Friday, April 19, 2024

New Report Highlights Ongoing WordPress Vulnerabilities, With 20% Critical And 67% Medium Threats Identified

WPScan’s 2024 WordPress vulnerability report talks about some security threats that WordPress keeps on experiencing and the website publishers should be aware of them. The report says that 20% of the vulnerabilities in the report were critical level threats while 67% of them were medium level threats. There are some threats that are due to malware and website vulnerabilities that cannot be dodged most of the time. But there are some mistakes that publishers make that make their websites more vulnerable to hackers. This can be avoided by taking right decisions while disabling or updating an extension.

The highest level of threats WordPress has is by critical vulnerabilities that make up 2.38% of the total vulnerabilities. But when these critical vulnerabilities are combined with other high level threats which are 17.68%, they make up 20% of all the vulnerabilities. There are two types of vulnerabilities on WordPress– Authorized Vulnerabilities and Unauthorized Vulnerabilities. Authorized Vulnerabilities are those where the attacker first takes the user credentials and other permission levels to exploit a specific vulnerability. Unauthorized vulnerabilities directly launch the attack, without taking the user credentials first. These kinds of vulnerabilities are easiest to exploit. According to the WPScan report, 22% of the vulnerabilities reported didn’t require any authentication while the vulnerabilities requiring admin permission levels were 30.71%.

The reason why many websites on WordPress are vulnerable to malware is because of their weak passwords and nulled plugins. Nulled plugins are pirated softwares that are easy to get infected by malwares. Weak passwords can easily be guessed through brute force, and by social engineering tactics like phishing and pretexting.

Vulnerabilities that required administrator level credentials were the highest to be exploited with 30.71% vulnerabilities, followed by CSRF (Cross Site Reverse Forgery) with 19.26% vulnerabilities. The others included Contributor (19.62%), Unauthenticated Vulnerabilities (12.35%) and Author (1.19%). Broken Access Controller in WordPress refers to security failure that allows an attacker to gain access to high credential permissions. The WPScan report shows that Broken Access Controller gives access to 84.99% vulnerabilities, followed by 20.64% from SQL injection.

The highest number of vulnerabilities on WordPress were reported in third-party plugins and themes. A total of 13 vulnerabilities were reported in WordPress core in 2023. Only one vulnerability out of 13 was a high level threat which is the second biggest threat after Critical. All these levels of threats are made by the Common Vulnerability Scoring System (CVSS). Site audits are not responsible for covering website security but they should talk about security headers. The security issue can quickly become an SEO issue if the website’s ranking starts getting low because of security concerns. Strong passwords and two factor authentication should be the main priority for keeping a website away from malware and hackers.




Read next: Cybersecurity Crisis: 17 Billion Personal Accounts Compromised Since 2004
by Arooj Ahmed via Digital Information World
Posted by at No comments:
Labels:

Over 17 Billion Personal Accounts Leaked Worldwide Since 2004

Cybersecurity researchers found that data breaches increased globally in the first quarter of 2024, reaching over 17 billion exposed personal accounts. Surf Shark reported a fivefold increase in leaked accounts as compared to last year. The stats show that the US, Russia, and China were the most affected countries in 2024.


The monitoring data from Surfshark indicates that over 17.2 billion accounts have been breached since 2004, with approximately 6.5 billion having unique email addresses. This suggests that some accounts were breached multiple times due to people using the same email or password for different online profiles.

To address this ongoing threat, Surfshark emphasizes the importance of creating strong passwords, avoiding reuse, and being cautious when sharing personal information online. In terms of breaches by country, the US leads with three billion breached accounts since 2004, followed by Russia, China, France, and Germany.

Looking at per capita breaches, Russia has the highest rate with 16.8 accounts breaches per resident. This is followed by the US, South Sudan, France and Czechia. Other countries among the top ten most breached include Brazil, UK, India, Italy and Canada.

These findings highlight the persistent and widespread nature of data breaches, underscoring the need for individuals and organizations to prioritize cybersecurity measures to protect personal information online.

Read next: Global IT Spending to Surge 8% in 2024, Says Gartner Forecast
by Mahrukh Shahid via Digital Information World
Posted by at No comments:
Labels:

Glassdoor has Shared a List of Top 25 Internship Opportunities of 2024

Summer is almost here and there are some internships available that students can join to gain some experience. Glassdoor published a list of top 25 internships to do in 2024. Most of these internships are from tech, finance and consulting industries and most of them amount up to $9000 a month. At 25th position is Apple, which has a median monthly salary of $7500 and has a 4.5 career opportunity rating. Next is Intuit with a median salary of $7666 and 4.5 ratings for career opportunities. In 23rd, 22nd, and 21st positions are ServiceNow, McKinsey & Company and BlackRock which have the median salaries of around $7000.

Oracle is at 20th position in terms of internship opportunities with 4.6 career opportunity ratings. It has a median salary of $7500. After that is Meta with a median salary of $8400. Google is at 18th position for internship opportunities in 2024 with an average monthly salary of $800. Other good companies for internship opportunities are eBay, EMD, LinkedIn and Boston Consulting Group. All of their median monthly salary ranges from $8000 to $8333. Microsoft is at 13th position with $7890 average salary and 4.7 career opportunity ratings. Salesforce is at 12th spot and Qualcomm is at 11th spot with both of them having 4.6 career opportunity ratings.


Now we will talk about the top 10 companies that are offering exciting internships to students of undergraduate and graduate students. Coming at number 10 is Adobe and the next is Uber. Barclays is at 8th spot and Capital One is at 7th spot with a median monthly salary of $8833. Atlassian is at 6th spot and Amazon is at 5th.

The 4th spot for best internships in 2024 is covered by J.P Morgan with 4.7 career opportunity ratings. Similar to J.P Morgan, NVIDIA has a median monthly salary of $8333 and is at 3rd spot. Roblox has the 2nd spot for best internship opportunities and the 1st and at the top is Bain & Company. It has a median base monthly salary of $9000 and has a career opportunity rating of 4.9.

Rank Company Median Base Monthly Salary Career Opportunity Rating
1 Bain & Company $9,000 4.9
2 Roblox $10,333 4.4
3 NVIDIA $8,333 4.9
4 J.P. Morgan $8,333 4.7
5 Amazon $9,000 4.4
6 Atlassian $8,166 4.7
7 Capital One $8,833 4.5
8 Barclays $8,833 4.6
9 Uber $8,666 4.5
10 Adobe $8,500 4.5
11 Qualcomm $8,333 4.6
12 Salesforce $8,333 4.6
13 Microsoft $7,890 4.7
14 Boston Consulting Group $8,000 4.6
15 LinkedIn $8,333 4.5
16 AMD $8,000 4.6
17 eBay $8,666 4.4
18 Google $8,000 4.6
19 Meta $8,400 4.4
20 Oracle $7,500 4.6
21 BlackRock $7,166 4.7
22 McKinsey & Company $7,083 4.7
23 ServiceNow $7,000 4.7
24 Intuit $7,666 4.5
25 Apple $7,500 4.5

Read next: Global IT Spending to Surge 8% in 2024, Says Gartner Forecast
by Arooj Ahmed via Digital Information World
Posted by at No comments:
Labels:

Apple removes WhatsApp and Threads from App Store in China

Apple has taken down two popular apps, WhatsApp and Threads, from its App Store in China. The Chinese government requested this removal, citing national security concerns. Despite their availability elsewhere, iPhone users in China can no longer download these messaging and social apps.

The Cyberspace Administration of China instructed Apple to remove WhatsApp and Threads due to worries about national security. Apple emphasized its commitment to complying with local laws, even when it disagrees with them. Failure to do so could result in the App Store being shut down in China.

Threads had been accessible in China since July, surprising many given China's ban on Meta services. Similarly, WhatsApp remained available for an extended period. While Meta services can still be accessed via VPN tools, the removal of the apps may hinder their usage for iPhone users in China.

Apple frequently complies with China’s requests to remove apps, including VPNs, news, and social media platforms, when legally obliged to do so. The timing of this removal coincides with Apple CEO Tim Cook’s recent visit to the region. Some speculate it could be related to ongoing tensions surrounding the potential divestment of TikTok.

This move by China may signal the beginning of more app bans in the lead-up to a reported deadline for unregistered foreign apps. Users in China may need to rely on VPN tools to continue accessing certain services, as the government tightens control over digital platforms.

Image: DIW-Aigen

Read next: Google Tries Out a New Feature on Android that Will Put Harmful Apps with Malware in Quarantine
by Mahrukh Shahid via Digital Information World
Posted by at No comments:
Labels:

Google Tries Out a New Feature on Android that Will Put Harmful Apps with Malware in Quarantine

Google Play Protect provides protection against harmful malwares and viruses to Android. But even it can miss some of the malware that can ultimately harm your Android device. In Android 15, there are some new updates and features that will automatically protect the Android from malwares in apps in a new way. This new way is by putting misbehaving or apps with harmful activities in quarantine. Mishaal Rehman, who is an AOSP code expert, says that quarantining the apps manually is not possible. So, Android 15 will have a system that will quarantine the app automatically if it detects something acting up in the app.

When in quarantine, the apps will still be visible on the home screen and among other apps. But users won’t be able to see the notifications from those apps and all the activities on the app will be stopped. The apps that will be linked to the affected app will also be not able to use services from that app. Broadcasts from other apps or systems will also not be possible when an app will be in quarantine.

To put it simply, quarantined apps will act similarly to disabled apps. Even their APIs are the same with only one extra flag added to this system. Users will have to give permission of QUARANTINE_APPS in order to put an app that is acting suspicious in quarantine. The permission will be given from Google Play Store but Play Store isn’t using it yet. The best ever Android in which quarantine feature was spotted was Android 14 QPR2 Beta 1 last year. There are some speculations that this feature may not be even in Android 15 because Google Play Stores and Google Play Services haven’t started asking for its permissions.


Image: Mishaal Rahman / Android Authority

Read next: Global IT Spending to Surge 8% in 2024, Says Gartner Forecast
by Arooj Ahmed via Digital Information World
Posted by at No comments:
Labels:

Thursday, April 18, 2024

Global IT Spending to Surge 8% in 2024, Says Gartner Forecast

Gartner, an analyst firm, has predicted in its report that IT spending is going to grow by 8% in 2024. This spending will approximately be $5.06 trillion and it will be $8 trillion by 2030. In the last quarter, Gartner had predicted that the IT growth will be 6.8% this year but now they have revised it to 8%. The two major components that are going to play an important part in spending growth are Data Center Systems and Devices. The growth of Data Center Systems was 4% in 2023 but now it is going to increase up to 10% in 2024. Devices had a -9.1% growth in 2023 but now it is set to increase to 3.6% in 2024.

The reason why Data Center Systems are going to see a huge increase is probably due to incorporation of AI in the systems. John David Lovelock, who is a VP analyst at Gartner, says that in 2023, many organizations and companies were talking about imposing generative AI. We are lucky enough to see that these weren’t just the talks, because 2024 is seeing generative AI in most of the systems. Companies have planned a smooth way to impose generative AI in their systems. Even the companies which still haven’t executed AI in 2024, they are planning to do it in 2025. The tech companies which were one step ahead have already started using AI in their products and services. Their clients are also satisfied with these setups so many other companies are following suit.

Talking about Devices, John David Lovelock said that the life span of mobile phones is decreasing and that’s why people are replacing them quickly. This is the reason spending on Devices is going to be about $688 billion in 2024, compared to $664 in 2023. Now we will have to look forward to the real IT spendings at the end of this year to check whether predictions by Gartner were right or not.


Read next: Report Shows Many Teens in the US Own VR Goggles But They are Not Much Interested in Using them
by Arooj Ahmed via Digital Information World
Posted by at No comments:
Labels:

Report Shows Many Teens in the US Own VR Goggles But They are Not Much Interested in Using them

Reviews of Apple’s Vision Pro are kind of mixed with some users not satisfied with its huge price which is $3500 and more. Many people say they are loving this new tech device but are not completely sure how and why they should use this product. There are also other high tech goggles that are less expensive and have a number of features that engage the users like playing games. But people are still not satisfied with those goggles too as they have some of their own problems.

If we talk about sales of Meta’s headset called Quest which is not as costly as Apple’s Vision Pro, it has sold over 20 million of them as of 2023. These headsets are also less expensive, starting at the price of $500. But there are some reasons why people are not fond of using them. According to a survey by Piper Sandler, teenagers are that group of people who don't think of using headsets or tech goggles that much. In this technology driven age, teens should be the people who are into these kinds of tech devices but they don't like putting on headsets even if they already own one.

The survey also tells that 33% of the teens own a VR headset. But 56% of them do not use it as much as it is expected from them. Two years ago, this percentage of teens was 48% in the US. The survey also says that the respondents of the survey (6020 US teens with average age of 16.1) say that they are thinking of spending $225 on video games in the first half of 2024. So, VR or AR companies should look for attracting teens to spend the money on their headsets for playing games instead of playing them on their mobiles or some other console.


Read next: America’s Digital Detox: Which States Are Decreasing Their Tech Use In 2024
by Arooj Ahmed via Digital Information World
Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)