Consumer Alerts

Monday, February 13, 2017

Consumer Alerts for Monday, February 13, 2017

Posted by New England Web Services | Comments

Print Alert

Monday morning roundup of consumer alerts for website owners and technology users.

ALERT #1:

Domain Name Expiration Scam Sent Via Website Contact Forms

We are posting this alert to notify our clients and the general public of a new scam that has recently hit the Internet and is targeting website owners through their website contact forms.

If you are a client of New England Web Services and you receive a message via your website contact form notifying you that your website domain name is about to expire, forward it to us for research, analysis, and confirmation — DO NOT click on any links in the message. If you are not a client of New England Web Services, we recommend that you forward the message over to the company (or person) who manages your website. Once again, DO NOT click on any links in the message (see screenshot of scam message below).

Screenshot

If you have any questions concerning this alert, please call New England Web Services at 860-249-1341, or send us an email message.

ALERT #2:

Recent WordPress Vulnerability Used to Deface 1.5 Million Pages

We are posting this alert to notify our clients and the general public of a new vulnerability affecting WordPress websites.

Up to 20 attackers or groups of attackers are defacing WordPress websites that haven't yet applied a recent patch for a critical vulnerability.

The vulnerability, located in the platform's REST API, allows unauthenticated attackers to modify the content of any post or page within a WordPress site. The flaw was fixed in WordPress 4.7.2, released on Jan. 26, but the WordPress team did not publicly disclose the vulnerability's existence until a week later, to allow enough time for a large number of users to deploy the update.

However, even after the flaw became public, many webmasters did not apply the patch and a wave of attacks soon followed. On Monday, web security firm Sucuri reported that around 67,000 pages had been defaced in four separate attack campaigns.

MORE INFO FROM SOURCE...

If you have any questions concerning this alert, please call New England Web Services at 860-249-1341, or send us an email message.

Have a Comment or Question Concerning These Alerts?