Digital security always offers us food for thought and debate. So, here are the most important updates of the week:
Cloudflare leaks sensitive user data from millions of websites
Cloudflare, a service that helps optimize the security and performance of more than 5.5 million websites, warned its customers on February 23rd that a recently fixed bug exposed highly sensitive personal data, including passwords, cookies and tokens used to authenticate users.
According to the Cloudflare blog, the bug was serious because the leaked memory could contain private information and because it had been cached by search engines. However, no evidence of malicious exploits of the bug or other reports of its existence were discovered. Get the full story here.
PLEASE NOTE: CyberGhost VPN was in no way affected by this leak.
WordPress vulnerability turns profitable for cyberattackers
A recent security flaw in the WordPress Api, consisting in a patched vulnerability in the content management system (CMS)’s REST API allowing attackers to modify the content of posts or pages, is now used by cyberattackers for monetization purposes.
Site users may also be conned into purchasing fake products, thus making it possible for cyberattackers to store their card data.
In order to avoid such situations, simply update to the latest WordPress version. Read more here.
Europe’s computer security agency lists the world’s top threats
Europe’s computer security agency, the European Union Agency for Network and Information Security (ENISA), has set out a list of the top threats in the online world. Hacking for profit was listed as one of the biggest trends and criminals had been using unsecured Internet of Things (IoT) devices to launch giant distributed denial of service (DDoS) attacks.
“Undoubtedly, optimization of cyber-crime turnover was THE trend observed in 2016. And, as with many of the negative aspects in cyber-space, this trend is here to stay. The development and optimization of badware towards profit will remain the main parameter for attack methods, tools and tactics,” warned the report.
Font not found? Do not download, it’s a potential Chrome malware scam
It appears that scammers and hackers are targeting Google Chrome users with a new hacking scam, prompting users to download a fake Google Chrome font pack update and thus get them to install malware on their systems.
The message “The ‘HoeflerText’ font wasn’t found” appears on vulnerable, yet legitimate websites with usually jumbled content. Find out more here.
Stay safe from malware and other online threats using CyberGhost. It’s a free VPN that’s also very easy to use on iOS, Android and Windows devices.