Worldwide ransomware attack 5/12/2017

On May 12, 2017, hackers exploiting a vulnerability in Microsoft Windows have attacked a large number of PCs worldwide, including hospitals in the UK and elsewhere and have infected vulnerable PCs with “ransomware” demanding payment in order to unlock the infected computer.  The malware propagates by tricking email recipients into clicking on infected attachments.  Once a PC is infected it looks for other vulnerable Windows PCs on the local network and spreads further, so one infected PC can infect a whole LAN.

Microsoft patched this vulnerability in March – if you have your PC set to automatically download and install updates, you’re probably safe, but we advise that you go into Windows Update on your PC and check for  updates and make sure that all available updates have been installed.

This exploit is sufficiently serious that Microsoft has released a patch that also covers Windows XP, which has been unsupported for some time.  More information on the patch:    Microsoft

News:   BBC   NY Times   Mashable

Delayed mail to his.com and hers.com domains – resolved

Barracuda developed a problem today in their cloud layer, and some mail to addresses using the his.com and hers.com domain has been delayed.  Outgoing mail from those domains has not been affected.

Barracuda is still working on the issue, but we’ve rerouted incoming his.com/hers.com mail and mail is coming in normally now.  There is undelivered mail in queue and we’re working through that queue as quickly as we can.

This only affects addresses using his.com and hers.com – no other domains are affected.

Update 6:15 PM 11/2/2016:  Barracuda’s Cloud layer is still having problems – this may be a prolonged denial-of-service attack.  Our workaround is in place, all queued mail has been delivered, and new mail for his.com/hers.com is being delivered immediately.

Update 3:50 PM 11/3/2016:  Barracuda says the problem has been resolved.  We’re monitoring closely.

Sterling, VA – partial outage

3:15 PM 5/24/2016:  A file server has failed at our Sterling, VA data center and some web sites are down.  We are restoring the affected sites from backup and will follow up with site owners as the sites are restored.

5:40 PM 5/24/2016:  All sites affected by the hardware failure have been restored.

Warning: Phishing attacks against domain owners – fradulent suspension notices

Domain registrar OpenSRS warns that there is an ongoing phishing attack against domain owners.  The object is to trick you into providing credentials that will let the bad guys hijack your domain.

If you get email claiming that your domain has been suspended, do not click any of the links or reply to the email even if the message looks legitimate.  If you’re an HIS customer, report the email to support@his.com and we’ll help determine your domain’s actual status.


 

0e9f5556-3d42-4c8f-ae18-0594a375bcc6

You may have heard that many high-profile domain registrars are being targeted by a massive phishing attack against domain owners.

We have received reports that some of those attacks are using Tucows branded emails to target some of our resellers and possibly end users all over the world. The fraudulent emails claim that a particular domain name has been suspended and ask users to click a link. domainabuse@tucows.com.org is being used as “From” and “Reply-to” addresses.

We are asking all OpenSRS resellers to be extra vigilant of these fraudulent suspension notices. In case you or your end users receive an email from tucows.com.org:

  • Do not click any links
  • Do not reply to the email
  • Do not call any phone numbers listed within the email

We strongly encourage all resellers to communicate this information to their end users.

The OpenSRS team

10/17/2015 – 11:00 AM – mail.his.com down – resolved

mail.his.com is temporarily down because of a hardware problem.   Check back for updates.

11:55 AM EDT – mail.his.com disk volumes are being checked for corruption.  Repair in progress.

12:10 PM EDT – disk check / repair continues …

12:27 PM EDT – repairs complete, mail.his.com back online

12:38 PM EDT – No mail was lost – undelivered mail queued on relay servers while mail.his.com was offline, and all queued mail has now been delivered.

WordPress 4.3.1 Security Release

WordPress 4.3.1 is now available. This is a an important security notice affecting all previous versions of WordPress and we strongly encourage you to update your sites immediately.

Being proactive in the protection of your site is of one of the most important aspects of having a solid web site security policy.
This release includes three vulnerabilities:
  • WordPress versions 4.3 and earlier are vulnerable to a cross-site scripting vulnerability when processing shortcode tags (CVE-2015-5714).
  • Cross-site Scripting Vulnerability was found in the user list table.
  • Users without proper permissions could publish private posts and make them sticky (CVE-2015-5715)
More details on this security release can be found here:
WordPress 4.3.1 Security and Maintenance Release
If your web site is powered by WordPress, please upgrade it ASAP, here is the procedure we recommend:
1- Backup your Hosting account using your account’s Plesk Panel Backup Manager
2- Upgrade WordPress. There are 2 ways of doing that:
  •  If you installed WordPress from the Plesk Panel Applications tab, you can upgrade it from the Panel
  • If you installed WordPress yourself, login to your WordPress Admin Dashboard and upgrade it from there
3- Check that everything is working.
4- Backup your upgraded installation as a precaution.

WordPress 4.2.1 Critical Security Release

WordPress 4.2.1 Security Release

WordPress 4.2.1 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately. April 27, 2015 the WordPress team was made aware of a cross-site scripting vulnerability, which could enable commenters to compromise a site.

If your web site is powered by WordPress, please upgrade it ASAP, here is the procedure we recommend:
1- Backup your Hosting account using your account’s Plesk Panel Backup Manager
2- Upgrade WordPress. There are 2 ways of doing that:
  •  If you installed WordPress from the Plesk Panel Applications tab, you can upgrade it from the Panel
  • If you installed WordPress yourself, login to your WordPress Admin Dashboard and upgrade it from there
3- Check that everything is working.
4- Backup your upgraded installation as a precaution.

ISIL Defacements Exploiting WordPress Vulnerablities – update now

The FBI has warned that ISIL is exploiting vulnerabilities in WordPress sites running out-of-date versions of WordPress or old versions of certain plugins or themes to deface the sites.

The FBI’s statement:  http://www.ic3.gov/media/2015/150407-1.aspx

Sucuri’s writeup with mention of specific plugins to check:  http://blog.sucuri.net/2015/04/fbi-public-service-annoucement-defacements-exploiting-wordpress-vulnerabilities.html

The current version of WordPress (as of 4/8/2015) is 4.1.1.  If you are running any earlier version, you are vulnerable.  If you need to upgrade, you can do so from your WordPress admin login or by downloading the latest version of WordPress from https://wordpress.org/  Don’t forget to  update any out-of-date plugins or themes as well.

If you need help updating your HIS-hosted WordPress site, open a support request ticket at http://info.his.com/support/support.his.com.html