Thousand of WordPress sites hacked due to Netrino Exploit Kit

If you are using WordPress for your personal blog or business website, you need to upgrade your current version to WordPress 4.3 immediately to secure your website against it's latest vulnerability.

"Neutrino Exploit Kit (EK) appeared on the scene around March of 2013 and continues to remain active and incorporate new exploits. In the beginning of July, Neutrino reportedly incorporated the HackingTeam 0day (CVE-2015-5119), and in the past few days we've seen a massive uptick in the use of the kit. The cause for this uptick appears due to widespread WordPress site compromises.

ThreatLabZ started seeing a new campaign where WordPress sites running version 4.2 and lower were compromised, and the image below illustrates the components involved in this campaign." (2015 Aug 24, Zscaler.com)

I love graphic presentation, it is easier to understand the security issue. Here's the complete Neutrino WordPress campaign provided by Zscaler ThreatLabz.

WordPress_Neutrino_nexus.courtesyby.zscalerdotcom

Our WordPress is fully managed by Moscom.com Web Hosting Provider. I don't have to do anything, just checking if my content management system is up to date.
Other WordPress security news that you have missed? Check it here.
KING.NET_.WordPress
Enjoy your day.

Source: KING.NET

Web.com hit by credit card breach

Another Internet company Web.com credit card security breach. When you're online, you will never be secure no matter what their public relation tells you. Keep in mind "Security is a process, not a product", continuous security awareness and training will help you minimize risks.

Though I commend their security monitoring team to find out about the breach on it's early stage.

"On August 13, 2015, Web.com discovered an unauthorized breach of one of our computer 93,000 customers (of the company's over 3.3 million customers) may have been compromised. The company quickly uncovered the unauthorized activity as part of its ongoing security monitoring, shut down the access, and immediately began working with a leading IT security firm to conduct a thorough investigation. We have reported the attack to credit card processors and the proper federal and state authorities. Affected customers have received an email from the company notifying them that their credit card information has been compromised and explaining the steps they must take. A letter, sent via the US Postal Service, will follow in the next few days.
systems. As the result of this attack, the credit card information of approximately 
Web.com will provide one-year of free credit monitoring for all customers who have been impacted by this incident." (2015 August 20, Web.com)

By the way, who's accepting "cash payment" to register a domain name or website services? Anyone knows?

This post is sponsored by Moscom.comNeedName.com and DomainString.com
Source: KING.NET

Hackers disclosed Ashley Madison user data

If you use Ashley Madison service in the past you need to put an alert to your credit card right away. And make sure your wife will not find out. Their slogan "Life is short. Have an Affair" really speaks for their service, too bad many of these female accounts are faked anyway. Yeah you been scammed and added insult to injury, you're information is out for sale to the highest bidder.

"The attackers, calling themselves “Impact Team,” threatened to leak registered users’ details unless Ashley Madison and its sister website Established Men were shut down permanently. Avid Life Media Inc., the owner of Ashley Madison, announced after the hackers leaked some sample data that investigations had been launched both by the company and law enforcement agencies."

“Avid Life Media has failed to take down Ashley Madison and Established Men. We have explained the fraud, deceit, and stupidity of ALM and their members. Now everyone gets to see their data,” the hackers wrote in a statement containing a link to a 10 gigabyte file distributed via torrent sites.

And from CNN. Someone has even created a custom Google Map that displays some of AshleyMadison.com users' addresses registered with the website.
ashley-madison-map
"Some people were idiotic enough to sign up using company and government work email addresses, making them especially easy to positively identify. Our quick review found 6,904 addresses linked to the Canadian and American governments, plus another 7,239 in the U.S. Army, 3,531 in the Navy, 1,114 Marines and 628 in the Air Force." (2015 CNN.com)

I will be surprise to see Ashley Madison still up for business for the next couple of months knowing of fake female profiles and security issues not protecting customer information.

We'll keep checking ...



Source: KING.NET 

Google new company name Alphabet using .XYZ extension.

Here's the announce from Google new company name Alphabet using abc.xyz for their website.

As Sergey and I wrote in the original founders letter 11 years ago, “Google is not a conventional company. We do not intend to become one.” As part of that, we also said that you could expect us to make “smaller bets in areas that might seem very speculative or even strange when compared to our current businesses.” From the start, we’ve always strived to do more, and to do important and meaningful things with the resources we have.


We did a lot of things that seemed crazy at the time. Many of those crazy things now have over a billion users, like Google Maps, YouTube, Chrome, and Android. And we haven’t stopped there. We are still trying to do things other people think are crazy but we are super excited about.

We’ve long believed that over time companies tend to get comfortable doing the same thing, just making incremental changes. But in the technology industry, where revolutionary ideas drive the next big growth areas, you need to be a bit uncomfortable to stay relevant.

Our company is operating well today, but we think we can make it cleaner and more accountable. So we are creating a new company, called Alphabet. I am really excited to be running Alphabet as CEO with help from my capable partner, Sergey, as President.

continue reading https://abc.xyz/

Register your new domain name at NeedName.com or Moscom.com to support small businesses. Support your fellow Entrepreneur.

ROBOTIS Mini DIY Robot Kit

The ROBOTIS MINI is a DIY robot kit with an open-source embedded board, rechargeable li-ion battery, smart servos, and customizable 3D printable frames.


Product Details

  • Amazon Sales Rank: #128153 in Toys & Games
  • Color: white
  • Brand: Robotis Co.
  • Model: 901-0046-200
  • Number of items: 1
  • Dimensions: 5.00" h x 7.50" w x 11.00" l, 6.00 pounds

Features

  • Includes 16 Dynamixel XL-320 servos
  • Customizable 3D printable frames
  • Controllable with an Android device
  • Compatible with ROBOTIS DREAM frames
  • Awarded the "Good Design" mark by Korea Institute of Design Promotion

How to play catch up with your retirement savings

I’m 46 years old, earn $115,000 and have only $3,000 in savings. 

What must I do to be able to retire at 65? — Shawn, Georgia

There’s no way to sugarcoat this. You are way behind where you ought to be in building a nest egg. Given your age, you should ideally have a bit more than three-and-a-half times salary, or roughly $400,000, socked away in retirement savings in order to be able to retire at 65 on 80% of your pre-retirement salary, according to the benchmarks in financial planner Charles Farrell’s book, Your Money Ratios.

So your chances of being able to retire at 65 appear to be iffy to say the least, especially if you want to maintain your current standard of living.

Where should you start? It would be great if there were a “Make Up For 20 Years of Not Saving” mutual fund you could buy that would churn out annual gains in the high double-digits and quickly build an impressive nest egg with minimal savings effort on your part. But we both know that’s not realistic. The fact is that if you want to have any hope of a post-career life that doesn’t involve a significant drop in your standard of living, you’re not only going to have to start saving, but you’re going to have to do so at a prodigious rate.

Let’s look at some numbers. If we assume your salary increases 2% annually and you start saving 15% of pay a year (which is about what you should have been saving all along), then you’ll end up with a savings balance a little shy of $640,000 at age 65, assuming you earn 5% a year (6% minus 1% in expenses). That’s a good-sized nest egg — and certainly a lot more than you’ll have if you do nothing — but it’s not enough to support you at anything near your current standard of living over a retirement that could easily last 30 years.

 Continue reading:
http://www.king.net/category/onlinebuzz/business/investment/

Need Income?

Make Money Now with the hottest Reseller Plan on going. Let Moscom.com put you in the red-hot domain name registration and Internet business. We've done the heavy lifting -- product development, 24x7 customer support, infrastructure -- we've even built your Web site. Choose the plan that's right for YOU! Here are just some of the FREE extras (up to a $505* value) you get when you sign up to become a Moscom.com Reseller!

FREE Reseller Web site FREE Reseller Web site Build your site in minutes using our exclusive Design Wizard. Customize text, graphics and links. Cart and payment processing built in! See sample site
Free Hosting with Website Builder Free Hosting with Website Builder In addition to your own reseller website, you also get our InstantPage website builder - the fast and easy way to create an eye-catching one-page website. Just personalize one of our stunning themes with your text, background and more and you're ready to go live on the Web in minutes!
FREE Search Engine Visibility FREE Search Engine Visibility Easily prepare, analyze, optimize and submit your Web pages to Google, Yahoo!, MSN and other key search engines and directories. Learn more
FREE Express Email Marketing® FREE Express Email Marketing® Keep in contact with your customers the spam-free and legal way. We provide the templates and help you generate the mailing lists. Learn more
FREE Website Builder FREE Website Builder Don't think you could build a Web site? Think Again. Simply pick a template, add your own photos or graphics and type your text. Hosting, more than 800 professionally designed templates and more than 8,000 custom, photographic images are included!
FREE Web Hosting FREE Web Hosting Be ready for business with 150 GB storage, unlimited bandwidth, access to dozens of free software apps and much more. Plus, feel confident with 99.9% network uptime and phone, email and Web support.
FREE SSL Certificate FREE SSL Certificate A secure certificate is a proven way to reassure your customers that any transaction with your site is 256-bit encrypted and secure. Learn more
FREE Online Storage FREE Online Storage When you need on-the-go access to any file, Online Storage gives you access to all your important files and even lets you synchronize files on your computer. Learn more
FREE online profit and activity reporting FREE online profit and activity reporting View your reports any time you like. Track your sales and earnings, domain names registrations, pending transfers and much more.
FREE marketing promotions to drive your profits even higher! FREE marketing promotions to drive your profits even higher! Raise your profits with money-making specials. Moscom.com gives you the best chance for success.
FREE Reseller Handbook FREE Reseller Handbook Not sure how to use all our products and services? Our handbook leads you every step of the way, including advice and instruction to make the most from your reseller storefront. Learn more
FREE 24/7 Support for you and your customers FREE 24/7 Support for you and your customers We handle all the issues, big or small. We're here whenever you or your customers need us.  
FREE 30-day money-back guarantee FREE 30-day money-back guarantee We're so confident you'll enjoy the ease and flexibility of our reseller programs that we back them with our money-back guarantee. Learn more
Why wait? Get all this and more when you sign up to become a Moscom.com Reseller!

Insect Invasion 3D by QUE.COM Game Studio

Insect Invasion 3D is a First Person Shooter (FPS) game wherein the player fights against Insect Invasion using his .50 Machine Gun to stay alive.

Official Website: InsectInvasion.com

For iPhone/iPad. Download it here: https://itunes.apple.com/en/app/id903685587
For Android. Download it here: https://play.google.com/store/apps/details?id=com.que.insectinvasion3d
Amazon App Store Download for FREE, please leave us positive feedback: http://www.amazon.com/KING-NET-Insect-Invasion-3D-Game/dp/B00M3QBQNY/ 

50 Web Content Management System

If you are not happy with your current content management system (CMS) you are not alone. Spending in this area is growing, with TechNavio’s analysts forecasting that the global Web Content Management Systems market to grow at a compound annual growth rate (CAGR) of 12.87 percent during 2012-2106. The increasing demand from small and medium-sized enterprises is said to be one of the key factors contributing to this growth.

The reasons for shopping for a new CMS are plenty. For starters, many organizations have simply evolved past their current CMSs, in terms of their expectations of what it can do for publishing content, personalizing end-user experiences, and analyzing and optimizing all the content they create and distribute. What’s more, businesses paying attention to this developments in this space want to not only keep up with the digital Joneses, but they also know the rapid pace at which innovation is happening to make content management systems a portal for their entire digital existence. Continue reading in WebsiteMagazine.com And here are the list of available CMS for you:
  1. WordPress.org
  2. Sitecore.net
  3. Joomla.org
  4. Drupal.org
  5. DNNSoftware.com
  6. Alfresco.com
  7. Adobe.com
  8. Ellislab.com
  9. Kentico.com
  10. Concrete5.org
  11. Liferay.com
  12. b2evolution.net
  13. EpiServer.com
  14. SiteFinity.com
  15. Clickability.com
  16. CMSmadesimple.org
  17. OneHippo.com
  18. Typo3.org
  19. BuildwithCraft.com
  20. Umbraco.com
  21. Django-cms.org
  22. Ektron.com
  23. OrchardProject.net
  24. OpenText.com
  25. Get-simple.info
  26. LightCMS.com
  27. Xoops.org
  28. Percussion.com
  29. Magnolia-cms.com
  30. Nuxeo.com
  31. ProcessWire.com
  32. BridgelineDigital.com
  33. EZ.no
  34. GetMura.com
  35. Elcomcms.com
  36. Composite.net
  37. SurrealCMS.com
  38. OpenCMS.com
  39. Pimcore.org
  40. Jahia.com
  41. CrownPeak.com
  42. AgilityCMS.com
  43. dotCMS.com
  44. BigTreeCMS.org
  45. Contentful.com
  46. ocPortal.com
  47. MoveableOnline.com
  48. Sageframe.com
  49. TidyCMS.com
  50. Ingeniux.com
If you are using other CMS software, please post it here.

Source: http://www.king.net/web-content-management/

4 million federal workers hacked.

Hackers working for the Chinese state breached the computer system of the Office of Personnel Management in December, U.S. officials said Thursday, and the agency will notify about 4 million current and former federal employees that their personal data may have been compromised.

Source: http://www.king.net/chinese-breach-data-of-4-million-federal-workers/

Register your domain name before someone else does. Visit Moscom.com

An interesting blog from GoDaddy (Moscom.com Partner). This article applies to everyone who conduct their business online and even for your personal website e.g. blog or photos. Politicians and celebrities are making headlines for domain names they DIDN’T register — opening the door for others to launch websites attached to domains with their famous names. How can you avoid making the same mistake with your online presence?
  1. You don’t have to register every domain name, but target the right names to reduce risk and increase visibility.
  2. Buy the 10 most obvious domains.
  3. Register names well ahead of a big announcement.
  4. Forward domains to relevant website and social media pages.
  5. Register domain names with a variety of relevant domain extensions (like .republican or .democrat).
  6. Check out the infographic below to learn more about how you can protect your brand online.
Register at Moscom.com

Source: KING.NET


Security Bug in ICANN Portals

The Internet Corporation for Assigned Names and Numbers (ICANN) announced on Thursday the completion of the first phase of its investigation into the impact of a vulnerability affecting two of the organization’s generic top-level domain (gTLD) portals.
On February 27, ICANN shut down the New gTLD Applicant and GDD (Global Domains Division) portals after learning of a security flaw that exposed user records. The affected websites are only accessible to applicants and registry operators, and they are used in the evaluation and contracting processes.
In early March, shortly after restoring access to the affected portals, ICANN noted that it hadn’t found any evidence of unauthorized access. However, after reviewing logs dating back to April 2013, when the New gTLD Applicant portal was activated, and March 2014, when the GDD portal was activated, the two consulting firms called in by ICANN to investigate the incident determined that some users had in fact accessed records that didn’t belong to them.
“Based on the investigation to date, the unauthorized access resulted from advanced searches conducted using the login credentials of 19 users, which exposed 330 advanced search result records, pertaining to 96 applicants and 21 registry operators. These records may have included attachment(s). These advanced searches occurred during 36 user sessions out of a total of nearly 595,000 user sessions since April 2013,” ICANN said.
Source: KING.NET

WordPress version 4.2 still unsafe.

Most popular WordPress versions are currently affected.

A stored cross-site scripting (XSS) vulnerability available in the recently released WordPress 4.2 and earlier versions can be exploited by an unauthenticated party to run arbitrary code on the server; the security glitch is currently unpatched and proof-of-concept code is publicly available.

An attacker taking advantage of the flaw could take control of the targeted website by creating new admin accounts. Aside from the current WordPress versions, build 4.1.2, 4.1.1 and 3.9.3 are also affected. Comment text truncation issue still not fully fixed.

Discovered by Jouko Pynnönen, from vulnerability research firm Klikki Oy in Finland, the flaw is similar to the one patched in WordPress 4.1.2, after having been disclosed to the developer by researcher Cedric Van Bockhaven about 14 months ago, on February 23, 2014.

Bockhaven’s approach consisted in introducing a character in the message that truncates the text at a specific point, turning it into a script that executes malicious code on the server upon a certain action, such as “mouseover.”

Pynnönen’s method differs only in the way truncation of the text is achieved, which occurs when the comment is stored in the website’s database.

Comments that are larger than 64kb are truncated via MySQL. One way to reach the limit is to paste random characters after the malicious part has been included.

Truncating the messages results in malformed HTML code being generated on the page, which can be leveraged by an attacker to add any attributes in the supported HTML tags and submit malicious JavaScript that delivers a payload.

continue reading at Softpedia.com

Our hosting provider Moscom.com is already applying the latest update to our core content management system. If you haven't done so, check with your hosting provider regarding this vulnerability and ask how they handling to secure (patch) your website.

Source: KING.NET

Is your site mobile-friendly?

Starting April 21, Google Search will be expanding its use of mobile-friendliness as a ranking signal. Double-check your website are ready for this change by testing pages of your site with the Mobile-Friendly Test tool

 After you analyze your website you will see a similar result as show here. 
  KING.NET mobile friendly test result