March 16, The Register – (International) Brute force box lets researchers, cops, pop iDevice locks. A security researcher from MDSec discovered that the IP-Box tool exploits a vulnerability in iOS devices running versions 8.1 and older for iPhones or iPads that allows unlimited password guesses of four-digit personal identification numbers (PIN), allowing hackers to bypass rate-limiters and settings to gain personal data after a set of failed attempts. Source
March 16, Securityweek – (International) WPML WordPress plugin vulnerabilities expose 400,000 websites. WPML developers released an update to address security flaws in its WordPress premium multilingual plugin, including a vulnerability that allows an attacker to leverage an SQL injection exploit to read contents on affected users’ databases, including password hashes and other user detail, and another that allows the removal of content from Web sites due to lack of access control in the “menu sync” functionality. More than 400,000 commercial Web sites utilize the plugin. Source
March 14, Softpedia – (International) Over 5.3 million Upatre infections detected in the US since January. Security researchers at Microsoft’s Malware Protection Center discovered that the U.S. has recorded the largest number of Upatre malware infections in the world at 5,326,970 since January, 7 times more than the next country. Upatre is usually delivered through malicious emails and via botnets, and is used by cybercriminals as a distribution platform for other malware. Source
March 15, WLNE 6 New Bedford – (Rhode Island) A Providence high school’s website hacked. Officials with Providence Public Schools reported March 15 that Classical High School’s Web site was breached March 14 by a group claiming to support the Islamic State (ISIS) group after every page on the site was linked to a page containing text in reference to the terror group. The site’s private vendor disabled the Web site and the school assured the public that no information was compromised. Source