Recently, WordPress alerted users on malicious plugins for content management and blog hosting software. AddThis, WPtouch, and W3 Total Cache, which provide additional functionality, were allegedly Trojanized. The AddThis allows users to share the contents of their site with popular social networking sites. WPtouch offers interface with mobile devices such as iPhone, iPod, and Blackberry. W3 Total Cache offers content delivery network integration and improves server performance. WordPress team detected that attackers modified plugins to include backdoors and were available on the site for a day. Security professionals of the organization are investigating the incident.
WordPress has updated the plugins and access to the plugin repository has been disabled pending investigation. The WordPress team has decided to force reset all passwords on WordPress.org as a precautionary measure. Users have to reset their passwords to use the forums, plugins, themes, bbpress and buddypress sites. WordPress has advised users to update the plugins again to the latest from the site, in case they had updated them in the recent days. Users have the tendency to use common passwords on different sites. Attackers having access to passwords of one site may attempt and gain access to other sites. As such, Internet users must use unique, strong and non-predictable passwords. While resetting passwords, users must avoid using the old passwords.
WordPress.com remains unaffected with the latest security incident. Earlier, in the year, the site faced distributed denial-of-service (DDoS) attacks. Many major media websites use WordPress platform among others. The popularity and wide usage of WordPress publishing and blogging platforms attracts attention of cybercriminals. While WPtouch has registered over 2 million downloads, W3 Total Cache has recorded over 500,000 downloads, and AddThis has registered over 400,000 downloads. Users make use of the plugins as they improve the functionality of a service. Security researchers at Internet security firm Sophos consider web-based backdoors as dangerous. Attackers may offer similar functionality, but through a different URL. Internet users must install and regularly update security software. They must regularly update software products and adhere to security advisories. E-tutorials and online degree programs may help users in gaining insights on cyber security practices. Organizations must keep track of security updates and advisories. Professionals qualified in masters of security science and IT degree programs may allow companies to identify and apply relevant security updates.
Cyber security professionals need to regularly update their skills through training and online university degree programs to deal with ever-evolving security threats.
Contact Press
EC-Council
Website: http://www.eccuni.us
Email: [email protected]
Tel: 505-341-3228
EC-Council University is based in Albuquerque, New Mexico and offers Master of Security Science (MSS) degree to students from various backgrounds such as graduates, IT Professionals, and military students amongst several others. The MSS is offered as a 100% online degree program and allows EC-Council University to reach students from not only the United States, but from all around the world.
EC-Council is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.
EC-Council has trained over 80,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates the global series of Hacker Halted security conferences.
