The details on the latest WordPress vulnerability, then the surprising, or perhaps not so surprising takeover of a cybersecurity firms website & watch out, hacker’s may be using your microphone to steal your data!

Plus a packed roundup, your feedback & so much more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

• HD Video
• Mobile Video
• MP3 Audio
• OGG Audio
• YouTube
• HD Torrent
• Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

Trend Micro’s Own Cybersecurity Blog Gets Hacked

• We covered the WordPress bug in TechSNAP 306
• See also [Security Firm Trend Micro’s Blog Falls Victim To Content Spoofing Attack]https://www.silicon.co.uk/security/trendmicro-blog-security-205197
• and WordPress Quietly Fixes Zero-Day Flaw Tom
• WordPress was alerted to the flaw on 20 January
• WordPress officially released WordPress 4.7.2 to the world on Thursday 26 January.
  • “The release went out over our autoupdate system and, over a couple of hours, millions of WordPress 4.7.x users were protected without knowing about the issue or taking any action at all.”
• Dan confirms the above upgrade timeline; his WordPress sites were updated on 26 January, between 2:30 and 3:30 EST
• Researcher’s Feb 1 blog post with details
• WordPress’ Feb 1 10:59 AM blog post
• NOTE: Virally growing attacks on unpatched WordPress sites affect ~2m pages
• Attacks on websites running an outdated version of WordPress are increasing at a viral rate. Almost 2 million pages have been defaced since a serious vulnerability in the content management system came to light nine days ago. The figure represents a 26 percent spike in the past 24 hours
• Google trend chart

Hackers who took control of PC microphones siphon >600 GB from 70 targets

• Real information in the blog post
• Suggestions: put such devices on their own VLAN, but I’m not sure how their connections work
• Large-scale ~= 70 organisations
• Most of the targets are located in the Ukraine, but there are also targets in Russia and a smaller number of targets in Saudi Arabia and Austria. Many targets are located in the self-declared separatist states of Donetsk and Luhansk, which have been classified as terrorist organizations by the Ukrainian government.

Feedback

• OMV & VPN Help

• Comments on “Bank security or lack of!” and “Mesos”

Round Up:

• Google Discloses An Unpatched Windows Bug (Again)

• Microsoft Delays February Patch Tuesday Indefinitely

• HOW TO RUN A ROGUE GOVERNMENT TWITTER ACCOUNT WITH AN ANONYMOUS EMAIL ADDRESS AND A BURNER PHONE
  

• RSA Conference Attendees Get Hacked

• Why buying used cars could put your safety at risk

• Hostile Subdomain Takeover using Heroku/Github/Desk + more