Catch up on this week’s round-up of the latest hosting and tech news. Here’s what we’ve uncovered since our last edition.
Zero-day vulnerabilities found in WordPress plugins
Zero-day vulnerabilities have recently been discovered in four popular WordPress plugins. These are: 10Web Map Builder for Google Maps, Flexible Checkout Fields for WooCommerce, Modern Events Calendar Lite and Async JavaScript. The attacks against these plugins exploit cross-scripting vulnerabilities, injecting malicious JavaScript (JS) that installs malicious plugins which enable backdoor access.
At the same time, a different security issue was discovered in the Pricing Table by Supsystic plugin, currently used on over 40,000 websites. This vulnerability not only allowed attackers to inject malicious JS and undertake administrator request forgeries; it also exploits weaknesses in permissions so that unauthenticated users can execute AJAX actions.
If you use any of these plugins, you should take action to reduce the potential for attack by updating the plugins as soon as patches are released.
Top 10 hit list
Forget chart-topping records, this week’s big release is the list of the top 10 types of password on the hacker’s hit list. Compiled by password security company NordPass, the list shows which passwords are the most frequently hacked.
Entering the chart this week is your favourite band, which together with your football club and the names of friends or relatives are some of the most commonly used passwords. The punk revival continues with swear word passwords causing chaos for some users, while simple to guess phrases like ‘iloveunicorns’ also falling easy prey for brute force software. While strings like ‘54321’ and ‘qwerty’ remain old favourites, the biggest risers are passwords with featured artists, like ‘spotify007’, ‘facebook55’ or ‘Natwest£100’. Staying firmly at the top, however, and occupying number one and two slots for a record thousandth week, are the classics, ‘admin’ and ‘password’. If you are using passwords like any of these mentioned here, perhaps it’s time to change the record or even tune in to two-step authentication.
Red-faced facial recognition company hacked
It’s not been a good year for facial recognition company, Clearview AI. Only a few weeks ago it was heavily criticised for secretly scraping billions of facial images from social media platforms without asking for users’ permission and now it has admitted to getting hacked. Luckily, the images themselves haven’t been stolen by the hackers – though they are still being used by Clearwater AI’s clients to identify you and potentially carry our personal profiling if you are spotted on CCTV.
What has been accessed, however, is Clearwater AI’s client list, the vast majority of whom are law enforcement and other security agencies, mainly in the US. No doubt the hacker will soon release the list into the public realm so we know exactly who’s spying on us using this type of technology. In the meantime, be careful what you post on social media.
IoT device causes pet distress
While IoT devices are proliferating in number, not all of them are being as reliable as owners would have hoped. One recent device hitting the news was the Petnet SmartFeeder, an automated pet feeder that can be controlled by a smartphone app to feed your dog or cat while you are away from home.
Unfortunately, a recent system failure meant that the SmartFeeder Gen2 model stopped working for an entire week. Happening during the February half-term school break, the problem was exacerbated as many pets were left starving while their owners were away on family holidays. What made matters worse was that emails to the company bounced and customers using Twitter for customer service did not receive responses. Overall, a bit of a dog’s dinner!
A bin day revolution
The task of putting your bins and recycling out for collection once a week or fortnight may be coming to an end thanks to new technology that turns the traditional rubbish bin into a smart device. Sensors are being installed in the bins which can detect when they are full and these are able to communicate with the local council so that a garbage disposal team can be sent out to empty them.
It is hoped that the new bins, which are currently being introduced in Sheffield, will reduce the cost of collecting rubbish, as collectors will only need to empty those which are full. At the same time, this will lead to less pollution and congestion. It also means householders won’t be left waiting for the next collection day if their bins are on the verge of overflowing. Sheffield is also using the same technology to refill street grit containers and to make sure trees in public places get watered in dry conditions.
Visit the WHUK website for more news, knowledge base articles, blog posts and information on our wide range of hosting services.
