POPULARITY
Jibóia! Sucuri! Naja! Surucucu! Silvia! Jararaca! Finalmente saiu o episódio nada peçonhento do Podtrash! A galerinhal do mal (plim) se reuniu para trocar uma ideia sobre o terrível porém delicioso Anaconda de 1997! Duração: 93 minutosMédia TD1P: 4,1 ELENCOAlmightyBruno GunterDemetrius SantosDouglas Fricke, o ExumadorEdson OliveiraShin KoheoARTE DO BANNERShin Koheo EXTRAS DESTE PODTRASHIMDB FEEDS E LINKS […]
* Ransomware Gang Exploits AWS Feature to Encrypt and Hold Data Hostage* Phishing Texts Trick iMessage Users into Disabling Security* Fake CrowdStrike Job Offers Used to Distribute Cryptominer* Stealthy WordPress Skimmers Infiltrate Database Tables* A New AI-Driven Ransomware Group Blurs the Lines Between Hacktivism and CybercrimeRansomware Gang Exploits AWS Feature to Encrypt and Hold Data Hostagehttps://www.halcyon.ai/blog/abusing-aws-native-services-ransomware-encrypting-s3-buckets-with-sse-cA new ransomware campaign leverages Amazon Web Services' (AWS) Server-Side Encryption with Customer Provided Keys (SSE-C) to encrypt victims' data stored in S3 buckets. This tactic, discovered by cybersecurity firm Halcyon, sees threat actors, such as the group dubbed "Codefinger," infiltrate AWS accounts and utilize the SSE-C feature with their own encryption keys.The campaign hinges on the fact that AWS does not store these customer-provided keys. This makes data recovery impossible for victims even if they report the incident to Amazon. After encrypting the data, attackers set a seven-day file deletion policy and leave ransom notes demanding Bitcoin payments in exchange for the decryption key.Halcyon advises AWS customers to implement strict security protocols, including disabling unused keys, regularly rotating active keys, and minimizing account permissions. They also recommend setting policies that restrict the use of SSE-C on S3 buckets where possible.This incident highlights the critical need for robust security measures within cloud environments, emphasizing the importance of secure key management and vigilant monitoring for unauthorized activity.Phishing Texts Trick iMessage Users into Disabling Securityhttps://www.bleepingcomputer.com/news/security/phishing-texts-trick-apple-imessage-users-into-disabling-protection/Cybercriminals are employing a new tactic in their smishing (SMS phishing) campaigns: tricking Apple iMessage users into replying to texts, thereby disabling the platform's built-in phishing protection.iMessage automatically disables links in messages from unknown senders as a security measure. However, replying to such a message or adding the sender to your contacts list will enable these links.Recent smishing attacks, such as those mimicking USPS shipping issues or unpaid road tolls, instruct recipients to reply with "Y" to enable a disabled link. This plays on the common user behavior of replying to texts to confirm appointments or opt-out of services.By replying, users inadvertently disable iMessage's security for that specific text, potentially exposing themselves to malicious links and scams. Even if the user doesn't click the enabled link, their response signals to attackers that they are susceptible to phishing attempts.Security experts advise against replying to texts with disabled links from unknown senders. Instead, users should contact the purported sender directly to verify the message's legitimacy.Fake CrowdStrike Job Offers Used to Distribute Cryptominerhttps://www.crowdstrike.com/en-us/blog/recruitment-phishing-scam-imitates-crowdstrike-hiring-process/Cybercriminals are targeting developers with a new phishing campaign that impersonates CrowdStrike, a cybersecurity company. The campaign tricks victims into downloading a malicious application that installs a cryptominer on their devices.Here's how the scam works:* Phishing Email: The attacker sends a phishing email that appears to be from a CrowdStrike recruiter. The email congratulates the recipient on being shortlisted for a junior developer position and asks them to schedule an interview.* Malicious Link: The email contains a link that takes the victim to a fake website that looks like a legitimate CrowdStrike domain.* Fake CRM Application: The website prompts the victim to download a "customer relationship management (CRM)" application to schedule the interview. However, this application is actually malware.* Cryptominer Download: Once downloaded and installed, the malware downloads and installs a cryptominer on the victim's device. Cryptominers use the victim's device to mine cryptocurrency for the attacker.This is a sophisticated phishing campaign that leverages the credibility of a well-known company. Here are some tips to avoid falling victim to this scam:* Be wary of unsolicited emails: Don't click on links or download attachments from emails from unknown senders.* Verify the sender's email address: If you receive an email from a recruiter, carefully check the email address to make sure it's legitimate.* Don't download software from untrusted sources: Only download software from the official website of the company.* Be suspicious of urgent requests: If an email asks you to take immediate action, it's probably a scam.Stealthy WordPress Skimmers Infiltrate Database Tableshttps://blog.sucuri.net/2025/01/stealthy-credit-card-skimmer-targets-wordpress-checkout-pages-via-database-injection.htmlCybersecurity researchers have uncovered a new wave of credit card skimmers targeting WordPress e-commerce sites. This campaign injects malicious JavaScript into the wp_options table of the WordPress database, making it difficult to detect with traditional scanning tools.How the Skimmer Works* Database Injection: The skimmer code is injected into the wp_options table disguised as a widget block.* Checkout Page Activation: The malicious code springs into action only on checkout pages.* Fake Payment Form: The skimmer either hijacks existing payment fields or injects a fraudulent payment form that mimics legitimate processors like Stripe.* Data Theft: The form captures credit card details, including numbers, expiration dates, CVV codes, and billing information. The stolen data is then encoded to evade detection and sent to attacker-controlled servers.Campaign Similarities to Previous AttacksThis campaign shares similarities with a previous attack discovered by Sucuri in December 2024. That attack also used JavaScript to create fake payment forms or steal data from legitimate forms on checkout pages. However, the stolen data was obfuscated differently, using a combination of JSON encoding, XOR encryption, and Base64 encoding.These recent discoveries highlight the evolving tactics of cybercriminals. E-commerce website owners should stay updated on the latest threats and implement robust security measures, including regular vulnerability scanning and database backups. Also users should be cautious about entering payment information on unfamiliar websites and look for signs of a secure connection (HTTPS).A New AI-Driven Ransomware Group Blurs the Lines Between Hacktivism and Cybercrimehttps://research.checkpoint.com/2025/funksec-alleged-top-ransomware-group-powered-by-ai/FunkSec, a recently emerged ransomware group, has taken the cybersecurity world by storm with its aggressive tactics and claims of over 85 victims in just a month. However, a closer look reveals a more complex story.Key Points:* Rapid Rise: FunkSec emerged in late 2024 and quickly gained notoriety for its high number of claimed victims.* Low Expertise: Despite their claims, FunkSec appears to be run by inexperienced actors, with the malware riddled with redundancies and the group recycling leaked data from other sources.* AI-Assisted Development: The group leverages AI tools to enhance their capabilities, including generating code comments and potentially aiding in ransomware development.* Hacktivist Leanings: FunkSec aligns itself with hacktivist causes and targets specific countries, but the legitimacy of these connections remains unclear.* Blurred Lines: FunkSec's activities blur the line between hacktivism and cybercrime, raising questions about their true motivations.Motives and MethodsFunkSec uses a combination of data theft and encryption (double extortion) to pressure victims into paying ransoms. They offer their custom ransomware, DDoS tools, and password generation utilities. Interestingly, their ransomware demands are unusually low, sometimes as little as $10,000, and they also sell stolen data to third parties.Technical AnalysisThe FunkSec ransomware is written in Rust and exhibits several peculiarities. The code contains redundancies, with functions being called repeatedly. Additionally, the malware leverages AI-generated comments, suggesting a reliance on AI tools for development.Uncertainties and ChallengesFunkSec's true expertise and motivations remain unclear. Their use of recycled data casts doubt on the authenticity of their leaks, and their connection to hacktivism is questionable. This case highlights the evolving threat landscape where even less-skilled actors can leverage AI and readily available tools to cause significant disruption.The FutureFunkSec serves as a wake-up call for the cybersecurity community. We need to develop better methods for assessing ransomware threats and be wary of groups that rely on self-promotion and manipulation. As AI becomes more accessible, it's crucial to stay ahead of its potential misuse by malicious actors. This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com
In today's episode, we delve into the recent surge of identity-based cyberattacks targeting Snowflake customers, with at least 100 companies confirmed impacted as disclosed by Mandiant and Pure Storage (https://www.cybersecuritydive.com/news/snowflake-customer-attacks-what-we-know/719056/). We also explore how attackers are leveraging social engineering to install malware through fake error messages, as outlined by Proofpoint researchers (https://www.helpnetsecurity.com/2024/06/17/social-engineering-malware-installation/). Finally, we discuss how legitimate websites are being exploited to deliver the BadSpace Windows backdoor, detailed by German cybersecurity company G DATA (https://www.gdatasoftware.com/blog/2024/06/37947-badspace-backdoor). 00:00 Introduction to Fake Cyber Attacks 01:11 Fake Error Messages 03:30 The Badspace Backdoor with Trae 06:54 Snowflake Breach: What Happened? Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/ Logo Design by https://www.zackgraber.com/ Tags: Snowflake, cyberattacks, identity-based, infiltrate, cybercriminals, malware, proofpoint, fake error messages, hackers, BadSpace, G DATA, cybersecurity, social engineering, cloud data security, Windows backdoor Search Phrases: Identity-based cyberattacks on Snowflake customers Protecting Snowflake accounts from cybercriminals Malware threats to cloud security Proofpoint cybercrime reports Steps to prevent fake error message scams BadSpace Windows backdoor protection measures How hackers use fake browser updates G DATA cybersecurity insights Social engineering defenses in cybersecurity Preventing identity-based infiltrations in cloud systems What we know about the Snowflake customer attacks https://www.cybersecuritydive.com/news/snowflake-customer-attacks-what-we-know/719056/ ---`Sure thing! Here's a flash briefing summarizing the key information about the Snowflake customer attacks: Widespread Impact: Over 100 Snowflake customers have been confirmed impacted by identity-based attacks utilizing stolen credentials from infostealer malware. Approximately 165 businesses remain potentially exposed. [Source: Mandiant] Key Entry Point: Attacks were not due to a vulnerability or breach within Snowflake's system but through stolen credentials from infostealer malware on non-Snowflake systems. Impacted accounts lacked multifactor authentication (MFA). [Source: Mandiant] Early Detection: The earliest unauthorized access to Snowflake customer instances was detected on April 14, with Mandiant beginning its investigation on April 19 and identifying the first confirmed connection to Snowflake on May 14. [Source: Mandiant's June 10 Threat Intelligence Report] Immediate Actions: Snowflake has been suspending user accounts showing signs of malicious activity, blocking suspicious IP addresses, and advising customers to enable MFA and configure network access policies. [Source: Snowflake CISO Brad Jones] Data Theft: The first known sale of stolen data from a Snowflake customer database was posted on May 24. Snowflake disclosed the attacks on May 30, providing indicators of compromise and recommended actions for companies to investigate. [Source: Mandiant] Ongoing Investigation: The investigation, assisted by Mandiant and CrowdStrike, is ongoing. The attacker, referred to as UNC5537, continues to extort victims with stolen data as of June 13. [Source: Mandiant] Malware peddlers love this one social engineering trick! https://www.helpnetsecurity.com/2024/06/17/social-engineering-malware-installation/ ---`- Key Information: Attackers increasingly use fake error messages to trick users into installing malware. Actionable Insight: Stay vigilant when encountering unexpected error messages prompting installations or updates. Key Information: These fake error messages often accompany HTML documents delivered via email attachments. Actionable Insight: Exercise caution when opening email attachments, especially HTML documents, and verify the sender's authenticity. Key Information: Users may be prompted to install root certificates, resolve issues, install extensions, or update DNS caches. Actionable Insight: Before following any such prompts, consult your IT department or perform a quick search to confirm the legitimacy of the request. Key Information: The attack chain requires significant user interaction but cleverly disguises malware installation as a problem-solving step. Actionable Insight: Always take a moment to consider the risk before performing any suggested actions from an error message. Key Information: Various attackers, including initial access brokers, use these techniques to deploy PowerShell scripts, installing malware like DarkGate and NetSupport. Actionable Insight: Familiarize yourself with the signs of PowerShell script execution and report any suspicious activity to your security team. Key Information: Detection is difficult because the malicious script is copied to the clipboard via JavaScript and manually run by the user. Actionable Insight: Be wary of any browser prompts to copy scripts or commands and avoid running them directly from your clipboard. Key Information: Users are the last line of defense if browsing protections and email filters fail. Actionable Insight: Engage in regular cybersecurity training to identify and report suspicious activities promptly. Hackers Exploit Legitimate Websites to Deliver BadSpace Windows Backdoor https://www.gdatasoftware.com/blog/2024/06/37947-badspace-backdoor Compromised Websites as Conduits: Hackers use legitimate websites, often built on platforms like WordPress, to deliver a Windows backdoor named BadSpace. They disguise the attack as fake browser updates, making it hard for users to detect. Multi-Stage Attack Chain: The attack begins with an infected website that checks if a user has visited before. On the first visit, the site collects device data, IP address, user-agent, and location, then sends it to a command-and-control (C2) server. The server responds with a fake Google Chrome update pop-up that either directly drops the malware or uses a JavaScript downloader to deploy BadSpace. Malware Capabilities: BadSpace can harvest system information, take screenshots, execute commands, read/write files, and delete scheduled tasks. It employs anti-sandbox techniques and sets up persistence using scheduled tasks. Connections to SocGholish: The C2 servers linked to BadSpace show connections to another malware known as SocGholish (aka FakeUpdates), which uses similar tactics. Current Threat Landscape: Organizations like eSentire and Sucuri report ongoing campaigns using fake browser updates to spread information stealers and remote access trojans.
SMS phishing warnings by the FBI and innovative skimming tactics exposed by Sucuri experts. Discover actionable tips to shield yourself and your digital platforms from these sophisticated threats. Join the conversation by sharing your cybersecurity challenges and solutions. 00:00 Kickoff: Live from Cape Canaveral 00:59 Deep Dive into the FBI's Warning on SMS Phishing 06:14 Protecting Yourself Against Smishing and Phishing 13:13 Exploring the Dangers of Default WordPress Credentials Related Articles: FBI warns of massive wave of road toll SMS phishing attacks: https://www.bleepingcomputer.com/news/security/fbi-warns-of-massive-wave-of-road-toll-sms-phishing-attacks/ https://www.ic3.gov/Media/Y2024/PSA240412 Sneaky Credit Card Skimmer Disguised as Harmless Facebook Tracker: https://thehackernews.com/2024/04/sneaky-credit-card-skimmer-disguised-as.html https://blog.sucuri.net/2024/04/credit-card-skimmer-hidden-in-fake-facebook-pixel-tracker.html Hackable Intel and Lenovo hardware that went undetected for 5 years won't ever be fixed: https://arstechnica.com/security/2024/04/supply-chain-snafu-causes-intel-and-others-to-ship-hackable-hardware-for-5-years/ Follow us on Instagram: https://www.instagram.com/the_daily_decrypt/ Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/ Logo Design by https://www.zackgraber.com/ Tags for the episode: FBI, SMS phishing, cybersecurity, Sucuri, credit card skimming, Meta Pixel, WordPress, Magento, digital threats, personal data protection, cyber attacks, scam awareness, online security, toll fraud, phishing alerts Search Phrases: FBI SMS phishing alert 2024 How to protect against SMS phishing Sucuri finds credit card skimmer in Meta Pixel script Preventing credit card fraud on WordPress and Magento Latest cyber scams and digital threats Protecting personal information from online scams Understanding toll service phishing scams Cybersecurity tips for digital platforms Identifying fake toll debt notices Enhancing website security against skimmers Transcript: Boyz offsetkeyz: Let's do this so we friggin rocket launch Welcome back to the Daily Decrypt. Coming to you live from Cape Canaveral, Florida. got offsetkeys and dogespan. dogespan: hello. offsetkeyz: we're going to bring you some tasty news. Up first, the FBI has sounded the alarm on a massive SMS phishing wave sweeping across the U. S., targeting unsuspecting individuals with bogus road toll debt notices as part of a sophisticated scam aimed at harvesting personal data. What can you do to protect yourself from falling victim to these SMS phishing scams? dogespan: Cybersecurity experts at Securi have unearthed a cunning credit card skimmer disguised within a fake Metapixel tracker script. Cleverly hidden in customizable code sections of widely used platforms like WordPress and Magneto. How can website administrators safeguard their platforms against such stealthy credit card skimming attacks? offsetkeyz: Alright, so the first story comes to you straight from the FBI, and what better way to deliver the news than to just read the memo that the FBI released. So, here we go. Since early March of 2024, the FBI Internet Crime Complaint Center, or IC3, has received over 2, 000 complaints reporting smishing texts representing road toll collection services from at least three states. The FBI does not mention which three states, so, good luck. The IC3 complaint information indicates the scam may be moving from state to state. Nice. The texts will look something like this. We've noticed an outstanding toll amount of 12. 51 on your record. To avoid a late fee of $50, visit some URL to settle your balance. dogespan: true. And offsetkeyz: true. dogespan: part offsetkeyz: part of the reason dogespan: that so many users have gotten hit, is because If I got a bill for 12, I'd click and pay. And offsetkeyz: the mail. The road department is going to know your phone number. They're not. Your license plate is linked to your address, and then they mail it to you there. dogespan: you there. So, offsetkeyz: So, any text you're getting probably isn't coming from them unless you signed up for it, in which case you would know. The texts claim the recipient owes money for unpaid tolls and contain almost identical language. The outstanding toll amount is similar among the complaints reported to the dogespan: the IC3. offsetkeyz: However, the link provided within the text is created to impersonate the state's toll service name, and phone numbers appear to change between states. ok so they're at least like masqurading as that state Yeah, they are, they are targeting specific states, yes. Which is an easy tactic to take, probably takes the attackers very little time, dogespan: oh yeah offsetkeyz: and is very effective. dogespan: Yeah. So if you receive one of these texts, the following is suggested file a complaint with the IC3 at www.IC3.gov texts I'm gonna admit, I'm actually really guilty of never reporting those names, those scams. I get them all the time. Text messages for like UPS deliveries and stuff. But also like, yeah, I never think of reporting it to the IC3. But I do tend to put on my security researcher hat and offsetkeyz: on dogespan: go click the link. On a safe device, it is always, don't try it at home unless you, you know, know how to virtualize and segment and all that stuff. Um, But yeah, that's usually my approach is I just want to learn what they're doing and I offsetkeyz: report it as dogespan: guess I need to report it as well because it's stopping at me if nobody else reports it. offsetkeyz: I, until you said that, I didn't even consider reporting anything to whom I didn't, I don't know. So I think I've mentioned before on the podcast that you can report things to the FBI, but I personally have never done it. So, yeah, I think both of us, both dogespan and I's takeaway is that we're going to start reporting stuff and imagine how many people also don't report things. So 2, 000 reports came in to the FBI. dogespan: in to the offsetkeyz: Is probably hitting hundreds of thousands of dogespan: people. Yeah, like a, I don't know, what is that, 10%? Yeah. offsetkeyz: What's the reporting rate? How do you study that? I don't know. Not my problem, but if it does happen to you, it really helps dogespan: FBI offsetkeyz: the FBI understand the severity of the situation by you reporting it and they can gather the information. That's your tax dollars hard at work. So make sure you get your bang for your buck there. dogespan: so there. offsetkeyz: So, Pennsylvania Turnpike officials have reacted to these threats by advising customers to avoid clicking on any suspicious links sent via text that claim to resolve outstanding toll amounts. So, by hearing that article, that's mentioned in the article from Bleeping Computer, so Pennsylvania is one of those states. Thanks. They emphasize the importance of deleting the phishing texts immediately, which is interesting. Additionally, the Pennsylvania State Police have issued warnings about these deceptive texts, stressing that the links lead to counterfeit websites designed to harvest personal information. So, they're not coming after money at this point. They're trying to get your credentials to unlock even more than dogespan: credentials to unlock even more than 12. Yeah, this is very offsetkeyz: Yeah, this is very smart, because those types of things keep a lot of people up at night. Unpaid debts, that people are very scared of the banking systems and the credit scores and all that stuff. So if you have this threat of an unpaid debt. And you have the means to afford to pay that unpaid debt, You're gonna go on and hastily pay that so that you can sleep well at night. So in the spirit of security awareness, what can you do as the listener to identify these types of smishing, it's a fun word to say, you should say it, smishing, smishing attack text messages. This podcast, I often mention hanging up the phone and calling the source or the claimed source of text messages or phone calls. So if you're getting a call from, or if you're getting a text message from this toll company, one way to verify is to go Google it, right? Google that toll company, find the website, don't click on the Google ad. Go find the actual listing for the website, go to that website, fill out a contact us form, And say, hey, I received a text that says I have unclaimed debts. Is that real? pro tip from someone who hasn't paid most of their toll fees. They don't. It's not urgent They they'll keep that debt on ya for a while and yeah it might go up a few pennies a couple pennies but honestly I don't think it does I think they come after that toll and that's it the only times I've seen it is if they're tied into the registrationl so when you go to renew your registration it. guys, dogespan: toll. Yeah. offsetkeyz: It might seem easy to pay 12, but you know, there's a lot more at risk than just 12 for your data. I'm, I'm curious if these attackers have infiltrated some sort of toll system, or if they're just shooting them off at random. Because the only other attack, which you had mentioned earlier, is the USPS or UPS package incoming, and what's crazy about that one, dogespan: about offsetkeyz: a family dogespan: one is I always have a package incoming when I get those. offsetkeyz: why are they texting me about my package? Oh, it's not them. I'm going to have to do some research into that because it's just occurring to me now that dogespan: me now offsetkeyz: I always have a package on the way. But luckily the attackers who have purchased that information, or the ones who are conducting the smishing of the UPS, haven't figured it all out yet. I have a screenshot from one of my most recent ones that came from a sexyboy69 at gmail. com text. That's the dogespan: That's the trend. Yes, they've been compromising email accounts to send these out. offsetkeyz: send these out. dogespan: Or they are making bogus. But I've gotten an AOL and a Yahoo before. offsetkeyz: Interesting. there's always some typos, so keep your eye out for typos. In the age of chat GPT and, and large language models, you don't really even have to speak English to get a coherent, smishing message out there. So like, honestly, attackers, there's no excuse for this. Come on, but dogespan: Keep offsetkeyz: keep, yeah, keep an eye out for those indicators. Check with the source. Don't click any links unless you're absolutely positive. Um, if anyone calls you, try to hang up. Like, I, I, you know, moment of truth, I received a call from, I believe it was Pretty Litter, cat litter delivery service, because I cancel my credit card once a year just to, you know, shed all the subscriptions and have to re subscribe, and right after I canceled it, they called and asked for 80 bucks, and I just gave them the new credit card number without calling back, and I felt icky about it. So, dogespan: Did your litter offsetkeyz: anyways, if someone calls you, doesn't matter who it is, Don't give them your credit card information, call them back. It's like, it's inconvenient, but it's going to save you a lot of hassle on the backend. dogespan: I was in that generative AI. Red teaming talk this morning. This, uh, this talk goes into a quick demonstration on a phishing text, er, a phishing email that was created to target a cyber security professional as a test. . So, they targeted Dave Kennedy in this phishing email. And What they did is they sent several GPT agents Scouring the web for personal information about Dave Kennedy. And one of the things that I think has been very prominent in his more recent endeavors is health and, offsetkeyz: know, taking dogespan: um, weight management, you know, taking care of your body, fitness, all of that. So it actually crafted up a really good phishing email that was like, hi, Dave. Um, This is the bodybuilding. com community representative or whatever, and we want to bring you on as a offsetkeyz: you on dogespan: community advocate offsetkeyz: advocate dogespan: or something. And it, it totally like spoke to his interests, and he even, he even said, like as he received that, they were tweeting him, like they gave him a heads up and everything, but he was like, I 100 percent would have clicked on offsetkeyz: have clicked dogespan: And it's a, that's a cyber security offsetkeyz: cyber security dogespan: Yeah. So these generative AIs are getting better and most attackers may not be using it to the full extent, but there will be ones out there that are going to be really good, like the lego. com one we talked about previously. Yeah, that might get me. offsetkeyz: lego. com one we talked about. You're probably going to get me, so there you go. What was that? Did they use ChatGPT officially? I'm mostly curious because, yeah, ChatGPT has built in, safeguards against any malicious activity, so if you ask it for anything that can be used maliciously, like craft a phishing text or craft something that someone would be manipulated by, it's gonna say no, so, dogespan: That goes into just tricking the AI, because you could very easily just say, Hey, you know, this person, here's a couple social media profiles, go find more info on them. And then you say, okay, you know, how can I appeal to this person's interest in an email or something? And offsetkeyz: that's a whole nother conversation we could get into where you can actually give prompts to ChatGPT to make it do whatever you want because large language models like ChatGPT are very smart and very dumb. And they are not very refined. So that's, that's super interesting. The talk that dogespan was mentioning is called Red, Blue, Purple AI, practical AI for security dogespan: security practitioners. offsetkeyz: the speaker is Jason Haddix. dogespan: Yeah, it was a really good presentation. offsetkeyz: Great job, Jason. Cybersecurity experts have uncovered a deviously camouflaged credit card skimmer masquerading as a seemingly harmless metapixel tracker script. Researchers at Sikuri have pinpointed this malware, which sneaks onto websites through seemingly benign tools that permit custom code. plugins such as Simple Custom CSS and JS. dogespan: or offsetkeyz: the miscellaneous scripts section of the Magento admin panel. So that's a little bit of technical jargon. to do a bit more research to figure out like what the heck is even a metapixel tracker. but if you've ever had a business or a website, and you've subscribed to Google Analytics, It's a little snippet of code that you can place in the HTML that allows Google Analytics to track web page visits and other data points on web traffic. And Facebook or Meta has the same sort of thing for your website. They do Facebook analytics. And so this Meta pixel tracker script is essentially that. You add it to your website and Meta is allowed to track it. So that. That isn't what's happening here, but it is what it's being disguised as. These little scripts are coming in and they're trying to look like Metapixel tracker scripts so they don't get picked up by signature detectors or things like that. But what they're actually doing, which is pretty interesting, is it's a piece of code that identifies if you're on a checkout page. So if your WordPress site has a shop, and that shop, Allows you to pay inside the WordPress app. That little snippet of code is able to identify that this is a checkout page. And it just turns on and starts listening for your credit card number. security Researcher at Securi. Securi, Highlighted the risk posed by custom script editors. Custom script editors are popular with bad actors because they allow for external third party and malicious JavaScript and can easily pretend to be benign by leveraging naming conventions that match popular scripts like Google jQuery. dogespan: Google Analytics or libraries like jQuery. offsetkeyz: Lol. dogespan: law, yeah, where the attacker will try to replicate what is normal within an environment. So in this case, it is the website. So they're masquerading as a typical analytics, but it has a malicious intent of scraping of the credit cards. So as mentioned before, this bogus script mimics the legitimate megapixel tracker. offsetkeyz: However, a deeper inspection revealed a sinister twist. It stealthily replaces references to the authentic connect. facebook. net with a malicious beconnected. com. This rogue domain is then used to load a harmful script, fbevents. js, which targets victims on checkout pages by deploying a fraudulent overlay designed to capture their credit card information. I see, I see. So, it may look exactly the same as the regular checkout page, but it's an overlay, and you're actually entering it into some sort of dogespan: sort of iframe or offsetkeyz: iframe, or div, or something else that's sending the information somewhere else. So it's crucial to note that beconnected. com itself is a legitimate e commerce website, which at some point was compromised to serve this skimmer code. WordPress is notorious for going, unup updated. There's so many plugins that all require separate security updates, and you're lucky if that plugin is still maintained and offering security updates. But since it's a commercial tool and often free, WordPress I mean, the people running their WordPress sites aren't the most security minded, or they don't have time to go in once a week and update their plugins. So, spoiler alert, the best way to combat this type of attack is to go into WordPress. And we're using WordPress as an example to go into WordPress and update your plugins, but also take a look at the users tab and just see if there are any users in there that shouldn't be in there. That would be a pretty key indicator. If there are, delete that user, revoke all login sessions. dogespan: yeah, offsetkeyz: don't know either. I bet they do. Or you can enable more verbose logging to get that information. But I think they do. And there are a lot of free security plugins out there. I don't know which one we use. But every time I go into the WordPress dashboard, it says 15, 000 login attempts blocked. And I said, great, keep blocking them. dogespan: Let me know when they get in. offsetkeyz: Yeah, let me know if there are any that weren't dogespan: are any that weren't blocked. Um, offsetkeyz: this is my first WordPress website. TheDailyDecrypt. com. Plug, plug, plug. Have you ever worked with WordPress before? Yeah, dogespan: experiment. Yeah, offsetkeyz: which is how this started out too. And when we started this, we started this together. dogespan: WordPress offsetkeyz: creates a default account for you. And the username is user and the password is always the same. I don't remember what it is because I promptly deleted that, but you can Google it and it will say, this is the default WordPress credentials. And I would imagine that many WordPress administrators out there without any technical expertise, continue to use those default login credentials. And so if you do. dogespan: do, offsetkeyz: It's very easy to access your WordPress admin portal and set this type of credit card skimmer up. dogespan: you remember if it prompts you at any point to offsetkeyz: It does not. dogespan: not. Fantastic. offsetkeyz: It does not, and it's actually kind of complicated to delete an account. I had a hard time. I don't know if I actually could delete it, but I did change the password if I didn't delete it and revoke admin privileges and do all this stuff, but yeah, WordPress is not designed around security. And I, I think it's just not talked about enough how bad it is to use default credentials. It's significantly worse than reusing passwords, even if those passwords have been compromised on the dark web. Using default credentials. Well, first of all, if you have a WordPress site. top The domain, followed by the top level domain, which is the daily decrypt, and then dot com, slash admin. A script can easily navigate, do a get, for all of these things, to check even if it's a WordPress site. And then once, if they've determined that it is, They can plug in the default credentials and get a count of how many they have now access to. It's very just, automatable. And that is the enemy of defense. You don't want any sort of attack vector to be automatable. You're gonna get got, you just are. So anyways. dogespan: gonna getcha. offsetkeyz: They're gonna get ya. dogespan: getcha. Literally, offsetkeyz: please reach out to us if you're a novice tech person who owns a WordPress site, especially if there's e commerce on there. Either of us would be happy to donate one of our evenings to helping you secure that. It would be mutually beneficial, and your consumers would have a lot more confidence in you. dogespan: And yeah, it'd be great. Yep. Oh yeah. That's true. We offsetkeyz: true. We should. We can replace the metaskimmer's web overlay. With uh, this skimmer has been taken down by the Daily Decrypt, and now all your credit information goes to us. Ha ha ha ha. Just kidding, that won't happen! dogespan: won't happen. Yeah, you offsetkeyz: Yeah, you just got to be our first subscriber to Patreon, which I do not want to do. dogespan: to do. It offsetkeyz: That sounds like a lot of work. you know what, we're not gonna do Patreon, we're gonna do OnlyFans. So, when we get our OnlyFans up, you better subscribe, as I mentioned at the beginning, we are here in Florida, we both flew in from our respective locations. We're visiting the Kennedy Space Center for HackspaceCon. dogespan: Center offsetkeyz: Day one, amazing. Loved it. But we have insider information that SpaceX is doing a launch in 30 minutes. and so we gotta go dogespan: We out. offsetkeyz: We got to make sure everything's safe in the in the low earth orbit or LEO So huge thanks to dogespan for being on as always huge. Thanks to me and uh Hey, dogespan: this. We'll talk to offsetkeyz: for being a part of it. dogespan: more offsetkeyz: We'll talk to you some more later
Today, we explore how Magnet Goblin, a cyber threat actor, exploits 1-day vulnerabilities for financial gain, targeting systems like Ivanti Connect Secure VPN and Magento. Learn about the widespread WordPress plugin vulnerability that left over 3,300 sites compromised with malware. Plus, unravel the complexities of Stored XSS, a persistent cyber threat lurking in databases and forums. Original Articles: For Magnet Goblin's exploits: https://research.checkpoint.com/2024/magnet-goblin-targets-publicly-facing-servers-using-1-day-vulnerabilities/ WordPress plugin vulnerabilities: https://www.bleepingcomputer.com/news/security/hackers-exploit-wordpress-plugin-flaw-to-infect-3-300-sites-with-malware/ Microsoft's chilly hack: https://www.theverge.com/2024/3/8/24094287/microsoft-hack-russian-security-attack-stolen-source-code Swiss government's ransomware dilemma: https://therecord.media/play-ransomware-leaked-government-files-swiss Duvel Moortgat Brewery's production pause: https://www.vrt.be/vrtnws/en/2024/03/06/cyber-attack-brings-production-at-duvel-moortgat-breweries-to-a/ FINTRAC's cyber incident: https://globalnews.ca/news/10335818/fintrac-cyber-incident/ Hamilton's ransomware attack: https://www.cbc.ca/news/canada/hamilton/ransomware-attack-1.7133457 Music: https://www.jeredjones.com/ Logo Design: https://www.zackgraber.com/ Tags: Magnet Goblin, WordPress Vulnerabilities, Popup Builder Plugin, CVE-2023-6000, Cybersecurity, HGF, 1-Day Vulnerabilities, Cross-Site Scripting, XSS, Malware Infections, Cyber Threat Actors, Web Security, Sucuri, Plugin Security, Website Hacking, Stored XSS, Cyber Attacks, Data Breach Search Phrases: Magnet Goblin cyber attacks WordPress Popup Builder plugin vulnerability Handling 1-Day vulnerabilities in cybersecurity Cross-Site Scripting attacks and prevention Latest malware infections in WordPress sites Cyber threat actors exploiting web vulnerabilities Sucuri reports on WordPress security How to secure websites against XSS vulnerabilities Understanding Stored XSS and its impacts Data breaches involving HGF this week Cybersecurity updates on WordPress plugins Protecting against Popup Builder CVE-2023-6000 Recent cyber attacks on web platforms Transcript: Mar 11 [00:00:00] transition: Welcome to The Daily Decrypt, the go to podcast for all things cyber security. Get ready to decrypt the complexities of cyber safety and stay informed. Stand at the frontier of cyber security news, where every insight is a key to unlocking the mysteries of the digital domain. Your voyage through the cyber news vortex starts now. [00:00:29] offsetkeyz: Welcome back to the daily decrypt. Today we're joined by hot girl farmer. Who's going to. Help recap the breaches from the last week. your favorite segment who's been popped. Then we're going to be talking about the magnet goblins gobbling up one day vulnerabilities. And finally. The word, press pop-up plugin vulnerability persists popping approximately 3,300 sites. [00:00:54] transition: Thanks for [00:01:00] watching! [00:01:00] hgf: first up on our list is a chili tail from the tech giant Microsoft on March 9th. Microsoft announced that Russian hackers, chilly from their previous solar winds attack, decided to warm up by spying on some emails of Microsoft, senior leaders. The hack evolved into a frosty situation with some of Microsoft secure source code stolen. Switching over to Switzerland where things got a bit too neutral for their liking on March 8th, the Swiss government found itself in a knot tighter than a Swiss wristwatch. A ransomware attack leaked 65,000 government documents. It appears the hackers played their cards, right with the play ransomware gang, proving that sometimes neutrality attracts more than just peace. You know, what if only they had some witches watching those Swiss wristwatches, which, which would, which, where, which Swiss watch. There were three witches. And there were three Swiss wristwatches, which witch would watch which Swiss wristwatch. Absolutely not. [00:02:00] Now pour one out for the Duvel Moortgat brewery on March 9th found its production as stale as the beer in a forgotten glass. The brewery known for its spirited, Duvel faced a ransomware attack that halted it's hops. It's a sobering reminder that no industry is immune and perhaps it's time for cyber attackers to barley there. Brew up some better hobbies, maybe. They be brewing up something. Yikes. March six, brought a cold front to Canada's fin track freezing some of it systems or the cyber incident as crisp as the Canadian winter, while their intelligence system stayed snug and warm. It's a stark reminder that even those guarding the treasure need to watch their own chest. Lastly Hamilton, a Canadian city got a taste of digital disruption, but services paralyzed faster than a moose caught in headlights. The ransomware attack confirmed on March 5th has shown that even city services can get frozen over in the cyber blizzard. It's a digital reminder that in the game of cybersecurity, sometimes you go hockey stick and sometimes you're [00:03:00] the puck. Mm. Canadians love hockey. Us too. That's what I hear anyways. [00:03:06] transition: Thanks for watching! [00:03:12] offsetkeyz: All right. So the magnet goblins are gobbling up one day. Vulnerabilities. This. Is coming to you from checkpoint research. Published on March 8th, check the show notes for the URL. But if financially motivated cyber threat actor called magnet goblin. Is getting really good at exploiting one day vulnerabilities. And one day vulnerabilities are essentially vulnerabilities that are announced. And discovered already. But not yet patched. So the one day signifies about how much time attackers have to exploit these vulnerabilities before they get patched. And the magnet goblets have gotten really good at exploiting one day vulnerabilities.. The magnet goblins have targeted such systems as Ivanti connect, secure VPN, Magento ClixSense and. [00:04:00] Potentially Apache active MQ. And they use these vulnerabilities to deploy a variety of malware, including the novel Linux version of nerdy and rat, which is a remote access Trojan and warp wire, a JavaScript credential stealer. Magnet goblins, rapid adoption of one day. Vulnerabilities really just emphasizes the problem we have with patching. And the need for it. There. Operations have historically centered around financial gain. As opposed to some other motivations, like. Political or social or hacktivism. They're all about the money. And they usually use techniques. Revolving around data theft to include ransomware. Really whatever they can use to get their money. There isn't much news here other than the fact that the magnet goblins. Are out there and we really. Are behind. On our practices of updating as well as on our updates. . So as soon as a one day vulnerability comes out, make sure to check. The specifics of [00:05:00] that vulnerability and look for the indicators of compromise surrounding it. [00:05:15] offsetkeyz: Alright, and to wrap up today's stories, We're going to be talking about that. WordPress pop-up plugin. Vulnerability that was announced last November. Recently seen an uptick. In exploits. It's impacting. The plugin version is 4.2 0.3 and older. And involves a cross site, scripting vulnerability. And really highlights the reluctance of WordPress users to update their plugins. So if you're a WordPress administrater or consumer of WordPress websites, which most of us are one of those two things. If not, both. The WordPress plugin must be active and also creating popups on your site. So for example, this plugin is enabled by default. When you. Launch a new WordPress website, which we don't [00:06:00] love. But the good news is that even though it's enabled by default, It must be creating pop-ups in order for it to be. Exploited. My fear when reading this was that, yes, this is a default plugin. And since it's a default plugin, there are what 300,000 WordPress sites out there, all with this plugin, just chilling, probably on updated. And unutilized but luckily it must be utilized as well as enabled. And that's because the attackers inject PHP code into one of the events. That triggers the pop-up. And that PHP code is then stored on the server, alongside the WordPress site, making it a stored cross site, scripting vulnerability. Which means that anyone who accesses the site and sees the pop-up. Is vulnerable. To that malicious PHP code. And that code can do many things. It can try to hijack your session cookie, which. Is the ultimate goal, because then the attacker is you [00:07:00] without actually having to log in. Or it could redirect you to fishing sites or really anything that they want. So if you're a WordPress admin, obviously update or disable. I'm going to lean towards disabled because pop-ups are really annoying. Especially since they're now vulnerable. Go ahead and use a banner. Go ahead and open up a new tab somewhere, but don't. Pop up right. As I'm about to click something on your website, I'm immediately going to navigate away from your website. If there's a, pop-up sorry for the rant. If you're a consumer. Try grabbing a pop-up blocker from Google Chrome app store. I think Google Chrome even comes with a built in app. For blocking pop-ups. And whether or not it blocks the specific pop-up on the site that you're visiting. It will at least alert you that there is a pop-up. And allow you to confirm or deny pop-ups on that site. So better than nothing. But yeah. Totally against pop-ups as a practice, I'm really glad my WordPress site doesn't have any popups for this reason. . And [00:08:00] also for the reason to not annoy the crap out of the few website, visitors that I get. If you'd like to visit a website with no popups, no advertisements. Go ahead and check out. Daily decrypt.news. Just the words, daily decrypt.news, and you will find words and pictures and sounds. But no ads. And no pop-ups. All right. That's all we've got for you today. Quick episode. Huge. Thanks to hot girl farmer for coming on and delivering the hot breaches in who's been popped. We will talk to you some more tomorrow. [00:09:00]
VI TAR PULSEN PÅ AVESTA!Som är Annas barndomsvänSjukt va?/Anna & Kristian Hosted on Acast. See acast.com/privacy for more information.
Sponsor by SEC Playground แบบสอบถามเพื่อปรับปรุง Chill Chill Security Channel: https://forms.gle/e5K396JAox2rZFp19 --- Support this podcast: https://podcasters.spotify.com/pod/show/chillchillsecurity/support
Managed WooCommerce hosting is a growing segment within the WordPress ecosystem. And it has a new entrant: WooCommerce. The Automattic-owned eCommerce provider recently launched WooExpress.The service is hosted by WordPress.com. It aims to be a one-stop shop for building and maintaining an online store. Packages start at $40 per month with discounts for paying annually. A selection of pre-installed extensions and themes are included.Sarah Gooding of WP Tavern reports that WooExpress' starting price is higher than entry-level products from GoDaddy and Bluehost. However, the most expensive package ($70 per month) comes in below GoDaddy's premium tiers.Beyond its name recognition, WooExpress may enjoy a few advantages over competitors:As we reported last week, the price of WooCommerce extensions is going up. Bundling popular titles built by WooCommerce is likely to attract value-conscious store owners.Meanwhile, its beefed-up hosting infrastructure was already in place. WordPress.com has been offering packages that include WooCommerce for some time. That's likely to cut down on growing pains.Lastly, ownership's vast internal knowledge of WooCommerce and WordPress is a win for customers.How will WooExpress fare? How will its competitors respond? The WP Minute will keep you posted.Links You Shouldn't MissSEO plugin maker Yoast announced the departure of former CEO Marieke van de Rakt. Under her watch, the company was acquired by Newfold Digital in 2021. van de Rakt will now turn her focus to investing in open source, sustainable, and female-led companies via Emilia Capital. In a related note, Yoast founder Joost de Valk announced that he too is stepping away from Newfold to focus on entrepreneurship.Security firm Sucuri published a detailed report regarding the abuse of an abandoned WordPress plugin. The Eval PHP plugin hasn't seen an update in a decade, but it's being leveraged by malicious actors to install malware. The report also questions the wisdom of leaving similar plugins in the official repository long after abandonment.WordPress.com launched a website building service back in 2021. It was a controversial topic at the time, with some freelancers wondering if their businesses would be impacted. The service initially aimed for the mid-range market, with prices starting at $4,900. Now they appear to be targeting the lower end of the market as well, with a $499 Built By WordPress.com "Express" package. The package promises a 5-page website built within 4 business days. Thanks to WP Minute Member Paul Lacey for reporting this development.From the Grab BagNow it's time to take a look at some other interesting topics shared by our contributors. CertifyWP has launched the WordPress Management and Design Credentialing Exam. The $150.00 exam aims to certify those knowledgeable in front-end WordPress development. The organization also offers an optional course to help learners prepare for the exam. There have long been calls for a well-organized notification system for WordPress. Project core contributor Joe Bailey-Roberts provided an update on such efforts over on the Make WordPress blog.How can WordPress developers leverage AI tools? WP Engine Builders will hold a virtual event on April 28 to discuss the possibilities.Big changes to Twitter's verification system have been in the news. Users who haven't purchased the Twitter Blue service are now missing those famous blue checks next to their name. WordPress co-founder and Tumblr CEO Matt Mullenweg recently explained why he's now a Twitter Blue subscriber.Mark Westguard, founder of the WS Form plugin, shared some thoughts about the cost of sponsoring WordCamps. Westguard has questioned the affordability for small businesses.When it comes to SEO, page experience has been mentioned as a factor in recent years. However, Google recently removed it from their ranking systems page.What does a “power user” think of Gutenberg in its current form? Torque Magazine's Nick Schäferhoff published a review that points out the good and bad.We've all seen software and services that use urgency as a marketing tool. The UK Competition and Markets Authority (CMA) has offered advice pointing out what is and isn't permissible. ★ Support this podcast ★
Managed WooCommerce hosting is a growing segment within the WordPress ecosystem. And it has a new entrant: WooCommerce. The Automattic-owned eCommerce provider recently launched WooExpress.The service is hosted by WordPress.com. It aims to be a one-stop shop for building and maintaining an online store. Packages start at $40 per month with discounts for paying annually. A selection of pre-installed extensions and themes are included.Sarah Gooding of WP Tavern reports that WooExpress' starting price is higher than entry-level products from GoDaddy and Bluehost. However, the most expensive package ($70 per month) comes in below GoDaddy's premium tiers.Beyond its name recognition, WooExpress may enjoy a few advantages over competitors:As we reported last week, the price of WooCommerce extensions is going up. Bundling popular titles built by WooCommerce is likely to attract value-conscious store owners.Meanwhile, its beefed-up hosting infrastructure was already in place. WordPress.com has been offering packages that include WooCommerce for some time. That's likely to cut down on growing pains.Lastly, ownership's vast internal knowledge of WooCommerce and WordPress is a win for customers.How will WooExpress fare? How will its competitors respond? The WP Minute will keep you posted.Links You Shouldn't MissSEO plugin maker Yoast announced the departure of former CEO Marieke van de Rakt. Under her watch, the company was acquired by Newfold Digital in 2021. van de Rakt will now turn her focus to investing in open source, sustainable, and female-led companies via Emilia Capital. In a related note, Yoast founder Joost de Valk announced that he too is stepping away from Newfold to focus on entrepreneurship.Security firm Sucuri published a detailed report regarding the abuse of an abandoned WordPress plugin. The Eval PHP plugin hasn't seen an update in a decade, but it's being leveraged by malicious actors to install malware. The report also questions the wisdom of leaving similar plugins in the official repository long after abandonment.WordPress.com launched a website building service back in 2021. It was a controversial topic at the time, with some freelancers wondering if their businesses would be impacted. The service initially aimed for the mid-range market, with prices starting at $4,900. Now they appear to be targeting the lower end of the market as well, with a $499 Built By WordPress.com "Express" package. The package promises a 5-page website built within 4 business days. Thanks to WP Minute Member Paul Lacey for reporting this development.From the Grab BagNow it's time to take a look at some other interesting topics shared by our contributors. CertifyWP has launched the WordPress Management and Design Credentialing Exam. The $150.00 exam aims to certify those knowledgeable in front-end WordPress development. The organization also offers an optional course to help learners prepare for the exam. There have long been calls for a well-organized notification system for WordPress. Project core contributor Joe Bailey-Roberts provided an update on such efforts over on the Make WordPress blog. How can WordPress developers leverage AI tools? WP Engine Builders will hold a virtual event on April 28 to discuss the possibilities. Big changes to Twitter's verification system have been in the news. Users who haven't purchased the Twitter Blue service are now missing those famous blue checks next to their name. WordPress co-founder and Tumblr CEO Matt Mullenweg recently explained why he's now a Twitter Blue subscriber. Mark Westguard, founder of the WS Form plugin, shared some thoughts about the cost of sponsoring WordCamps. Westguard has questioned the affordability for small businesses. When it comes to SEO, page experience has been mentioned as a factor in recent years. However, Google recently removed it from their ranking systems page. What does a “power user” think of Gutenberg in its current form? Torque Magazine's Nick Schäferhoff published a review that points out the good and bad. We've all seen software and services that use urgency as a marketing tool. The UK Competition and Markets Authority (CMA) has offered advice pointing out what is and isn't permissible. ★ Support this podcast ★
It's no secret that tools boasting Artificial Intelligence are popping up all over the place. That most certainly includes WordPress. And now Auttomattic's WordPress.com is running an experiment to see how the technology might benefit users.As reported by blogger JenT at WPcomMaven, the managed hosting service quietly added two AI-powered blocks to the Block Editor. The AI Image and AI Paragraph blocks are aimed at helping content creators.As the name suggests, the AI Image block allows users to generate an image that can be inserted into a post. And the AI Paragraph block will “read” your post's content and generate follow up text.Automattic CEO Matt Mullenweg confirmed the new features on Twitter, but made no promises regarding how long they'll stick around.Meanwhile, Automattic engineer Artur Piszek published a brief post introducing the blocks and answering questions in the WordPress.com support forums. Based on the conversation, it looks as though this could be a commercial add-on in the future.The technology is being branded as “Jetpack AI”, and was built in conjunction with OpenAI.Links You Shouldn't MissThe first-ever WordCamp Asia is set to take place from February 17-19 in Bangkok, Thailand. If you're not able to attend in person, you can still watch a live stream of the event. Recordings of each session will also be posted on WordPress.tv at a later date.WordPress.org has kicked off a monthly feature called “What's new for developers?” Written by Justin Tadlock, February's post outlines several key changes that impact theme and plugin authors. You'll also find links to the site's latest educational materials. This resource looks like a win for the WordPress developer community.Cost cutting measures have continued to hit the tech industry hard. Domain registrar and hosting giant GoDaddy is among the latest to announce staff cuts. In a February 8 letter to employees, CEO Aman Bhutani said the company would cut approximately 8% of its workforce. The devastating earthquakes in Turkey and Syria have impacted millions - including members of the WordPress community. Developer Baris Ünver shared his story of survival on HeroPress and provided several ways to help those in need. The WP Minute would like to take this opportunity to share our support for everyone who has been affected.From the Grab BagNow it's time to take a look at some other interesting topics shared by our contributors.WordPress 6.2 Beta 2 has been released. This version includes 292 enhancements and 354 bug fixes.According to security firm Sucuri, nearly 11,000 WordPress websites have been infected by malware that redirects users to scam sites. At last report, no specific vulnerability had been found.The team behind popular plugin iThemes Security have announced that they're teaming up with security research firm Patchstack. The company will provide vulnerability details within the plugin's site scan feature.Matt Cromwell has announced that new episodes of the WP Product Talk podcast will be starting up again this week. Katie Keith of Barn2 Plugins will join on as a co-host.What would WordPress' 20th birthday celebration be without an appearance from Wapuu? A commemorative version of the virtual mascot is now available for download.The WordPress Design Team has released mockups for a planned redesign of the Block Pattern Library. It's the latest in a series of design revamps for the site.Internet Explorer is dead again, sort of. An update to Windows 10 will finally disable access to the since-retired browser. But not so fast - a few versions of the OS will still keep the app around for the time being.Video of the weekSubscribe at https://www.youtube.com/@wpminuteJoin The WP Minute as we take you on a tour of the new AI-powered Image and Paragraph blocks at WordPress.com.https://youtu.be/D9LYfjnHMdwThanks to all of the members who shared these links today: Matt CromwellBirgit Pauli-Haack ★ Support this podcast ★
Esta Essência está presente em todos os Compostos da Acquaa pois só assim podemos curar os desequilíbrios emocionais.
ouça edição completa 11-11-22 JORNAL DO MEIO-DIA
In this podcast, we'll discuss why security is important for your website SEO and how you can keep your website secure. I will share a checklist at the end. WordPress Security Configuration Checklist
O Folha Turismo desta sexta-feira vai até a cidade de Bonito no Mato Grosso do Sul. O jornalista Fabiano Antunes, do site de viagem Rota1976.com fala sobre as três principais opções de flutuações. São elas: Nascente Azul, Barra de Sucuri e Rio Formoso. Vamos lá?!
O Pindorama é um podcast quinzenal sobre contos de ficção especulativa nacional! Este episódio comenta o conto “Varejeiras”, de Tatiana Faraújo, publicado na Noturna 01, em 2022. Participam: Rodrigo Hipólito, Iana Araújo e Luísa Montenegro. Sinopse do conto: A casa de Magda permaneceu fechada depois que João Pitú fugiu de madrugada. A população de Sucuri sabia que o homem era violento com a esposa. Magda não deu as caras. Será que ela estava bem? Como disse Dona Silvana, lá da vendinha: “Não sei. Eu não me meto mais”. Essa era a resposta típica de Sucuri. Quando esse silêncio de cumplicidade com o mal deu lugar ao zumbido das moscas, as mortes se alastraram e a cidade reagiu. Diante da extinção da cidade, eles tomaram a atitude mais burra e estúpida possível. Afinal, tinham que manter a tradição. Obras e links mencionados - [conto] Varejeiras, de Tatiana Faraújo; - [evento] Festival Relampeio; - [revista] Noturna 01; - [Revista] Revista Escambanáutica; - [Catarse] Escambaclube; - [Edital] Desafio Pindorama; - [live] Lançamento do Desafio Pindorama; - [live] Horror gótico latino-americano; - [ podcast ] Decolonialidade no novo horror gótico latino-americano; - [revista] Augur; - [canal do Telegram] Ataques de oportunidade; - [áudio conto] Casa de vó, de Martin Camargo; Apoie o Leitor Cabuloso! Contribua com Catarse do Leitor Cabuloso para que mais iniciativas fabulosas possam existir! www.leitorcabuloso.com.br Catarse: catarse.me/leitor_cabuloso Facebook: www.facebook.com.br/leitorcabuloso Instagram: @leitorcabuloso Twitter @leitorcabuloso Participantes do episódio Rodrigo Hipólito | Twitter: @lhamanalama | Podcast Não Podtocar, Twitter: @naopodtocar | site: notamanuscrita.com | link tree: Contos Luísa Montenegro | Twitter: @luisamontenegr_ Iana Araújo | Twitter: @ianatxt | Site: https://ianatxt.carrd.co/ Agradecimentos Especiais Abner De Souza, Alessandra Rocha, Amauri Silva Lima Filho, Caio Amaro, Carolina Mendes, Carol Vidal, Cláudia Rodrigues, Clecius Duran, Dayse Cristhina, Edgar Egawa, Igor Bajo, Janaína Vieira, Leandro Gomes, Lucas Domingos, Lu Bento, Luiz Silva, Marina Kondratovich, Marina Jardim, Melisa de Sá, Nielson Rocha, Priscilla Rubia, Ricardo Brunoro, Rodrigo Leite, Nilda, Sidney Andrade, Thiago Felipe Ruediger, Airechu, Fernanda Cortez, Aline Bergamo.
Assim como o triathlon, nosso #agamenon vem com várias opções. Nossa roleta nos levou para 2002 ao lembrar os 20 anos do penta. Passou pela declaração racista de Nelson Piquet sobre Hamilton e chegou até a polêmica da Sucuri na região dos ribeirinhos. ficou curioso ? Dá o play! Nosso programa contou com a participação […]
In this episode of the Liberal Europe Podcast, Ricardo Silvestre (Movimento Liberal Social) welcomes Dan-Aria Sucuri, the President of LYMEC, to talk about the importance of liberal youth in the political future of Europe and the European Union, and the work done by the organization he now presides. This podcast is produced by the European Liberal Forum in collaboration with Movimento Liberal Social and Fundacja Liberté!, with the financial support of the European Parliament. Neither the European Parliament nor the European Liberal Forum are responsible for the content or for any use that be made of it.
In today's podcast we cover four crucial cyber and technology topics, including: 1.Zyxel fixes critical flaw in firewall product 2.Researchers find hundreds of WordPress sites compromised 3.Ukrainian man sentenced to four years in prison for cyber crime 4.Iran detected targeting Jordan in sophisticated attack I'd love feedback, feel free to send your comments and feedback to | cyberandtechwithmike@gmail.com
O que vocês ouviram essa semana? O que foi lançado no mundo do rock? Nosso time traz aquilo que encheu os seus ouvidos para a mesa. Crise nas forças armadas! Faltou viagra pra galera! Agora correm atrás aprovando altos valores pra receber o azulzinho e ser feliz. Contradição? Descaso? A Pfizer foi ignorada sumariamente na pandemia no caso da vacina. Pantanal continua repercutindo nas redes sociais, seria o nosso stranger things? Até a Sucuri virou estrela e a onça foi CANCELADA pela turma da Luisa Mel. Anitta, sempre ela, passou a provocar Jair Bolsonaro, fez tanto que o bloqueou nas redes e promete ser uma frente de batalha eleitoral forte. Já em outro ponto, nossa estrela POP faz história no spotify e crava um disco super ouvido numa plataforma dominada por estrelas estadunidenses. Prova a força da diva? Enquanto jovens não entendem o RED HOT CHILI PEPPERS no topo da Billboard, o cd volta com força entre os colecionadores. Sinal dos tempos ou o vinil ficou caro demais? Tudo isso e mais um pouco no #dropsscena. Hoje às 20h30 no canal.
El equipo de Sucuri ha detectado un aumento de sitios infectados con este malware inyectado en más de 100,000 páginas ¿cómo ha pasado? ¿Qué podemos hacer para protegernos?
El equipo de Sucuri ha detectado un aumento de sitios infectados con este malware inyectado en más de 100,000 páginas ¿cómo ha pasado? ¿Qué podemos hacer para protegernos?
LINKS DO PODCAST Insta: https://www.instagram.com/100fitas_podcast/ Spotify: https://open.spotify.com/show/6X2Cq78hkW6qcprqXao6Dh ------------------------------------- LINKS DO HOST (Lorenzo Franzatto): Insta: https://www.instagram.com/lorenzo.franzatto/ Face: https://www.facebook.com/lorenzo.franzatto/
Need help with virus removal Email: blade1588@gmail.com Sign Up for Salesforce Business Analyst Training: http://sfbatraining.com/ Sucuri: https://sitecheck.sucuri.net/ Google Ads Disapproved for Malicious or Unwanted Software – How to Recover In today's video we are going to talk about how you can get your ads approved by google after it has been infected by malicious software. If you have been running ads on google for a while, especially if you have a WordPress website you probably ran into this issue before. You received an email from google that your website was a victim of an attack and, as a result, all of the ads leading to the website were disapproved with the “Malicious or Unwanted Software” status. A lot of advertisers have trouble rectifying the issue. So I'm putting together a step-by-step guide to getting your campaigns running again. Note: I am only going to show you how you can get your ads re-approved by google assuming that you have cleaned up the malicious software. If you need your website cleaned up, you can click on the link in the description below and we would do that for you. Once your site is clean then you're ready to start working to get the issue resolved with the Google Ads team. Step 1: Open communication with the Google Ads support team. You will want to establish a communication thread with the Google Ads support team so that you can track all of the communications and keep everything organized. I recommend calling the support team first. To find your Google Ads support phone number click on the Help icon. Your number may be different, so be sure to check. When you get a support rep on the line you'll want to tell them that you need help getting your ads reactivated after getting the “malicious links” disapproval. Specifically, you'll want to ask them to scan the site again. Once they scan the site you'll get one of two responses: either the site will be clean and you'll be able to restart your campaigns (yay!) or they will send you a list of links they still have problems with. They will send you an email with the list of links that need to be reviewed. Step 2: You'll Get an Email With Suspicious Links The actual links that are sent in the email don't really matter that much. If you're site was compromised then it's possible you'll see all kinds of links in the email that don't necessarily make sense, such as js file, image files, etc. Again, the important part is the line of communication here, not necessarily the specifics. Notice the last part of the email, after the list of links. They tell you specifically what needs to happen next, and it's not intuitive.
Today is January 7th, 2022 and I'll be talking about some Google SERP updates, a Google ads error, New Display Ads for Podcasts in Spotify, WordPress major security release, Making money from a site hack, and some actionable tactics to help drive customers to buy.Full Show Notes @ https://opinionatedseo.com/s2e5Google has launched a “Shops” section in the mobile search results with three results that can be expanded to 10. Google's statement: “We recently launched Shops, a new module available on mobile devices for select US-English shopping-related queries,” https://searchengineland.com/google-launches-shops-section-in-mobile-search-results-378256https://twitter.com/b4k_khushal/status/1477337833643786242Google looks to be testing or updating their Google Discover section with trending searches. See if it's updated on your device.https://twitter.com/jasonmandragona/status/1478748397372940290Google Ads has an error right now when saving exact keywords saying they are being saved as broad. Google Ads Liason replied that it was a bug and they were working on fixing it. So don't be alarmed, but is this the beginning of the end of match types? https://twitter.com/adsliaison/status/1479189369529450496 While we're talking about ads, Spotify is going to be bringing display ads to Podcasts. Spotify is calling them Call-to-Action cards. These will be visual and interactive during ad plays as well as retargeting while exploring the app. https://www.newsroom.spotify.com/2022-01-06/spotify-introduces-call-to-action-cards-for-podcast-ads/ Wordpress released a security release yesterday which patched 4 major vulnerabilities. This affects versions 3.7 to 5.8, so pretty much any WordPress install out there. https://wordpress.org/news/2022/01/wordpress-5-8-3-security-release/ So, if your site is hacked, what do you do? First, you get it cleaned up and then make sure your IT or Dev Ops is taking proactive steps to ensure that it can't happen again. If you don't know anything about cleaning up - check out SUCURI, I've used them in the past to clean up a hacked site and they took care of things in just a matter of hours.So what did years ago when her main site was hacked and started ranking for Michael Kors handbags. she was able to remove the hack and then redirected all of those pages to Amazon using her affiliate link. She made a few hundred dollars before turning it all off.https://twitter.com/Marie_Haynes/status/1479143529020592130Katelyn Bourgoin spent over 1500 hours learning about cognitive biases and heuristics, the stuff that drives customers to buy and she put together a Twitter thread of the top 19 concepts that marketers need to know: https://twitter.com/KateBour/status/1478792178726019073
Plugins mentioned during this episode:Sucuri: https://sucuri.net/ iThemes Security Pro: https://ithemes.com/security/ WPScan: https://wpscan.com/Wordfence: https://wordpress.org/plugins/wordfence/ General Info:If you want to get a hold of us, or you would like to be a guest on our show simply click here: https://www.lbmsllc.com/contact-us/Is there a topic you would like us to cover? Send an email to info@lbmsllc.com or simply call 888-416-7752Want a free evaluation of your digital marketing presence? Simply click here: https://www.lbmsllc.com/online-presence-report/and we'll send you a free snapshot report to get started.For a copy of my book, 7 Steps to Recession-Proofing Your Business, click this link: https://www.lbmsllc.com/bookConnect With Us On Social Media:Facebook: https://www.facebook.com/lbmsllcInstagram: https://www.instagram.com/lbmsllc/Twitter: https://twitter.com/lbmsllcLinkedIn: https://www.linkedin.com/company/local-business-marketing-solutionsAlignable: https://www.alignable.com/fanwood-nj/local-business-marketing-solutionsConnect With Frank Directly on LinkedIn: https://www.linkedin.com/in/fdemming/YouTube: https://www.youtube.com/channel/UC97CxzX4YnOazsF39DOe34A
This week’s WordPress news for the week commencing Monday 8th November 2021 Another week, and we’re bringing you the latest WordPress news from the last seven days, including… Pagely has been bought by GoDaddy – what does this mean? WP Builds has released a silly version of the WordPress Awards for 2021, please donate to…
Uma Essência fundamental para o Sistema Acquaa
It was going to be V for Virus, but we have probably had enough of the word right now, and vulnerabilities perhaps better describes what we are really talking about here - WordPress security. This is where we are different and roles are reversed. Nathan listens to podcasts on IT security and sees the worst that can happen. David remains relatively clueless and feel invincible! He's fixed about 7 hacked sites. None due to his management and the issues have not returned. It made him feel like he was king of the world! We're not experts in this by any means, but we do like to think about it and talk about it... So check out the podcast today and let us know what you think...
Você com certeza já ouviu falar da sucuri, a maior cobra que temos no nosso território, mas no Brasil não existe uma única espécie, na realidade são três serpentes distintas. A sucuri-verde é a que leva a fama por ser a grandalhona, sendo considerada a segunda maior cobra do Mundo. E existem também a sucuri-amarela e a Eunectes deschauenseei, que é rara e restrita ao norte do País e não apresenta nome popular. Pouca gente sabe, mas assim como a jiboia, a sucuri faz um som para espantar predadores quando se sente ameaçada. Esse barulho, uma espécie de chiado, é produzido pela passagem de ar pela traqueia. Nesse episódio de Sons da Terra os repórteres do TG e o biólogo Luciano Lima falam sobre curiosidades dessas serpentes que são protagonistas de histórias e lendas. Foto: Arquivo TGSee omnystudio.com/listener for privacy information.
No episódio especial de dia das mães, Denise Santiago recebe a ex lutadora de UFC cearense Viviane Sucuri, mãe do pequeno Ravi, de um ano. Ela fala sobre a maternidade e as dificuldades que enfrentou no esporte durante a gravidez. Solta o play!!
Casal de ouvintes liga seu rádio ao fim da tarde e se vê fisgado pela Rádio Sucuri: programa misterioso que se propõe a criar uma retrospectiva da democracia brasileira dos anos 60 em diante. Pesquisa, roteiro, locução e edição: Franco Carneiro, Maria Alice Amorim e Matheus Leocádio Orientação: Elton Bruno Pinheiro Disciplina: Introdução à Linguagem Sonora
Na primeira parte deste episódio, conto a história que meu amigo Rinaldo Sérgio Vieira Arruda postou em sua rede social, sobre um acontecimento muito curioso que ele vivenciou junto aos Rikbaktsa. Então, próximo à publicação, vejo a postagem da Eliane Brum (@brumelianebrum) : “o último Juma morre de covid. enterrem o Brasil / perdemos a vergonha, perdemos o respeito, perdemos a dignidade / perdemos tudo / nos perdemos”. Sinto que devo incluir a nota da APIB (apiboficial.org) ao episódio, honrar a existência e a memória de Aruká, como tantos outros, vítimas dessa tragédia chamada desgoverno genocida, potencializada pela COVID-19. Eu sou Helena Salgado e vc pode acompanhar o TáTó no Instagram procurando por @tatopodcast. Lá vc também encontra, na bio, os links para todos os episódios e o contato, caso queira mandar alguma mensagem. O episódio foi gravado em São Paulo, no verão de 2021, e publicado pelo app Anchor. A vinheta de início é uma interpretação minha pra música “Antônia” (Fabio Torres) e a imagem da capa é uma foto que o Rinaldo tirou do Pudata em 1986. Boa escuta!
I'm sure that we've all had experiences with our WordPress websites where things went wrong; the site was hacked, something got deleted. In most cases we can recover, but if the worst comes to the worst we need a backup to save us. As with all things in the WordPress space, we're spoiled in the number of backup options available to us. There's plugins backups, our hosting backups, 3rd party SaaS backups and more. So which should we use? In this episode of the WP Builds Podcast we explore the pros and cons of the different backup types and why you might want to pick one over another. Have a listen to our thoughts on the podcast...
Entrepreneurship isn't always all glamour and success! Join us for a conversation with one of IDA's Founders, Varika Pinnam, where she talks about an experience that happened recently at IDA. Learn from her takeaways and access tips for how to prevent the same thing happening to your business. IDA Website: https://thinkida.com IDA is a mobile app that makes entrepreneurship navigable and user-friendly. Get smart suggestions and recommendations on what you need to do next, connect with other founders, analyze your competitors and audience, and find mentors and investors. Bluehost: https://www.bluehost.com/ Wordpress: http://wordpress.org/ Sucuri: https://sucuri.net/ VaultPress: https://vaultpress.com/ Cybersecurity for Small Business: https://www.ftc.gov/tips-advice/business-center/small-businesses/cybersecurity --- Support this podcast: https://anchor.fm/thinkida/support
Does your WordPress membership site have sufficient security measures in place? Many membership site owners live in fear of their website being attacked, and for good reason... If someone manages to hack into your Wordpress website, install something nasty or delete or steal your data, it could cripple your membership business. That's why it's so important to be extra vigilant and make sure you take adequate steps to keep your site secure... In this episode, I'm sharing my top tips for keeping your membership site secure and advising which plugins and services you can use to help. Essential Learning Points: Whether or not WordPress is an insecure platform to build your site on Why it's crucial that your membership site has security measures in place The eight top tips to proactively safeguard your membership site What you can do if the worst happens and your site is hacked Important Links & Mentions: https://managewp.com/ (ManageWP) https://sucuri.net/ (Sucuri) https://www.wordfence.com/ (Wordfence) https://wpengine.com/ (WP Engine) https://www.liquidweb.com/ (Liquid Web) https://ithemes.com/backupbuddy/ (BackupBuddy) https://www.wpfixit.com/ (WP Fix It) https://www.fixrunner.com/ (FixRunner) Key Quotes: “The fact that WordPress powers 455 million sites definitely makes it more of a target. The counterbalance to that is that there's also a lot of people involved in keeping it secure and responding extremely quickly to any issues.” “If you need to give admin access temporarily to your web designer, or maybe someone from tech support at your plugin company, make sure you remove their account after they no longer need it. It's not about not trusting those people, it's about there being an additional potential account that someone could get into.”
Podcast Radio.Punct
Episode 018. What's your digital recovery plan? I'm betting you don't have one, but I hope I'm wrong. This is a juicy episode, and really important, so save this one so you can reference it later. When things go wrong with your digital systems, what are you going to do? We pay for health insurance, life insurance and many others, so why not be prepared with your digital insurance? Don't be afraid to pay for services that protect your digital assets. For the transcript and full show notes: https://www.mirandamerten.com/18 (https://www.mirandamerten.com/18) Discussed In This Episode:What is a digital recovery plan? What will you do if PayPal locks your account? What happens if your website crashes or is hacked? Accidentally delete your email contacts? What will you do if the apps on your phone don't work? Password manager loses all the files? What if your project manager app crashes? Why you might want to have an IT partner Mentioned in this episode: https://www.crashplan.com/en-us/ (Crashplan, Cloud Backup Software) https://www.carbonite.com/ (Carbonite, Backup and Recovery) https://www.malcare.com/ (MalCare, Firewall and Malware Protection) https://sucuri.net/ (Sucuri, Website Security) https://hostingchecker.com/ (Hosting Checker) https://www.whoishostingthis.com/ (Who Is Hosting This) https://jetpack.com/ (Jetpack) Other helpful links: https://www.mirandamerten.com/power-pack (Free Productivity Power Pack) https://www.mirandamerten.com (Website) https://www.instagram.com/mirandamerten (Instagram) (@mirandamerten) Send a voice message: https://www.speakpipe.com/CoffeePoweredSystems (https://www.speakpipe.com/CoffeePoweredSystems)
Neste programa Andrea Soares e Leandro Medina vão contar a história do encantado mais famoso de toda a Floresta: a Cobra Norato. E para entrar no clima das cobras, tem também a Cobra Salete, que veio pessoalmente ao programa para ensinar uma brincadeira super legal. Tem ainda curiosidades sobre a Sucuri, a maior cobra do mundo e também uma adivinha! Coisa boa de se escutar! Vem com a gente!
In the first in a series of discussions on WordPress with Mike Potter of ESC! Technologies (and Macstock Conference & Expo), we start with why your website is so important no matter what business or organization you represent. Security matters, the popularity of WordPress, and why the Open Source nature of WordPress is important to the end user get us started. This edition of MacVoices is supported by MacPaw, the makers of CleanMyMac X. Your Mac. Good as new. Find out more and get your copy at MacPaw.com/podcast, and use the code "MACVOICES" to take 5% off the purchase price. This edition of MacVoices is supported by LinkedIn Jobs. Find the right person for your business today with LinkedIn Jobs. Visit LinkedIn.com/MacVoices to pay what you want and get the first $50 off. Show Notes: Guests: Michael Potter offers computer consulting of all flavors through his company, ESC! Technologies Group, including building WordPress web sites. Fine him on Twitter as @esctechgroup. He is also the Executive Producer of For Mac Eyes Only, and the organizer of the annual Macstock Conference and Expo. Mike's love-affair for all things Apple began in his Junior High's Library playing Lemonade Stand on a pair of brand new Apple ][+ computers. His penchant for Apple gear continued to be nurtured by the public school system when, in High School, he was hired as a lab supervisor to help run the Apple ][e lab for his fellow students and their Print Shop needs. Then, further still, in college he often opted to help a friend with her Computer Graphics coursework instead of focusing on his own studies, but only because it helped get him closer to the Mac-lab. Links: Wordfence Sucuri Support: Become a MacVoices Patron on Patreon http://patreon.com/macvoices Enjoy this episode? Make a one-time donation with PayPal Connect: Web: http://macvoices.com Twitter: http://www.twitter.com/chuckjoiner http://www.twitter.com/macvoices Facebook: http://www.facebook.com/chuck.joiner MacVoices Page on Facebook: http://www.facebook.com/macvoices/ MacVoices Group on Facebook: http://www.facebook.com/groups/macvoice LinkedIn: https://www.linkedin.com/in/chuckjoiner/ Instagram: https://www.instagram.com/chuckjoiner/ Subscribe: Audio in iTunes Video in iTunes Subscribe manually via iTunes or any podcatcher: Audio: http://www.macvoices.com/rss/macvoicesrss Video: http://www.macvoices.com/rss/macvoicesvideorss
Facebook confirma la compra de la plataforma de imágenes Giphy por $ 400MM* *Facebook* ha confirmado la compra de la plataforma de imágenes *Giphy*, en un acuerdo que ronda los *400 millones de dólares.*Mark Zuckerberg informó sobre la intención de compra el viernes *15 de mayo y CNET confirma que el acuerdo que ya se ha firmado* y estima que es de unos US$400 millones. Mientras la contaminación va a la baja por la COVID-19, las emisiones de internet se disparan* Uno de los últimos informes que ha puesto números a la huella de internet es el [del proyecto Shift](https://theshiftproject.org/wp-content/uploads/2019/03/Lean-ICT-Report_The-Shift-Project_2019.pdf) , un /think-tank/ que aboga por la reducción de las emisiones. Según sus datos, la huella de carbono de nuestros dispositivos, internet y los sistemas que los respaldan representan alrededor del 3.7% de las emisiones globales de efecto invernadero. Esto supondría entre 1.600 y 1.700 millones de toneladas anuales, similar a la cantidad producida por la industria de las aerolíneas, o una suma que situaría a la web, de ser un país, como el quinto [más contaminante del mundo](https://yotura.com/paises-que-mas-contaminan-del-mundo-emisiones-co2-130219/) , entre Rusia y Japón. *Vulnerabilidad en WordPress permite generar ataques de Magecart* Un nuevo descubrimiento por parte de la firma de seguridad de sitios web Sucuri, muestra un grave fallo de seguridad en el complemento de WordPress, WooCommerce, que podría dar paso a futuros ataques de Magecart. *Xiaomi lanza un bebedero inteligente para mascotas que se controla desde el móvil* Debido a sus dimensiones y peso, el dispensador inteligente de agua de Xiaomi está enfocado a *perros y gatos de tamaño medio*. El sistema de alimentación y circuitos se encuentran ocultos en la parte inferior para no correr riesgos. En caso de conectarlo a la corriente eléctrica valdrá la pena recubrirlo para evitar que tu mascota lo muerda. Por el momento este bebedero se encuentra *disponible en la plataforma * [Youpin](https://www.xiaomiyoupin.com/detail?gid=126334&spmref=YouPinPC.%24Home%24.list.0.7334197) , por apenas 169 yuanes, que equivale a *22 euros o 571 pesos*. Si estás interesado deberás acudir con un distribuidor externo, aunque el precio podría duplicarse como pasó con la versión anterior. *Escucha a la primera inteligencia artificial capaz de llorar* Uno de esos desarrollos es el que está llevando a cabo *Sonantic*, compañía que afirma haber creado la *primera inteligencia artificial capaz de llorar*. https://techcrunch.com/2020/03/02/sonantic/ Por Daniel Atik Sitio Web: http://la.azotea.co Síguenos en: https://twitter.com/LaAzoteaCo https://instagram.com/LaAzoteaCo https://facebook.com/LaAzoteaCo
Bun găsit la o nouă ediție de PlayGround. Azi am invitat-o pe Corina Dascălu să vorbim despre afacerea pe care a fondat-o: Detox Delivery. Aceasta este nutriționist, așa că am vorbit mai despe toate: Cifre, mâncăruri, hrișcă, pizza, venituri, business-ul din România și barierele întâlnite acolo, etc.La fel, am întrebat-o ce crede despre diete, principiul intermittent fasting și foamea în general. ENJOY! *** STAI PUȚIN, Vreau să-ți spun ceva. Să-ți mulțumesc. Da, ȚIE, celui care urmărește conținutul pe care îl produc. Dacă ești nou pe aici, să știi că bag prostii pe canalul meu de YouTube, iar zilnic mai scriu și o sinteză a celor mai importante știri pe Telegram. Dacă îți place ce fac și vrei să mă susții, te invit să pui și tu 2 copeici în pușculița de pe Patreon. Așa voi reuși să-mi păstrez motivația la cote rezonabile și să mai investesc în noi echipamente. Nu de alta, dar sunt al naibii de scumpe. Plecăciuni! Poți susține ce fac pe Patreon: http://bit.ly/patreon_sinteza Canalul de YouTube: http://www.YouTube.com/dumitruciorici Canalul de Telegram: http://bit.ly/DCtelegram_abonare #Detox #Diete #Vegan
Brenda Cadman is a website educator and owns Bon Accord Creative, a website education and web development company based in Charlottetown, on beautiful Prince Edward Island in Atlantic Canada. After spending nearly 20 years supporting small businesses with their websites, she now has a keen interest and focus on empowering wedding industry and other creative professionals to build their website confidence and to learn how to better protect their websites. SM Links IG: Instagram.com/brendacadman FB: Facebook.com/bonaccordcreative Website: BonAccordCreative.com Links Mentioned: Free Website Planning Checklist: https://bonaccordcreative.com/free-website-guide/ Create a Better Website Podcast: https://bonaccordcreative.com/podcast/ Episode 3: How to Choose Your Website Platform: https://bonaccordcreative.com/podcast/episode-3/ VaultPress: https://vaultpress.com/ LastPass: https://lastpass.com/ Sucuri: https://sucuri.net/ iThemes Security Pro: https://sucuri.net/ Wordfence: https://www.wordfence.com/ Basecamp: https://basecamp.com/ Asana: https://asana.com Google Docs: https://drive.google.com/drive/ Evernote: https://evernote.com/ Dropbox: https://www.dropbox.com/ Credits: Try musicbed for free! - http://share.mscbd.fm/weddingvideoboss Your subscription to Musicbed includes: - Unlimited music for all of your wedding films - Access to a curated roster with hundreds of artists and composers, including CHPTRS, Tim Halperin, The Light The Heat, Tony Anderson, Chad Lawson, and more. Also, browse dozens of curated playlists like Romantic, Uplifting Acoustic, Cinematic, and more. - Full clearance to upload to all social media and streaming platforms, including quick YouTube clearance with SyncIDTM. YouTube channel: https://www.youtube.com/channel/UCs4f-7m3H2K562O3Lb01xcw LIKE THE PAGE! https://www.facebook.com/weddingbossness JOIN THE GROUP! /www.facebook.com/groups/weddingbossness/ The Wedding Video Boss Podcast hosted by Paul Santiago BossIG: www.instagram.com/weddingbossness BoffoIG: www.instagram.com/boffovideo Website: www.thebossness.com If you're lazy, go here: linktr.ee/howtopaul Special thanks to Chris Holt for the sexy headshot Music credits: Season 1 : Isaac Joel - Azophi, Isaac Joel - Adler, Isaac Joel - Obliqua and Isaac Joel - Clavius from www.SoundStripe.com Season 2 : Yung Koolade - Rise, Isaac Joel - Two Leaf Anemone, Yung Koolade - Shee give me that good love from www.SoundStripe.com Check out our podcasting host, Pinecast. Start your own podcast for free, no credit card required, forever. If you decide to upgrade, use coupon code r-ea71ad for 40% off for 4 months, and support Wedding Bossness.
Na semana da Mulher, Denise Santiago e Beatriz Carvalho conversam com a campeã mundial do XFC e ex-lutadora do UFC, Viviane Sucuri. A cearense conta o novo desafio que abraçou: ser mãe. E relata o drama que vive para conciliar a carreira no MMA e a gravidez.
Seguimos con la racha de invitados en el podcast y esta semana contamos con Néstor Angulo de Ugarte, especialista en seguridad web de la empresa Sucuri, integrada ahora en la compañía GoDaddy. Néstor trabaja en remoto para Sucuri investigando casos de hackeo en entornos web y dando respuesta a los problemas de seguridad de los clientes. Como nuestro último invitado, Guillermo, Néstor también estuvo en la WordCamp con Andros como ponente donde ofreció una charla sobre seguridad en WordPress. Con Néstor queremos hablar precisamente de esto de seguridad WordPress, o más específicamente de la forma en la que se puede comprometer una instalación de WordPress y las cuestiones a tener en cuenta para ofrecer más seguridad. Además tenemos la suerte de haber contado con él para grabar en las instalaciones de Idecrea y eso ha hecho si cabe más amena la entrevista. Entre las cuestiones que hablamos con Néstor: - Motivaciones más habituales de un atacante a un sitio web con WordPress. - Los ataques más comunes en sitios web con WordPress. - Medidas básicas para proteger nuestro WordPress. - Limpiar correctamente un WordPress infectado. - Soporte y mantenimiento de sitios web. - Fuentes y medios de información para estar al día. - Certificados y auditorias de seguridad para plugins y temas. Sobre Néstor -> https://about.me/pharar Nuestros enlaces: Web: https://republicaweb.es Telegram: t.me/republicaweb y grupo Malditos Webmasters https://t.me/joinchat/AMQL6U88Wo9ru3O2e9ctjQ Twitter: @republicawebes Facebook: https://www.facebook.com/republicaweb ¡Contribuye a este podcast!. A través de la plataforma Buy me a coffee puedes realizar una mínima aportación desde 3€ que ayude a sostener a este podcast. Tú eliges el importe y si deseas un pago único o recurrente. ¡Muchas gracias! Sitio web de Javier Archeni: https://javierarcheni.com Sitio web de Andros Fenollosa https://programadorwebvalencia.com Sitio web de David Vaquero https://cursosdedesarrollo.com
Seguimos con la racha de invitados en el podcast y esta semana contamos con Néstor Angulo de Ugarte, especialista en seguridad web de la empresa Sucuri, integrada ahora en la compañía GoDaddy. Néstor trabaja en remoto para Sucuri investigando casos de hackeo en entornos web y dando respuesta a los problemas de seguridad de los clientes. Como nuestro último invitado, Guillermo, Néstor también estuvo en la WordCamp con Andros como ponente donde ofreció una charla sobre seguridad en WordPress. Con Néstor queremos hablar precisamente de esto de seguridad WordPress, o más específicamente de la forma en la que se puede comprometer una instalación de WordPress y las cuestiones a tener en cuenta para ofrecer más seguridad. Además tenemos la suerte de haber contado con él para grabar en las instalaciones de Idecrea y eso ha hecho si cabe más amena la entrevista. Entre las cuestiones que hablamos con Néstor: - Motivaciones más habituales de un atacante a un sitio web con WordPress. - Los ataques más comunes en sitios web con WordPress. - Medidas básicas para proteger nuestro WordPress. - Limpiar correctamente un WordPress infectado. - Soporte y mantenimiento de sitios web. - Fuentes y medios de información para estar al día. - Certificados y auditorias de seguridad para plugins y temas. Sobre Néstor -> https://about.me/pharar Nuestros enlaces: Web: https://republicaweb.es Telegram: t.me/republicaweb y grupo Malditos Webmasters https://t.me/joinchat/AMQL6U88Wo9ru3O2e9ctjQ Twitter: @republicawebes Facebook: https://www.facebook.com/republicaweb ¡Contribuye a este podcast!. A través de la plataforma Buy me a coffee puedes realizar una mínima aportación desde 3€ que ayude a sostener a este podcast. Tú eliges el importe y si deseas un pago único o recurrente. ¡Muchas gracias! Sitio web de Javier Archeni: https://javierarcheni.com Sitio web de Andros Fenollosa https://programadorwebvalencia.com Sitio web de David Vaquero https://cursosdedesarrollo.com
Tony started Sucuri, a security company, which was acquired by GoDaddy a few years ago. In this episode he gets real about what acquisition is really like as an entrepreneur, and it's not what you might expect. Tony tells us the struggles he had, including depression and self-doubt, and how there is very little fanfare in this process. I like to hear from Tony because he plays in the big leagues, even before they were acquired they were doing 8 figures, and now they are with a multi-billion dollar company. Enjoy!
Escucha la versión extendida de algunos episodio sin cortes + Regalos PREMIUM por solo 2,99€ >> https://clubwpress.com/socios Una de las razones más comunes por las que las personas comienzan a investigar sobre la seguridad de WordPress y las mejores prácticas, es porque dudan que este CMS sea seguro o que escuchan a alguien que insiste en que no lo és. ¿Realmente WordPress es seguro? ¿no lo és? ¿es un mito? o algo que todos queremos saber ¿cómo hacer mi Web con WordPress más segura? Para hablar de seguridad hoy hablaremos con Néstor Angulo, experto en seguridad y parte de la empresa Sucuri.
Do you understand how secure your website is from hackers? If you have never looked into this, it might be a lot more vulnerable than you think! It's so easy to overlook Website security and to tell ourselves it is someone else's problem until the worst happens and you get hacked. At that point, you'll wish you had paid more attention and taken a proactive interest in keeping your site and content more secure. To help all our listeners understand website security and what you can do to improve it, we talk to Alycia Mitchell, Marketing Manager at Sucuri and explore how marketers should be rising to the ongoing challenge of keeping our websites and digital properties secure from unwanted intrusions and hacks. Listen in for some really practical advice on how hackers might size up or start probing your site, and what you can do to ensure you don't invite in unwanted guests with slack practice. Learn what you can do to stay safe and keep the website hackers at bay. Useful Links Get Sucuri guides on a whole host of website security issues and all the major website content platforms and online resources. https://sucuri.net/guides/ Run a free Sucuri Site check on your website Sitecheck.sucuri.net Read the latest updates from the Sucuri blog team blog.securi.net Bing Webmaster Tools https://www.bing.com/toolbox/webmaster Google Search Console https://search.google.com/search-console/about
Marsha Collier & Marc Cohen Techradio by Computer and Technology Radio / wsRadio
Talk about SucuriSecurity and contest Galaxy Note 9's Amazing features Smartphone Gorilla Glass scratches Refurbished Apple products Apple Privacy and download data info This week in entertainment
Marsha Collier & Marc Cohen Techradio by Computer and Technology Radio / wsRadio
Intel Optane Memory coming to laptops; Be an environmental tech user; Amazon gives gift cards for your old tech; Sucuri Hacked website report; Criminals replacing chips in debit and credit cards; Top Shows on Netflix now; TV & Movies
Marsha Collier & Marc Cohen Techradio by Computer and Technology Radio / wsRadio
This week's Big Data Breaches; More Facebook News: Would you Pay for Facebook? Proposed un-sending messages in Messenger, Hospital deal to share data with Facebook TIPS: Keeping your tech sanitary; How to secure your phone from spying on you; How to see what Twitter knows about you
This week on the Down the Security Rabbithole Podcast, Tony Perez stops by for an early morning chat about the content management systems we in InfoSec love to hate on. We talk about Drupal, Wordpress and all the other CMSes out there that have similar issues. Highlights from this week's show include... Why start a company that does CMS security (they're hopeless anyway right?) How many of the most popular CMSes are actually not as bad as you may think, security wise The core, the plug-in infrastructure, and plug-ins Finding, responding to, and fixing bugs in the modern software world Guest Tony Perez ( @Perezbox ) - [Tony has perhaps one of the coolest LinkedIn write-ups, so I'm pasting it here.] Tony is a proven business leader and operator. He is a former US Marine (2000 - 2005), and former CEO of Sucuri (2011 - 2017), a website security platform that was acquired by GoDaddy in April 2017. He has proven experience taking a security product from startup to a global, multi-national, organization. His core competency revolves around: leadership, management, marketing, product position, product pricing, sales, business institutionalization, revenue and organizational strategy. He believes that our greatest responsibility in sales and marketing is to bridge the gap between the value a customer expects from your product, and the value you assume you are delivering. He brings with him an intoxicating level of energy, work ethic and passion. Excelling in high-tempo environments, and executing flawlessly against strategies. He is adamant about self-reflection and self-actualization, placing energy on learning his weaknesses and building on them. He is horrible at spelling, but amazing at motivating people. He is known for challenging people to be better, to strive for more, to never settle for the cards they've been dealt. He was a leader of Marines, and today he's a leader of people, technology and industry.
Membership Site Lab: Actionable Tips & Advice on How To Build & Grow your Membership Site!
WordPress security is about risk reduction, not risk elimination. It's about making it really really hard for hackers to attack your website. This episode of DAPCast is intended to educate you on some basic security tips, techniques and actionable steps that will help to improve your security and reduce the risk of an attack. Listen to this episode to find out: * The key differences between Wordfence and Sucuri's Application Firewall. * What's better and why? * What's that one CRITICAL thing that you MUST implement if you use Cloud-based Firewall? * Currently Sucuri's basic plan costs $200 dollars a year for ONE website. I'v shared a simple tip on how you can get the best protection while saving money. * Learn the answers to all of this, and MORE, in this value-packed DAPCast episode!
Life Updates Kyle: Attended T&C Summit in San Diego. Adam: Juggling all balls. WordPress News WordPress Now Used on 30% of the Top 10 Million Sites People on the Move / aka Changes Recruiter called Adam. He passed. Akai Suddeth joins Real Big Marketing Wearing/Drinking Kyle: Flywheel t-shirt, Sucuri water bottle, WP Engine flask,…
De repente você necessita trocar o local de hospedagem de seu Blog. Como proceder de modo a realizar esta tarefa com segurança e sem dor de cabeça? Na semana passada trocamos o local de hospedagem deste Blog, o mefano.com.br para a empresa que hospeda todos nossos domínios. Foi quando surgiu a ideia desta publicação. Fornecer dicas sobre este procedimento, facilitando a vida de todos. http://mefano.com.br
Sucuri Security – Auditing, Malware Scanner and Security Hardening. De nuevo vemos todas las funcionalidades que nos ofrece uno de los Plugins de Seguridad en WordPress. Con más de 200 Valoraciones de 5 estrellas Sucuri es uno de los más usados y más completos del repositorio. >> #58 Sucuri Security
Olha a cobra! Olha a lomba! É na Amazônia! São tantas referências ao É o Tchan que é difícil manter a seriedade! No QueIssoAssim de hoje, Brunão, Miotti, Artur e Xaxá se juntam para comentar, em mais uma gravação “live” de férias, um filme ruim. E dessa vez um filme de monstro que não era pra ser tosco mas acabou sendo um dos mais horrorosos dos anos 90: Anaconda! Neste episódio aprenda a seguir o caçador de cobras, entenda o ritual do Deus Cobra da Amazônia (quem?), fique lascivo perto de J-Lo e veja a cachoeira subir ao invés de descer. Edição: Miotti Vitrine: Lorena Miotti FICHA TÉCNICA https://filmow.com/anaconda-t187/ SEJA UM PATRÃO DO REFIL https://www.patreon.com/refil https://www.p
En el episodio 88 de WordPress Semanal te hablo de los 6 pasos para tener tu WordPress seguro que recomienda Sucuri, una de las empresas de seguridad para WordPress más prestigiosas del mundo. Escuchar en iTunes Escuchar en iVoox Escuchar en Spotify Plugin de la semana: descarga tu librería multimedia en un zip Con el plugin […] La entrada 88 | Las 6 recomendaciones de seguridad en WordPress de Sucuri es una artículo de Gonzalo Navarro.
In honor of Veteran’s Day, Sherry interviews Tony Perez, Co-Founder of Sucuri, about his life as a Marine and how his experiences shaped him as an entrepreneur. They talk about the value of having a clear purpose, channeling intensity, and the overlap between the demands of military life and the demands of founder life. Tony shares […] The post Episode 143: From Marine Corps to Tech Entrepreneur appeared first on ZenFounder.
In honor of Veteran’s Day, Sherry interviews Tony Perez, Co-Founder of Sucuri, about his life as a Marine and how his experiences shaped him as an entrepreneur. They talk about the value of having a clear purpose, channeling intensity, and the overlap between the demands of military life and the demands of founder life. Tony shares about his struggle to return to civilian life, his experience of PTSD and his discomfort with “thank you for your service.” Episode Transcript Sherry Walling: Today is Veteran’s Day, so our podcast guest is a former Marine Corps corporal, and one of the co-founders of Sucuri. Tony Perez, and his partners, took a small web-based security company from zero to 12 million dollars in six years. They were recently acquired by GoDaddy and Tony is now the head of the security business organization. In today’s episode, I talk with Tony about his experiences in the Marines, and how that’s shaped who he’s become as an entrepreneur. Part of my philosophy of interviews is people should use whatever language they wish to use to talk about their own lives, so just a heads up to some listeners, that there’s some choice military language in this particular episode. So, if you are listening with small kids or listening in the car, you might want to save this one for a time when grown up language is more appropriate. For those of you, like Tony, who have done two very difficult jobs in your life, being both in the military and entrepreneurs, kudos to you. Neither of those activities are easy, and the fact that you have had the energy, passion, and stick to it ness to do both is commendable. So we salute you on this Veteran’s day. A big thanks from ZenFounder. Sherry Walling: So I am here today talking with Tony Perez, who is the co-founder … Right? Are you co-founder or are you founder, founder? Tony Perez: No, no, I’m a co-founder, I’m not that lucky to be a founder. Sherry Walling: Or you are lucky to be a co-founder. Tony Perez: I am. Sherry Walling: Because your co-founder is pretty cool. Tony Perez: That’s right. Sherry Walling: Anyway, co-founder of Sucuri, which is a business that specializes in internet security. Tony is a former Marine and he is now the head of security business organization at GoDaddy. After exiting earlier this year, in 6 years, he and his team grew Sucuri from zero to 12.5 million dollars, so they’re pretty awesome. He’s pretty successful and he is here talking to me today about his experiences in business, but also his experiences in the Marine Corps. So, thanks for being with me, Tony. Tony Perez: For sure. I’m really excited to be here, doc. Just so you know, I’m going to call you Doc, because that’s what we do in the military, we call our Docs and that’s a term of endearment, so please don’t take it any other way than that. Sherry Walling: What’s up, Doc? It’s cool. Tony Perez: I was gonna intro it like, “What’s up, Doc?” But you didn’t give me the opportunity so now I have to kind of add context. Sherry Walling: Yeah, that makes the joke less funny [crosstalk 00:03:20]. Tony Perez: Yeah, I know
What can you do, as a site owner, to protect your website from the evildoers who will stop at nothing to harm your site for their own nefarious purposes? The first step is the most important. Listen to Site Success: Tips for Building Better WordPress Websites below ... Download MP3Subscribe by RSSSubscribe in iTunes Important links from this episode: Try StudioPress Sites Sites Weekly Newsletter Subscribe to Sites on Apple Podcasts @JerodMorris on Twitter The Transcript Jerod Morris: Welcome to Sites, a podcast by the teams at StudioPress and Copyblogger. In this show, we deliver time-tested insight on the four pillars of a successful WordPress website: content, design, technology, and strategy. We want to help you get a little bit closer to reaching your online goals, one episode at a time. I m your host Jerod Morris. Sites is brought to you by StudioPress Sites — the complete hosted solution that makes WordPress fast, secure, and easy without sacrificing power or flexibility. For example, you can upload your own WordPress theme, or, you can use one of the 20 beautiful StudioPress themes that are included and just one click away. Explore all the amazing things you can do with a StudioPress Site, and you ll understand why this is way more than traditional WordPress hosting. No matter how you ll be using your site, we have a plan to fit your needs — and your budget. To learn more, visit studiopress.com/sites. That s studiopress.com/sites. Welcome to Episode 11 of Sites. Last week, in episode 10, we discussed user experience design, and how it benefits website users and can deliver bottom line business benefits as well. But there is one sure-fire way to sink even the most immaculate user experience design and that is with poor security. Nothing will erode your audience s trust in you faster than visiting your website and getting a security warning, or having Google flash a You can t trust this site message in your search results. Even worse, have you ever navigated to a site, started reading, and then been suddenly redirected to some spammy, shady looking sweepstakes page or worse? You try to press the back button, and you can t? I have. It s a pretty good sign that something got hacked on the original site, whether it was the site itself or a piece of code, like an ad script. It definitely makes me think twice about visiting again. Don t make your website visitors think twice! The simple reality is that website security has never been more critical. Hackers, ransomware, and denial of service attacks are all concerns for the modern business. With WordPress, the power of the platform is also the reason that security holes can develop and be exploited. While the ability to mix various themes and plugins with the content management system provides that flexible power, it also increases the potential for malicious access. So what can you do, as a site owner, to protect your website from the evildoers who will stop at nothing to harm your site for their own nefarious purposes? The first step is the most important. 1. Choose a security-focused hosting provider The most important security-related decision you will make is where you host your website. As you peruse different hosting options, or step back and review your current host from this perspective, ask this simple question: what is my host bringing to the table in terms of security? You need a host that is specifically designed to provide an integrated environment that keeps your website safe from the bad guys. What does that look like? Well, a strong host should essentially take care of the rest of these steps for you. Sounds like a pretty sweet deal, right? Absolutely. You don t want to stress about security, you want to work on your content and build relationships with your audience members and, hopefully, future customers. So let s look at these other steps and see what your hosting provider should be delivering to you. 2. Have automatic WordPress updates in place The beauty of open source software like WordPress is that there are thousands of people constantly making it better, as well as thousands of eyes looking for security issues. But it s generally up to you to make sure you update your version of WordPress when there are problems with a previous release. This means you have to keep track of when WordPress updates are available, backup your site, and then cross your fingers that the update doesn t bork something. And then do it again a few weeks later when a new update is out. That s cumbersome. And it can be stressful. But it s necessary. The best solution is hosting your site with a provider that has an automatic update feature — and to turn it on, if it s not on by default. Then, basically, your host is taking this responsibility and pressure off your plate. That s good. That s the value you re paying for. 3. Respect the risk presented by themes and plugins The next question is will your theme or plugins you want to install add security holes? If your host comes bundled with themes and recommended plugins, like StudioPress Sites does, for example, then you can feel comfortable that everything will play nicely together and be as secure as it can be. Shoddy theme and plugin code leads to easy access for hackers. Plus, it can kill your site speed and performance. A double whammy. This is why using themes and plugins that have been fully vetted by a security-conscious host is a smart idea. Take the Genesis Framework as an example. This is the framework on which our themes are built at StudioPress, and every StudioPress Sites website comes loaded with Genesis and 20-plus child themes. Not only does the well-coded Genesis provide a strong line of defense, it also auto-updates when a new version is released and adds a layer of protection on top of the newest version of WordPress. Make sure you watch your plugins too, both in what you allow into your site s environment, and in ensuring that those plugins are always updated to the latest version. Plugins can be the blessing and the curse of WordPress, and you want to stay vigilant in keeping them updated at all times. Helpful hint: if you re running a plugin that does not update quickly after new versions of WordPress come out, start looking for a new plugin. It might mean that the plugin developer has abandoned the plugin, which doesn t bode well for future improvements. At best, you ll be using an outdated plugin, which is a recipe for security disaster. Finally, let s discuss two more areas where you and your hosting provider need to be really serious about security: 4. Protect yourself from DDoS attacks Have you ever heard of a DDoS attack? You ve probably heard the term even if you didn t know what it means. A distributed denial of service — DDoS — is a brute force attack that is the result of multiple compromised systems (for example, bots) flooding your site with traffic. You need to make sure that your site s host has proactive technology that allows it to detect and mitigate attacks quickly, while repeat offenders are detected and banned accordingly. For example, we have a proprietary technology in place for this at StudioPress Sites. It s an always on intrusion prevention technology that works continuously to keep your WordPress install safe from vulnerabilities, intrusions, and exploits. Our team has years of experience, plus we ve sought audit input from multiple third parties, all of which allows us to create configurations and settings that keep the bad guys away without handcuffing your working style. You would be wise to ask your host how they handle DDoS attacks, and you should hope they have a detailed explanation like what I just provided about StudioPress Sites. DDoS attacks are a serious problem, and they need to be treated with serious solutions. 5. Deploy continuous malware monitoring Finally, you need continuous malware monitoring. This really isn t negotiable. Unless you yourself are constantly monitoring all of the folders and files that make up your website, how will you know if a hacker has broken in and left something? Not all hacks and malicious code reveal themselves in a public, obvious way right away. And if your site has a ticking time bomb buried within it — really, if it has anything in it that you didn t put there yourself — then you need to know about it so you can take action. To give you another example, the way StudioPress Sites handles this is to partner with Sucuri for continuous malware monitoring, scanning, and remediation. So if malware is found, we take the responsibility of removing it so you don t have to worry about it. Additionally, we also scan for advanced threats, including conditional malware and the latest cyber intrusions. This is all included as part of your plan. And that s how it should be. Adequate website security shouldn t be an add-on that you pay more for, or something you have to rely totally on third parties for. Strong security should be a standard part of any web hosting package, so make sure you have it. To review, here are the five steps you can take to have a more secure website are: **- Choose a security-focused hosting provider Have automatic WordPress updates in place Respect the risk presented by themes and plugins Protect yourself from DDoS attacks Deploy continuous malware monitoring** Now stick around this week s hyper-specific call to action is coming up. Call to action For this week s call to action, I want you to pick one of the following: You can either One: Create a recurring calendar or to-do list item that reminds you to check every other week for WordPress, plugin, or theme updates. This way, you ll never go more than two weeks without checking, if for some reason you don t happen to log in to your WordPress dashboard and/or miss the alerts in there. Now, if your hosting provider has automatic updates for WordPress and even your theme and certain plugins, you may not need to do this. Just make sure the automatic updates are turned on. Then you can choose CTA #2 Two: If you don t already know, ask your hosting provider how they are protecting you from DDoS attacks and malware injections. You may need to put in a support request, or find the answers in your host s knowledge base or documentation. You need to know this, even if it s just for your own peace of mind. Okay — coming next week, we re back to strategy, and we re back to SEO. We re going to ask — and answer — the question What if You Could Simply Eliminate SEO from Your Life? Come back next week to find out. Finally, before I go, here are two more quick calls to action for you to consider: Subscribe to Sites Weekly If you haven t yet, please take this opportunity to activate your free subscription to our curated weekly email newsletter, Sites Weekly. Each week, I find four links about content, design, technology, and strategy that you don t want to miss, and then I send them out via email on Wednesday afternoon. Reading this newsletter will help you make your website more powerful and successful. Go to studiopress.com/news and sign up in one step right there at the top of the page. That s studiopress.com/news. Oh, and I should mention, we occasionally include special offers in these emails too — stuff that isn t otherwise marketed publicly. So if you like StudioPress products, keep your eye out for special deals in your Sites Weekly email. Again, it s studiopress.com/news. Rate and Review Sites on Apple Podcasts And finally, if you enjoy the Sites podcast, please subscribe to the show on Apple Podcasts (formerly known as iTunes), and consider giving us a rating or a review over there as well. One quick tip on that: to make the best use of your review, let me know something in particular you like about the show. That feedback is really important. To find us in Apple Podcasts, search for StudioPress Sites and look for the striking purple logo that was designed by Rafal Tomal. Or you can also go to the URL sites.fm/apple and it will redirect you to our Apple Podcasts page. And with that, we come to the close of another episode. Thank you for listening to this episode of Sites. I appreciate you being here. Join me next time, and let s keep building powerful, successful WordPress websites together. This episode of sites was brought to you by StudioPress Sites, which was awarded Fastest WordPress Hosting of 2017 in an independent speed test . If you want to make WordPress fast, secure, and easy — and, I mean, why wouldn t you — visit studiopress.com/sites today and see which plan fits your needs. That s studiopress.com/sites.
Se você também é um apaixonado por WordPress, pegue seu café e venha conosco. O Umblercast desse mês reuniu 3 especialistas em WordPress e vai responder todas as suas perguntas. PARTICIPANTES Flávio Henrique Marco Andrei Kichalowsky Rodrigo Donini LINKS INDICADOS NO PODCAST The WordPress Plugin Boilerplate: http://wppb.io/ WP-CLI: http://wp-cli.org/ Underscores: http://underscores.me/ Codex WordPress: https://codex.wordpress.org/ Sucuri: https://sucuri.net/pt/ Themeforest: https://themeforest.net/ WordPress Security Checklist: http://wpsecuritychecklist.org/br/
We sit down to talk with Dusty Davidson, the CEO and co-founder of Flywheel. He tells us how the hosting company got started, early years and growing, what they look for in hiring, their acquisition of Local, and much more. We also ask Dusty about early years and growing, what they look for in hiring, their acquisition of Local, and much more. ================== Our episode this week is sponsored by LiquidWeb. Liquid Web is offering a 33% discount for your first 6 months of managed WordPress hosting. Head over to https://LiquidWeb.com/wordpress and use the code WPTONIC33 at checkout for your discount. ================== Table of Contents for Episode 187 0:00 Podcast intros. 2:57 How did Flywheel get started? Why they decided to start a hosting company in the first place. 5:39 What gaps in the hosting market was Flywheel trying to fill? 9:06 Some common hosting problems that Flywheel sought to solve. Growing the company using pure hustle and guerrilla marketing. 16:47 What does Flywheel look for when hiring? What challenges have they faced when growing the company? 20:44 As Flywheel grew, who did Dusty look to for advice? How do organizations change as they grow? 23:21 Dusty's early involvement in Silicon Prairie News and the growing tech scene in the Midwest. 30:34 Bootstrapped vs. Venture Capital funded. 32:49 The trend of hosting companies consolidating services by buying other companies and tools. The decision process behind Flywheel purchasing Pressmatic (now Local by Flywheel). Thoughts on GoDaddy acquiring Sucuri. 39:21 Is the future bright for plugin developers? What's the future for themes and plugins? How does this affect the perception of other products in the WordPress space, like hosting? 46:44 What is the future for growth for WordPress the platform? 49:00 Podcast outros. ================== Links mentioned during the show: Silicon Prairie News One Million Cups Local by Flywheel ================== Find bonus content for this episode on the WP-Tonic website: https://www.wp-tonic.com/podcast-episodes/ =================== Subscribe to WP-Tonic on iTunes https://itunes.apple.com/us/podcast/wp-tonic-wordpress-podcast/id893083124?mt=2 =================== WP-Tonic is both a WordPress maintenance and support service, and the publisher of a twice-weekly WordPress podcast.
Life Updates Adam: WCSD was great Kyle: Starting new job! WordPress News. Sucuri to GoDaddy. Pressnomics is this week.. Whoohoo! Wearing/Drinking Kyle – WC Chicago Hoodie + Water Adam- ServerPress Polo + Water from a USF Mug Questions If you're doing freelance on the side, where are the best places to find clients? Is…
In today's podcast we offer a rundown of recently announced threats and vulnerabilities in stores and documents: Play Store, App Store, and MS Office. Some crooks move to the cloud. GoDaddy buys Sucuri. The US is rumored to be preparing a North Korean indictment for the Bangladesh Bank heist. Social media look for bad bots. Level 3's Dale Drew describes botnet evolution. LookingGlass' Eric Olson explains FaceBook Marketplace security. And some dodgy scientific journals seem to use catphish for peer review.
Vrei să sponsorizezi acest show sau să propui un invitat interesant? Scrie-ne pe contact@citypodcast.ro Adrian Boioglu și Răzvan Burz discută astăzi despre securitatea unui site pe WordPress - ce trebuie să faci pentru a avea un site ferit de atacatori, dar și un server curat și care nu îți face probleme. Subiectele abordate în acest episod sunt: modificare username admin prefixul din baza de date securizarea drepturilor wp_config drepturi de browsing in foldere key-urile de securitate neafisarea versiunii de wordpress in codul HTML stergerea fisierelor readme si license premisiuni la fisiere si foldere securizarea wp_content si cine / cu ce drepturi poate scrie fiecare user in ele securizarea plug-inurilor instalarea plug-inurilor hidemywp, sucuri web scan, backup my wp blocarea comentariilor sau activarea disquss sau askimet din jetpack (platit pentru site-uri comerciale) two factor authentication teme din surse sigure, poate facute de tine server bine securizat eliminarea plug-inurilor inutile/neutilizate nu cadea in plasa celor care trimit mailuri contrafacute similare Sucuri. Jurnalistul Adrian Boioglu este fondatorul rețelei CityPodcast, dar scrie și pe Constanța News și pe boio.ro Ai idei, păreri despre acest show sau vrei să ne spui ceva? Scrie-ne contact@citypodcast.ro, pe Twitter sau pe Facebook. Intră pe CityPodcast.ro pentru a asculta și celelalte show-uri din prima rețea de podcast-uri din Romania. Nu uita să dai “Subscribe” în iTunes sau în aplicația ta preferată de ascultat podcast-uri și să ne dai un rating cât mai bun în iTunes. Ne ajută să apărem și în fața altor ascultători din România.
Maybe you are a creative person, and you came up with a great product. The bad news is you're not a sales person, and you need some help with your marketing. Script Engage can help with this. Here is how it works. You enter your target audience (the avatar) and fill out a survey about your audience and what your product does. Script Engage has Copywriting Templates that then take the information you've entered, and created great Sales Copy that is going to convert. In watching the video, I like the idea. I don't buy into the "click a button and it's done theory." There was a tool I looked at previously called Script Doll. This is very similar, but the interface seems a little easier to use (not that Script Doll was hard) I think the bottom line with tools like this is they well take you further than you would on your own, and then you can add the special details that are specific to you and your product. Check out the video www.weeklywebtools.com/351 Keep Your Wordpress Websites Up To Date I let an old website die on the vine and it got hacked, which lead to more of my sites getting hacked. Here is what I learned. The site lock protection that Host Gator sells for $10 is good against "baby" issues, if you need a real person to clean your site, you are looking at $80/month per website. For the record Site lock's support was great, but I was not happy when I found out the service I bought was more reactive, than protective. I ended up using Sucuri who I've used in the past. Their support is good, and it is going to cost me around $200 a year. It's a pricey lesson learned. So always keep your site up to date. I'm using manage wp for that, as I can login and update all my sites in one place. Also on my " do not use this anymore" list is bluehost. My sites are taking 10-15 seconds to load. When I get on their chat and wait 30 minutes, they are no help. I can barely do a post. I've heard alot of good things about Siteground as of late (and I have my Godaddy Reseleler at www.coolerwebsites.com) If you use this link, you can save 10% off Managewp.com Support the Show at www.weeklywebtools.com/support
On the show today the five of us talk about what you can expect on the upcoming episodes of WP Elevation. In handing over the reigns, I’m humbled and chuffed to have these four extraordinary coaches step in and become regular hosts. And I’m also freaked out to let go! But after two years of weekly shows, I needed to refresh and reinvigorate what we were doing and where we were going with the WP Elevation podcast. My first question to these four was about what is most exciting for them in becoming hosts. Kristina is delighted for the opportunity to talk with the great minds in this space, and she thinks it's cool to connect with these guests in a more personal way, after knowing them through social media. For example, she has recorded an interview with Dre Armeda of Sucuri. They both have daughters - he has four and Kristina has one - who all have a common obsession with the movie Frozen! She said it was fun to connect on that level, and then launch into a discussion about website security. Mike is thrilled that so many of the people he gets to interview this year have been people whose blogs he has been reading, and people he admires. He finds it mind-blowing that he gets to talk to these people! Gin also weighs in from a different perspective. She knows many of the guests and has organised getting these people on the show for the last three years. But because she was new to the WordPress space she didn't fully grasp the calibre of the guests. But she does today, and she's looking forward to good interviews on her own, like Andy GoDaddy's community manager! She’s also excited to bring her business perspective to the show and share practical advice with the audience. Cath jokingly says she is really excited to hang with the cool kids! She has grown a lot since the beginning as a member of WP Elevation and then later a coach. She admits to feeling a little intimidated, but she has been doing a lot of research and listening to the best podcasts, so she knows what it sounds like to be a pro! She knows it's going to be a lot of fun to interview guests and share them with the audience. My next question for the group was about the areas they are particularly interested in talking about on the podcast. Kristina is interested to know what people are doing when it relates to dealing with clients or creating WordPress space products. She likes to connect with people and dig in to how the guest's background and journey apply to the WP Elevations listeners. Mike finds the humble beginnings and personal stories of successful people fascinating, and so he’s excited to dive into that. He also can’t wait to hear about guests’ journeys and how the “blueprints” they uncovered can benefit the listeners of this show. Cath is keen to ask her guests what the audience may be overlooking and missing in terms of products and services. She is also really interested in what our audience needs to know about our micro audiences and micro-client bases, plus community management, positioning and learning from like-minded colleagues. What Gin is most looking forward to talking about is managing remote teams, and building those teams. She’s also excited to bring live streaming and video techniques to remove the intimidation and fear many have around the topic. Also on this episode, you’ll hear stretch goals these four have for who they want to interview as well as what kind of takeaways to expect from each show. You’ll hear from each of our four hosts on those topics, plus more on this edition of WP Elevation podcast! Got ideas or recommendations on who you’d love to see as a guest on WP Elevation? Send us your suggestions by leaving a comment here, on our Facebook page or Tweet us.
It’s early in the year and something to think about is security! Dre Armeda is here to tell us all about that – the full history of his company, Sucuri, where they’ve been and why they are kicking it up a notch. Super informative and important to anyone doing business on the web! Show Notes […] The post Episode 19: Dre Armeda and Sucuri appeared first on How I Built It.
Denial of Service attacks target DNS providers. NGOs and Associations become targets for botnets and how they can prepare.
In episode 139, we interview Robert Abela, founder of WP Security Audit Log, a leading WordPress auditing plugin. Robert's blog at WP White Security is a great resource for learning more about WordPress security best practices. Robert focuses on explaining website security in a way that non-technical people can understand. Resources: WP White Security https://www.wpwhitesecurity.com/ WP Security Audit (WordPress plugin) https://www.wpsecurityauditlog.com/ WP Security Bloggers (Aggregate feed) http://www.wpsecuritybloggers.com/ Episode 139 Table of Contents 0:00 Intros /What Robert does. 3:24 Why does WordPress have a reputation for being insecure. 5:55 Many attacks are bots looking for weak credentials or plugins that have not been updated. 8:16 Many people make a living just configuring Wordfence, Sucuri, and iThemes Security. 9:12 Security plugins are a tool, not a 100% guarantee you won;t be hacked. 14:35 Why are audit logs important? And are website owners ever surprised how much activity there is on their site? 18:58 What advice would Robert give business owners when they go to build a website? 23:51 You must pay attention to everything that touches your website, not just WordPress components 29:21 Podcast Outros =================== Links mentioned during the show: Get Your Website on Google’s First Page – An Email Exchange with a SEO Specialist, or Not? https://www.wpwhitesecurity.com/wordpress-security/your-website-google-first-page-email-exchange-seo-specialist/ =================== Subscribe to WP-Tonic on iTunes https://itunes.apple.com/us/podcast/wp-tonic-wordpress-podcast/id893083124?mt=2 =================== WP-Tonic is a both a WordPress maintenance and support service, and publisher of a twice weekly WordPress podcast where we talk with some of the most successful people in WordPress web development, business, and digital marketing.
DKSpeaks Podcast: Internet Marketing, Blogging and Social Media Tips
Pinterest47 Facebook 0 Twitter 0 LinkedIn WhatsApp 47Shares How to Secure Your WordPress Blogs? This is one thing that every blogger on the World’s largest blogging Platform – WordPress, is worried about. Why? Because WordPress is the world’s favorite CMS platform (sarcasm intended). According to a study by the security firm Sucuri, 4 out of 5 hacked websites that they investigated were running WordPress as their content management platform. More precisely, Sucuri reveals that 78 percent of the total number of hacked websites it investigated were WordPress sites, with Joomla in a distant second, taking up only 14 percent of the data sample. Further, six percent were no-CMS websites, 5 percent were running Magento, and 2 percent were using Drupal. If you are still wondering as to what was the “sarcasm” in that earlier comment above, then let me explain. WordPress is indeed the favorite platform of everyone – both bloggers and hackers alike. And hackers don’t have to work hard to break into a WordPress Installation and take the site down. Sucuri, in its investigation found that the primary reason for WordPress sites getting hacked was outdated plugins and not the Core files itself. As for a breakdown of hacked WordPress sites, Sucuri says that a large part can be attributed to outdated plugins. There were minimal attempts to use vulnerabilities in the WordPress core itself, and crooks relied on WordPress’ popularity and its large plugins and themes ecosystem to inflict their damage. If that wasn’t horrifying enough, then let us look at some more reasons why WordPress is the favorite platform of hackers and how to secure your WordPress blogs. How to Secure Your WordPress Blogs Have you ever woken up to a Blank homepage on your WordPress blog? Or, you might have seen a page with a disastrous formatting that left you wondering as to what happened to your WordPress blog overnight. If yes, then welcome to the world of WordPress bloggers. I went through both of the above. Now, imagine if this happens to a blog with over 400 posts and you don’t even have a backup of the files and the database! I am sure you would agree that it is not the best situation to be in. And, I was in that situation too. It was after all of this that I realized how important securing your WordPress blog is. And since then I started spending a lot of time to ensure that I ring-fence my blog enough to prevent this from happening. In this episode we are going to look at why a WordPress Blog gets hacked and how to secure your WordPress blogs from hackers and spammers. Here are some of the things that we are discussing in this episode – * Why is the single most important reason for a blog getting hacked?* 2 things that you should avoid to ensure that your blog is protected* A simple plugin to update all your blogs in a single click* A readily available firewall that is free to use Resources Mentioned in this Episode These are the resources that we spoke about in this episode – --- Send in a voice message: https://anchor.fm/dkspeaks/message
DKSpeaks Podcast: Internet Marketing, Blogging and Social Media Tips
How to Secure Your WordPress Blogs? This is one thing that every blogger on the World’s largest blogging Platform – WordPress, is worried about. Why? Because WordPress is the world’s favorite CMS platform (sarcasm intended). According to a study by the security firm Sucuri, 4 out of 5 hacked websites that they investigated were running ... Read more
Let's bust the myth about WordPress security and show you how to protect your or your client websites today. In this tipisode we arm you with the answer to the “WordPress is insecure” moan, and we share the tools to help protect you. Force Strong Password - https://en-gb.wordpress.org/plugins/force-strong-passwords/ Bruteprotect - https://en-gb.wordpress.org/plugins/bruteprotect/ All-in-one WordPress Security - https://en-gb.wordpress.org/plugins/all-in-one-wp-security-and-firewall/ iThemes - https://ithemes.com/ Sucuri - https://sucuri.net/ Cloudflare - https://www.cloudflare.com/ --- OUR EVENT: Do you want to make real change in your business? Join us at our in-person event Agency Transformation Live Meet Troy Dean; Lee Jackson, Chris Ducker, Kelly Baader, Amy Woods, Paul Lacey, Dave Foy and other legends in this fantastic conference focused on actionable steps that you can use to transform your agency. --- See acast.com/privacy for privacy and opt-out information.
Today Dave is joined by the host of the Just the Tip podcast Tim Wohlberg. 2:42 Do I Split My Topics into Separate Podcasts? from transmissionspodcast.com 11:19 Update from Podcast Mid Atlantic see askthepodcastcoach.com/mapcom for the virtual ticket 17:27 Nails on a Chalkboard to Tim - You Need to Tease Your Audience Where do you put the tease? Well a tease is for something that is coming up, so up front and as you go forward. 26:15 Doing a topic over episodes from Kim on onthetablepdocasts.com 31:50 Tim's Because of his podcast? Thanks to all of our awesome supporters www.askthepodcastcoach.com/awesome 35:10 Dave pulls the perfect reset (as this is a live show) 36:10 You need to keep your Wordpress website and all of your plugins up to date. Sucuri is good if you get hacked. Be sure to backup your show. Check out Manage WP 39:00 No You can't play music on your show if you don't have the proper liscense and in some cases your episode will be pulled. 42:10 Podcast Legends from Todd Cochrane interview Brian from Coverville Music For Makers gives a free track a month Spreaker has a cool deal with a company called Epidemic 45:17 Behind the Scenes of Being on the Radio 50:35 Revisit the multiple episodes telling one long story question Start Podcasting Today Take a course at the School of Podcasting
DKSpeaks Podcast: Internet Marketing, Blogging and Social Media Tips
Pinterest0 Facebook 0 Twitter 0 LinkedIn WhatsApp 0Shares What is your single biggest worry about online assets – your blog, your websites and your money-sites? If your response was anything other than “Security”, then you need to rethink. But if you answered in “Security”, then let me tell you that you are in the same league as thousands of other website owners. But the worst part in all of this is the fact that there is no real solution to it. You can use one of the many security solutions like Sucuri, Wordfence etc. to secure your websites, but you still need to be aware that these tools can only protect you to a certain extent. The rest is onto you to ensure that you are prepared to deal with a dire situation. You might have noticed that my last post was almost about 2 and a half months back and also that I have never taken such an extended break from blogging. As for my podcasts, I had always ensured that I maintain consistency. But all that went for a toss over the last couple of months. And all this thanks to a hacker. This was not the first time that my sites were hacked. In fact, after the last time this happened I had ensured that I secure my sites with some of the best plugins I could find, but I still couldn’t prevent another attack. And the reason was an old WordPress installation that I forgot to delete from my hosting. Since most of the files in this installation was outdated, it was easy for the hacker to get into the files and then use them to get into the other WordPress sites. To sum it all up, I spent almost a month and a half restoring all my websites, about 40 of them and 3 of my niche blogs. While it should have been a couple of week’s job, it was only because of some of my mistakes that it took me so long. Nevertheless, all of my sites are back up and the experience I gained following this hacking instance has made me a little more wiser and given me some extra knowledge. I am putting together a complete guide on how to save your WordPress sites, in which I will be detailing everything about prevent hacker attacks and tips on restoring your WordPress installations. You might see a slight inconsistency in my posts and podcasts for some time until things stabilize, but I should be back up and running in another couple of weeks. Ways to Generate Free Traffic to Your Blogs In this episode of the DKSpeaks Podcast, I will be discussing about 2 simple methods using which you can drive FREE traffic to your blogs. These traffic methods have helped me through the situations that we discussed a little while back, when you sites get hacked. Since these are FREE traffic generation methods, I am not impacted financially with the loss of traffic. Also the traffic just doesn’t get impacted unless the website is down for a long time. You need to keep one thing in mind, when you include these traffic generation methods in your strategy. These methods are long term methods and will help you in the long run. You will have to be patient and consistent with these methods. Do it the right way and don’t let it go in between. It also means that if you are looking for immediate traffic, then these methods will simply not help you. You will have to look at paid traffic generation methods like PPC. In this episode, we will be looking at the following – * How to use your existing content to generate traffic * How to establish yourself as an authority in your niche * A strategy that generates traffic and also helps build your list Resources mentioned in this Episode The below are some of the resources that were mentioned in this episode – * --- Send in a voice message: https://anchor.fm/dkspeaks/message
Today we spend time with CEO Tony Perez of Sucuri talking hacking, pharmahacking, security, priorities and protecting your web business. This talk is eye-opening to say the least. All the tech, social media and blog headlines that Bloggers love, need and use everyday.
AskPat 2.0: A Weekly Coaching Call on Online Business, Blogging, Marketing, and Lifestyle Design
Today's question comes from Gaynete, who asks about the time my website got hacked. What did I learn from getting the site hacked? What would I do differently to prevent future attacks? I share the 11 things I learned from the DDOS attack that will help you prevent your site from getting hacked—or help you recover if a site hack happens to you. The plugins I discuss for limiting logins are Limit Login Attempts (https://wordpress.org/plugins/limit-login-attempts/) and Wordfence (https://wordpress.org/plugins/wordfence/). The password managers I mention are 1Password (https://agilebits.com/onepassword) and LastPass (https://lastpass.com/). The hosting companies I recommend are Linode (https://www.linode.com/) and Bluehost (http://askpat.com/bluehost). Two other service I recommend are Sucuri (https://sucuri.net/) and Cloudflare (https://www.cloudflare.com/). Do you have a question about your website’s security? Record it at http://www.askpat.com/. Thanks to our sponsor, Lynda.com. Try out all of Lynda.com's courses for free for seven days. Go http://lynda.com/AskPat to get started. Thanks to our sponsor, Sidekick. Receive live notifications when someone opens your email. Go to getsidekick.com/pat to check it out.
This week I share what I learned at WordCamp Las Vegas Upcoming Events WordCamp Paris – Jan 23 – 24 Wordcamp San Antonio – Jan 24 Segment 1: In the News WordPress 4.1 – Released SoakSoak malware – Sucuri has the low down. WordSesh 3 was held Dec 20th. Watch them all here Segment 2: WordCamp…
Matt Report - A WordPress podcast for digital business owners
You might refer to it as crushing it or pushing through or even the grind. Determination is often overlooked in the entrepreneur's journey. Some will fold when faced with the slightest friction of startup life. Others will give up when they can't see the light at the end of the tunnel. Dre Armeda, co-founder of Sucuri, joins us to talk about determination and preparation when starting your first business. He's also half of the talent over at the DradCast a popular WordPress podcast. Get ready to be pumped up by this interview! Dre Armeda of Sucuri security services https://www.youtube.com/watch?v=_E35vD85_5Y Subscribe to my YouTube channel A story of determination and perseverance Many of you might know Dre form his podcast, but you might not know the genesis of his startup Sucuri. A bootstrapped security company that helps protect WordPress, Drupal, and Joomla sites from being hacked. I actually subscribe to their service for this site and a few of my client websites — I'd suggest taking a look at their offerings if you're in need. Like many of us in the early days, Dre and his team were faced with making the decision of going all in on the company. Even with full-time jobs, decisions had to be made to quit and focus on growing the business. Tune in to find out what that was like and how they went through the steps to get there. Leave your comments and other news Enjoy the show? Post your comments below and let me know what you think! Also, I've made some changes to WP Mentor including a new community forum and listings for code reviews. If you're looking for help or want to become a WordPress mentor, go check it out! ★ Support this podcast ★
Matt Report - A WordPress podcast for digital business owners
You might refer to it as crushing it or pushing through or even the grind. Determination is often overlooked in the entrepreneur’s journey. Some will fold when faced with the slightest friction of startup life. Others will give up when they can’t see the light at the end of the tunnel. Dre Armeda, co-founder of Sucuri, joins us to talk about determination and preparation when starting your first business. He’s also half of the talent over at the DradCast a popular WordPress podcast. Get ready to be pumped up by this interview! (more…)
Doubt The Doubts | Crazy Cool People Sharing Great Tips, Tactics, & Tools
Dre Armeda takes his passion for security to the internet.
I am taking a MAG40 course with the legendary Massad Ayoob this week and had to stay up late to give you this show. Its only 45 min long but contains some good news and interviews about the course from Mas, Ken and Gail. If you have a blog you need Sucuri for it. I have a driving course you should look into. International Training Inc. - Virginia Facility to Teach One Day Instinctive Driving Course on October 26th, 2013. The Drug War. Who won? Thank you for listening.