OneLogin
By Lionel Thomas / Cyber SecurityWebsite Hacked / 0 Comments

This is a public service announcement from Vofer. The Password Manager “OneLogin” has had a serious security incident.

OneLogin “We detected that there was unauthorized access to OneLogin data in our US data region. All customers served by our US data center are affected; customer data was compromised, including the ability to decrypt encrypted data. We have since blocked this unauthorized access, reported the matter to law enforcement, and are working with an independent security firm to assess how the unauthorized access happened and to verify the extent of the impact. We want our customers to know that the trust they have placed in us is paramount, and we have therefore created a set of required actions.”

In essence, the attackers where able to decrypt the encrypted data, putting at risk user date and logins.

Here are OneLogin Suggestions for actions to take:
http://i.imgur.com/5hEyYgo.png

Blog update by OneLogin – https://www.onelogin.com/blog/may-31-2017-security-incident

WordPress Website Security

Thousands of WordPress websites have been hacked after a recent disclosure of a vulnerability in WordPress. WordPress delayed the disclosure for over a week and worked with security companies to have a patch ready, yet not all websites have patched and it’s a WordPress Hacker Smorgasbord.

Yet, even though the patch was released thousands of admins didn’t bother to update their websites either by removing the auto update or just not updating. Some admins may disable the auto update so they can run tests on patches prior to updating, yet with such patches a different approached should be deployed to ensure the website is secure.

The famous Linux distribution OpenSUSE (news.opensuse.org) was hacked, just quickly restored without further breaches in others parts of openSUSE’s infrastructure, the CIO reported.

The vulnerability is within the WordPress REST API, that allows an unauthenticated user to delete or modify pages and redirect their visitors to malicious exploits.

The security researcher at Sucuri, stated that they notices multiple campaigns running over the internet trying to find unpatched WordPress websites.

The call to update has been going for some time an if you have not updated to WordPress 4.7.2, then you should do so urgently in addition to checking your website.

This is a clear indication that websites nowadays need multiple layers of security and some suggestions to look into are: