LATE REGISTRATION RATES FOR #HITB2014KUL STARTS ON THE 1ST OF OCTOBER ONWARDS!

REGISTER ONLINE NOW

 

Hands-on Technical Trainings - 13th & 14th October

http://conference.hitb.org/hitbsecconf2014kul/#tile_schedule

Triple-Track Conference - 15th & 16th October

http://conference.hitb.org/hitbsecconf2014kul/conference-speakers/

 

Capture the Flag - 15th & 16th October

http://conference.hitb.org/hitbsecconf2014kul/capture-the-flag/

HackWEEKDAY - 15th & 16th October

http://conference.hitb.org/hitbsecconf2014kul/hackweekday/

CommSec Village - 15th & 16th October

http://conference.hitb.org/hitbsecconf2014kul/commsec-village/

Reuters was hacked via an old version of WordPress

http://en.wikipedia.org/wiki/Reuters

The Reuters blogging platform was hacked on Friday, and a false story about an alleged interview with a Syrian rebel leader was posted. On Sunday, Reuters suffered a second security breach in which hackers gained control of one of its Twitter accounts. While Twitter hasn't commented on the latter, we have more information on the former: Reuters forgot to keep its WordPress installation updated.

Mark Jaquith, one of the WordPress platform lead developers and member of the WordPress Security Team, told the WSJ that Reuters was using "an old version" of the software that has "publicly known security issues." More specifically, the publication was using version 3.1.1. The current version is 3.4.1.

This is a textbook mistake. You should always be using the latest version of your software, especially if you're a major company that is often targeted by hackers. WordPress is, in particular, a popular attack vector for cyber criminals. While there is no guarantee that the hackers exploited an unpatched security hole in WordPress to access Reuters' blogging platform, it's more likely given this new information.