- Over 8,800 WordPress Plugins Have Flaws: Study
Web application security firm RIPS Technologies have analyzed 44,705 of the roughly 48,000 plugins available in the official WordPress plugins directory and discovered that more than 8,800 of them are affected by at least one vulnerability. According to report company downloaded all the plugins and used its static code analyzer to check the ones that have at least one PHP file. An analysis of the size of these plugins showed that roughly 14,000 of them have only 2-5 files and only 10,500 of them have more than 500 lines of code. A total of 67,486 vulnerabilities have been discovered in the plugins, which indicates that the applications that do have flaws have a lot of them. Experts noted that a majority of plugins don’t have weaknesses due to their small size said report. As for the types of vulnerabilities affecting these plugins, unsurprisingly, more than 68% are cross-site scripting (XSS) issues and just over 20% are SQL injections.
Cyber Security Tips: Company need to check for plugin and their vulnerabilities, if vulnerability present then find the solution for it and if you are using WordPress CMS then check for the vulnerability present.
- Legion hacker claims mail leak of 74,000 chartered accountants
The hacker group Legion that has got India’s attention after several high-profile email and Twitter hacks, and some extensive data dumps. On Wednesday evening, he shared with TOI a list of what he claims are email addresses and passwords of nearly 74,000 chartered accountants in the country. The hacker also claimed to have already compromised the accounts of former IPL chairman Lalit Modi, and the sansad.nic.in domain though the data is yet to be dumped. According to report hackers had stolen all the major banks and passwords of all da chartered accountants in INDIA.
Cyber Security Tips: To protect from such attack protect your bank account with strong password, keep watch on your bank account and keep your banking data safe.
- Suspect Arrested in JPMorgan, Dow Jones Data Theft Case
New York – A 32-year-old American formerly living in Moscow but wanted in the United States in connection with a massive theft of customer data from JP Morgan Chase and Dow Jones has been arrested, officials said Thursday. He is accused of major computer hacking crimes against US financial institutions, brokerage firms and financial news publishers, including the largest theft of customer data from a US financial institution. The bank said that hack compromised data on 76 million household customers and seven million businesses, including their names, email addresses and telephone numbers — the largest theft of data from a US financial institution.
Cyber Security Tips: To prevent from such a hacking protect your network from external as well as internal threat, use firewall to filtered request and use updated antivirus.
- Ashley Madison Dating Site Agrees to Pay $1.6 Million Fine over Massive Breach
Ashley Madison, an American most prominent dating website has been hacked in last year due to massive data breach, has agreed to pay a fine of $1.6 Million for failing to protect account information of 36 Million users. The last year data breach includes personal information belonging to 35 Million users, including their usernames, first and last names, passwords, credit card data info, street names, phone numbers, transactions records, and email addresses. Company of Ashley Madison, Ruby Corp. will pay $1.6 Million to settle charges from both Federal Trade Commission (FTC) and 13 states alleging that it misled its consumers about its privacy practices and did not do enough to protect their information. According to report Company failed to protect the account information of its 36 Million users, but also it failed to delete account information after regretful users paid a $20 fee for “Full Delete” of their accounts. Court order that requires Ashley Madison to: perform a risk assessment to protect customer data, Implement new data security protocols, Upgrade systems based on the assessments, Offer periodic security risk assessment (both internal and third-party), Require “reasonable safeguards” against any potential cyber-attacks from their service providers.