Nestor Angulo de Ugarte: The strange case of malicious Favicons [WCGVA 2022]

  • site hacking is almost never client-oriented (98%)
  • almost always happens due to deficient monitoring/maintenance
  • a SSL certificate is not an anti-hacking shield
  • patches and security updates almost always appear after hacking exploits
  • errare humanum est
  • security will never be 100%
  • reactive (incident response), when something bad has always happened — pain mitigation
  • proactive, before anything happens (analysis and monitoring) — risk mitigation
  • no WAF (web application firewall) for this website
  • tools cleaned spam and malware in plugins and root folder
  • probable vector of infection, outdated plugin (no forensic analysis at this point)
  • integrity analysis shows some core files are modified! (md5 hashes of WP core files/folders) — using WP API
  • reduce admins, plugins, and themes (least privilege rule)
  • use password manager, change regularly
  • have backups and validate them!
  • do your updates (remember: patches come after exploits)
  • monitor your site (wpscan.com & file integrity scanner)
  • install a WAF (web application firewall)

--

--

--

Anglo-Swiss. Digital communications and strategy. Lausanne. Feline Diabetes. Other random stuff.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

The state of OAuth 2.0 for Mobile Apps

The Mystic Egg of Shangri-La — Forbidden Page 2

Weekly update on development process (Dec 27, 2021)

Moonbirds holder got scammed for $1.5M worth of NFT’s

An Inspirational Mentor Story of Gina Yacone — Denver Metropolitan Area

A short history of cyber espionage

The eCBSV Product Guide: Consent Requirements

Online privacy — without compromise

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Stephanie Booth

Stephanie Booth

Anglo-Swiss. Digital communications and strategy. Lausanne. Feline Diabetes. Other random stuff.

More from Medium

Permission to NOT Wear Pants

HOW RESEARCH4LIFE PROVIDES FREE AND LOW-COST ACCESS TO KNOWLEDGE

gre enterprise

Language, knowledge, and intercultural communication