Even WordPress users cannot always avoid cyber attacks, and IT security firm Sucuri Security recently found about 100,000 websites running on WordPress were compromised by malware that transforms infected sites into attack platforms that can target site visitors.
This new WordPress malware is the biggest IT security newsmaker for the third week of December, followed by a Malwarebytes study on web browser vulnerabilities, Kaspersky Lab research on cyber attacks against corporate targets and a University of California, Berkeley data breach.
What can managed service providers (MSPs) learn from each of these IT security newsmakers? Find out in this week's IT security stories to watch.
1. SoakSoak.ru malware puts WordPress users at risk
Sucuri Security researchers last weekend provided details about the SoakSoak.ru malware that affected thousands of WordPress users worldwide.
The malware also prompted Google (GOOG) to flag more than 11,000 domains as malicious.
Daniel Cid, Sucuri Security's chief technology officer, pointed out that the source of the WordPress malware was originally discovered earlier this year, and WordPress users must take several steps to ensure that they can eliminate this problem entirely.
"Some users are clearing infections and getting reinfected within minutes, and the reason is because of the complex nature of the payloads and improper cleaning efforts," Cid wrote in a blog post.
2. Malwarebytes: 82% of companies experienced online attacks in the past year
A new study on web browser vulnerabilities from anti-malware software provider Malwarebytes showed that most companies have experienced online attacks in the past year.
Malwarebytes researchers found 84 percent of respondents said they believe today's cyber threats have made traditional antivirus solutions less effective, and 82 percent of all companies said they have experienced at least one online attack in the last year alone.
"The growing concerns over browser vulnerabilities are a particularly notable trend, speaking volumes about their effectiveness as an attack method. Given the ever-advancing threat landscape, it should be obvious by now that an endpoint security strategy built around a single traditional antivirus solution isn't enough," Malwarebytes CEO Marcin Kleczynski said in a prepared statement.
3. Number of corporate sector targets more than doubles in 2014
While many businesses are taking steps to safeguard their sensitive data, recent research from antivirus software company Kaspersky Lab revealed the number of corporate sector cyber attack targets has more than doubled between 2013 and 2014.
Also, cyber attackers have victimized organizations in at least 20 industries this year, according to Kaspersky.
Alex Gostev, chief security expert of Kaspersky's global research and analysis team, added that he believes organizations need to explore new ways to protect their secure information against numerous types of cyber attacks.
"Targeted operations could mean disaster for the victim: resulting in the leak of sensitive information such as intellectual property, compromised corporate networks, interrupted business processes and the wiping of data," he said in a prepared statement. "There are tens of scenarios that all end up with the same impact: the loss of influence, reputation and money."
4. University of California, Berkeley suffers a data breach
Hackers reportedly attacked the University of California, Berkeley in September, according to CSO Online.
The breach was detected Sept. 26 and affected several servers and workstations in the school's real estate division.
University officials are investigating the data breach and also have offered one year of free credit monitoring and protection services to those who might have been affected.