Podcast Episode 29: iThemes Security Creator Chris Wiegman on Flying, Plugins & Developer Tools

At WordCamp Atlanta, Mark sat down with Chris Wiegman, the creator of Better WP Security. Now known as iThemes Security, it is installed on over 900,000 WordPress sites. Chris talks about his experiences as a flight captain flying over the Hawaiian islands and what happened when an earthquake occurred shortly after takeoff. He also talks about why he created Better WP Security, the process of selling the plugin to iThemes and the tools he’s created in his new role at WP Engine. He describes his move from iThemes to WP Engine as “the move I didn’t know I needed to make.”

Find us on your favorite app or platform including iTunes, Google Podcasts, Spotify, YouTube, SoundCloud and Overcast.

Click here to download an MP3 version of this podcast. Subscribe to our RSS feed.

You can connect with Chris on Twitter @chriswiegman or at chriswiegman.com. You can find Mark on Twitter as @mmaunder and Kathy as @kathyzant.

The post Podcast Episode 29: iThemes Security Creator Chris Wiegman on Flying, Plugins & Developer Tools appeared first on Wordfence.

Read More

Podcast Episode 28: Zoom Zero-Day Vulnerability, WP Engine Buys Flywheel, and Other News

A security researcher found vulnerabilities in the Mac client for Zoom, a popular video conferencing application. After 90 days and two weeks, the vulnerability still exists. Mitigating the vulnerability entails typing the following commands in terminal, replacing [pid]  with the process ID:

$> lsof -i :19421
$> kill -9 [pid]
$> rm -rf ~/.zoomus
$> touch ~/.zoomus

Wordfence Threat Analyst Mikey Veenstra verified that the Linux client for Zoom also will turn video on automatically, but was not susceptible to reinstall if the client had been removed.

We also cover the WP Engine acquisition of Flywheel, cPanel’s new pricing structure and what it means for hosting providers, removal of caps on .org domain names, critical security vulnerabilities in Magento, WP Statistics XSS vulnerability, a hacked ad server pushing out SEON ransomware, British Airways landmark GDPR fine, breaches and leaks of the week, amongst many other stories.

Here are approximate timestamps in case you want to jump around:
1:30 Zoom Zero Day Vulnerability
10:12 WP Engine Acquires Flywheel
19:45 cPanel pricing structure changes
23:02 .org pricing caps removed
28:30 Magento vulnerabilities
32:15 XSS Vulnerabilities in WP Statistics
35:30 Ad server hacked, serving ransomware
38:00 YouTube
40:18 British Airways GDPR Fine
42:00 Breaches of the week: MongoDB leak and leaky S3 buckets
44:50 Ruby Gem “strong_password” supply chain attack

Find us on your favorite app or platform including Apple Podcasts, Google Podcasts, Spotify, YouTube, SoundCloud and Overcast.

Click here to download an MP3 version of this podcast. Subscribe to our RSS feed.

This week in the news we cover:

You can find Mark on Twitter as @mmaunder and Kathy as @kathyzant. Please feel free to post your feedback in the comments below.

The post Podcast Episode 28: Zoom Zero-Day Vulnerability, WP Engine Buys Flywheel, and Other News appeared first on Wordfence.

Read More

Podcast Episode 28: Zoom Zero-Day Vulnerability, WP Engine Buys Flywheel, and Other News

A security researcher found vulnerabilities in the Mac client for Zoom, a popular video conferencing application. After 90 days and two weeks, the vulnerability still exists. Mitigating the vulnerability entails typing the following commands in terminal, replacing [pid]  with the process ID:

$> lsof -i :19421
$> kill -9 [pid]
$> rm -rf ~/.zoomus
$> touch ~/.zoomus

Wordfence Threat Analyst Mikey Veenstra verified that the Linux client for Zoom also will turn video on automatically, but was not susceptible to reinstall if the client had been removed.

We also cover the WP Engine acquisition of Flywheel, cPanel’s new pricing structure and what it means for hosting providers, removal of caps on .org domain names, critical security vulnerabilities in Magento, WP Statistics XSS vulnerability, a hacked ad server pushing out SEON ransomware, British Airways landmark GDPR fine, breaches and leaks of the week, amongst many other stories.

Here are approximate timestamps in case you want to jump around:
1:30 Zoom Zero Day Vulnerability
10:12 WP Engine Acquires Flywheel
19:45 cPanel pricing structure changes
23:02 .org pricing caps removed
28:30 Magento vulnerabilities
32:15 XSS Vulnerabilities in WP Statistics
35:30 Ad server hacked, serving ransomware
38:00 YouTube
40:18 British Airways GDPR Fine
42:00 Breaches of the week: MongoDB leak and leaky S3 buckets
44:50 Ruby Gem “strong_password” supply chain attack

Find us on your favorite app or platform including Apple Podcasts, Google Podcasts, Spotify, YouTube, SoundCloud and Overcast.

Click here to download an MP3 version of this podcast. Subscribe to our RSS feed.

This week in the news we cover:

You can find Mark on Twitter as @mmaunder and Kathy as @kathyzant. Please feel free to post your feedback in the comments below.

The post Podcast Episode 28: Zoom Zero-Day Vulnerability, WP Engine Buys Flywheel, and Other News appeared first on Wordfence.

Read More

Podcast Episode 27: Liquid Web COO Carrie Wheeler talks Leadership and Transitioning from Tech

Liquid Web COO Carrie Wheeler chatted with Mark at WordCamp Atlanta about her path from developer to leadership in the tech field. She talks about the three things all people look for in their jobs and how to provide context so they feel connected to an organization’s mission. She also talks about the competitive hosting space and how Liquid Web positions themselves for success.

Find us on your favorite app or platform including iTunes, Google Podcasts, Spotify, YouTube, SoundCloud and Overcast.

Click here to download an MP3 version of this podcast. Subscribe to our RSS feed.

You can connect with Carrie on LinkedIn or at liquidweb.com. You can find Mark on Twitter as @mmaunder and Kathy as @kathyzant.

The post Podcast Episode 27: Liquid Web COO Carrie Wheeler talks Leadership and Transitioning from Tech appeared first on Wordfence.

Read More

Podcast Episode 27: Liquid Web COO Carrie Wheeler talks Leadership and Transitioning from Tech

Liquid Web COO Carrie Wheeler chatted with Mark at WordCamp Atlanta about her path from developer to leadership in the tech field. She talks about the three things all people look for in their jobs and how to provide context so they feel connected to an organization’s mission. She also talks about the competitive hosting space and how Liquid Web positions themselves for success.

Find us on your favorite app or platform including iTunes, Google Podcasts, Spotify, YouTube, SoundCloud and Overcast.

Click here to download an MP3 version of this podcast. Subscribe to our RSS feed.

You can connect with Carrie on LinkedIn or at liquidweb.com. You can find Mark on Twitter as @mmaunder and Kathy as @kathyzant.

The post Podcast Episode 27: Liquid Web COO Carrie Wheeler talks Leadership and Transitioning from Tech appeared first on Wordfence.

Read More

Podcast Episode 27: Liquid Web COO Carrie Wheeler talks Leadership and Transitioning from Tech

Liquid Web COO Carrie Wheeler chatted with Mark at WordCamp Atlanta about her path from developer to leadership in the tech field. She talks about the three things all people look for in their jobs and how to provide context so they feel connected to an organization’s mission. She also talks about the competitive hosting space and how Liquid Web positions themselves for success.

Find us on your favorite app or platform including iTunes, Google Podcasts, Spotify, YouTube, SoundCloud and Overcast.

Click here to download an MP3 version of this podcast. Subscribe to our RSS feed.

You can connect with Carrie on LinkedIn or at liquidweb.com. You can find Mark on Twitter as @mmaunder and Kathy as @kathyzant.

The post Podcast Episode 27: Liquid Web COO Carrie Wheeler talks Leadership and Transitioning from Tech appeared first on Wordfence.

Read More

Podcast Episode 26: How Hackers Find Vulnerabilities in WordPress with Ryan Dewhurst

Ryan Dewhurst is an ethical hacker and penetration tester who has developed a number of tools that make finding vulnerabilities in WordPress much easier. Penetration testers are professional ethical hackers that find vulnerabilities so they can be patched before they are exploited. Ryan is one of three contributors to WPScan, a command line tool that streamlines this pen testing. Ryan also maintains the WPScan Vulnerability Database, used by many services including Wordfence to alert WordPress users to the vulnerabilities on their site. Ryan and Mark talk about these services, how they work, how they’re used and how you can use them to hack your own site to test your own site’s security.

Find us on your favorite app or platform including iTunes, Google Podcasts, Spotify, YouTube, SoundCloud and Overcast.

Click here to download an MP3 version of this podcast. Subscribe to our RSS feed.

You can find Ryan and Dewhurst Security on Twitter @ethicalhack3r and @dewhurstsec or at wpscan.org. You can find Mark on Twitter as @mmaunder and Kathy as @kathyzant.

The post Podcast Episode 26: How Hackers Find Vulnerabilities in WordPress with Ryan Dewhurst appeared first on Wordfence.

Read More

Podcast Episode 26: How Hackers Find Vulnerabilities in WordPress with Ryan Dewhurst

Ryan Dewhurst is an ethical hacker and penetration tester who has developed a number of tools that make finding vulnerabilities in WordPress much easier. Penetration testers are professional ethical hackers that find vulnerabilities so they can be patched before they are exploited. Ryan is one of three contributors to WPScan, a command line tool that streamlines this pen testing. Ryan also maintains the WPScan Vulnerability Database, used by many services including Wordfence to alert WordPress users to the vulnerabilities on their site. Ryan and Mark talk about these services, how they work, how they’re used and how you can use them to hack your own site to test your own site’s security.

Find us on your favorite app or platform including iTunes, Google Podcasts, Spotify, YouTube, SoundCloud and Overcast.

Click here to download an MP3 version of this podcast. Subscribe to our RSS feed.

You can find Ryan and Dewhurst Security on Twitter @ethicalhack3r and @dewhurstsec or at wpscan.org. You can find Mark on Twitter as @mmaunder and Kathy as @kathyzant.

The post Podcast Episode 26: How Hackers Find Vulnerabilities in WordPress with Ryan Dewhurst appeared first on Wordfence.

Read More

Podcast Episode 25: WordCamp EU Wraps Up and WordPress Security News

From Berlin we talk about our experience attending the largest WordCamp in the world and then dive into the news. We discuss 2,600 hacked WordPress sites being used for a free proxy service, Iranian cyber attacks, an attack at JPL affecting NASA and a WeTransfer security incident. We also cover a phishing breach at Oregon DHS affecting over 645,000 Oregonians, 2.9 million Canadians affected by a leak at Desjardins Group, and the bankruptcy filing of the collections firm behind the Quest Diagnostics and LabCorp breach.

Here are approximate timestamps in case you want to jump around:
00:37 WordCamp EU recap
06:32 Free proxy service running on 2600 hacked WordPress sites
09:28 US launches cyber attack targeting Iranian military
15:58 NASA mission network compromised by rogue Raspberry Pi
19:43 WeTransfer security incident
21:38 Oregon Department of Human Services suffers phishing attack
23:36 Desjardins Group leak exposes data 2.9 million members
25:48 Company behind data breach impacting 20 million Americans files for bankruptcy

Find us on your favorite app or platform including Apple Podcasts, Google Podcasts, Spotify, YouTube, SoundCloud and Overcast.

Click here to download an MP3 version of this podcast. Subscribe to our RSS feed.

This week in the news we cover:

Thanks to “Saburnsjax” for the review on Apple Podcasts!

You can find Mark on Twitter as @mmaunder and Kathy as @kathyzant. Please feel free to post your feedback in the comments below.

The post Podcast Episode 25: WordCamp EU Wraps Up and WordPress Security News appeared first on Wordfence.

Read More

Podcast Episode 25: WordCamp EU Wraps Up and WordPress Security News

From Berlin we talk about our experience attending the largest WordCamp in the world and then dive into the news. We discuss 2,600 hacked WordPress sites being used for a free proxy service, Iranian cyber attacks, an attack at JPL affecting NASA and a WeTransfer security incident. We also cover a phishing breach at Oregon DHS affecting over 645,000 Oregonians, 2.9 million Canadians affected by a leak at Desjardins Group, and the bankruptcy filing of the collections firm behind the Quest Diagnostics and LabCorp breach.

Here are approximate timestamps in case you want to jump around:
00:37 WordCamp EU recap
06:32 Free proxy service running on 2600 hacked WordPress sites
09:28 US launches cyber attack targeting Iranian military
15:58 NASA mission network compromised by rogue Raspberry Pi
19:43 WeTransfer security incident
21:38 Oregon Department of Human Services suffers phishing attack
23:36 Desjardins Group leak exposes data 2.9 million members
25:48 Company behind data breach impacting 20 million Americans files for bankruptcy

Find us on your favorite app or platform including Apple Podcasts, Google Podcasts, Spotify, YouTube, SoundCloud and Overcast.

Click here to download an MP3 version of this podcast. Subscribe to our RSS feed.

This week in the news we cover:

Thanks to “Saburnsjax” for the review on Apple Podcasts!

You can find Mark on Twitter as @mmaunder and Kathy as @kathyzant. Please feel free to post your feedback in the comments below.

The post Podcast Episode 25: WordCamp EU Wraps Up and WordPress Security News appeared first on Wordfence.

Read More
Page 5 of 1,023« First...«34567»102030...Last »