---

Active Exploits Hit Vulnerable WordPress ThemeGrill Plugin

Websites using a vulnerable version of the WordPress plugin, ThemeGrill Demo Importer, are being targeted by attackers.

---

1.7M Nedbank Customers Affected via Third-Party Breach

A vulnerability in the network of marketing contractor Computer Facilities led to a breach at the South African bank.

---

Plugin flaw leaves up to 200,000 WordPress sites at risk of attack

A fix is available, so you may want to make sure that you run the plugin’s latest version

The post Plugin flaw leaves up to 200,000 WordPress sites at risk of attack appeared first on WeLiveSecurity

---

Ring to enable 2FA for all user accounts after recent hacks

Google made 2FA mandatory for all Nest users last week.

---

Firmware Weaknesses Can Turn Computer Subsystems into Trojans

Network cards, video cameras, and graphics adapters are a few of the subsystems whose lack of security could allow attackers to turn them into spy implants.

---

Staircase to the Cloud: Dark Reading Caption Contest Winners

A humorous nod to the lack of gender equity in cybersecurity hiring was our judges' unanimous choice. And the winners are ...

---

The Road(s) to Riches

You could be making millions in just two years!

---

Hacker Scheme Threatens AdSense Customers with Account Suspension

Scam threatens to flood sites using Google’s banner-ad program with bot and junk traffic if owners don’t pay $5K in bitcoin.

---

16 DDoS attacks take place every 60 seconds, rates reach 622 Gbps

With over 23,000 recorded attacks per day, customer-facing enterprise services are bearing the brunt of attacks.

---

8 Things Users Do That Make Security Pros Miserable

When a user interacts with an enterprise system the result can be productivity or disaster. Here are 8 opportunities for the disaster side to win out over the productive.

---

Lenovo, HP, Dell Peripherals Face Unpatched Firmware Bugs

A lack of proper code-signing verification and authentication for firmware updates opens the door to information disclosure, remote code execution, denial of service and more.

---

Five years after the Equation Group HDD hacks, firmware security still sucks

Device manufacturers are not forcing driver signatures at all times.

---

Microsoft to deploy ElectionGuard voting software for the first time tomorrow

Residents in Fulton, Wisconsin will elect representatives for the Wisconsin Supreme Court via voting machines running Microsoft's ElectionGuard voting software.

---

Microsoft to deploy ElectionGuard voting software for the first time

Residents in Fulton, Wisconsin will elect representatives for the Wisconsin Supreme Court via voting machines running Microsoft's ElectionGuard voting software.

---

Bug in WordPress plugin can let hackers wipe up to 200,000 sites

Same bug can also let attackers gain access to the admin account.

---

FC Barcelona Twitter account hacked – again

The same hackers have also got their mitts on social media accounts of other high-profile sporting targets

The post FC Barcelona Twitter account hacked – again appeared first on WeLiveSecurity

---

Pay Up, Or We’ll Make Google Ban Your Ads

A new email-based extortion scheme apparently is making the rounds, targeting Web site owners serving banner ads through Google's AdSense program. In this scam, the fraudsters demand bitcoin in exchange for a promise not to flood the publisher's ads with so much bot and junk traffic that Google's automated anti-fraud systems suspend the user's AdSense account for suspicious traffic.

---

Israeli soldiers tricked into installing malware by Hamas agents posing as women

IDF: Six social media accounts were redirecting soldiers to installing three malware-infected apps.

---

Iranian hackers have been hacking VPN servers to plant backdoors in companies around the world

Iranian hackers have targeted Pulse Secure, Fortinet, Palo Alto Networks, and Citrix VPNs to hack into large companies.

---

Our personal health history is too valuable to be harvested by the tech giants | Eerke Boiten

Action to prevent deeper access to our private lives and data is more essential than ever

Health data paints a rich picture of our lives. Even if you remove your name, date of birth and NHS number to “anonymise” yourself, a full health history will reveal your age, gender, the places where you have lived, your family relationships and aspects of your lifestyle.

Used in combination with other available information, this may be enough to verify that this medical history relates to you personally and to target you online. Consequently, whenever the NHS shares health data, even if it is anonymised, we need to have confidence in who it goes to and what they can do with it.

When data about us influences a credit rating or a hiring decision, we are unlikely ever to find out

Continue reading...