This is a great deep dive into Web Application Firewalls and their limitations. “In general, WAF is a modern security solution, and it won’t hurt having it with your web applications. Although today, it can only hinder the process of vulnerability search and exploitation, but it cannot protect from them altogether. As thing stand, this […]

“The senator’s comments come in the wake of Special Counsel Robert Mueller’s report that revealed that the Russian military intelligence unit known as the GRU sent malicious viruses to the Florida county government officials who were overseeing the 2016 election.” https://www.foxnews.com/politics/marco-rubio-says-hackers-infiltrated-florida-county-elections-system-were-in-a-position-to-alter-voter-roll-data

“Users have been left wondering whether they should continue trusting their own WordPress site, after it was revealed that software developers had administrative access to sites through code hidden behind a popular plugin.” – This seems to be isolated ton one plugin developer, but I wonder if we will see more of this. Read More […]

“And at the same time, some of the passwords that look impressive (“1qaz@WSX,” “7ujMko0”) are just sequences that appear next to each other on the keyboard — a slightly more advanced version of using “qwerty” as your password. ” – lol we’ve seen this a lot too. Read More Here: https://digg.com/2019/most-common-passwords-hacked

“Experts said that only 56 percent of the sites they investigated were running an up-to-date CMS at the time they were called in to remediate a hack.” – Yikes Read More Here: https://www.zdnet.com/article/wordpress-accounted-for-90-percent-of-all-hacked-cms-sites-in-2018/

The NRCC got hacked during the 2018 midterm elections. Apparently we are just hearing about it now, but it’s still really big news. Very high profile emails were stolen. From the article: “The NRCC brought on the prominent Washington law firm Covington & Burling as well as Mercury Public Affairs to oversee the response to […]

There is a new worry for your cybersecurity team, the loss of employee personal data. The Pennsylvania Supreme court just ruled that employers can be held liable if employee’s sensitive personal data is lost or stolen. “In a recent ruling, the Pennsylvania Supreme Court said that employers are legally responsible for protecting workers’ sensitive information, […]

October 18, 2018 Mark Bursic Director of Cybersecurity Critical Syntax Based on a study of over 40,000 WordPress websites in the Alexa top 1 million list, more than 70% of installations are vulnerable to hacker attacks. If those websites that represent some of the highest traffic WordPress installations are vulnerable, how tough do you think […]