Linked: DNA testing firm discloses data breach affecting 2.1 million people
|

Linked: DNA testing firm discloses data breach affecting 2.1 million people

There is an obvious question here, right?

Why do you still have this database sitting around?

Seriously, why? Either you’re telling the truth and you have a vulnerable system sitting out there that you’ve never even used, or you have been using it and you’re lying to save face now that data has been breached. Neither one makes you look particularly good, does it?

Linked: Over 1 million GoDaddy WordPress accounts breached
| |

Linked: Over 1 million GoDaddy WordPress accounts breached

The breach of the WordPress credentials is bad, as is the sFTP credentials. Sure, if you are still using the same WordPress password that GoDaddy assigned to you when you started the account, you really need to step up your game.

WordPress is an inviting target, because getting admin access to a WordPress install, or really any other content management system, makes it super easy to lock out the original owner and inject anything you want into the site. Want a place to spread malware in drive-by injections? Nothing like an already existing, and maybe even trusted, WordPress site, eh?

Linked: Federal Law Won’t Protect Your Organization from Bad User Access Control Practices
|

Linked: Federal Law Won’t Protect Your Organization from Bad User Access Control Practices

If you’ve seen references to a court ruling sort of redefining the Computer Fraud and Abuse Act recently, or even if you haven’t, this paragraph from the folks at McGuire Woods boils down the real life implications pretty well.