Patch it Now: WordPress Woes per Wordfence
WordPress sites are prime targets and rapidly exploited for unpatched vulnerabilities. If you are using Thrive Theme Legacy and plugins, about 100,000 sites are vulnerable and being actively exploited since patches were released March 12. The attached link to Wordfence will tell you what to do. There’s a couple other fixes for the Facebook for WordPress plugin that were highlighted today and found on over 500,000 sites that need your attention. Stay safe!
QNAP brute force attacks ongoing per Bleeping Computer
NAS boxes are great for storage and QNAP is very common. Unfortunately that has made it a prime target for attacks, including targeted ransomware. Right now attackers are using automation assistance to crack credentials for the boxes. There are recommendations out now to secure your QNAP: change the default access port number, make your password really strong, then enable password policies and finally disable the admin account that is being targeted currently. That takes a little more work but worth it. The link to the article walks you through what you need to do 😊
Patch It Now: Critical bug fix for Cisco Jabber per Bleeping Computer. The bug affects Jabber client software for Windows, macOS, Android and iOS. With some work, a remote authenticated attacker could execute arbitrary programs on a device with the vulnerable Jabber software running. I know it’s an enterprise org thing, so there’s plenty of patching to be done before somebody starts exploiting it.