An FBI public service announcement issued April 7 warns that Islamic State (ISIS/ISIL) sympathizers are defacing the “[websites] and communication platforms of news organizations, commercial entities, religious institutions, federal/state/local governments, foreign governments, and a variety of other domestic and international [websites]” by exploiting known WordPress plugin vulnerabilities for which patches are already available.
“Successful exploitation of the vulnerabilities could result in an attacker gaining unauthorized access, bypassing security restrictions, injecting scripts, and stealing cookies from computer systems or network servers. An attacker could install malicious software; manipulate data; or create new accounts with full user privileges for future Web site exploitation.”
Updates and patches
The exploitation of known vulnerabilities is one of the easiest methods by which cyber criminals can hack websites, so the importance of maintaining up-to-date software is paramount for all organizations that value their information security. If you continue to use unsupported or vulnerable versions, then your website runs a significantly higher risk of compromise. Last October, for example, Drupal announced that users who hadn’t patched their CMS platform within seven hours of a bug’s discovery should presume their websites hacked.
If you’re unsure about your patch management practices and are concerned about your organization’s susceptibility to online attack, you’ll be interested in IT Governance’s penetration testing packages. Designed to identify vulnerabilities and provide remedial measures that you can take to secure your systems, they provide a complete solution for the routine security testing of your websites and IT systems to ensure that your networks and applications remain secure against cyber attacks.