Think Like a Hacker with Wordfence

This week, we discuss active exploitation of a plugin vulnerability in the wild, an extortion scam hitting numerous website owners, exposure of Industrial Control Systems to attackers as well as a CBP breach affecting travelers in the United States. We also talk about an email server vulnerability and what to do in a SIM port attack.

At WordCamp OC, Nathan Ingram participated in a business track discussion about failure, something with which most entrepreneurs are familiar. In this interview, both Mark & Nathan talk about being an entrepreneur and how "the best lessons in life are learned from failure." Nathan recently lost 50 pounds in 2 months. He talks about the micro-habits that he leveraged to make big successful changes. The interview has a number of lessons for optimizing business processes & finding better balance in life.

In episode 19 we talk to Brad Haas about recently patched service vulnerabilities that impacted four popular hosting companies. We also talk about a new login security plugin for WordPress that we've launched. In the news we cover a wave of SIM swapping attacks hitting cryptocurrency users, NGINX vulnerabilities and recent data breaches affecting the personal information of millions of people.

At WordCamp Orange County, Mark interviewed Verious Smith from Philoveracity Design, a digital agency in southern California. Verious has also been the lead organizer of WordCamp Riverside and runs WordPress meetups to give back to the community. Mark and Verious talk about the challenges of entrepreneurship, growing from freelancer to an agency as well as trust & interdependence in remote work. Verious is always striving to learn new things to optimize performance and improve workflow.

Mikey Veenstra joins us to talk about 3 WordPress plugins with severe vulnerabilities affecting well over 150,000 WordPress sites. Two plugins have been patched, one has not. With Mark under deadline for a film project, Mikey also talks security news with Kathy. We cover a Docker vulnerability, anatomy of a SIM port attack, 0day Windows exploits released by a disgruntled security researcher, 2 large scale data leaks affecting millions and revisit the Baltimore ransomware incident.

If you've ever attended a WordCamp or a WordPress meetup, that community experience was based on the guidance & support from WordCamp Community Manager Cami Kaos. Cami is the primary contact for the 150 WordCamps & over 600 WordPress meetups taking place around the world this year. Her efforts ensure that the volunteers organizing events have what they need to succeed. Cami shares her thoughts on getting started with WordPress meetups & WordCamps, challenges facing the growing community & getting involved.

In this week's news we have a lot to cover. We talk about an intrusion at StackOverflow, a proposal to modify the WordPress plugin guidelines, how Chinese hackers are getting better at stealing US cyber secrets, ethical issues of firms promising ransomware solutions that only include paying the ransomware, a breach on the Joomla extension directory server, Google's aggregation of your purchase receipts and suspension of Android support for Huawei amongst many other stories.

Dr. Andy Fragen is a trauma/acute care surgeon as well as a prolific WordPress plugin author. One of his plugins, GitHub Updater, allows you to host WordPress plugins and themes on GitHub instead of WordPress.org. Andy supports numerous WordCamps and is an active member of the WordPress community in southern California. I had the pleasure of talking with Andy at WordCamp Orange County. He's a fascinating person and I really think you'll enjoy our conversation.

This week we cover the WhatsApp zero-day vulnerability that allegedly was used to infect phones with malware. We announce a new Wordfence update, making an updated two-factor authentication feature available to all Wordfence users. We cover a story about SIM hijacking and discuss why we need to move away from SMS authentication. We also cover an ongoing supply-chain attack affecting thousands of sites, three antivirus companies that have been compromised, a malvertiser indictment, and other stories.

Dave Ryan is an Interdisciplinary WordPress Developer at Bluehost, where he focuses on helping build WordPress and supporting the WordPress community. He is an organizer for Phoenix area WordPress meetups and WordCamp Phoenix. He also speaks at numerous WordCamps around the country. In the past Dave has worked for large publishers and universities and scaling high-traffic WordPress sites by blending his skills in information design, journalism and web development.

Welcome to the 10th episode of Think Like a Hacker. We're doing things differently this week, separating news & our interview into 2 episodes. Today we cover the news & we will share our interview later this week. We discuss new cryptographic protection against supply chain attacks in WordPress 5.2. We talk about Israel's missile attack against Hamas hackers, a data breach affecting 80M households, the Gutenberg accessibility audit, a "do not track" bill, a hacker selling Windows 0-Days & other stories.

We cover quite a few stories: 2 plugins with vulnerabilities, WordPress 5.2 & a now-defunct dark web marketplace. We follow up on Google's Sensorvault, Richard Stallman's comments on Facebook & JetBlue's use of facial recognition. We look at GoDaddy's removal of 15k spam subdomains, a Docker breach & Slack's upcoming IPO. Listen to a great conversation with Jon Brown, CEO of 9seeds, a digital agency in Idyllwild, CA. Jon & I talk about running an agency, remote work, being a digital nomad & WordPress.

We look at Troy Hunt's pen testing of the TicTocTrack watch, changes coming in the AMP project & implications of the UK's new porn age restriction law. We review a story about "SeaTurtle" espionage campaign. We look at why the Nigerian prince scam is still netting over $700k / year, and how the City of Chicago lost over $1 million in a phishing scam. I also speak with Chris & Katie Bayer, the owners of Black Mountain Coffee Roasting. If you love coffee and WordPress you're going to love this interview.

This week we look at the Assange arrest, an irresponsible security researcher affecting the WordPress community and do a bit of a thought experiment. We also look at Google's Sensorvault and how it's being used by law enforcement, the fascinating rise and fall of the Bayrob malware gang, and some tips for avoiding a new AirBnB scam. I also talked to Tyler Lau at WordCamp Phoenix last month, and we share that interview with you today. Tyler is the Social Community Manager at Sandhills Development.

This week we follow up on two stories from last week, the Pipdig P3 plugin and Jetpack suggestions found within the WordPress plugin dashboard. We also take a look at quite a few privacy concerns with Grammarly, malware in the healthcare industry, and we discuss privacy concerns with Facebook. I also talk to Brandy Lawson, a digital agency entrepreneur in Phoenix, Arizona. I had a wonderful conversation with Brandy at WordCamp Phoenix that I think you'll really enjoy.