Wells Fargo accidentally leaked thousands of sensitive documents, but not in the way you think. The bank wasn’t hacked, and its computers didn’t go on the fritz: it just inadvertently sent 1.4 gigabytes of files to a former financial adviser who subp…
A 29-year-old man pleaded guilty in court on Friday to hijacking over 900,000 routers from the network of Deutsche Telekom, according to several reports in the German press. […]
The DarkHotel hacking group, a threat actor known to engage in advanced cyber-espionage tactics, has shifted operations from targeting CEOs and businessmen to political figures. […]
Your fingerprint already serves as the key that unlocks your smartphone — and possibly also your laptop, tablet, and other gadgets — and now you can use it as your boarding pass, too. That is, as long as you fly Delta. The airline is in the midst of launching a new feature for its SkyMiles loyalty club members that lets you ditch the paper pass and bar codes and use your fingerprint as proof of your identity.
The new system uses small kiosks that scans two fingers in place of a traditional boarding pass, and sends passengers on their way quicker than just about anything. However, while the new biometric ID option is slick, it comes at a cost. In order to use the feature, passengers must be enrolled both in Delta’s Sky Club, as well as the CLEAR airport security program, the latter of which will set you back a cool $179 per year.
“It’s a win-win program,” Delta’s COO said in a statement. “Biometric verification has a higher level of accuracy than paper boarding passes and gives agents more time to assist customers with seat changes and other skilled tasks instead of having to scan individual tickets – and customers have less to keep track of as they travel through the airport.”
The company is also planning on looping the fingerprint scanning into its luggage checking process as well, allowing passengers to check their bags with their biometric identity. At the moment, the biometric scanning is currently only available at the Reagan Washington National Airport.
You don’t need to get attacked by a pro-Trump troll-bot horde to know that social media is a battleground for propaganda farms. It’s pretty obvious, and miles of speculative digital ink has been spilled saying as much. An Oxford study this week is ge…
Really slow week, which is great. We did have some decryptors and updated decryptors released this week, which is always great. Of particular concern is the increase releasing of new CryptoMix variants. Thankfully, these variants do not seem to be nett…
Briar, an instant messaging service that works over the Tor network, has reached beta stage today, the app’s creators announced. […]
This article was sponsored by Incapsula. Thank you for supporting the partners who make SitePoint possible.
Distributed denial of service (DDoS) attacks are increasingly a fact of life for any business with a web presence. For any company, large or small, it’s no longer a matter of “if” you will get hit with a DDoS attack, but “when.” And without a third party provider like Incapsula, WordPress sites are increasingly vulnerable to bots delivering DDoS attacks.
The more popular a platform is, the more likely it’ll become a target for attacks. And WordPress is by far the most popular platform on the Internet. The CMS accounts for nearly 60 percent of market share and comprises a staggering 25 percent of all sites across the web. Of all those millions of sites, 60 percent are running older version of WordPress, or newer, but unpatched versions that are vulnerable to becoming bots to participate in an attack.
Based on industry reports and current trends, the prevalence of DDoS assaults is increasing at a rapid pace and recovering from the damage of an attack can also take months or years. Over half of the respondents in an Incapsula survey (52 percent) reported their organization had to replace software/hardware, or that it had lost revenue. An additional 43 percent confirmed that their organization lost consumer trust.
Patching WordPress Won’t Stop a DDoS Attack
“The biggest security vulnerability is an outdated WordPress component,” says Eric Murphy, Director of Security at WP Engine. “The most important thing people should be doing is ensuring their WordPress core, themes and plugins are all kept up-to-date. Understanding the OWASP Top 10 further enables users, developers and engineers to protect their WordPress assets.”
Murphy’s right. Patching your WordPress site will keep your site stable and prevent a lot of attacks. But it can’t stop a determined DDoS attack. Even if you employ the most diligent WordPress admin to stare at a screen, who tests and applies patches as soon as they’re released, and tirelessly keeps the site up-to-date, your site can still be brought to its knees by a DDoS attack — costing your business sales, resources and reputation.
Another reason your site is vulnerable to DDoS attacks is because they’re sourced from a growing matrix of unpatched IoT devices that span the Internet. Many (most?) vendors who are bringing devices online aren’t prioritizing security and instead opt for customers’ ease-of-use. The reasoning is that whenever an extra layer of security is required, it could potentially affect sales.
Yet another reason that security is an afterthought for IoT devices — even in the age of the DDoS hack — is that vendors are bringing their products to market as quickly as possible. If they get it to market first, they can win or even dominate market share. So the product is dropped with an immature or even non-existent security framework with a plan to fix the security issues later. But in the meantime, your WordPress site is hit again by another attack vector.
The Trouble with IoT
The proliferation of IoT devices is directly increasing the number and strength of DDoS attacks. Nearly any smart device can be leveraged in a DDoS attack. A couple of white hat hackers demonstrated how a Nest thermostat could be used to extort money from its users. Nest is owned by Google and can afford to patch the vulnerabilities, yet many smaller companies with IoT devices cannot afford to regularly patch them.
Continue reading %Why the IoT Threatens Your WordPress Site (and How to Fix It)%
An international team of law enforcement agencies just executed an impressive takedown of two of the largest darknet markets. Law enforcement even ran one of the services for weeks to gather information on users.
The post Global Police Operation Shuts …
Over 500,000 users have had their computers infected with a stealthy malware named Stantinko, according to a 99-page report released yesterday by Slovak antivirus maker ESET. […]