McAfee Reports an Unsettling Flaw Affecting WordPress.com

Source: -  http://www.allvoices.com/contributed-news/17228735-mcafee-reports-an-unsettling-flaw-affecting-wordpresscom

McAfee is one of the leading antivirus solution vendors of the world. Not only the company develops strong and reliable antivirus solutions, but it also provides other security solutions and PC utility tools. The company also constantly keeps an eye on the latest data security trends and the attacking techniques used by the criminals. 

The researchers at McAfee recently discovered a flaw in one of the most popular blogging platforms, ‘WordPress.com’. According to McAfee an exploitation of this flaw in WordPress could give the hackers an access to a WordPress account by simply copy pasting a line of code, which is transmitted over Wi-Fi networks. WordPress currently is a home for more than 60 million websites around the world plus, many personal blogs. This fact makes the reported flaw a pretty big deal. 

The security hole is actually the result of WordPress failing to employ encryption for its login cookies. The cookies are one useful aspect of using internet. They are usually secure and basically help while logging into a website. But this time the cookies were not secured. This is because while logging into WordPress in public Wi-Fi, the critical cookie was sent over HTTP in plain text. This means that the cookie is not encrypted, and can be easily intercepted by a hacker who is in the same public Wi-Fi. 

Once the hacker has intercepted the cookie then he/she can bypass two-factor authentication on WordPress. This gives him/her the complete control over the hijacked WordPress user’s account. The hackers can use-exploit the hijacked account in many ways. They can pose as the account holder in comments, or post articles, see private post, create new blog, and see blog stats etc. All of these activities are very useful for phishing attacks. The hackers can post links navigating to malicious websites in the hijacked account’s blog.

A hacker can also make use of the reported vulnerability to activate two-factor-authentication on accounts which haven’t activated the security measure yet. This can possibly block the original account holder from accessing his/her account if his/her mobile is not already linked to the account. 

However the attackers are not able to alter the account password and payment options.     

So how to stay protected? Well the answer is simple. The users have to be more attentive while browsing or logging online, stay away from anything which is suspicious, do not use public Wi-Fi to log into WordPress (for now), and use comprehensive security software, like those of McAfee, Vipre, Norton etc. McAfee antivirus and McAfee internet security are two of the reliable and effective security software at this front. Start using them to stay protected and if problems arise then dial McAfee technical support phone number and connect to the expert technicians. One good company where you can find reliable, easy, and cost effective McAfee support is SupportMart. Get in touch with the experts and get instant resolution to your technical problems. 

To conclude all, a new found flaw in WordPress is here, though the reported flaw’s exploitation cases are not big in number, but the flaw sure is harmful. Simply stay attentive and install reliable antivirus solutions to stay protected. And, when a need of support like VIPRE antivirus support or support for other technical issues is felt, then contact the experts. 

Researchers Discovered a Hybrid Trojan That Combines Zeus and Carberp

Recent enough the Trusteer team at IBM discovered a new Trojan variant called ‘Zberp’, which is formed by the combination of two other more notorious Trojans: Zeus and Carberp. This newly discovered Trojan draws features from both and then utilizes them for its own use.

Installing good antivirus and internet protection solutions like McAfee is a good thing to do for detecting and removing Zberp, before it infects your data. Its products are easy to use, quick, effective, and usually work smoothly. However, as with every software, you may also get problems with McAfee security software. Calling McAfeetechnical support phone number at time of need and availing their technical support is an easy way to get help. 

Focusing on Zberp, once the Trojan infects the victim’s PC, it then writes a registry key, and then removes the key at every startup and writes it again on every shutdown. This helps it to maintain its persistence on the system and makes it undetected during antivirus scan, performed at system startup. The Trojan can steal information about the computer, take screenshots and send them to criminals, and steal online accounts’ login credentials and data of online forms etc.

VIPRE antivirus 2014 and VIPRE internet security 2014 are the other two good solutions that can protect your data from Zberp. These solutions are updated with latest virus definitions. They will detect the presence of Zberp Trojan before it enters into your system. These solutions give optimal performance and a good thing is that, support for VIPRE products can be availed easily and instantly. SupportMart is one good company that provides reliable VIPRE Antivirussupport. Contact its experts and easily avail help.     

To conclude all, it is not surprising that malware writers are using and combining the codes of two different viruses or malwares. Some of them have been effective. As the source codes of both Zeus and Carberp leaked and are open to all, so this time the attackers have successfully bundled the two together and formed a new hybrid variant. Installing reliable antivirus is necessary for users, as the frequency of Trojan variants attacks is further going to increase in coming future.