucuri has unmasked wicket WordPress plug-in “Custom Content Type Manager” (CCTM) that can install backdoor and alter WordPress core files. Sucuri client informed Sucuri researchers when he found (auto-update.php) file while updating plug-into its version 0.9.8.8. This file included the skill to download files from a remote server on the infected website. The plug-in was installed on more than 10K sites. Besides, the developer of this plug-in also added CCTM_Communicator.php file that worked with another legitimated plug-in. The motto of these two files was to gather information on the victim’s site and recorded username and password of WordPress users.

Rapid7 revealed most used Usernames and Password in Hacking

Rapid7 collected data from honeypots looking alike office, POS and kiosk payment systems whose RDP port was opened. Rapid7 has carried out project Heisenberg honeypot experiment in which the firm collected 221,203 login attempts originated from 5076 IP addresses across 119 countries. Hackers used different 1806 usernames and 3969 passwords. The most used passwords by hackers were “x” used for 11865 times where “Zz” and “St@rt123” were used for 10591 times and 8014 times succeeding.

Cheap SSL

Pentagon announced Bug Bounty Program “Hack the Pentagon”

Defense secretary of Pentagon has announced bug bounty program “Hack the Pentagon“. The program is going to start in upcoming month and will be open for only US citizens after their background check. In initial stage, few public facing will be submitted for hacking purpose. This program is a new division in US Department of Defense (DOD) named the Defense Digital Service (DDS) that will be supervised by Mr. Chris Lynch – a Microsoft Executive. Currently, expertise coders and security researchers from Google and Shopify are invited.

Around 707 million records were exposed in 2015 Year

Gemalto – a data security company revealed in data breach report in 2015, there were 707 million records were exposed. The company has analyzed 1673 data breaches. There were few known breaches like Anthem Insurance data breach with 78.8 million breached records, the Turkish General Directorate of Population and Citizenship Affairs data breach (50 million records), the Korea Pharmaceutical Information Center data breach (43 million records), the US Office of Personnel Management data breach (22 million), and the Experian data breach (15 million records). There were 964 incidents taken place due to malicious outsiders while 398 incidents and 238 incidents happened due to accidentally and insider’s behavior.

French Government would Penalize Apple and Google for User Access Data

French Government is in mood to penalize Apple and Google if these companies refuse to provide access user’s data. According to The Local website, Apple could penalize for €1 Million, if the company refuse to unlock an iPhone in France. Google is also in radar of French government and may be penalized in the same way if it refused to give user access data to the French authorities. Last year, France authority detected eight phones that were unapproachable and connected in terror activities. Yann Galut – French Socialist Party member has submitted amendment to a bill to fight against terrorism.

Series Navigation<< ClickSSL Weekly InfoSec Snipper February 29, 2016ClickSSL Weekly InfoSec Snipper March 14, 2016 >>
 

We Assure to Serve

Leading Brands

ClickSSL is platinum partner of leading CAs & offering broad range of SSL certificate products.

Valued Price

You are at right place to get cheapest SSLs; our prices are up to 79% low as compared to CAs.

100% Refund Policy

If you are not satisfied, our all SSL certificates are backed by 30-day 100% money back guarantee.

24×7 Support

Our experts are always active to help you, so you will get instant solutions for your queries.